Diff of the two buildlogs: -- --- b1/build.log 2023-05-25 00:02:53.037567340 +0000 +++ b2/build.log 2023-05-25 00:09:29.516209849 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Wed May 24 12:00:24 -12 2023 -I: pbuilder-time-stamp: 1684972824 +I: Current time: Thu May 25 14:03:03 +14 2023 +I: pbuilder-time-stamp: 1684972983 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/bookworm-reproducible-base.tgz] I: copying local configuration @@ -16,7 +16,7 @@ I: copying [./ruby-secure-headers_6.3.2.orig.tar.gz] I: copying [./ruby-secure-headers_6.3.2-1.debian.tar.xz] I: Extracting source -gpgv: Signature made Fri Jun 25 07:55:35 2021 -12 +gpgv: Signature made Sat Jun 26 09:55:35 2021 +14 gpgv: using RSA key D30863E26020E543F4719A838F53E0193B294B75 gpgv: Can't check signature: No public key dpkg-source: warning: cannot verify inline signature for ./ruby-secure-headers_6.3.2-1.dsc: no acceptable signature found @@ -28,135 +28,167 @@ dpkg-source: info: applying 03-fix-library-path.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/4235/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/D01_modify_environment starting +debug: Running on ff4a. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 May 25 14:03 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='armhf' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=3 ' - DISTRIBUTION='bookworm' - HOME='/root' - HOST_ARCH='armhf' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="15" [3]="1" [4]="release" [5]="arm-unknown-linux-gnueabihf") + BASH_VERSION='5.2.15(1)-release' + BUILDDIR=/build + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=armhf + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=4 ' + DIRSTACK=() + DISTRIBUTION=bookworm + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=arm + HOST_ARCH=armhf IFS=' ' - INVOCATION_ID='ad171f429e894167ab8be89eed119830' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='4235' - PS1='# ' - PS2='> ' + INVOCATION_ID=22af9ded5433462e93d324591b365bf0 + LANG=C + LANGUAGE=it_CH:it + LC_ALL=C + MACHTYPE=arm-unknown-linux-gnueabihf + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnueabihf + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=1538 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.bMhn0j9J/pbuilderrc_Ubet --distribution bookworm --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.bMhn0j9J/b1 --logfile b1/build.log ruby-secure-headers_6.3.2-1.dsc' - SUDO_GID='114' - SUDO_UID='108' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://10.0.0.15:3142/' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.bMhn0j9J/pbuilderrc_gjHA --distribution bookworm --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.bMhn0j9J/b2 --logfile b2/build.log --extrapackages usrmerge ruby-secure-headers_6.3.2-1.dsc' + SUDO_GID=113 + SUDO_UID=107 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://10.0.0.15:3142/ I: uname -a - Linux virt64a 5.10.0-23-arm64 #1 SMP Debian 5.10.179-1 (2023-05-12) aarch64 GNU/Linux + Linux i-capture-the-hostname 5.10.0-23-armmp-lpae #1 SMP Debian 5.10.179-1 (2023-05-12) armv7l GNU/Linux I: ls -l /bin total 5072 - -rwxr-xr-x 1 root root 838488 Apr 23 09:24 bash - -rwxr-xr-x 3 root root 67144 Sep 18 2022 bunzip2 - -rwxr-xr-x 3 root root 67144 Sep 18 2022 bzcat - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzcmp -> bzdiff - -rwxr-xr-x 1 root root 2225 Sep 18 2022 bzdiff - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzegrep -> bzgrep - -rwxr-xr-x 1 root root 4893 Nov 27 2021 bzexe - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzfgrep -> bzgrep - -rwxr-xr-x 1 root root 3775 Sep 18 2022 bzgrep - -rwxr-xr-x 3 root root 67144 Sep 18 2022 bzip2 - -rwxr-xr-x 1 root root 67112 Sep 18 2022 bzip2recover - lrwxrwxrwx 1 root root 6 Sep 18 2022 bzless -> bzmore - -rwxr-xr-x 1 root root 1297 Sep 18 2022 bzmore - -rwxr-xr-x 1 root root 67632 Sep 20 2022 cat - -rwxr-xr-x 1 root root 67676 Sep 20 2022 chgrp - -rwxr-xr-x 1 root root 67644 Sep 20 2022 chmod - -rwxr-xr-x 1 root root 67684 Sep 20 2022 chown - -rwxr-xr-x 1 root root 133532 Sep 20 2022 cp - -rwxr-xr-x 1 root root 132868 Jan 5 01:20 dash - -rwxr-xr-x 1 root root 133220 Sep 20 2022 date - -rwxr-xr-x 1 root root 67732 Sep 20 2022 dd - -rwxr-xr-x 1 root root 68104 Sep 20 2022 df - -rwxr-xr-x 1 root root 133632 Sep 20 2022 dir - -rwxr-xr-x 1 root root 59128 Mar 22 21:02 dmesg - lrwxrwxrwx 1 root root 8 Dec 19 01:33 dnsdomainname -> hostname - lrwxrwxrwx 1 root root 8 Dec 19 01:33 domainname -> hostname - -rwxr-xr-x 1 root root 67560 Sep 20 2022 echo - -rwxr-xr-x 1 root root 41 Jan 24 02:43 egrep - -rwxr-xr-x 1 root root 67548 Sep 20 2022 false - -rwxr-xr-x 1 root root 41 Jan 24 02:43 fgrep - -rwxr-xr-x 1 root root 55748 Mar 22 21:02 findmnt - -rwsr-xr-x 1 root root 26208 Mar 22 20:15 fusermount - -rwxr-xr-x 1 root root 128608 Jan 24 02:43 grep - -rwxr-xr-x 2 root root 2346 Apr 9 2022 gunzip - -rwxr-xr-x 1 root root 6447 Apr 9 2022 gzexe - -rwxr-xr-x 1 root root 64220 Apr 9 2022 gzip - -rwxr-xr-x 1 root root 67032 Dec 19 01:33 hostname - -rwxr-xr-x 1 root root 67720 Sep 20 2022 ln - -rwxr-xr-x 1 root root 35132 Mar 22 21:51 login - -rwxr-xr-x 1 root root 133632 Sep 20 2022 ls - -rwxr-xr-x 1 root root 136808 Mar 22 21:02 lsblk - -rwxr-xr-x 1 root root 67800 Sep 20 2022 mkdir - -rwxr-xr-x 1 root root 67764 Sep 20 2022 mknod - -rwxr-xr-x 1 root root 67596 Sep 20 2022 mktemp - -rwxr-xr-x 1 root root 38504 Mar 22 21:02 more - -rwsr-xr-x 1 root root 38496 Mar 22 21:02 mount - -rwxr-xr-x 1 root root 9824 Mar 22 21:02 mountpoint - -rwxr-xr-x 1 root root 133532 Sep 20 2022 mv - lrwxrwxrwx 1 root root 8 Dec 19 01:33 nisdomainname -> hostname - lrwxrwxrwx 1 root root 14 Apr 2 18:25 pidof -> /sbin/killall5 - -rwxr-xr-x 1 root root 67608 Sep 20 2022 pwd - lrwxrwxrwx 1 root root 4 Apr 23 09:24 rbash -> bash - -rwxr-xr-x 1 root root 67600 Sep 20 2022 readlink - -rwxr-xr-x 1 root root 67672 Sep 20 2022 rm - -rwxr-xr-x 1 root root 67600 Sep 20 2022 rmdir - -rwxr-xr-x 1 root root 67400 Nov 2 2022 run-parts - -rwxr-xr-x 1 root root 133372 Jan 5 07:55 sed - lrwxrwxrwx 1 root root 4 Jan 5 01:20 sh -> dash - -rwxr-xr-x 1 root root 67584 Sep 20 2022 sleep - -rwxr-xr-x 1 root root 67644 Sep 20 2022 stty - -rwsr-xr-x 1 root root 50800 Mar 22 21:02 su - -rwxr-xr-x 1 root root 67584 Sep 20 2022 sync - -rwxr-xr-x 1 root root 336764 Apr 6 02:25 tar - -rwxr-xr-x 1 root root 67144 Nov 2 2022 tempfile - -rwxr-xr-x 1 root root 133224 Sep 20 2022 touch - -rwxr-xr-x 1 root root 67548 Sep 20 2022 true - -rwxr-xr-x 1 root root 9768 Mar 22 20:15 ulockmgr_server - -rwsr-xr-x 1 root root 22108 Mar 22 21:02 umount - -rwxr-xr-x 1 root root 67572 Sep 20 2022 uname - -rwxr-xr-x 2 root root 2346 Apr 9 2022 uncompress - -rwxr-xr-x 1 root root 133632 Sep 20 2022 vdir - -rwxr-xr-x 1 root root 42608 Mar 22 21:02 wdctl - lrwxrwxrwx 1 root root 8 Dec 19 01:33 ypdomainname -> hostname - -rwxr-xr-x 1 root root 1984 Apr 9 2022 zcat - -rwxr-xr-x 1 root root 1678 Apr 9 2022 zcmp - -rwxr-xr-x 1 root root 6460 Apr 9 2022 zdiff - -rwxr-xr-x 1 root root 29 Apr 9 2022 zegrep - -rwxr-xr-x 1 root root 29 Apr 9 2022 zfgrep - -rwxr-xr-x 1 root root 2081 Apr 9 2022 zforce - -rwxr-xr-x 1 root root 8103 Apr 9 2022 zgrep - -rwxr-xr-x 1 root root 2206 Apr 9 2022 zless - -rwxr-xr-x 1 root root 1842 Apr 9 2022 zmore - -rwxr-xr-x 1 root root 4577 Apr 9 2022 znew -I: user script /srv/workspace/pbuilder/4235/tmp/hooks/D02_print_environment finished + -rwxr-xr-x 1 root root 838488 Apr 24 11:24 bash + -rwxr-xr-x 3 root root 67144 Sep 19 2022 bunzip2 + -rwxr-xr-x 3 root root 67144 Sep 19 2022 bzcat + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzcmp -> bzdiff + -rwxr-xr-x 1 root root 2225 Sep 19 2022 bzdiff + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzegrep -> bzgrep + -rwxr-xr-x 1 root root 4893 Nov 28 2021 bzexe + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzfgrep -> bzgrep + -rwxr-xr-x 1 root root 3775 Sep 19 2022 bzgrep + -rwxr-xr-x 3 root root 67144 Sep 19 2022 bzip2 + -rwxr-xr-x 1 root root 67112 Sep 19 2022 bzip2recover + lrwxrwxrwx 1 root root 6 Sep 19 