Diff of the two buildlogs: -- --- b1/build.log 2021-07-16 19:38:46.302860712 +0000 +++ b2/build.log 2021-07-16 19:40:14.219572060 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Fri Jul 16 07:37:19 -12 2021 -I: pbuilder-time-stamp: 1626464239 +I: Current time: Sat Jul 17 09:38:54 +14 2021 +I: pbuilder-time-stamp: 1626464334 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/bullseye-reproducible-base.tgz] I: copying local configuration @@ -16,8 +16,8 @@ I: copying [./ruby-secure-headers_6.3.2-1.debian.tar.xz] I: Extracting source gpgv: unknown type of key resource 'trustedkeys.kbx' -gpgv: keyblock resource '/tmp/dpkg-verify-sig.Hv4eaTRA/trustedkeys.kbx': General error -gpgv: Signature made Fri Jun 25 07:55:35 2021 -12 +gpgv: keyblock resource '/tmp/dpkg-verify-sig.xQAngPeY/trustedkeys.kbx': General error +gpgv: Signature made Sat Jun 26 09:55:35 2021 +14 gpgv: using RSA key D30863E26020E543F4719A838F53E0193B294B75 gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./ruby-secure-headers_6.3.2-1.dsc @@ -29,135 +29,169 @@ dpkg-source: info: applying 03-fix-library-path.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/24714/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/21989/tmp/hooks/D01_modify_environment starting +debug: Running on jtx1c. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +Removing 'diversion of /bin/sh to /bin/sh.distrib by dash' +Adding 'diversion of /bin/sh to /bin/sh.distrib by bash' +Removing 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash' +Adding 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by bash' +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/21989/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/21989/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='armhf' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all,-fixfilepath parallel=3' - DISTRIBUTION='' - HOME='/root' - HOST_ARCH='armhf' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="1" [2]="4" [3]="1" [4]="release" [5]="arm-unknown-linux-gnueabihf") + BASH_VERSION='5.1.4(1)-release' + BUILDDIR=/build + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=armhf + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all,-fixfilepath parallel=4' + DIRSTACK=() + DISTRIBUTION= + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=arm + HOST_ARCH=armhf IFS=' ' - INVOCATION_ID='8d7687abc60b41e88576dd7a793fbdff' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='24714' - PS1='# ' - PS2='> ' + INVOCATION_ID=7f45abb967274590a03ab4c4365f8a63 + LANG=C + LANGUAGE=it_CH:it + LC_ALL=C + MACHTYPE=arm-unknown-linux-gnueabihf + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnueabihf + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=21989 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.F03yqlITbi/pbuilderrc_WW8f --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bullseye-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.F03yqlITbi/b1 --logfile b1/build.log ruby-secure-headers_6.3.2-1.dsc' - SUDO_GID='113' - SUDO_UID='107' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://10.0.0.15:8000/' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.F03yqlITbi/pbuilderrc_fvFG --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bullseye-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.F03yqlITbi/b2 --logfile b2/build.log --extrapackages usrmerge ruby-secure-headers_6.3.2-1.dsc' + SUDO_GID=114 + SUDO_UID=108 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://10.0.0.15:8000/ I: uname -a - Linux virt32c 5.10.0-8-armmp-lpae #1 SMP Debian 5.10.46-1 (2021-06-24) armv7l GNU/Linux + Linux i-capture-the-hostname 5.10.0-7-arm64 #1 SMP Debian 5.10.40-1 (2021-05-28) aarch64 GNU/Linux I: ls -l /bin total 3580 - -rwxr-xr-x 1 root root 816764 Jun 21 14:26 bash - -rwxr-xr-x 3 root root 26052 Jul 20 2020 bunzip2 - -rwxr-xr-x 3 root root 26052 Jul 20 2020 bzcat - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzcmp -> bzdiff - -rwxr-xr-x 1 root root 2225 Jul 20 2020 bzdiff - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzegrep -> bzgrep - -rwxr-xr-x 1 root root 4877 Sep 4 2019 bzexe - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzfgrep -> bzgrep - -rwxr-xr-x 1 root root 3775 Jul 20 2020 bzgrep - -rwxr-xr-x 3 root root 26052 Jul 20 2020 bzip2 - -rwxr-xr-x 1 root root 9636 Jul 20 2020 bzip2recover - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzless -> bzmore - -rwxr-xr-x 1 root root 1297 Jul 20 2020 bzmore - -rwxr-xr-x 1 root root 26668 Sep 22 2020 cat - -rwxr-xr-x 1 root root 43104 Sep 22 2020 chgrp - -rwxr-xr-x 1 root root 38984 Sep 22 2020 chmod - -rwxr-xr-x 1 root root 43112 Sep 22 2020 chown - -rwxr-xr-x 1 root root 92616 Sep 22 2020 cp - -rwxr-xr-x 1 root root 75524 Dec 10 2020 dash - -rwxr-xr-x 1 root root 75880 Sep 22 2020 date - -rwxr-xr-x 1 root root 55436 Sep 22 2020 dd - -rwxr-xr-x 1 root root 59912 Sep 22 2020 df - -rwxr-xr-x 1 root root 96764 Sep 22 2020 dir - -rwxr-xr-x 1 root root 55012 Feb 7 02:38 dmesg - lrwxrwxrwx 1 root root 8 Nov 6 2019 dnsdomainname -> hostname - lrwxrwxrwx 1 root root 8 Nov 6 2019 domainname -> hostname - -rwxr-xr-x 1 root root 22508 Sep 22 2020 echo - -rwxr-xr-x 1 root root 28 Nov 9 2020 egrep - -rwxr-xr-x 1 root root 22496 Sep 22 2020 false - -rwxr-xr-x 1 root root 28 Nov 9 2020 fgrep - -rwxr-xr-x 1 root root 47492 Feb 7 02:38 findmnt - -rwsr-xr-x 1 root root 26076 Feb 26 04:12 fusermount - -rwxr-xr-x 1 root root 124508 Nov 9 2020 grep - -rwxr-xr-x 2 root root 2346 Mar 2 11:30 gunzip - -rwxr-xr-x 1 root root 6376 Mar 2 11:30 gzexe - -rwxr-xr-x 1 root root 64212 Mar 2 11:30 gzip - -rwxr-xr-x 1 root root 13784 Nov 6 2019 hostname - -rwxr-xr-x 1 root root 43180 Sep 22 2020 ln - -rwxr-xr-x 1 root root 35068 Feb 7 2020 login - -rwxr-xr-x 1 root root 96764 Sep 22 2020 ls - -rwxr-xr-x 1 root root 99940 Feb 7 02:38 lsblk - -rwxr-xr-x 1 root root 51408 Sep 22 2020 mkdir - -rwxr-xr-x 1 root root 43184 Sep 22 2020 mknod - -rwxr-xr-x 1 root root 30780 Sep 22 2020 mktemp - -rwxr-xr-x 1 root root 34408 Feb 7 02:38 more - -rwsr-xr-x 1 root root 34400 Feb 7 02:38 mount - -rwxr-xr-x 1 root root 9824 Feb 7 02:38 mountpoint - -rwxr-xr-x 1 root root 88524 Sep 22 2020 mv - lrwxrwxrwx 1 root root 8 Nov 6 2019 nisdomainname -> hostname - lrwxrwxrwx 1 root root 14 Apr 18 03:38 pidof -> /sbin/killall5 - -rwxr-xr-x 1 root root 26652 Sep 22 2020 pwd - lrwxrwxrwx 1 root root 4 Jun 21 14:26 rbash -> bash - -rwxr-xr-x 1 root root 30740 Sep 22 2020 readlink - -rwxr-xr-x 1 root root 43104 Sep 22 2020 rm - -rwxr-xr-x 1 root root 30732 Sep 22 2020 rmdir - -rwxr-xr-x 1 root root 14144 Sep 27 2020 run-parts - -rwxr-xr-x 1 root root 76012 Dec 22 2018 sed - lrwxrwxrwx 1 root root 4 Jul 13 21:25 sh -> dash - -rwxr-xr-x 1 root root 22532 Sep 22 2020 sleep - -rwxr-xr-x 1 root root 55360 Sep 22 2020 stty - -rwsr-xr-x 1 root root 46704 Feb 7 02:38 su - -rwxr-xr-x 1 root root 22532 Sep 22 2020 sync - -rwxr-xr-x 1 root root 340872 Feb 16 21:55 tar - -rwxr-xr-x 1 root root 9808 Sep 27 2020 tempfile - -rwxr-xr-x 1 root root 67696 Sep 22 2020 touch - -rwxr-xr-x 1 root root 22496 Sep 22 2020 true - -rwxr-xr-x 1 root root 9636 Feb 26 04:12 ulockmgr_server - -rwsr-xr-x 1 root root 22108 Feb 7 02:38 umount - -rwxr-xr-x 1 root root 22520 Sep 22 2020 uname - -rwxr-xr-x 2 root root 2346 Mar 2 11:30 uncompress - -rwxr-xr-x 1 root root 96764 Sep 22 2020 vdir - -rwxr-xr-x 1 root root 38512 Feb 7 02:38 wdctl - lrwxrwxrwx 1 root root 8 Nov 6 2019 ypdomainname -> hostname - -rwxr-xr-x 1 root root 1984 Mar 2 11:30 zcat - -rwxr-xr-x 1 root root 1678 Mar 2 11:30 zcmp - -rwxr-xr-x 1 root root 5880 Mar 2 11:30 zdiff - -rwxr-xr-x 1 root root 29 Mar 2 11:30 zegrep - -rwxr-xr-x 1 root root 29 Mar 2 11:30 zfgrep - -rwxr-xr-x 1 root root 2081 Mar 2 11:30 zforce - -rwxr-xr-x 1 root root 7585 Mar 2 11:30 zgrep - -rwxr-xr-x 1 root root 2206 Mar 2 11:30 zless - -rwxr-xr-x 1 root root 1842 Mar 2 11:30 zmore - -rwxr-xr-x 1 root root 4553 Mar 2 11:30 znew -I: user script /srv/workspace/pbuilder/24714/tmp/hooks/D02_print_environment finished + -rwxr-xr-x 1 root root 816764 Jun 22 16:26 bash + -rwxr-xr-x 3 root root 26052 Jul 21 2020 bunzip2 + -rwxr-xr-x 3 root root 26052 Jul 21 2020 bzcat + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzcmp -> bzdiff + -rwxr-xr-x 1 root root 2225 Jul 21 2020 bzdiff + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzegrep -> bzgrep + -rwxr-xr-x 1 root root 4877 Sep 5 2019 bzexe + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzfgrep -> bzgrep + -rwxr-xr-x 1 root root 3775 Jul 21 2020 bzgrep + -rwxr-xr-x 3 root root 26052 Jul 21 2020 bzip2 + -rwxr-xr-x 1 root root 9636 Jul 21 2020 bzip2recover + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzless -> bzmore + -rwxr-xr-x 1 root root 1297 Jul 21 2020 bzmore + -rwxr-xr-x 1 root root 26668 Sep 23 2020 cat + -rwxr-xr-x 1 root root 43104 Sep 23 2020 chgrp + -rwxr-xr-x 1 root root 38984 Sep 23 2020 chmod + -rwxr-xr-x 1 root root 43112 Sep 23 2020 chown + -rwxr-xr-x 1 root root 92616 Sep 23 2020 cp + -rwxr-xr-x 1 root root 75524 Dec 11 2020 dash + -rwxr-xr-x 1 root root 75880 Sep 23 2020 date + -rwxr-xr-x 1 root root 55436 Sep 23 2020 dd + -rwxr-xr-x 1 root root 59912 Sep 23 2020 df + -rwxr-xr-x 1 root root 96764 Sep 23 2020 dir + -rwxr-xr-x 1 root root 55012 Feb 8 04:38 dmesg + lrwxrwxrwx 1 root root 8 Nov 8 2019 dnsdomainname -> hostname + lrwxrwxrwx 1 root root 8 Nov 8 2019 domainname -> hostname + -rwxr-xr-x 1 root root 22508 Sep 23 2020 echo + -rwxr-xr-x 1 root root 28 Nov 10 2020 egrep + -rwxr-xr-x 1 root root 22496 Sep 23 2020 false + -rwxr-xr-x 1 root root 28 Nov 10 2020 fgrep + -rwxr-xr-x 1 root root 47492 Feb 8 04:38 findmnt + -rwsr-xr-x 1 root root 26076 Feb 27 06:12 fusermount + -rwxr-xr-x 1 root root 124508 Nov 10 2020 grep + -rwxr-xr-x 2 root root 2346 Mar 3 13:30 gunzip + -rwxr-xr-x 1 root root 6376 Mar 3 13:30 gzexe + -rwxr-xr-x 1 root root 64212 Mar 3 13:30 gzip + -rwxr-xr-x 1 root root 13784 Nov 8 2019 hostname + -rwxr-xr-x 1 root root 43180 Sep 23 2020 ln + -rwxr-xr-x 1 root root 35068 Feb 8 2020 login + -rwxr-xr-x 1 root root 96764 Sep 23 2020 ls + -rwxr-xr-x 1 root root 99940 Feb 8 04:38 lsblk + -rwxr-xr-x 1 root root 51408 Sep 23 2020 mkdir + -rwxr-xr-x 1 root root 43184 Sep 23 2020 mknod + -rwxr-xr-x 1 root root 30780 Sep 23 2020 mktemp + -rwxr-xr-x 1 root root 34408 Feb 8 04:38 more + -rwsr-xr-x 1 root root 34400 Feb 8 04:38 mount + -rwxr-xr-x 1 root root 9824 Feb 8 04:38 mountpoint + -rwxr-xr-x 1 root root 88524 Sep 23 2020 mv + lrwxrwxrwx 1 root root 8 Nov 8 2019 nisdomainname -> hostname + lrwxrwxrwx 1 root root 14 Apr 19 05:38 pidof -> /sbin/killall5 + -rwxr-xr-x 1 root root 26652 Sep 23 2020 pwd + lrwxrwxrwx 1 root root 4 Jun 22 16:26 rbash -> bash + -rwxr-xr-x 1 root root 30740 Sep 23 2020 readlink + -rwxr-xr-x 1 root root 43104 Sep 23 2020 rm + -rwxr-xr-x 1 root root 30732 Sep 23 2020 rmdir + -rwxr-xr-x 1 root root 14144 Sep 28 2020 run-parts + -rwxr-xr-x 1 root root 76012 Dec 23 2018 sed + lrwxrwxrwx 1 root root 4 