Diff of the two buildlogs: -- --- b1/build.log 2023-05-15 11:02:01.794245340 +0000 +++ b2/build.log 2023-05-15 11:07:50.670963337 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Sun Jun 16 05:19:54 -12 2024 -I: pbuilder-time-stamp: 1718558394 +I: Current time: Tue May 16 01:02:07 +14 2023 +I: pbuilder-time-stamp: 1684148527 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/bookworm-reproducible-base.tgz] I: copying local configuration @@ -16,7 +16,7 @@ I: copying [./ruby-jwt_2.5.0.orig.tar.gz] I: copying [./ruby-jwt_2.5.0-1.debian.tar.xz] I: Extracting source -gpgv: Signature made Wed Nov 30 16:05:35 2022 -12 +gpgv: Signature made Thu Dec 1 18:05:35 2022 +14 gpgv: using EDDSA key 84CFFDC21520F88306EC29D152699AB63F9F2BC3 gpgv: Can't check signature: No public key dpkg-source: warning: cannot verify inline signature for ./ruby-jwt_2.5.0-1.dsc: no acceptable signature found @@ -27,135 +27,167 @@ dpkg-source: info: applying no-pending-tests.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/3676521/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/D01_modify_environment starting +debug: Running on ionos11-amd64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 May 16 01:02 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='amd64' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=16' - DISTRIBUTION='bookworm' - HOME='/root' - HOST_ARCH='amd64' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="15" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") + BASH_VERSION='5.2.15(1)-release' + BUILDDIR=/build + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=amd64 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=15' + DIRSTACK=() + DISTRIBUTION=bookworm + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=x86_64 + HOST_ARCH=amd64 IFS=' ' - INVOCATION_ID='56aab08de3f846459009c497572737a6' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='3676521' - PS1='# ' - PS2='> ' + INVOCATION_ID=595c2b9d3aaf442d91151e1012a306f6 + LANG=C + LANGUAGE=et_EE:et + LC_ALL=C + MACHTYPE=x86_64-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=3444852 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.LlCqxGV7/pbuilderrc_0cCI --distribution bookworm --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.LlCqxGV7/b1 --logfile b1/build.log ruby-jwt_2.5.0-1.dsc' - SUDO_GID='110' - SUDO_UID='105' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://85.184.249.68:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.LlCqxGV7/pbuilderrc_KbZM --distribution bookworm --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.LlCqxGV7/b2 --logfile b2/build.log --extrapackages usrmerge ruby-jwt_2.5.0-1.dsc' + SUDO_GID=111 + SUDO_UID=106 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://78.137.99.97:3128 I: uname -a - Linux ionos5-amd64 6.1.0-0.deb11.6-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.15-1~bpo11+1 (2023-03-16) x86_64 GNU/Linux + Linux i-capture-the-hostname 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12) x86_64 GNU/Linux I: ls -l /bin total 5632 - -rwxr-xr-x 1 root root 1265648 Apr 23 2023 bash - -rwxr-xr-x 3 root root 39224 Sep 18 2022 bunzip2 - -rwxr-xr-x 3 root root 39224 Sep 18 2022 bzcat - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzcmp -> bzdiff - -rwxr-xr-x 1 root root 2225 Sep 18 2022 bzdiff - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzegrep -> bzgrep - -rwxr-xr-x 1 root root 4893 Nov 27 2021 bzexe - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzfgrep -> bzgrep - -rwxr-xr-x 1 root root 3775 Sep 18 2022 bzgrep - -rwxr-xr-x 3 root root 39224 Sep 18 2022 bzip2 - -rwxr-xr-x 1 root root 14568 Sep 18 2022 bzip2recover - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzless -> bzmore - -rwxr-xr-x 1 root root 1297 Sep 18 2022 bzmore - -rwxr-xr-x 1 root root 44016 Sep 20 2022 cat - -rwxr-xr-x 1 root root 68656 Sep 20 2022 chgrp - -rwxr-xr-x 1 root root 64496 Sep 20 2022 chmod - -rwxr-xr-x 1 root root 72752 Sep 20 2022 chown - -rwxr-xr-x 1 root root 151152 Sep 20 2022 cp - -rwxr-xr-x 1 root root 125640 Jan 5 2023 dash - -rwxr-xr-x 1 root root 121904 Sep 20 2022 date - -rwxr-xr-x 1 root root 89240 Sep 20 2022 dd - -rwxr-xr-x 1 root root 102200 Sep 20 2022 df - -rwxr-xr-x 1 root root 151344 Sep 20 2022 dir - -rwxr-xr-x 1 root root 88656 Mar 22 2023 dmesg - lrwxrwxrwx 1 root root 8 Dec 19 2022 dnsdomainname -> hostname - lrwxrwxrwx 1 root root 8 Dec 19 2022 domainname -> hostname - -rwxr-xr-x 1 root root 43856 Sep 20 2022 echo - -rwxr-xr-x 1 root root 41 Jan 24 2023 egrep - -rwxr-xr-x 1 root root 35664 Sep 20 2022 false - -rwxr-xr-x 1 root root 41 Jan 24 2023 fgrep - -rwxr-xr-x 1 root root 85600 Mar 22 2023 findmnt - -rwsr-xr-x 1 root root 35128 Mar 22 2023 fusermount - -rwxr-xr-x 1 root root 203152 Jan 24 2023 grep - -rwxr-xr-x 2 root root 2346 Apr 9 2022 gunzip - -rwxr-xr-x 1 root root 6447 Apr 9 2022 gzexe - -rwxr-xr-x 1 root root 98136 Apr 9 2022 gzip - -rwxr-xr-x 1 root root 22680 Dec 19 2022 hostname - -rwxr-xr-x 1 root root 72824 Sep 20 2022 ln - -rwxr-xr-x 1 root root 53024 Mar 23 2023 login - -rwxr-xr-x 1 root root 151344 Sep 20 2022 ls - -rwxr-xr-x 1 root root 207168 Mar 22 2023 lsblk - -rwxr-xr-x 1 root root 97552 Sep 20 2022 mkdir - -rwxr-xr-x 1 root root 72912 Sep 20 2022 mknod - -rwxr-xr-x 1 root root 43952 Sep 20 2022 mktemp - -rwxr-xr-x 1 root root 59712 Mar 22 2023 more - -rwsr-xr-x 1 root root 59704 Mar 22 2023 mount - -rwxr-xr-x 1 root root 18744 Mar 22 2023 mountpoint - -rwxr-xr-x 1 root root 142968 Sep 20 2022 mv - lrwxrwxrwx 1 root root 8 Dec 19 2022 nisdomainname -> hostname - lrwxrwxrwx 1 root root 14 Apr 2 2023 pidof -> /sbin/killall5 - -rwxr-xr-x 1 root root 43952 Sep 20 2022 pwd - lrwxrwxrwx 1 root root 4 Apr 23 2023 rbash -> bash - -rwxr-xr-x 1 root root 52112 Sep 20 2022 readlink - -rwxr-xr-x 1 root root 72752 Sep 20 2022 rm - -rwxr-xr-x 1 root root 56240 Sep 20 2022 rmdir - -rwxr-xr-x 1 root root 27560 Nov 2 2022 run-parts - -rwxr-xr-x 1 root root 126424 Jan 5 2023 sed - lrwxrwxrwx 1 root root 4 Jan 5 2023 sh -> dash - -rwxr-xr-x 1 root root 43888 Sep 20 2022 sleep - -rwxr-xr-x 1 root root 85008 Sep 20 2022 stty - -rwsr-xr-x 1 root root 72000 Mar 22 2023 su - -rwxr-xr-x 1 root root 39824 Sep 20 2022 sync - -rwxr-xr-x 1 root root 531984 Apr 6 2023 tar - -rwxr-xr-x 1 root root 14520 Nov 2 2022 tempfile - -rwxr-xr-x 1 root root 109616 Sep 20 2022 touch - -rwxr-xr-x 1 root root 35664 Sep 20 2022 true - -rwxr-xr-x 1 root root 14568 Mar 22 2023 ulockmgr_server - -rwsr-xr-x 1 root root 35128 Mar 22 2023 umount - -rwxr-xr-x 1 root root 43888 Sep 20 2022 uname - -rwxr-xr-x 2 root root 2346 Apr 9 2022 uncompress - -rwxr-xr-x 1 root root 151344 Sep 20 2022 vdir - -rwxr-xr-x 1 root root 72024 Mar 22 2023 wdctl - lrwxrwxrwx 1 root root 8 Dec 19 2022 ypdomainname -> hostname - -rwxr-xr-x 1 root root 1984 Apr 9 2022 zcat - -rwxr-xr-x 1 root root 1678 Apr 9 2022 zcmp - -rwxr-xr-x 1 root root 6460 Apr 9 2022 zdiff - -rwxr-xr-x 1 root root 29 Apr 9 2022 zegrep - -rwxr-xr-x 1 root root 29 Apr 9 2022 zfgrep - -rwxr-xr-x 1 root root 2081 Apr 9 2022 zforce - -rwxr-xr-x 1 root root 8103 Apr 9 2022 zgrep - -rwxr-xr-x 1 root root 2206 Apr 9 2022 zless - -rwxr-xr-x 1 root root 1842 Apr 9 2022 zmore - -rwxr-xr-x 1 root root 4577 Apr 9 2022 znew -I: user script /srv/workspace/pbuilder/3676521/tmp/hooks/D02_print_environment finished + -rwxr-xr-x 1 root root 1265648 Apr 24 11:23 bash + -rwxr-xr-x 3 root root 39224 Sep 19 2022 bunzip2 + -rwxr-xr-x 3 root root 39224 Sep 19 2022 bzcat + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzcmp -> bzdiff + -rwxr-xr-x 1 root root 2225 Sep 19 2022 bzdiff + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzegrep -> bzgrep + -rwxr-xr-x 1 root root 4893 Nov 28 2021 bzexe + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzfgrep -> bzgrep + -rwxr-xr-x 1 root root 3775 Sep 19 2022 bzgrep + -rwxr-xr-x 3 root root 39224 Sep 19 2022 bzip2 + -rwxr-xr-x 1 root root 14568 Sep 19 2022 bzip2recover + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzless -> bzmore + -rwxr-xr-x 1 root root 1297 Sep 19 2022 bzmore + -rwxr-xr-x 1 root root 44016 Sep 21 2022 cat + -rwxr-xr-x 1 root root 68656 Sep 21 2022 chgrp + -rwxr-xr-x 1 root root 64496 Sep 21 2022 chmod + -rwxr-xr-x 1 root root 72752 Sep 21 2022 chown + -rwxr-xr-x 1 root root 151152 Sep 21 2022 cp + -rwxr-xr-x 1 root root 125640 Jan 6 03:20 dash + -rwxr-xr-x 1 root root 121904 Sep 21 2022 date + -rwxr-xr-x 1 root root 89240 Sep 21 2022 dd + -rwxr-xr-x 1 root root 102200 Sep 21 2022 df + -rwxr-xr-x 1 root root 151344 Sep 21 2022 dir + -rwxr-xr-x 1 root root 88656 Mar 24 00:02 dmesg + lrwxrwxrwx 1 root root 8 Dec 20 03:33 dnsdomainname -> hostname + lrwxrwxrwx 1 root root 8 Dec 20 03:33 domainname -> hostname + -rwxr-xr-x 1 root root 43856 Sep 21 2022 echo + -rwxr-xr-x 1 root root 41 Jan 25 04:43 egrep + -rwxr-xr-x 1 root root 35664 Sep 21 2022 false + -rwxr-xr-x 1 root root 41 Jan 25 04:43 fgrep + -rwxr-xr-x 1 root root 85600 Mar 24 00:02 findmnt + -rwsr-xr-x 1 root root 35128 Mar 23 22:35 fusermount + -rwxr-xr-x 1 root root 203152 Jan 25 04:43 grep + -rwxr-xr-x 2 root root 2346 Apr 10 2022 gunzip + -rwxr-xr-x 1 root root 6447 Apr 10 2022 gzexe + -rwxr-xr-x 1 root root 98136 Apr 10 2022 gzip + -rwxr-xr-x 1 root root 22680 Dec 20 03:33 hostname + -rwxr-xr-x 1 root root 72824 Sep 21 2022 ln + -rwxr-xr-x 1 root root 53024 Mar 24 02:40 login + -rwxr-xr-x 1 root root 151344 Sep 21 2022 ls + -rwxr-xr-x 1 root root 207168 Mar 24 00:02 lsblk + -rwxr-xr-x 1 root root 97552 Sep 21 2022 mkdir + -rwxr-xr-x 1 root root 72912 Sep 21 2022 mknod + -rwxr-xr-x 1 root root 43952 Sep 21 2022 mktemp + -rwxr-xr-x 1 root root 59712 Mar 24 00:02 more + -rwsr-xr-x 1 root root 59704 Mar 24 00:02 mount + -rwxr-xr-x 1 root root 18744 Mar 24 00:02 mountpoint + -rwxr-xr-x 1 root root 142968 Sep 21 2022 mv + lrwxrwxrwx 1 root root 8 Dec 20 03:33 nisdomainname -> hostname + lrwxrwxrwx 1 root root 14 Apr 3 20:25 pidof -> /sbin/killall5 + -rwxr-xr-x 1 root root 43952 Sep 21 2022 pwd + lrwxrwxrwx 1 root root 4 Apr 24 11:23 rbash -> bash + -rwxr-xr-x 1 root root 52112 Sep 21 2022 readlink + -rwxr-xr-x 1 root root 72752 Sep 21 2022 rm + -rwxr-xr-x 1 root root 56240 Sep 21 2022 rmdir + -rwxr-xr-x 1 root root 27560 Nov 3 2022 run-parts + -rwxr-xr-x 1 root root 126424 Jan 6 09:55 sed + lrwxrwxrwx 1 root root 9 May 16 01:02 sh -> /bin/bash + -rwxr-xr-x 1 root root 43888 Sep 21 2022 sleep + -rwxr-xr-x 1 root root 85008 Sep 21 2022 stty + -rwsr-xr-x 1 root root 72000 Mar 24 00:02 su + -rwxr-xr-x 1 root root 39824 Sep 21 2022 sync + -rwxr-xr-x 1 root root 531984 Apr 7 04:25 tar + -rwxr-xr-x 1 root root 14520 Nov 3 2022 tempfile + -rwxr-xr-x 1 root root 109616 Sep 21 2022 touch + -rwxr-xr-x 1 root root 35664 Sep 21 2022 true + -rwxr-xr-x 1 root root 14568 Mar 23 22:35 ulockmgr_server + -rwsr-xr-x 1 root root 35128 Mar 24 00:02 umount + -rwxr-xr-x 1 root root 43888 Sep 21 2022 uname + -rwxr-xr-x 2 root root 2346 Apr 10 2022 uncompress + -rwxr-xr-x 1 root root 151344 Sep 21 2022 vdir + -rwxr-xr-x 1 root root 72024 Mar 24 00:02 wdctl + lrwxrwxrwx 1 root root 8 Dec 20 03:33 ypdomainname -> hostname + -rwxr-xr-x 1 root root 1984 Apr 10 2022 zcat + -rwxr-xr-x 1 root root 1678 Apr 10 2022 zcmp + -rwxr-xr-x 1 root root 6460 Apr 10 2022 zdiff + -rwxr-xr-x 1 root root 29 Apr 10 2022 zegrep + -rwxr-xr-x 1 root root 29 Apr 10 2022 zfgrep + -rwxr-xr-x 1 root root 2081 Apr 10 2022 zforce + -rwxr-xr-x 1 root root 8103 Apr 10 2022 zgrep + -rwxr-xr-x 1 root root 2206 Apr 10 2022 zless + -rwxr-xr-x 1 root root 1842 Apr 10 2022 zmore + -rwxr-xr-x 1 root root 4577 Apr 10 2022 znew +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -343,7 +375,7 @@ Get: 140 http://deb.debian.org/debian bookworm/main amd64 ruby-rspec all 3.12.0c0e1m1s0-1 [5084 B] Get: 141 http://deb.debian.org/debian bookworm/main amd64 ruby-simplecov-html all 0.12.3-2 [468 kB] Get: 142 http://deb.debian.org/debian bookworm/main amd64 ruby-simplecov all 0.22.0-1 [45.1 kB] -Fetched 48.1 MB in 15s (3309 kB/s) +Fetched 48.1 MB in 2s (19.4 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libpython3.11-minimal:amd64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19596 files and directories currently installed.) @@ -934,8 +966,19 @@ Writing extended state information... Building tag database... -> Finished parsing the build-deps +Reading package lists... +Building dependency tree... +Reading state information... +usrmerge is already the newest version (35). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. I: Building the package -I: Running cd /build/ruby-jwt-2.5.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-jwt_2.5.0-1_source.changes +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/A99_set_merged_usr starting +Re-configuring usrmerge... +removed '/etc/unsupported-skip-usrmerge-conversion' +The system has been successfully converted. +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/ruby-jwt-2.5.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-jwt_2.5.0-1_source.changes dpkg-buildpackage: info: source package ruby-jwt dpkg-buildpackage: info: source version 2.5.0-1 dpkg-buildpackage: info: source distribution unstable @@ -964,7 +1007,7 @@ dh_prep -O--buildsystem=ruby dh_auto_install --destdir=debian/ruby-jwt/ -O--buildsystem=ruby dh_ruby --install /build/ruby-jwt-2.5.0/debian/ruby-jwt -/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20240616-3715688-jm05r4/gemspec +/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20230516-3492899-g45z18/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: open-ended dependency on appraisal (>= 0, development) is not recommended use a bounded requirement, such as '~> x.y' @@ -983,7 +1026,7 @@ Name: jwt Version: 2.5.0 File: jwt-2.5.0.gem -/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-jwt/usr/share/rubygems-integration/all /tmp/d20240616-3715688-jm05r4/jwt-2.5.0.gem +/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-jwt/usr/share/rubygems-integration/all /tmp/d20230516-3492899-g45z18/jwt-2.5.0.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/ruby-jwt-2.5.0/debian/ruby-jwt/usr/share/rubygems-integration/all/gems/jwt-2.5.0/lib/jwt.rb /build/ruby-jwt-2.5.0/debian/ruby-jwt/usr/share/rubygems-integration/all/gems/jwt-2.5.0/lib/jwt/algos.rb @@ -1051,476 +1094,427 @@ All examples were filtered out; ignoring {:focus=>true} -Randomized with seed 44604 - -JWT - JWT.configure - yields the configuration - allows configuration to be changed via the block - -JWT::Algos::Ecdsa - .curve_by_name - when secp256r1 is given - is expected to eq {:algorithm=>"ES256", :digest=>"sha256"} - when secp256k1 is given - is expected to eq {:algorithm=>"ES256K", :digest=>"sha256"} - when prime256v1 is given - is expected to eq {:algorithm=>"ES256", :digest=>"sha256"} - when unkown is given - raises an error - when secp521r1 is given - is expected to eq {:algorithm=>"ES512", :digest=>"sha512"} - -JWT::Configuration::JwkConfiguration - .kid_generator_type= - when valid value is passed - sets the generator matching the value - when invalid value is passed - raises ArgumentError - -JWT::Verify - .verify_jti(payload, options) - true proc should not raise JWT::InvalidJtiError - should have payload as second param in proc - must raise JWT::InvalidJtiError when the jti is an empty string - must raise JWT::InvalidJtiError when verify_jti proc returns false - must raise JWT::InvalidJtiError when the jti is missing - must allow any jti when the verfy_jti key in the options is truthy but not a proc - it should not throw arguement error with 2 args - .verify_required_claims(payload, options) - must raise JWT::MissingRequiredClaim if a required claim is absent - must verify the claims if all required claims are present - .verify_sub(payload, options) - must raise JWT::InvalidSubError when the subjects do not match - must allow a matching sub - .verify_iat(payload, options) - must allow a valid iat - must properly handle integer times - must ignore configured leeway - must raise JWT::InvalidIatError when the iat value is not Numeric - must raise JWT::InvalidIatError when the iat value is in the future - .verify_not_before(payload, options) - must allow some leeway in the token age when global leeway is configured - must allow some leeway in the token age when nbf_leeway is configured - must raise JWT::ImmatureSignature when the nbf in the payload is in the future - .verify_iss(payload, options) - when iss is a RegExp - must allow a regular expression matching the issuer to pass - must raise JWT::InvalidIssuerError when the payload does not include an issuer - must raise JWT::InvalidIssuerError when the regular expression does not match - when iss is an Array - must allow an array with matching issuer to pass - must raise JWT::InvalidIssuerError when no matching issuers in array - must raise JWT::InvalidIssuerError when the payload does not include an issuer - when iss is a Method instance - must raise JWT::InvalidIssuerError when the payload does not include an issuer - must raise JWT::InvalidIssuerError when the method returns false - must allow a method that returns true to pass - when iss is a String - must raise JWT::InvalidIssuerError when the payload does not include an issuer - must allow a matching issuer to pass - must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer - when iss is a Proc - must raise JWT::InvalidIssuerError when the payload does not include an issuer - must raise JWT::InvalidIssuerError when the proc returns false - must allow a proc that returns true to pass - .verify_claims - must raise error when verify_aud option is set to true - must skip verification when verify_expiration option is set to false - must skip verification when verify_jti option is set to false - must raise error when verify_sub option is set to true - must raise error when verify_iss option is set to true - must raise error when verify_expiration option is set to true - must raise error when verify_iat option is set to true - must raise error when verify_not_before option is set to true - must skip verification when verify_aud option is set to false - must skip verification when verify_iss option is set to false - must skip verification when verify_iat option is set to false - must skip verification when verify_sub option is set to false - must skip verification when verify_not_before option is set to false - must raise error when verify_jti option is set to true - .verify_aud(payload, options) - must raise JWT::InvalidAudError when the singular audience does not match - must allow a matching singular audience to pass - must allow an array with any value matching any value in the options array - must allow a singular audience payload matching any value in the options array - must allow an array with any value matching the one in the options - must raise JWT::InvalidAudError when the payload has an array and none match the supplied value - .verify_expiration(payload, options) - must allow some leeway in the expiration when global leeway is configured - must raise JWT::ExpiredSignature when the token has expired - must allow some leeway in the expiration when exp_leeway is configured - must be expired if the exp claim equals the current time - when leeway is not specified - used a default leeway of 0 +Randomized with seed 14408 -JWT - .decode for JWK usecase - when JWK features are used manually - is able to decode the token - when jwk keys are loaded from JSON with string keys - decodes the token - when jwk keys are loaded using a proc/lambda - decodes the token - mixing algorithms using kid header - when HMAC secret is pointed to as RSA public key - fails in some way - when EC key is pointed to as HMAC secret - fails in some way - when ES384 key is pointed to as ES512 key - fails in some way - when EC key is pointed to as RSA public key - fails in some way - when HMAC secret is pointed to as EC public key - fails in some way - when RSA key is pointed to as HMAC secret - fails in some way - when jwk keys are rotated - decodes the token - when jwk keys are given as an array - and kid is not in the set - raises an exception - token does not know the kid - raises an exception - and kid is in the set - is able to decode the token - no keys are found in the set - raises an exception - -JWT::X5cKeyFinder - returns the public key from a certificate that is signed by trusted roots and not revoked - ::JWT.decode - returns the encoded payload after successful certificate path verification - CRL - signature could not be verified with the given trusted roots - raises an error - not given - raises an error - expired - raises an error - certificate - signature could not be verified with the given trusted roots - raises an error - expired +JWT::JWK::RSA + #export + when unsupported keypair is given raises an error - revoked + when keypair with private key is exported + returns a hash with the public parts of the key + when private key is requested + returns a hash with the public AND private parts of the key + when keypair with public key is exported + returns a hash with the public parts of the key + .import + when keypair is imported with symbol keys + returns a hash with the public parts of the key + when jwk_data is given without e and/or n raises an error - could not be chained to a trusted root certificate - given an array - raises a verification error - given nil - raises a decode error - already parsed certificates - returns the public key from a certificate that is signed by trusted roots and not revoked + when private key is included in the data + creates a complete keypair + when keypair is imported with string keys from JSON + returns a hash with the public parts of the key + .kid + when configuration says to use :rfc7638_thumbprint + generates the kid based on the thumbprint + when kid is given as a String parameter + uses the given kid + when kid is given as in a hash parameter + uses the given kid + .new + when a keypair with only public key is given + creates an instance of the class + when a keypair with both keys given + creates an instance of the class + +JWT::JWK::EC + .new + when a keypair with both keys given + creates an instance of the class + when a keypair with only public key is given + creates an instance of the class + .import + when crv=P-384 + when keypair is private + returns a private key + with a custom "kid" value + imports that "kid" value + when keypair is public + returns a public key + returns a hash with the public parts of the key + when crv=P-256 + when keypair is private + returns a private key + with a custom "kid" value + imports that "kid" value + when keypair is public + returns a public key + returns a hash with the public parts of the key + when crv=P-521 + when keypair is private + returns a private key + with a custom "kid" value + imports that "kid" value + when keypair is public + returns a public key + returns a hash with the public parts of the key + when crv=P-256K + when keypair is public + returns a public key + returns a hash with the public parts of the key + when keypair is private + returns a private key + with a custom "kid" value + imports that "kid" value + #export + when private key is requested + returns a hash with the both parts of the key + when keypair with public key is exported + returns a hash with the public parts of the key + when a custom "kid" is provided + exports it + when keypair with private key is exported + returns a hash with the both parts of the key JWT::JWK::Thumbprint #to_s - when EC key is given - is expected to eq "dO52_we59sdR49HsGCpVzlDUQNvT3KxCTGakk4Un8qc" when HMAC key is given is expected to eq "wPf4ZF5qlzoFxsGkft4eu1iWcehgAcahZL4XPV4dT-s" when example from RFC is given is expected to eq "NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs" - -README.md code test - algorithm usage - ECDSA - decodes with HMAC algorithm without secret key - RSASSA-PSS - EDDSA - RSA - NONE - decodes with HMAC algorithm with secret key - claims - iss - jti - JWK with thumbprint given in the initializer - JWK with thumbprint as kid via symbol - JWK with thumbprint as kid via type - required_claims - sub - find_key - nbf - with leeway - without leeway - exp - with leeway - without leeway - The JWK loader example - works as expected - aud - string - array - iat - without leeway - with leeway - custom header fields - with custom field - -JWT::JWK - .import - creates a ::JWT::JWK::RSA instance - parsed from JSON - creates a ::JWT::JWK::RSA instance from JSON parsed JWK - when keytype is not supported - raises an error - when keypair with defined kid is imported - returns the predefined kid if jwt_data contains a kid - .new - when RSA key is given - is expected to be a kind of