2022 bzless -> bzmore + -rwxr-xr-x 1 root root 1297 Sep 19 2022 bzmore + -rwxr-xr-x 1 root root 67632 Sep 21 2022 cat + -rwxr-xr-x 1 root root 67676 Sep 21 2022 chgrp + -rwxr-xr-x 1 root root 67644 Sep 21 2022 chmod + -rwxr-xr-x 1 root root 67684 Sep 21 2022 chown + -rwxr-xr-x 1 root root 133532 Sep 21 2022 cp + -rwxr-xr-x 1 root root 132868 Jan 6 03:20 dash + -rwxr-xr-x 1 root root 133220 Sep 21 2022 date + -rwxr-xr-x 1 root root 67732 Sep 21 2022 dd + -rwxr-xr-x 1 root root 68104 Sep 21 2022 df + -rwxr-xr-x 1 root root 133632 Sep 21 2022 dir + -rwxr-xr-x 1 root root 59128 Mar 23 23:02 dmesg + lrwxrwxrwx 1 root root 8 Dec 20 03:33 dnsdomainname -> hostname + lrwxrwxrwx 1 root root 8 Dec 20 03:33 domainname -> hostname + -rwxr-xr-x 1 root root 67560 Sep 21 2022 echo + -rwxr-xr-x 1 root root 41 Jan 25 04:43 egrep + -rwxr-xr-x 1 root root 67548 Sep 21 2022 false + -rwxr-xr-x 1 root root 41 Jan 25 04:43 fgrep + -rwxr-xr-x 1 root root 55748 Mar 23 23:02 findmnt + -rwsr-xr-x 1 root root 26208 Mar 23 22:15 fusermount + -rwxr-xr-x 1 root root 128608 Jan 25 04:43 grep + -rwxr-xr-x 2 root root 2346 Apr 10 2022 gunzip + -rwxr-xr-x 1 root root 6447 Apr 10 2022 gzexe + -rwxr-xr-x 1 root root 64220 Apr 10 2022 gzip + -rwxr-xr-x 1 root root 67032 Dec 20 03:33 hostname + -rwxr-xr-x 1 root root 67720 Sep 21 2022 ln + -rwxr-xr-x 1 root root 35132 Mar 23 23:51 login + -rwxr-xr-x 1 root root 133632 Sep 21 2022 ls + -rwxr-xr-x 1 root root 136808 Mar 23 23:02 lsblk + -rwxr-xr-x 1 root root 67800 Sep 21 2022 mkdir + -rwxr-xr-x 1 root root 67764 Sep 21 2022 mknod + -rwxr-xr-x 1 root root 67596 Sep 21 2022 mktemp + -rwxr-xr-x 1 root root 38504 Mar 23 23:02 more + -rwsr-xr-x 1 root root 38496 Mar 23 23:02 mount + -rwxr-xr-x 1 root root 9824 Mar 23 23:02 mountpoint + -rwxr-xr-x 1 root root 133532 Sep 21 2022 mv + lrwxrwxrwx 1 root root 8 Dec 20 03:33 nisdomainname -> hostname + lrwxrwxrwx 1 root root 14 Apr 3 20:25 pidof -> /sbin/killall5 + -rwxr-xr-x 1 root root 67608 Sep 21 2022 pwd + lrwxrwxrwx 1 root root 4 Apr 24 11:24 rbash -> bash + -rwxr-xr-x 1 root root 67600 Sep 21 2022 readlink + -rwxr-xr-x 1 root root 67672 Sep 21 2022 rm + -rwxr-xr-x 1 root root 67600 Sep 21 2022 rmdir + -rwxr-xr-x 1 root root 67400 Nov 3 2022 run-parts + -rwxr-xr-x 1 root root 133372 Jan 6 09:55 sed + lrwxrwxrwx 1 root root 9 May 25 14:03 sh -> /bin/bash + -rwxr-xr-x 1 root root 67584 Sep 21 2022 sleep + -rwxr-xr-x 1 root root 67644 Sep 21 2022 stty + -rwsr-xr-x 1 root root 50800 Mar 23 23:02 su + -rwxr-xr-x 1 root root 67584 Sep 21 2022 sync + -rwxr-xr-x 1 root root 336764 Apr 7 04:25 tar + -rwxr-xr-x 1 root root 67144 Nov 3 2022 tempfile + -rwxr-xr-x 1 root root 133224 Sep 21 2022 touch + -rwxr-xr-x 1 root root 67548 Sep 21 2022 true + -rwxr-xr-x 1 root root 9768 Mar 23 22:15 ulockmgr_server + -rwsr-xr-x 1 root root 22108 Mar 23 23:02 umount + -rwxr-xr-x 1 root root 67572 Sep 21 2022 uname + -rwxr-xr-x 2 root root 2346 Apr 10 2022 uncompress + -rwxr-xr-x 1 root root 133632 Sep 21 2022 vdir + -rwxr-xr-x 1 root root 42608 Mar 23 23:02 wdctl + lrwxrwxrwx 1 root root 8 Dec 20 03:33 ypdomainname -> hostname + -rwxr-xr-x 1 root root 1984 Apr 10 2022 zcat + -rwxr-xr-x 1 root root 1678 Apr 10 2022 zcmp + -rwxr-xr-x 1 root root 6460 Apr 10 2022 zdiff + -rwxr-xr-x 1 root root 29 Apr 10 2022 zegrep + -rwxr-xr-x 1 root root 29 Apr 10 2022 zfgrep + -rwxr-xr-x 1 root root 2081 Apr 10 2022 zforce + -rwxr-xr-x 1 root root 8103 Apr 10 2022 zgrep + -rwxr-xr-x 1 root root 2206 Apr 10 2022 zless + -rwxr-xr-x 1 root root 1842 Apr 10 2022 zmore + -rwxr-xr-x 1 root root 4577 Apr 10 2022 znew +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -360,7 +392,7 @@ Get: 154 http://deb.debian.org/debian bookworm/main armhf ruby-rspec-mocks all 3.12.0c0e1m1s0-1 [79.5 kB] Get: 155 http://deb.debian.org/debian bookworm/main armhf ruby-rspec all 3.12.0c0e1m1s0-1 [5084 B] Get: 156 http://deb.debian.org/debian bookworm/main armhf ruby-useragent all 0.16.8-1.1 [12.0 kB] -Fetched 46.4 MB in 1s (38.7 MB/s) +Fetched 46.4 MB in 5s (9431 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libpython3.11-minimal:armhf. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19326 files and directories currently installed.) @@ -1007,8 +1039,19 @@ Writing extended state information... Building tag database... -> Finished parsing the build-deps +Reading package lists... +Building dependency tree... +Reading state information... +usrmerge is already the newest version (35). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. I: Building the package -I: Running cd /build/ruby-secure-headers-6.3.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-secure-headers_6.3.2-1_source.changes +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/A99_set_merged_usr starting +Re-configuring usrmerge... +removed '/etc/unsupported-skip-usrmerge-conversion' +The system has been successfully converted. +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/ruby-secure-headers-6.3.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-secure-headers_6.3.2-1_source.changes dpkg-buildpackage: info: source package ruby-secure-headers dpkg-buildpackage: info: source version 6.3.2-1 dpkg-buildpackage: info: source distribution unstable @@ -1042,7 +1085,7 @@ dh_auto_install --destdir=debian/ruby-secure-headers/ -O--buildsystem=ruby dh_ruby --install /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers W: DH_RUBY_GEM_INSTALL_BLACKLIST_APPEND is deprecated, please use DH_RUBY_GEM_INSTALL_EXCLUDE instead (needs gem2deb >= 1.6~) -/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20230524-11714-v8n2mp/gemspec +/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20230525-7971-v0xrx3/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: license value 'Apache Public License 2.0' is invalid. Use a license identifier from http://spdx.org/licenses or 'Nonstandard' for a nonstandard license. @@ -1054,7 +1097,7 @@ Name: secure_headers Version: 6.3.2 File: secure_headers-6.3.2.gem -/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-secure-headers/usr/share/rubygems-integration/all /tmp/d20230524-11714-v8n2mp/secure_headers-6.3.2.gem +/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-secure-headers/usr/share/rubygems-integration/all /tmp/d20230525-7971-v0xrx3/secure_headers-6.3.2.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers/usr/share/rubygems-integration/all/gems/secure_headers-6.3.2/lib/secure_headers.rb /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers/usr/share/rubygems-integration/all/gems/secure_headers-6.3.2/lib/secure_headers/configuration.rb @@ -1111,75 +1154,253 @@ [Coveralls] Set up the SimpleCov formatter. [Coveralls] Using SimpleCov's default settings. -Randomized with seed 27131 +Randomized with seed 22368 -SecureHeaders::ViewHelpers - adds known hash values to the corresponding headers when the helper is used - avoids calling content_security_policy_nonce internally - raises an error when using previously unknown hashed content with precomputed hashes for a given file - raises an error when using hashed content with precomputed hashes, but none for the given file - raises an error when using hashed content without precomputed hashes +SecureHeaders::Configuration + dup results in a copy of the default config + has an 'noop' override + gives cookies a default config + deprecates the secure_cookies configuration + has a default config + stores an override + allows me to be explicit too + allows OPT_OUT + #override + raises on configuring an existing override + raises when a named append with the given name exists + #named_append + raises on configuring an existing append + raises when an override with the given name exists + +SecureHeaders::StrictTransportSecurity + #value + is expected to eq ["Strict-Transport-Security", "max-age=631138519"] + is expected to eq ["Strict-Transport-Security", "max-age=1234; includeSubdomains; preload"] + with an invalid configuration + with a string argument + raises an exception with an invalid format + raises an exception with an invalid max-age + raises an