Here's a debdiff, which I'll upload unless upstream point out any problems with it.
diff -Nru python-trustme-0.4.0/debian/changelog python-trustme-0.4.0/debian/changelog --- python-trustme-0.4.0/debian/changelog 2019-03-26 23:23:50.000000000 +0000 +++ python-trustme-0.4.0/debian/changelog 2019-04-13 17:30:43.000000000 +0100 @@ -1,3 +1,12 @@ +python-trustme (0.4.0-3) unstable; urgency=medium + + * d/p/keysize: bump test key sizes to 2048 to fulfil Debian's new default + requirement. This fixes another FTBFS due to test failure in the case that + the openssl binary package is installed, which is not a build dependency, + but apparently the buildds have it by default. Closes: #926652. + + -- Robie Basak <ro...@justgohome.co.uk> Sat, 13 Apr 2019 17:30:20 +0100 + python-trustme (0.4.0-2) unstable; urgency=medium * Explicitly build-depend on python3-idna to fix FTBFS. diff -Nru python-trustme-0.4.0/debian/patches/keysize python-trustme-0.4.0/debian/patches/keysize --- python-trustme-0.4.0/debian/patches/keysize 1970-01-01 01:00:00.000000000 +0100 +++ python-trustme-0.4.0/debian/patches/keysize 2019-04-13 17:26:01.000000000 +0100 @@ -0,0 +1,33 @@ +From 96b8799325fa0f53fad4db529cbd2d25af42ebff Mon Sep 17 00:00:00 2001 +From: Robie Basak <ro...@justgohome.co.uk> +Date: Sat, 13 Apr 2019 17:02:53 +0100 +Subject: [PATCH] Increase key size to 2048 bits + +Debian changed the default security level to 2 since openssl package +version 1.1.1~~pre9-1 (August 2018), which requires a minimum key size +of 2048 bit or larger RSA and DHE keys. To avoid test failures on newer +Debian systems against OpenSSL, use a key size of at least 2048 bits. + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926652 +Forwarded: https://github.com/python-trio/trustme/pull/45 +Last-Update: 2019-04-13 +--- + trustme/__init__.py | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/trustme/__init__.py ++++ b/trustme/__init__.py +@@ -33,7 +33,12 @@ + # On my laptop, making a CA + server certificate using 1024 bit keys takes ~40 + # ms, and using 4096 bit keys takes ~2 seconds. We want tests to run in 40 ms, + # not 2 seconds. +-_KEY_SIZE = 1024 ++# ++# However, Debian changed the default security level to 2 in openssl ++# 1.1.1~~pre9-1 (August 2018), which requires a minimum key size of 2048 bit or ++# larger for RSA and DHE keys. To avoid test failures on newer Debian systems ++# against OpenSSL, we must therefore use a key size of at least 2048 bits. ++_KEY_SIZE = 2048 + + def _name(name): + return x509.Name([ diff -Nru python-trustme-0.4.0/debian/patches/series python-trustme-0.4.0/debian/patches/series --- python-trustme-0.4.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ python-trustme-0.4.0/debian/patches/series 2019-04-13 17:25:34.000000000 +0100 @@ -0,0 +1 @@ +keysize
signature.asc
Description: PGP signature