Jul 17 09:39 sh -> bash + lrwxrwxrwx 1 root root 4 Jul 16 23:25 sh.distrib -> dash + -rwxr-xr-x 1 root root 22532 Sep 23 2020 sleep + -rwxr-xr-x 1 root root 55360 Sep 23 2020 stty + -rwsr-xr-x 1 root root 46704 Feb 8 04:38 su + -rwxr-xr-x 1 root root 22532 Sep 23 2020 sync + -rwxr-xr-x 1 root root 340872 Feb 17 23:55 tar + -rwxr-xr-x 1 root root 9808 Sep 28 2020 tempfile + -rwxr-xr-x 1 root root 67696 Sep 23 2020 touch + -rwxr-xr-x 1 root root 22496 Sep 23 2020 true + -rwxr-xr-x 1 root root 9636 Feb 27 06:12 ulockmgr_server + -rwsr-xr-x 1 root root 22108 Feb 8 04:38 umount + -rwxr-xr-x 1 root root 22520 Sep 23 2020 uname + -rwxr-xr-x 2 root root 2346 Mar 3 13:30 uncompress + -rwxr-xr-x 1 root root 96764 Sep 23 2020 vdir + -rwxr-xr-x 1 root root 38512 Feb 8 04:38 wdctl + lrwxrwxrwx 1 root root 8 Nov 8 2019 ypdomainname -> hostname + -rwxr-xr-x 1 root root 1984 Mar 3 13:30 zcat + -rwxr-xr-x 1 root root 1678 Mar 3 13:30 zcmp + -rwxr-xr-x 1 root root 5880 Mar 3 13:30 zdiff + -rwxr-xr-x 1 root root 29 Mar 3 13:30 zegrep + -rwxr-xr-x 1 root root 29 Mar 3 13:30 zfgrep + -rwxr-xr-x 1 root root 2081 Mar 3 13:30 zforce + -rwxr-xr-x 1 root root 7585 Mar 3 13:30 zgrep + -rwxr-xr-x 1 root root 2206 Mar 3 13:30 zless + -rwxr-xr-x 1 root root 1842 Mar 3 13:30 zmore + -rwxr-xr-x 1 root root 4553 Mar 3 13:30 znew +I: user script /srv/workspace/pbuilder/21989/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -362,7 +396,7 @@ Get: 155 http://deb.debian.org/debian bullseye/main armhf ruby-rspec-mocks all 3.9.0c2e2m1s3-2 [81.4 kB] Get: 156 http://deb.debian.org/debian bullseye/main armhf ruby-rspec all 3.9.0c2e2m1s3-2 [8348 B] Get: 157 http://deb.debian.org/debian bullseye/main armhf ruby-useragent all 0.16.8-1.1 [12.0 kB] -Fetched 44.0 MB in 6s (6975 kB/s) +Fetched 44.0 MB in 4s (10.4 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package bsdextrautils. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19398 files and directories currently installed.) @@ -1014,8 +1048,45 @@ Writing extended state information... Building tag database... -> Finished parsing the build-deps +Reading package lists... +Building dependency tree... +Reading state information... +The following additional packages will be installed: + libfile-find-rule-perl libnumber-compare-perl libtext-glob-perl +The following NEW packages will be installed: + libfile-find-rule-perl libnumber-compare-perl libtext-glob-perl usrmerge +0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. +Need to get 59.5 kB of archives. +After this operation, 157 kB of additional disk space will be used. +Get:1 http://deb.debian.org/debian bullseye/main armhf libnumber-compare-perl all 0.03-1.1 [6956 B] +Get:2 http://deb.debian.org/debian bullseye/main armhf libtext-glob-perl all 0.11-1 [8888 B] +Get:3 http://deb.debian.org/debian bullseye/main armhf libfile-find-rule-perl all 0.34-1 [30.6 kB] +Get:4 http://deb.debian.org/debian bullseye/main armhf usrmerge all 25 [13.0 kB] +debconf: delaying package configuration, since apt-utils is not installed +Fetched 59.5 kB in 0s (1194 kB/s) +Selecting previously unselected package libnumber-compare-perl. +(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 27585 files and directories currently installed.) +Preparing to unpack .../libnumber-compare-perl_0.03-1.1_all.deb ... +Unpacking libnumber-compare-perl (0.03-1.1) ... +Selecting previously unselected package libtext-glob-perl. +Preparing to unpack .../libtext-glob-perl_0.11-1_all.deb ... +Unpacking libtext-glob-perl (0.11-1) ... +Selecting previously unselected package libfile-find-rule-perl. +Preparing to unpack .../libfile-find-rule-perl_0.34-1_all.deb ... +Unpacking libfile-find-rule-perl (0.34-1) ... +Selecting previously unselected package usrmerge. +Preparing to unpack .../archives/usrmerge_25_all.deb ... +Unpacking usrmerge (25) ... +Setting up libtext-glob-perl (0.11-1) ... +Setting up libnumber-compare-perl (0.03-1.1) ... +Setting up libfile-find-rule-perl (0.34-1) ... +Setting up usrmerge (25) ... +The system has been successfully converted. +Processing triggers for man-db (2.9.4-2) ... +Not building database; man-db/auto-update is not 'true'. I: Building the package -I: Running cd /build/ruby-secure-headers-6.3.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-secure-headers_6.3.2-1_source.changes +hostname: Name or service not known +I: Running cd /build/ruby-secure-headers-6.3.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-secure-headers_6.3.2-1_source.changes dpkg-buildpackage: info: source package ruby-secure-headers dpkg-buildpackage: info: source version 6.3.2-1 dpkg-buildpackage: info: source distribution unstable @@ -1046,7 +1117,7 @@ dh_auto_install -O--buildsystem=ruby dh_ruby --install /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers dh_ruby --install -/usr/bin/ruby2.7 -S gem build --config-file /dev/null --verbose /tmp/d20210716-29089-1dzgow4/gemspec +/usr/bin/ruby2.7 -S gem build --config-file /dev/null --verbose /tmp/d20210717-27069-1dvhh64/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: license value 'Apache Public License 2.0' is invalid. Use a license identifier from http://spdx.org/licenses or 'Nonstandard' for a nonstandard license. @@ -1058,7 +1129,7 @@ Name: secure_headers Version: 6.3.2 File: secure_headers-6.3.2.gem -/usr/bin/ruby2.7 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-secure-headers/usr/share/rubygems-integration/all /tmp/d20210716-29089-1dzgow4/secure_headers-6.3.2.gem +/usr/bin/ruby2.7 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-secure-headers/usr/share/rubygems-integration/all /tmp/d20210717-27069-1dvhh64/secure_headers-6.3.2.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers/usr/share/rubygems-integration/all/gems/secure_headers-6.3.2/lib/secure_headers.rb /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers/usr/share/rubygems-integration/all/gems/secure_headers-6.3.2/lib/secure_headers/configuration.rb @@ -1092,7 +1163,7 @@ rm -rf extensions cd gems/secure_headers-6.3.2 rm -f -chmod 644 lib/secure_headers.rb lib/secure_headers/view_helper.rb lib/secure_headers/configuration.rb lib/secure_headers/version.rb lib/secure_headers/headers/expect_certificate_transparency.rb lib/secure_headers/headers/referrer_policy.rb lib/secure_headers/headers/x_download_options.rb lib/secure_headers/headers/x_content_type_options.rb lib/secure_headers/headers/strict_transport_security.rb lib/secure_headers/headers/content_security_policy.rb lib/secure_headers/headers/x_frame_options.rb lib/secure_headers/headers/content_security_policy_config.rb lib/secure_headers/headers/clear_site_data.rb lib/secure_headers/headers/cookie.rb lib/secure_headers/headers/x_xss_protection.rb lib/secure_headers/headers/policy_management.rb lib/secure_headers/headers/x_permitted_cross_domain_policies.rb lib/secure_headers/utils/cookies_config.rb lib/secure_headers/railtie.rb lib/secure_headers/middleware.rb lib/secure_headers/hash_helper.rb +chmod 644 lib/secure_headers/configuration.rb lib/secure_headers/hash_helper.rb lib/secure_headers/view_helper.rb lib/secure_headers/railtie.rb lib/secure_headers/middleware.rb lib/secure_headers/headers/x_frame_options.rb lib/secure_headers/headers/clear_site_data.rb lib/secure_headers/headers/referrer_policy.rb lib/secure_headers/headers/x_xss_protection.rb lib/secure_headers/headers/content_security_policy.rb lib/secure_headers/headers/expect_certificate_transparency.rb lib/secure_headers/headers/cookie.rb lib/secure_headers/headers/policy_management.rb lib/secure_headers/headers/x_permitted_cross_domain_policies.rb lib/secure_headers/headers/x_content_type_options.rb lib/secure_headers/headers/content_security_policy_config.rb lib/secure_headers/headers/x_download_options.rb lib/secure_headers/headers/strict_transport_security.rb lib/secure_headers/version.rb lib/secure_headers/utils/cookies_config.rb lib/secure_headers.rb find lib/ -type d -empty -delete cd - cd - @@ -1114,113 +1185,107 @@ [Coveralls] Set up the SimpleCov formatter. [Coveralls] Using SimpleCov's default settings. -Randomized with seed 5988 +Randomized with seed 21440 -with an invalid configuration - raises an exception when SameSite lax and strict enforcement modes are configured with booleans - raises an exception when SameSite none and strict enforcement modes are configured with booleans - raises an exception when SameSite strict and lax enforcement modes are configured with booleans - raises an exception when both only and except filters are provided - raises an exception when both lax and strict only filters are provided to SameSite configurations - raises an exception when SameSite lax and none enforcement modes are configured with booleans - raises an exception when configured with false - raises an exception when SameSite is not configured with a Hash - raises an exception when SameSite lax and strict enforcement modes are configured with booleans - raises an exception when SameSite none and lax enforcement modes are configured with booleans - raises an exception when both only and except filters are provided to SameSite configurations - raises an exception when not configured with a Hash - raises an exception when configured without a boolean(true or OPT_OUT)/Hash - raises an exception when SameSite strict and none enforcement modes are configured with booleans - raises an exception when both lax and strict only filters are provided to SameSite configurations - -SecureHeaders::ExpectCertificateTransparency - is expected to eq "max-age=1234" - is expected to eq "max-age=1234" - is expected to eq "max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" - is expected to eq "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" - is expected to eq "enforce, max-age=1234" - with an invalid configuration - raises an exception with an invalid enforce value - raises an exception with an invalid max-age - raises an exception when configuration isn't a hash - raises an exception when max-age is not provided +SecureHeaders::XContentTypeOptions + #value + is expected to eq ["X-Content-Type-Options", "nosniff"] + is expected to eq ["X-Content-Type-Options", "nosniff"] + invalid configuration values + accepts nosniff + doesn't accept anything besides no-sniff + accepts nil -SecureHeaders::Configuration - dup results in a copy of the default config - allows me to be explicit too - allows OPT_OUT - stores an override - gives cookies a default config - has a default config - deprecates the secure_cookies configuration - has an 'noop' override - #named_append - raises when an override with the given name exists - raises on configuring an existing append - #override - raises on configuring an existing override - raises when a named append with the given name exists +SecureHeaders::ClearSiteData + make_header + returns nil with nil config + returns nil with empty config + returns nil with opt-out config + returns specified types + returns all types with `true` config + validate_config! + fails for Array of non-String config + succeeds for Array of Strings config + fails for other types of config + succeeds for opt-out config + succeeds for `nil` config + succeeds for `true` config + succeeds for empty config + make_header_value + returns a string of quoted values that are comma separated -SecureHeaders::XXssProtection - is expected to eq ["X-XSS-Protection", "1; mode=block; report=https://www.secure.com/reports"] - is expected to eq ["X-XSS-Protection", "1; mode=block"] - with invalid configuration - should raise an error when providing a string that is not valid - when using a hash value - should allow string values ('1' or '0' are the only valid strings) - should raise an error if an invalid key is supplied - should raise an error if mode != block - should raise an error if no value key is supplied +SecureHeaders::ReferrerPolicy + is expected to eq ["Referrer-Policy", "origin-when-cross-origin, strict-origin-when-cross-origin"] + is expected to eq ["Referrer-Policy", "origin-when-cross-origin"] + is expected to eq ["Referrer-Policy", "no-referrer"] + valid configuration values + accepts 'strict-origin-when-cross-origin' + accepts 'strict-origin' + accepts array of policy values + accepts 'unsafe-url' + accepts 'origin' + accepts 'no-referrer-when-downgrade' + accepts 'origin-when-cross-origin' + accepts nil + accepts 'no-referrer' + accepts 'same-origin' + invalid configuration values + doesn't accept invalid values + doesn't accept invalid types SecureHeaders::Cookie applies httponly, secure, and samesite by default - preserves existing attributes prevents duplicate flagging of attributes does not tamper with cookies when using OPT_OUT is used + preserves existing attributes SameSite cookies - flags SameSite=Lax when configured with a boolean + flags properly when both lax and strict are configured flags SameSite=None when configured with a boolean - flags SameSite=Lax flags SameSite=None - flags properly when both lax and strict are configured - flags SameSite=Strict when configured with a boolean + flags SameSite=Strict + flags SameSite=Lax + does not flag cookies as SameSite=Lax when excluded flags SameSite=Strict when configured with a boolean does not flag cookies as SameSite=None when excluded - does not flag cookies as SameSite=Strict when excluded ignores configuration if the cookie is already flagged - flags SameSite=Strict + flags SameSite=Lax when configured with a boolean samesite: true sets all cookies to samesite=lax - does not flag cookies as SameSite=Lax when excluded - Secure cookies - when configured with a boolean - flags cookies as Secure - when configured with a Hash - flags cookies as Secure when whitelisted - does not flag cookies as Secure when excluded + does not flag cookies as SameSite=Strict when excluded + flags SameSite=Strict when configured with a boolean HttpOnly cookies when configured with a Hash - does not flag cookies as HttpOnly when excluded flags cookies as HttpOnly when whitelisted + does not flag cookies as HttpOnly when excluded when configured with a boolean flags cookies as HttpOnly + Secure cookies + when configured with a Hash + does not flag cookies as Secure when excluded + flags cookies as Secure when whitelisted + when configured with a boolean + flags cookies as Secure -SecureHeaders::ClearSiteData - make_header_value - returns a string of quoted values that are comma separated - validate_config! - fails for other types of config - succeeds for `nil` config - succeeds for Array of Strings config - succeeds for empty config - fails for Array of non-String config - succeeds for opt-out config - succeeds for `true` config - make_header - returns nil with empty config - returns specified types - returns all types with `true` config - returns nil with nil config - returns nil with opt-out config +SecureHeaders::XFrameOptions + #value + is expected to eq ["X-Frame-Options", "DENY"] + is expected to eq ["X-Frame-Options", "sameorigin"] + with invalid configuration + allows DENY + does not allow garbage + allows SAMEORIGIN + allows ALLOW-FROM* + +SecureHeaders::XPermittedCrossDomainPolicies + is expected to eq ["X-Permitted-Cross-Domain-Policies", "master-only"] + is expected to eq ["X-Permitted-Cross-Domain-Policies", "none"] + valid configuration values + accepts nil + accepts 'by-content-type' + accepts 'by-ftp-filename' + accepts 'all' + accepts 'master-only' + invlaid configuration values + doesn't accept invalid values SecureHeaders::Middleware uses named overrides @@ -1234,208 +1299,214 @@ flags cookies as secure cookies flags cookies with a combination of SameSite configurations - flags cookies from configuration - sets the secure cookie flag correctly on interleaved http/https requests disables secure cookies for non-https requests + sets the secure cookie flag correctly on interleaved http/https requests + flags cookies from configuration -SecureHeaders::ContentSecurityPolicy +SecureHeaders::StrictTransportSecurity #value - supports style-src-elem directive - does add a boolean directive if the value is true - creates maximally strict sandbox policy when passed true - removes http/s schemes from hosts - allows script and style as a require-sri-src - creates maximally strict sandbox policy when passed no sandbox token values - supports strict-dynamic and opting out of the appended 'unsafe-inline' - supports style-src-attr directive - does not remove schemes when :preserve_schemes is true - removes