exception if max-age is not supplied + +SecureHeaders + raises a NotYetConfiguredError if default has not been set + raises a NotYetConfiguredError if trying to opt-out of unconfigured headers + raises and ArgumentError when referencing an override that has not been set + raises a AlreadyConfiguredError if trying to configure and default has already been set + validation + validates your xcto config upon configuration + validates your referrer_policy config upon configuration + validates your xfo config upon configuration + raises errors for unknown directives + validates your xdo config upon configuration + validates your clear site data config upon configuration + validates your x_permitted_cross_domain_policies config upon configuration + validates your cookies config upon configuration + validates your hsts config upon configuration + validates your x_xss config upon configuration + validates your csp config upon configuration + #header_hash_for + does not set the HSTS header if request is over HTTP + allows you to opt out of individual headers via API + Carries options over when using overrides + produces a hash of headers with default config + allows you to override opting out + Overrides the current default config if default config changes during request + allows you to override X-Frame-Options settings + allows you to opt out entirely + content security policy + overrides individual directives + supports named appends + overrides non-existant directives + Raises an error if csp_report_only is used with `report_only: false` + appends a hash to a missing script-src value + appends a nonce to the script-src when used + appends a value to csp directive + does not support the deprecated `report_only: true` format + appends a nonce to a missing script-src value + setting two headers + allows appending to the report only policy + sets identical values when the configs are the same + sets different headers when the configs are different + allows overriding the enforced policy + allows you to opt-out of enforced CSP + allows overriding both policies + allows overriding the report only policy + allows appending to both policies + allows appending to the enforced policy + when inferring which config to modify + updates both headers if both are configured + updates the report only header when configured + updates the enforced header when configured + +SecureHeaders::ContentSecurityPolicy + #value + discards source expressions (besides unsafe-* and non-host source values) when * is present + creates maximally strict sandbox policy when passed true + allows script as a require-sri-src + allows style as a require-sri-src + supports script-src-elem directive + deprecates and escapes semicolons in directive source lists + supports script-src-attr directive + removes nil from source lists + does not add a directive if the value is nil + supports style-src-elem directive + does add a boolean directive if the value is true + supports style-src-attr directive + deprecates and escapes semicolons in directive source lists + removes http/s schemes from hosts + supports strict-dynamic and opting out of the appended 'unsafe-inline' + allows script and style as a require-sri-src + does not remove schemes when :preserve_schemes is true + includes navigate-to + does not build directives with a value of OPT_OUT (and bypasses directive requirements) + does not add a boolean directive if the value is false + includes prefetch-src + does not remove schemes from report-uri values + minifies source expressions based on overlapping wildcards + creates maximally strict sandbox policy when passed no sandbox token values + deduplicates any source expressions + uses a safe but non-breaking default value + discards 'none' values if any other source expressions are present + does not emit a warning when using frame-src + supports strict-dynamic + does not add a directive if the value is an empty array (or all nil) + creates sandbox policy when passed valid sandbox token values + #name + when in