JWT::JWK::RSA when EC key is given - is expected to be a kind of JWT::JWK::EC - when secret key is given - is expected to be a kind of JWT::JWK::HMAC - when kid is given - sets the kid + is expected to eq "dO52_we59sdR49HsGCpVzlDUQNvT3KxCTGakk4Un8qc" JWT - should not raise InvalidPayload exception if payload is an array should not verify token even if the payload has claims should encode string payloads - a token with no segments - raises JWT::DecodeError - Invalid - ECDSA curve_name should raise JWT::IncorrectAlgorithm - algorithm should raise NotImplementedError - raises "No verification key available" error - when token ends with a newline char - ignores the newline and decodes the token - Verify - when encoded payload is used to extract key through find_key - should be able to verify signature when block returns multiple keys with iss verification - should be able to verify signature when block returns multiple keys with multiple issuers - should be able to find a key using the block passed to decode - should be able to find a key using the block passed to decode with iss verification - should be able to verify signature when block returns multiple keys - should be able to find a key using a block with multiple issuers - when key given as an array with multiple possible keys - should be able to verify signature when block returns multiple keys - should fail if only invalid keys are given - should be able to verify signature when multiple keys given as a parameter - algorithm - should raise JWT::IncorrectAlgorithm when algorithms array does not contain algorithm - should raise JWT::IncorrectAlgorithm on mismatch - should raise JWT::IncorrectAlgorithm on mismatch prior to kid public key network call - token is missing algorithm - should raise JWT::IncorrectAlgorithm - 2-segment token - should raise JWT::IncorrectAlgorithm - no algorithm provided - should use the default decode algorithm - issuer claim - if verify_iss is set to false (default option) should not raise JWT::InvalidIssuerError - when none token is decoded without verify - decodes the token - when hmac algorithm is used without secret key - encodes payload - alg: EdDSA + should not raise InvalidPayload exception if payload is an array + alg: RS512 + wrong key should raise JWT::DecodeError + should decode a valid token using algorithm hash string key + should generate a valid token + wrong key and verify = false should not raise JWT::DecodeError + should decode a valid token + alg: ES256 should decode a valid token wrong key and verify = false should not raise JWT::DecodeError - should generate a valid token wrong key should raise JWT::DecodeError - when keyfinder given with 1 argument - decodes the token - alg: RS384 should generate a valid token + when keyfinder given with 2 arguments + decodes the token + alg: ED25519 should decode a valid token wrong key should raise JWT::DecodeError - should decode a valid token using algorithm hash string key wrong key and verify = false should not raise JWT::DecodeError - alg: HS384 - wrong secret and verify = false should not raise JWT::DecodeError should generate a valid token - wrong secret should raise JWT::DecodeError - should decode a valid token - a token with two segments but does not require verifying - raises something else than "Not enough or too many segments" - when token signed with nil and decoded with nil - raises JWT::DecodeError - alg: ES256K + payload validation + validates the payload with the ClaimsValidator if the payload is a hash + does not validate the payload if it is not present + alg: PS256 should decode a valid token wrong key and verify = false should not raise JWT::DecodeError wrong key should raise JWT::DecodeError should generate a valid token - when none token is and decoding without key and with verification - decodes the token - when keyfinder given with 2 arguments - decodes the token - a token with not enough segments - raises JWT::DecodeError - alg: PS512 + ::JWT.decode with x5c parameter + calls X5cKeyFinder#from to verify the signature and return the payload + alg: PS384 should generate a valid token wrong key and verify = false should not raise JWT::DecodeError wrong key should raise JWT::DecodeError should decode a valid token - alg: ES384 - wrong key should raise JWT::DecodeError - should decode a valid token - wrong key and verify = false should not raise JWT::DecodeError + alg: ES512 should generate a valid token - a token with not too many segments - raises JWT::DecodeError - alg: RS512 + wrong key and verify = false should not raise JWT::DecodeError should decode a valid token - should generate a valid token + wrong key should raise JWT::DecodeError + alg: RS384 wrong key should raise JWT::DecodeError should decode a valid token using algorithm hash string key wrong key and verify = false should not raise JWT::DecodeError - payload validation - does not validate the payload if it is not present - validates the payload with the ClaimsValidator if the payload is a hash - alg: HS512 + should generate a valid token + should decode a valid token + alg: HS384 wrong secret should raise JWT::DecodeError wrong secret and verify = false should not raise JWT::DecodeError + should decode a valid token should generate a valid token + alg: HS256 + wrong secret and verify = false should not raise JWT::DecodeError should decode a valid token - when the alg value is given as a header parameter - does not override the actual algorithm used - should generate the same token - ::JWT.decode with x5c parameter - calls X5cKeyFinder#from to verify the signature and return the payload - a token with invalid Base64 segments + wrong secret should raise JWT::DecodeError + should generate a valid token + a token with not enough segments raises JWT::DecodeError - alg: ED25519 + alg: ES384 wrong key should raise JWT::DecodeError - wrong key and verify = false should not raise JWT::DecodeError - should decode a valid token should generate a valid token - alg: ES256 - wrong key should raise JWT::DecodeError + should decode a valid token + wrong key and verify = false should not raise JWT::DecodeError + alg: EdDSA should generate a valid token wrong key and verify = false should not raise JWT::DecodeError should decode a valid token - alg: PS256 + wrong key should raise JWT::DecodeError + when none token is and decoding without key and with verification + decodes the token + Verify + algorithm + should raise JWT::IncorrectAlgorithm when algorithms array does not contain algorithm + should raise JWT::IncorrectAlgorithm on mismatch prior to kid public key network call + should raise JWT::IncorrectAlgorithm on mismatch + no algorithm provided + should use the default decode algorithm + token is missing algorithm + should raise JWT::IncorrectAlgorithm + 2-segment token + should raise JWT::IncorrectAlgorithm + when key given as an array with multiple possible keys + should be able to verify signature when block returns multiple keys + should be able to verify signature when multiple keys given as a parameter + should fail if only invalid keys are given + when encoded payload is used to extract key through find_key + should be able to find a key using the block passed to decode + should be able to find a key using a block with multiple issuers + should be able to verify signature when block returns multiple keys + should be able to verify signature when block returns multiple keys with iss verification + should be able to find a key using the block passed to decode with iss verification + should be able to verify signature when block returns multiple keys with multiple issuers + issuer claim + if verify_iss is set to false (default option) should not raise JWT::InvalidIssuerError + alg: HS512 should decode a valid token should generate a valid token - wrong key and verify = false should not raise JWT::DecodeError + wrong secret should raise JWT::DecodeError + wrong secret and verify = false should not raise JWT::DecodeError + alg: HS512256 + wrong secret and verify = false should not raise JWT::DecodeError + should decode a valid token + wrong secret should raise JWT::DecodeError + should generate a valid token + when the alg value is given as a header parameter + should generate the same token + does not override the actual algorithm used + alg: PS512 + should decode a valid token wrong key should raise JWT::DecodeError - alg: PS384 + should generate a valid token wrong key and verify = false should not raise JWT::DecodeError - should decode a valid token + Invalid + raises "No verification key available" error + algorithm should raise NotImplementedError + ECDSA curve_name should raise JWT::IncorrectAlgorithm + alg: ES256K wrong key should raise JWT::DecodeError should generate a valid token - when none token is decoded with a key given + should decode a valid token + wrong key and verify = false should not raise JWT::DecodeError + when keyfinder given with 3 arguments + decodes the token but does not pass the payload + a token with no segments + raises JWT::DecodeError + when none token is decoded without verify decodes the token + algorithm case insensitivity + raises error for invalid algorithm + ignores algorithm casing during encode/decode alg: NONE should generate a valid token decoding without verification should decode a valid token decoding with verification + without specifying the none algorithm + should fail to decode the token specifying the none algorithm when the claims are invalid should fail to decode the token when the claims are valid should decode the token - without specifying the none algorithm - should fail to decode the token - alg: ES512 + alg: RS256 + should decode a valid token using algorithm hash string key should generate a valid token wrong key should raise JWT::DecodeError - should decode a valid token wrong key and verify = false should not raise JWT::DecodeError - when keyfinder given with 3 arguments - decodes the token but does not pass the payload + should decode a valid token ::JWT.decode with verify_iat parameter - when iat is exactly the same as Time.now and iat is given as a float - considers iat valid when iat is exactly the same as Time.now and iat is given as floored integer considers iat valid + when iat is exactly the same as Time.now and iat is given as a float + considers iat valid when iat is 1 second before Time.now raises an error - alg: RS256 - should decode a valid token - wrong key and verify = false should not raise JWT::DecodeError - wrong key should raise JWT::DecodeError - should decode a valid token using algorithm hash string key - should generate a valid token - algorithm case insensitivity - ignores algorithm casing during encode/decode - raises error for invalid algorithm - alg: HS512256 - should decode a valid token - should generate a valid token - wrong secret and verify = false should not raise JWT::DecodeError - wrong secret should raise JWT::DecodeError - alg: HS256 - should decode a valid token - should generate a valid token - wrong secret and verify = false should not raise JWT::DecodeError - wrong secret should raise JWT::DecodeError + when none token is decoded with a key given + decodes the token + when token signed with nil and decoded with nil + raises JWT::DecodeError + a token with invalid Base64 segments + raises JWT::DecodeError + when hmac algorithm is used without secret key + encodes payload + when keyfinder given with 1 argument + decodes the token + when token ends with a newline char + ignores the newline and decodes the token + a token with two segments but does not require verifying + raises something else than "Not enough or too many segments" + a token with not too many segments + raises JWT::DecodeError -JWT::JWK::RSA - .import - when keypair is imported with symbol keys - returns a hash with the public parts of the key - when jwk_data is given without e and/or n - raises an error - when keypair is imported with string keys from JSON - returns a hash with the public parts of the key - when private key is included in the data - creates a complete keypair +JWT::JWK .new - when a keypair with both keys given - creates an instance of the class - when a keypair with only public key is given - creates an instance of the class - #export - when keypair with public key is exported - returns a hash with the public parts of the key - when unsupported keypair is given + when RSA key is given + is expected to be a kind of JWT::JWK::RSA + when kid is given + sets the kid + when EC key is given + is expected to be a kind of JWT::JWK::EC + when secret key is given + is expected to be a kind of JWT::JWK::HMAC + .import + creates a ::JWT::JWK::RSA instance + parsed from JSON + creates a ::JWT::JWK::RSA instance from JSON parsed JWK + when keypair with defined kid is imported + returns the predefined kid if jwt_data contains a kid + when keytype is not supported raises an error - when private key is requested - returns a hash with the public AND private parts of the key - when keypair with private key is exported - returns a hash with the public parts of the key - .kid - when kid is given as in a hash parameter - uses the given kid - when configuration says to use :rfc7638_thumbprint - generates the kid based on the thumbprint - when kid is given as a String parameter - uses the given kid + +JWT::Verify + .verify_aud(payload, options) + must raise JWT::InvalidAudError when the singular audience does not match + must raise JWT::InvalidAudError when the payload has an array and none match the supplied value + must allow an array with any value matching the one in the options + must allow a matching singular audience to pass + must allow a singular audience payload matching any value in the options array + must allow an array with any value matching any value in the options array + .verify_sub(payload, options) + must raise JWT::InvalidSubError when the subjects do not match + must allow a matching sub + .verify_iss(payload, options) + when iss is a Proc + must raise JWT::InvalidIssuerError when the payload does not include an issuer + must raise JWT::InvalidIssuerError when the proc returns false + must allow a proc that returns true to pass + when iss is a String + must raise JWT::InvalidIssuerError when the configured issuer does not match the payload issuer + must allow a matching issuer to pass + must raise JWT::InvalidIssuerError when the payload does not include an issuer + when iss is an Array + must raise JWT::InvalidIssuerError when no matching issuers in array + must allow an array with matching issuer to pass + must raise JWT::InvalidIssuerError when the payload does not include an issuer + when iss is a RegExp + must raise JWT::InvalidIssuerError when the payload does not include an issuer + must raise JWT::InvalidIssuerError when the regular expression does not match + must allow a regular expression matching the issuer to pass + when iss is a Method instance + must allow a method that returns true to pass + must raise JWT::InvalidIssuerError when the payload does not include an issuer + must raise JWT::InvalidIssuerError when the method returns false + .verify_jti(payload, options) + should have payload as second param in proc + must raise JWT::InvalidJtiError when the jti is missing + must allow any jti when the verfy_jti key in the options is truthy but not a proc + must raise JWT::InvalidJtiError when verify_jti proc returns false + must raise JWT::InvalidJtiError when the jti is an empty string + it should not throw arguement error with 2 args + true proc should not raise JWT::InvalidJtiError + .verify_iat(payload, options) + must properly handle integer times + must ignore configured leeway + must raise JWT::InvalidIatError when the iat value is not Numeric + must raise JWT::InvalidIatError when the iat value is in the future + must allow a valid iat + .verify_expiration(payload, options) + must be expired if the exp claim equals the current time + must raise JWT::ExpiredSignature when the token has expired + must allow some leeway in the expiration when global leeway is configured + must allow some leeway in the expiration when exp_leeway is configured + when leeway is not specified + used a default leeway of 0 + .verify_required_claims(payload, options) + must verify the claims if all required claims are present + must raise JWT::MissingRequiredClaim if a required claim is absent + .verify_claims + must skip verification when verify_sub option is set to false + must skip verification when verify_aud option is set to false + must raise error when verify_jti option is set to true + must raise error when verify_iss option is set to true + must skip verification when verify_not_before option is set to false + must skip verification when verify_iss option is set to false + must raise error when verify_expiration option is set to true + must raise error when verify_not_before option is set to true + must raise error when verify_aud option is set to true + must skip verification when verify_iat option is set to false + must raise error when verify_sub option is set to true + must skip verification when verify_jti option is set to false + must raise error when verify_iat option is set to true + must skip verification when verify_expiration option is set to false + .verify_not_before(payload, options) + must raise JWT::ImmatureSignature when the nbf in the payload is in the future + must allow some leeway in the token age when global leeway is configured + must allow some leeway in the token age when nbf_leeway is configured JWT::JWK::HMAC - .new - when a secret key given - creates an instance of the class .import when secret key is given returns a key with a custom "kid" value imports that "kid" value + .new + when a secret key given + creates an instance of the class #export when key is exported returns a hash with the key when key is exported with private key returns a hash with the key +JWT + JWT.configure + yields the configuration + allows configuration to be changed via the block + JWT::ClaimsValidator #validate! - iat claim + exp claim it should behave like a NumericDate claim - when iat payload is a float + when exp payload is a Time object + raises error + when exp payload is an integer does not raise error + and key is a string + does not raise error + when exp payload is a string + raises error + and key is a string + raises error + when exp payload is a float + does not raise error + when exp payload is a string + raises error + iat claim + it should behave like a NumericDate claim + when iat payload is a Time object + raises error when iat payload is a string raises error when iat payload is an integer does not raise error and key is a string does not raise error - when iat payload is a Time object - raises error when iat payload is a string raises error and key is a string raises error + when iat payload is a float + does not raise error nbf claim it should behave like a NumericDate claim + when nbf payload is a Time object + raises error when nbf payload is a string raises error - and key is a string - raises error when nbf payload is an integer does not raise error and key is a string @@ -1529,78 +1523,127 @@ does not raise error when nbf payload is a string raises error - when nbf payload is a Time object - raises error - exp claim - it should behave like a NumericDate claim - when exp payload is an integer - does not raise error - and key is a string - does not raise error - when exp payload is a string - raises error and key is a string raises error - when exp payload is a string - raises error - when exp payload is a float - does not raise error - when exp payload is a Time object - raises error -JWT::JWK::EC - #export - when private key is requested - returns a hash with the both parts of the key - when keypair with public key is exported - returns a hash with the public parts of the key - when a custom "kid" is provided - exports it - when keypair with private key is exported - returns a hash with the both parts of the key - .new - when a keypair with both keys given - creates an instance of the class - when a keypair with only public key is given - creates an instance of the class - .import - when crv=P-256 - when keypair is public - returns a public key - returns a hash with the public parts of the key - when keypair is private - returns a private key - with a custom "kid" value - imports that "kid" value - when crv=P-384 - when keypair is public - returns a public key - returns a hash with the public parts of the key - when keypair is private - returns a private key - with a custom "kid" value - imports that "kid" value - when crv=P-256K - when keypair is public - returns a public key - returns a hash with the public parts of the key - when keypair is private - returns a private key - with a custom "kid" value - imports that "kid" value - when crv=P-521 - when keypair is public - returns a public key - returns a hash with the public parts of the key - when keypair is private - returns a private key - with a custom "kid" value - imports that "kid" value +README.md code test + claims + jti + sub + iss + required_claims + find_key + JWK with thumbprint as kid via symbol + JWK with thumbprint as kid via type + JWK with thumbprint given in the initializer + The JWK loader example + works as expected + custom header fields + with custom field + iat + without leeway + with leeway + aud + array + string + exp + with leeway + without leeway + nbf + without leeway + with leeway + algorithm usage + decodes with HMAC algorithm without secret key + NONE + RSA + RSASSA-PSS + ECDSA + EDDSA + decodes with HMAC algorithm with secret key + +JWT + .decode for JWK usecase + when jwk keys are loaded using a proc/lambda + decodes the token + when JWK features are used manually + is able to decode the token + when jwk keys are rotated + decodes the token + mixing algorithms using kid header + when ES384 key is pointed to as ES512 key + fails in some way + when RSA key is pointed to as HMAC secret + fails in some way + when EC key is pointed to as HMAC secret + fails in some way + when HMAC secret is pointed to as RSA public key + fails in some way + when EC key is pointed to as RSA public key + fails in some way + when HMAC secret is pointed to as EC public key + fails in some way + when jwk keys are loaded from JSON with string keys + decodes the token + when jwk keys are given as an array + and kid is in the set + is able to decode the token + token does not know the kid + raises an exception + and kid is not in the set + raises an exception + no keys are found in the set + raises an exception + +JWT::Configuration::JwkConfiguration + .kid_generator_type= + when valid value is passed + sets the generator matching the value + when invalid value is passed + raises ArgumentError + +JWT::X5cKeyFinder + returns the public key from a certificate that is signed by trusted roots and not revoked + already parsed certificates + returns the public key from a certificate that is signed by trusted roots and not revoked + ::JWT.decode + returns the encoded payload after successful certificate path verification + CRL + expired + raises an error + signature could not be verified with the given trusted roots + raises an error + not given + raises an error + certificate + expired + raises an error + could not be chained to a trusted root certificate + given an array + raises a verification error + given nil + raises a decode error + revoked + raises an error + signature could not be verified with the given trusted roots + raises an error + +JWT::Algos::Ecdsa + .curve_by_name + when secp256r1 is given + is expected to eq {:algorithm=>"ES256", :digest=>"sha256"} + when unkown is given + raises an error + when prime256v1 is given + is expected to eq {:algorithm=>"ES256", :digest=>"sha256"} + when secp521r1 is given + is expected to eq {:algorithm=>"ES512", :digest=>"sha512"} + when secp256k1 is given + is expected to eq {:algorithm=>"ES256K", :digest=>"sha256"} -Finished in 1 minute 16.42 seconds (files took 1.55 seconds to load) +Finished in 1 minute 58.84 seconds (files took 4.36 seconds to load) 304 examples, 0 failures -Randomized with seed 44604 +Randomized with seed 14408 Coverage report generated for RSpec to /build/ruby-jwt-2.5.0/coverage. 752 / 794 LOC (94.71%) covered. @@ -1633,12 +1676,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/3444852/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/3676521 and its subdirectories -I: Current time: Sun Jun 16 05:25:03 -12 2024 -I: pbuilder-time-stamp: 1718558703 +I: removing directory /srv/workspace/pbuilder/3444852 and its subdirectories +I: Current time: Tue May 16 01:07:50 +14 2023 +I: pbuilder-time-stamp: 1684148870