nil from source lists - creates sandbox policy when passed valid sandbox token values - does not add a boolean directive if the value is false - does not add a directive if the value is nil - supports strict-dynamic - allows script as a require-sri-src - uses a safe but non-breaking default value - deduplicates any source expressions - allows style as a require-sri-src - deprecates and escapes semicolons in directive source lists - includes navigate-to - deprecates and escapes semicolons in directive source lists - minifies source expressions based on overlapping wildcards - includes prefetch-src - does not build directives with a value of OPT_OUT (and bypasses directive requirements) - does not add a directive if the value is an empty array (or all nil) - discards source expressions (besides unsafe-* and non-host source values) when * is present - supports script-src-attr directive - does not remove schemes from report-uri values - does not emit a warning when using frame-src - supports script-src-elem directive - discards 'none' values if any other source expressions are present - #name - when in enforce mode - is expected to eq "Content-Security-Policy" - when in report-only mode - is expected to eq "Content-Security-Policy-Report-Only" + is expected to eq ["Strict-Transport-Security", "max-age=1234; includeSubdomains; preload"] + is expected to eq ["Strict-Transport-Security", "max-age=631138519"] + with an invalid configuration + with a string argument + raises an exception with an invalid format + raises an exception with an invalid max-age + raises an exception if max-age is not supplied -SecureHeaders::XContentTypeOptions - #value - is expected to eq ["X-Content-Type-Options", "nosniff"] - is expected to eq ["X-Content-Type-Options", "nosniff"] - invalid configuration values - doesn't accept anything besides no-sniff - accepts nil - accepts nosniff +SecureHeaders::PolicyManagement + #validate_config! + rejects anything not of the form allow-* as a sandbox value + requires a :script_src value + requires all source lists to be an array of strings + allows report_only to be set in a report-only config + accepts anything of the form allow-* as a sandbox value + accepts all keys + requires :report_only to be a truthy value + accepts OPT_OUT as a script-src value + requires :block_all_mixed_content to be a boolean value + requires :upgrade_insecure_requests to be a boolean value + accepts true as a sandbox policy + accepts anything of the form type/subtype as a plugin-type value + rejects unknown directives / config + doesn't allow report_only to be set in a non-report-only config + requires :preserve_schemes to be a truthy value + rejects anything not of the form type/subtype as a plugin-type value + allows nil values + requires a :default_src value + performs light validation on source lists + #combine_policies + does not combine the default-src value for directives that don't fall back to default sources + combines the default-src value with the override if the directive was unconfigured + raises an error if appending to a OPT_OUT policy + overrides the report_only flag + combines directives where the original value is nil and the hash is frozen + overrides the :block_all_mixed_content flag -SecureHeaders::XPermittedCrossDomainPolicies - is expected to eq ["X-Permitted-Cross-Domain-Policies", "master-only"] - is expected to eq ["X-Permitted-Cross-Domain-Policies", "none"] - valid configuration values - accepts nil - accepts 'by-content-type' - accepts 'all' - accepts 'master-only' - accepts 'by-ftp-filename' - invlaid configuration values - doesn't accept invalid values +SecureHeaders::Configuration + has a default config + has an 'noop' override + stores an override + allows me to be explicit too + deprecates the secure_cookies configuration + gives cookies a default config + allows OPT_OUT + dup results in a copy of the default config + #named_append + raises on configuring an existing append + raises when an override with the given name exists + #override + raises when a named append with the given name exists + raises on configuring an existing override + +SecureHeaders::ViewHelpers + raises an error when using hashed content with precomputed hashes, but none for the given file + raises an error when using hashed content without precomputed hashes + adds known hash values to the corresponding headers when the helper is used + avoids calling content_security_policy_nonce internally + raises an error when using previously unknown hashed content with precomputed hashes for a given file + +SecureHeaders::XXssProtection + is expected to eq ["X-XSS-Protection", "1; mode=block; report=https://www.secure.com/reports"] + is expected to eq ["X-XSS-Protection", "1; mode=block"] + with invalid configuration + should raise an error when providing a string that is not valid + when using a hash value + should allow string values ('1' or '0' are the only valid strings) + should raise an error if no value key is supplied + should raise an error if mode != block + should raise an error if an invalid key is supplied SecureHeaders raises a NotYetConfiguredError if trying to opt-out of unconfigured headers raises a AlreadyConfiguredError if trying to configure and default has already been set - raises and ArgumentError when referencing an override that has not been set raises a NotYetConfiguredError if default has not been set + raises and ArgumentError when referencing an override that has not been set + validation + validates your cookies config upon configuration + validates your xcto config upon configuration + validates your xfo config upon configuration + validates your referrer_policy config upon configuration + validates your x_xss config upon configuration + validates your xdo config upon configuration + validates your hsts config upon configuration + validates your x_permitted_cross_domain_policies config upon configuration + validates your csp config upon configuration + raises errors for unknown directives + validates your clear site data config upon configuration #header_hash_for - Overrides the current default config if default config changes during request - does not set the HSTS header if request is over HTTP allows you to opt out of individual headers via API - Carries options over when using overrides - allows you to override opting out produces a hash of headers with default config allows you to override X-Frame-Options settings + allows you to override opting out + Carries options over when using overrides + Overrides the current default config if default config changes during request + does not set the HSTS header if request is over HTTP allows you to opt out entirely content security policy - overrides non-existant directives + appends a nonce to a missing script-src value Raises an error if csp_report_only is used with `report_only: false` - appends a nonce to the script-src when used + overrides individual directives + supports named appends + overrides non-existant directives does not support the deprecated `report_only: true` format appends a hash to a missing script-src value + appends a nonce to the script-src when used appends a value to csp directive - overrides individual directives - supports named appends - appends a nonce to a missing script-src value setting two headers - allows appending to the report only policy + allows you to opt-out of enforced CSP allows appending to both policies - allows overriding the report only policy - sets identical values when the configs are the same - allows appending to the enforced policy allows overriding both policies allows overriding the enforced policy + allows appending to the report only policy + allows appending to the enforced policy sets different headers when the configs are different - allows you to opt-out of enforced CSP + allows overriding the report only policy + sets identical values when the configs are the same when inferring which config to modify updates the enforced header when configured updates both headers if both are configured updates the report only header when configured - validation - validates your cookies config upon configuration - validates your x_permitted_cross_domain_policies config upon configuration - validates your xdo config upon configuration - validates your clear site data config upon configuration - validates your x_xss config upon configuration - validates your hsts config upon configuration - validates your xcto config upon configuration - validates your csp config upon configuration - validates your referrer_policy config upon configuration - validates your xfo config upon configuration - raises errors for unknown directives -SecureHeaders::StrictTransportSecurity +SecureHeaders::ExpectCertificateTransparency + is expected to eq "max-age=1234" + is expected to eq "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" + is expected to eq "enforce, max-age=1234" + is expected to eq "max-age=1234" + is expected to eq "max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" + with an invalid configuration + raises an exception with an invalid enforce value + raises an exception with an invalid max-age + raises an exception when max-age is not provided + raises an exception when configuration isn't a hash + +SecureHeaders::ContentSecurityPolicy #value - is expected to eq ["Strict-Transport-Security", "max-age=631138519"] - is expected to eq ["Strict-Transport-Security", "max-age=1234; includeSubdomains; preload"] - with an invalid configuration - with a string argument - raises an exception if max-age is not supplied - raises an exception with an invalid max-age - raises an exception with an invalid format + creates maximally strict sandbox policy when passed no sandbox token values + does not build directives with a value of OPT_OUT (and bypasses directive requirements) + removes http/s schemes from hosts + does not add a boolean directive if the value is false + uses a safe but non-breaking default value + creates sandbox policy when passed valid sandbox token values + allows script as a require-sri-src + removes nil from source lists + allows style as a require-sri-src + does not emit a warning when using frame-src + discards 'none' values if any other source expressions are present + minifies source expressions based on overlapping wildcards + allows script and style as a require-sri-src + creates maximally strict sandbox policy when passed true + does not add a directive if the value is nil + discards source expressions (besides unsafe-* and non-host source values) when * is present + does not add a directive if the value is an empty array (or all nil) + supports script-src-elem directive + supports style-src-elem directive + deprecates and escapes semicolons in directive source lists + does not remove schemes when :preserve_schemes is true + supports style-src-attr directive + includes prefetch-src + does add a boolean directive if the value is true + supports