On 21/03/2026 17:30, Jonas Smedegaard wrote:
Please demonstrate that the patch works, but uploading as an NMU.
I have done this, and the NMU is now built succesfully on all release architectures.
One small additional change was needed compared to previous debdiffs, the rust-reqwest package was updated to 0.13 and a rust-reqwest-0.12 package was introduced, I adjusted the debian build-dependency in the nanopub package to accomodate this.
diff -Nru nanopub-0.2.0+ds/debian/changelog nanopub-0.2.0+ds/debian/changelog --- nanopub-0.2.0+ds/debian/changelog 2026-02-25 11:55:33.000000000 +0000 +++ nanopub-0.2.0+ds/debian/changelog 2026-03-11 08:36:24.000000000 +0000 @@ -1,3 +1,14 @@ +nanopub (0.2.0+ds-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add patch based on upstream commit to update getrandom and eliminate + dependency on rand. + * Adjust debian build-dependencies for rand related changes. + * Tighten debian build-dependency for reqwest crate to take account + of introduction of semver-suffix package. + + -- Peter Michael Green <[email protected]> Wed, 11 Mar 2026 08:36:24 +0000 + nanopub (0.2.0+ds-1) unstable; urgency=medium [ upstream ] diff -Nru nanopub-0.2.0+ds/debian/control nanopub-0.2.0+ds/debian/control --- nanopub-0.2.0+ds/debian/control 2026-02-25 11:55:33.000000000 +0000 +++ nanopub-0.2.0+ds/debian/control 2026-03-11 08:36:24.000000000 +0000 @@ -11,15 +11,14 @@ librust-clap-dev, librust-clap-complete-dev, librust-futures-dev, - librust-getrandom-dev, + librust-getrandom-0.4-dev, librust-openssl-probe-dev, librust-oxjsonld-dev, librust-oxrdf-dev, librust-oxrdfio-dev, librust-oxttl-dev, - librust-rand-core-dev, librust-regex-dev, - librust-reqwest-dev, + librust-reqwest-0.12-dev, librust-rsa-dev, librust-serde-dev, librust-tokio-dev, diff -Nru nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch --- nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch 1970-01-01 00:00:00.000000000 +0000 +++ nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch 2026-03-11 08:36:24.000000000 +0000 @@ -0,0 +1,100 @@ +Description: update getrandom to 0.4 + This patch adopts portions of upstream commit 372445a710784c8d7d3261b019f4de41f6b3e5b7 + and futher bumps getrandom to version 0.4. +Author: Peter Michael Green <[email protected]> +Forwarded: not-needed +Last-Update: 2026-03-11 + +Index: nanopub-0.2.0+ds/lib/Cargo.toml +=================================================================== +--- nanopub-0.2.0+ds.orig/lib/Cargo.toml ++++ nanopub-0.2.0+ds/lib/Cargo.toml +@@ -27,12 +27,15 @@ regex = "1.10" + serde = { version = "1.0", features = ["derive"] } + chrono = "0.4.35" + reqwest = { version = "0.12", default-features = false } +-rand = { version = "0.8", features = ["std", "std_rng"], default-features = false } +-getrandom = { version = "0.2", features = ["js"] } ++getrandom = { version = "0.4", default-features = false } ++ ++# TODO: use rsa 0.10 when out ++# rsa = { version = "0.10.0-rc.15", default-features = false, features = ["encoding", "sha2" ] } ++# rand = { version = "0.10", features = ["std", "std_rng", "sys_rng"], default-features = false } ++# getrandom = { version = "0.4", features = ["wasm_js"] } + # openssl-probe = "0.1" + + # reqwest = { version = "0.11", features = ["rustls-tls"], default-features = false } +-# rand = { version = "0.8", features = ["std_rng"], default-features = false } + # log = { version = "0.0.2", features = ["std"] } + # futures = "0.3" + # sophia = { version = "0.8.0-alpha.3", git = "https://github.com/pchampin/sophia_rs.git";, rev = "ec13628", features = ["jsonld"] } +Index: nanopub-0.2.0+ds/lib/src/profile.rs +=================================================================== +--- nanopub-0.2.0+ds.orig/lib/src/profile.rs ++++ nanopub-0.2.0+ds/lib/src/profile.rs +@@ -1,6 +1,4 @@ + use base64::{engine, Engine as _}; +-use rand::rngs::StdRng; +-use rand::SeedableRng; + use rsa::pkcs1::{DecodeRsaPrivateKey, DecodeRsaPublicKey}; + use rsa::pkcs8::{DecodePrivateKey, DecodePublicKey, EncodePrivateKey, EncodePublicKey}; + use rsa::{RsaPrivateKey, RsaPublicKey}; +@@ -238,9 +236,36 @@ pub fn get_pubkey_str(pubkey: &RsaPublic + + /// Generate private/public key pair + pub fn gen_keys() -> Result<(String, String), NpError> { +- let