Skip to content

0.12.1->0.12.2 trigger: FAIL: TestClaims_Sign/fail_on_sign: token_test.go:133: Claims.Sign() error = <nil>, wantErr true #214

New issue
New issue
Open
Open
0.12.1->0.12.2 trigger: FAIL: TestClaims_Sign/fail_on_sign: token_test.go:133: Claims.Sign() error = <nil>, wantErr true#214
@jas4711

Description

@jas4711
jas4711
opened on Feb 17, 2026

Hi! I help with this package in Debian. Version 0.12.1 builds fine for us, but when upgrading to 0.12.2 the following is triggered:

=== RUN   TestClaims_Sign/fail_on_sign
    token_test.go:133: Claims.Sign() error = <nil>, wantErr true
--- FAIL: TestClaims_Sign (0.03s)
    --- PASS: TestClaims_Sign/ok (0.00s)
    --- PASS: TestClaims_Sign/ok_one_audience (0.00s)
    --- PASS: TestClaims_Sign/ok_multiple_audiences (0.00s)
    --- PASS: TestClaims_Sign/ok_with_empty_payload (0.00s)
    --- PASS: TestClaims_Sign/ok_with_payload (0.00s)
    --- PASS: TestClaims_Sign/ok_with_header (0.00s)
    --- PASS: TestClaims_Sign/ok_with_kid (0.00s)
    --- PASS: TestClaims_Sign/fail_with_unsupported_key (0.00s)
    --- PASS: TestClaims_Sign/fail_with_wrong_alg (0.00s)
    --- PASS: TestClaims_Sign/fail_with_invalid_alg (0.00s)
    --- FAIL: TestClaims_Sign/fail_on_sign (0.00s)

Build log here: https://salsa.debian.org/jas/golang-github-smallstep-cli-utils/-/jobs/9065663

Reviewing diff between these version suggest this one:

diff --git a/token/token_test.go b/token/token_test.go
index f7fe09c..74e05bb 100644
--- a/token/token_test.go
+++ b/token/token_test.go
@@ -4,6 +4,7 @@ import (
        "crypto/ed25519"
        "crypto/rand"
        "crypto/rsa"
+       "math/big"
        "reflect"
        "testing"
        "time"
@@ -95,10 +96,11 @@ func TestClaims_Sign(t *testing.T) {
                t.Fatal(err)
        }
 
-       badKey, err := rsa.GenerateKey(rand.Reader, 123)
+       badKey, err := rsa.GenerateKey(rand.Reader, 1024)
        if err != nil {
                t.Fatal(err)
        }
+       badKey.N = big.NewInt(10) // render key useless for signing
 
        tests := []struct {
                name    string

I tried reverting the big.NewInt line but it didn't make a difference, same error.

Then I tried reverting the 123->1024 change and it worked.

What to keep in mind here is that Debian uses its own set of build dependencies, with versions that may differ from what you pick in go.mod. You can see in the build log which packages were used. For example, this is using Go 1.24, x-crypto 0.47, and smallstep-crypto 0.76. Maybe the newer smallstep-crypto explains this? You use 0.70 it seems.

Any ideas?

/Simon

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions