Index: tweetnacl/Makefile
==================================================================
--- tweetnacl/Makefile
+++ tweetnacl/Makefile
@@ -6,13 +6,14 @@
 
 tweetnacl.c.new: src/tweetnacl.c
 	rm -f tweetnacl.c.new tweetnacl.c
 	cp src/tweetnacl.c tweetnacl.c.new
 
-tweetnacl.c: tweetnacl.c.new tweetnacl.h.new
+tweetnacl.c: tweetnacl.c.new tweetnacl.h.new patches/tweetnacl-supercop.diff patches/tweetnacl-derivepubkey.diff
 	rm -f tweetnacl.c tweetnacl.h
-	patch -p1 < patches/tweetnacl-supercop.diff
+	patch -p1 < patches/tweetnacl-supercop.diff || ( rm -f tweetnacl.c.new tweetnacl.h.new; exit 1 )
+	patch -p1 < patches/tweetnacl-derivepubkey.diff || ( rm -f tweetnacl.c.new tweetnacl.h.new; exit 1 )
 	mv tweetnacl.h.new tweetnacl.h
 	mv tweetnacl.c.new tweetnacl.c
 
 tweetnacl.h: tweetnacl.c
 

ADDED   tweetnacl/patches/tweetnacl-derivepubkey.diff
Index: tweetnacl/patches/tweetnacl-derivepubkey.diff
==================================================================
--- /dev/null
+++ tweetnacl/patches/tweetnacl-derivepubkey.diff
@@ -0,0 +1,31 @@
+--- a/tweetnacl.c.new
++++ b/tweetnacl.c.new
+@@ -653,13 +653,15 @@
+   scalarmult(p,q,s);
+ }
+ 
+-int crypto_sign_keypair(u8 *pk, u8 *sk)
++int crypto_sign_keypair(u8 *pk, u8 *sk, u8 generate_sk)
+ {
+   u8 d[64];
+   gf p[4];
+   int i;
+ 
+-  randombytes(sk, 32);
++  if (generate_sk) {
++    randombytes(sk, 32);
++  }
+   crypto_hash(d, sk, 32);
+   d[0] &= 248;
+   d[31] &= 127;
+--- a/tweetnacl.h.new
++++ b/tweetnacl.h.new
+@@ -211,7 +211,7 @@
+ #define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64
+ extern int crypto_sign_ed25519_tweet(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+ extern int crypto_sign_ed25519_tweet_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+-extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *);
++extern int crypto_sign_ed25519_tweet_keypair(unsigned char *,unsigned char *, unsigned char);
+ #define crypto_sign_ed25519_tweet_VERSION "-"
+ #define crypto_sign_ed25519 crypto_sign_ed25519_tweet
+ #define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open