mut rng = StdRng::from_entropy(); +- let bits = 2048; +- let priv_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to generate a key"); ++ // rsa 0.9 requires rand_core 0.6 traits; rand 0.9 uses rand_core 0.9, so we can't use rand directly ++ // Bridge: implement rand_core 0.6's RngCore+CryptoRng on a wrapper backed by getrandom::fill. ++ struct GetrandomRng; ++ impl rsa::rand_core::RngCore for GetrandomRng { ++ fn next_u32(&mut self) -> u32 { ++ let mut b = [0u8; 4]; ++ getrandom::fill(&mut b).expect("getrandom failed"); ++ u32::from_le_bytes(b) ++ } ++ fn next_u64(&mut self) -> u64 { ++ let mut b = [0u8; 8]; ++ getrandom::fill(&mut b).expect("getrandom failed"); ++ u64::from_le_bytes(b) ++ } ++ fn fill_bytes(&mut self, dest: &mut [u8]) { ++ getrandom::fill(dest).expect("getrandom failed"); ++ } ++ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rsa::rand_core::Error> { ++ getrandom::fill(dest).expect("getrandom failed"); ++ Ok(()) ++ } ++ } ++ impl rsa::rand_core::CryptoRng for GetrandomRng {} ++ // TODO: waiting for rsa v0.10 ++ // use rand::rngs::{StdRng, SysRng}; ++ // use rand::SeedableRng; ++ // let mut rng = StdRng::try_from_rng(&mut SysRng).expect("failed to seed RNG"); ++ // let priv_key = RsaPrivateKey::new(&mut rng, 2048).expect("failed to generate a key"); ++ ++ let priv_key = RsaPrivateKey::new(&mut GetrandomRng, 2048).expect("failed to generate a key"); + let pub_key = RsaPublicKey::from(&priv_key); + Ok(( + normalize_key(&priv_key.to_pkcs8_pem(rsa::pkcs8::LineEnding::LF)?)?, +Index: nanopub-0.2.0+ds/lib/src/utils.rs +=================================================================== +--- nanopub-0.2.0+ds.orig/lib/src/utils.rs ++++ nanopub-0.2.0+ds/lib/src/utils.rs +@@ -1,4 +1,4 @@ +-use getrandom::getrandom; ++use getrandom::fill; + use oxjsonld::JsonLdParser; + use oxrdf::{ + Dataset, GraphNameRef, NamedNode, NamedNodeRef, NamedOrBlankNodeRef, QuadRef, TermRef, +@@ -85,7 +85,7 @@ pub fn get_np_server(random: bool) -> &' + } + // Generate a random number + let mut buf = [0u8; 4]; +- getrandom(&mut buf).expect("Failed to generate random number"); ++ fill(&mut buf).expect("Failed to generate random number"); + let num = u32::from_ne_bytes(buf); + let index = num as usize % LIST_SERVERS.len(); + LIST_SERVERS[index] diff -Nru nanopub-0.2.0+ds/debian/patches/1001_wasm-pack.patch nanopub-0.2.0+ds/debian/patches/1001_wasm-pack.patch --- nanopub-0.2.0+ds/debian/patches/1001_wasm-pack.patch 2026-02-25 11:55:21.000000000 +0000 +++ nanopub-0.2.0+ds/debian/patches/1001_wasm-pack.patch 2026-03-11 08:35:47.000000000 +0000 @@ -6,9 +6,11 @@ Last-Update: 2026-02-25 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/lib/Cargo.toml -+++ b/lib/Cargo.toml -@@ -38,7 +38,6 @@ +Index: nanopub-0.2.0+ds/lib/Cargo.toml +=================================================================== +--- nanopub-0.2.0+ds.orig/lib/Cargo.toml ++++ nanopub-0.2.0+ds/lib/Cargo.toml +@@ -42,7 +42,6 @@ getrandom = { version = "0.4", default-f # sophia = { version = "0.8.0-alpha.3", git = "https://github.com/pchampin/sophia_rs.git";, rev = "ec13628", features = ["jsonld"] } [dev-dependencies] diff -Nru nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch --- nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch 2026-02-25 11:55:21.000000000 +0000 +++ nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch 2026-03-11 08:26:43.000000000 +0000 @@ -15,14 +15,3 @@ ] [workspace.package] ---- a/lib/Cargo.toml -+++ b/lib/Cargo.toml -@@ -28,7 +28,7 @@ - chrono = "0.4.35" - reqwest = { version = "0.12", default-features = false } - rand = { version = "0.8", features = ["std", "std_rng"], default-features = false } --getrandom = { version = "0.2", features = ["js"] } -+getrandom = { version = "0.2" } - # openssl-probe = "0.1" - - # reqwest = { version = "0.11", features = ["rustls-tls"], default-features = false } diff -Nru nanopub-0.2.0+ds/debian/patches/series nanopub-0.2.0+ds/debian/patches/series --- nanopub-0.2.0+ds/debian/patches/series 2026-02-25 11:55:21.000000000 +0000 +++ nanopub-0.2.0+ds/debian/patches/series 2026-03-11 08:36:24.000000000 +0000 @@ -1,3 +1,4 @@ +0001_getrandom_rand.patch 1001_wasm-pack.patch 2001_privacy.patch 2003_no_net.patch
