Hi,
10 Apr 2025 12:51:01 Simon Josefsson <si...@josefsson.org>:
Hi. Thanks for testing. This is expected and intentional, although
admittedly not optimal.
We don't know how to reproduce upstream's app.bin bit-by-bit identical
using the toolchain that exists in Debian. Debian policy is to rebuild
everything from source so we cannot use their binary blob.
I understand.
To get the same private key you must use the same app.bin on all
machines. Because tkey-ssh-agent currently embeds the app.bin into the
tkey-ssh-agent binary you must even use the same ssh agent. There is
an
open issue about adding feature to tkey-ssh-agent upstream to support
user-provided app binaries but alas this is not implemented:
https://github.com/tillitis/tkey-ssh-agent/issues/125
Sorry, I didn't search sufficiently to find it :-).
We've discussed this with upstream, and IIRC they were able to
reproduce
our app.bin on their laptop, and someone reproduced it using ArchLinux
toolchain. Hopefully upstream can use debian-based clang for future
app
releases. I think that someone tested using Ubuntu's toolchain and at
least at some point it didn't produce the same output, but I think it
was a 24.10 pre-release snapshot clang.
Thank you very much for the clarification. I'll follow the upstream
issue.
I hope it will be possible to find a solution. If there is something I
can do to help, please let me know.
Diego