strict-dynamic + deduplicates any source expressions + includes navigate-to + deprecates and escapes semicolons in directive source lists + supports strict-dynamic and opting out of the appended 'unsafe-inline' + does not remove schemes from report-uri values + supports script-src-attr directive + #name + when in report-only mode + is expected to eq "Content-Security-Policy-Report-Only" + when in enforce mode + is expected to eq "Content-Security-Policy" + +with an invalid configuration + raises an exception when both lax and strict only filters are provided to SameSite configurations + raises an exception when both only and except filters are provided to SameSite configurations + raises an exception when SameSite none and strict enforcement modes are configured with booleans + raises an exception when SameSite lax and strict enforcement modes are configured with booleans + raises an exception when configured without a boolean(true or OPT_OUT)/Hash + raises an exception when SameSite lax and strict enforcement modes are configured with booleans + raises an exception when SameSite strict and none enforcement modes are configured with booleans + raises an exception when configured with false + raises an exception when both only and except filters are provided + raises an exception when not configured with a Hash + raises an exception when SameSite lax and none enforcement modes are configured with booleans + raises an exception when both lax and strict only filters are provided to SameSite configurations + raises an exception when SameSite none and lax enforcement modes are configured with booleans + raises an exception when SameSite is not configured with a Hash + raises an exception when SameSite strict and lax enforcement modes are configured with booleans SecureHeaders::XDownloadOptions is expected to eq ["X-Download-Options", "noopen"] is expected to eq ["X-Download-Options", "noopen"] invalid configuration values - accepts noopen doesn't accept anything besides noopen accepts nil + accepts noopen -SecureHeaders::ReferrerPolicy - is expected to eq ["Referrer-Policy", "origin-when-cross-origin, strict-origin-when-cross-origin"] - is expected to eq ["Referrer-Policy", "no-referrer"] - is expected to eq ["Referrer-Policy", "origin-when-cross-origin"] - invalid configuration values - doesn't accept invalid values - doesn't accept invalid types - valid configuration values - accepts 'strict-origin' - accepts 'same-origin' - accepts array of policy values - accepts 'no-referrer' - accepts 'unsafe-url' - accepts nil - accepts 'no-referrer-when-downgrade' - accepts 'origin' - accepts 'origin-when-cross-origin' - accepts 'strict-origin-when-cross-origin' - -SecureHeaders::PolicyManagement - #validate_config! - requires :upgrade_insecure_requests to be a boolean value - accepts anything of the form allow-* as a sandbox value - accepts OPT_OUT as a script-src value - allows report_only to be set in a report-only config - requires :block_all_mixed_content to be a boolean value - doesn't allow report_only to be set in a non-report-only config - accepts true as a sandbox policy - requires :report_only to be a truthy value - performs light validation on source lists - accepts anything of the form type/subtype as a plugin-type value - rejects anything not of the form allow-* as a sandbox value - requires all source lists to be an array of strings - requires :preserve_schemes to be a truthy value - allows nil values - accepts all keys - rejects unknown directives / config - requires a :script_src value - rejects anything not of the form type/subtype as a plugin-type value - requires a :default_src value - #combine_policies - does not combine the default-src value for directives that don't fall back to default sources - overrides the :block_all_mixed_content flag - raises an error if appending to a OPT_OUT policy - overrides the report_only flag - combines the default-src value with the override if the directive was unconfigured - combines directives where the original value is nil and the hash is frozen - -SecureHeaders::ViewHelpers - raises an error when using hashed content with precomputed hashes, but none for the given file - raises an error when using previously unknown hashed content with precomputed hashes for a given file - adds known hash values to the corresponding headers when the helper is used - avoids calling content_security_policy_nonce internally - raises an error when using hashed content without precomputed hashes - -SecureHeaders::XFrameOptions - #value - is expected to eq ["X-Frame-Options", "DENY"] - is expected to eq ["X-Frame-Options", "sameorigin"] - with invalid configuration - allows SAMEORIGIN - allows DENY - does not allow garbage - allows ALLOW-FROM* - -Finished in 0.4125 seconds (files took 0.90985 seconds to load) +Finished in 0.38236 seconds (files took 0.89471 seconds to load) 240 examples, 0 failures -Randomized with seed 5988 +Randomized with seed 21440 [Coveralls] Outside the CI environment, not sending data. @@ -1467,12 +1538,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/21989/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/21989/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/24714 and its subdirectories -I: Current time: Fri Jul 16 07:38:42 -12 2021 -I: pbuilder-time-stamp: 1626464322 +I: removing directory /srv/workspace/pbuilder/21989 and its subdirectories +I: Current time: Sat Jul 17 09:40:10 +14 2021 +I: pbuilder-time-stamp: 1626464410