report-only mode + is expected to eq "Content-Security-Policy-Report-Only" + when in enforce mode + is expected to eq "Content-Security-Policy" + +SecureHeaders::Middleware + sets the headers + uses named overrides + respects overrides + cookies + allows opting out of cookie protection with OPT_OUT alone + cookies should not be flagged + does not flags cookies as secure + cookies should be flagged + flags cookies as secure + cookies + flags cookies from configuration + sets the secure cookie flag correctly on interleaved http/https requests + disables secure cookies for non-https requests + flags cookies with a combination of SameSite configurations + +with an invalid configuration + raises an exception when SameSite is not configured with a Hash + raises an exception when SameSite lax and strict enforcement modes are configured with booleans + raises an exception when configured with false + raises an exception when both lax and strict only filters are provided to SameSite configurations + raises an exception when SameSite strict and none enforcement modes are configured with booleans + raises an exception when both only and except filters are provided to SameSite configurations + raises an exception when SameSite none and strict enforcement modes are configured with booleans + raises an exception when both lax and strict only filters are provided to SameSite configurations + raises an exception when configured without a boolean(true or OPT_OUT)/Hash + raises an exception when SameSite lax and strict enforcement modes are configured with booleans + raises an exception when SameSite none and lax enforcement modes are configured with booleans + raises an exception when SameSite strict and lax enforcement modes are configured with booleans + raises an exception when not configured with a Hash + raises an exception when SameSite lax and none enforcement modes are configured with booleans + raises an exception when both only and except filters are provided SecureHeaders::Cookie - preserves existing attributes does not tamper with cookies when using OPT_OUT is used prevents duplicate flagging of attributes + preserves existing attributes applies httponly, secure, and samesite by default HttpOnly cookies when configured with a Hash - flags cookies as HttpOnly when whitelisted does not flag cookies as HttpOnly when excluded + flags cookies as HttpOnly when whitelisted when configured with a boolean flags cookies as HttpOnly Secure cookies when configured with a Hash - flags cookies as Secure when whitelisted does not flag cookies as Secure when excluded + flags cookies as Secure when whitelisted when configured with a boolean flags cookies as Secure SameSite cookies - flags SameSite=Strict when configured with a boolean - flags SameSite=Strict - ignores configuration if the cookie is already flagged - flags SameSite=Lax flags SameSite=Lax when configured with a boolean + samesite: true sets all cookies to samesite=lax + flags SameSite=Strict when configured with a boolean does not flag cookies as SameSite=Strict when excluded flags SameSite=None when configured with a boolean flags properly when both lax and strict are configured does not flag cookies as SameSite=None when excluded flags SameSite=Strict when configured with a boolean - flags SameSite=None + flags SameSite=Strict + ignores configuration if the cookie is already flagged does not flag cookies as SameSite=Lax when excluded - samesite: true sets all cookies to samesite=lax + flags SameSite=None + flags SameSite=Lax -SecureHeaders::StrictTransportSecurity +SecureHeaders::XXssProtection + is expected to eq ["X-XSS-Protection", "1; mode=block"] + is expected to eq ["X-XSS-Protection", "1; mode=block; report=https://www.secure.com/reports"] + with invalid configuration + should raise an error when providing a string that is not valid + when using a hash value + should raise an error if an invalid key is supplied + should raise an error if mode != block + should raise an error if no value key is supplied + should allow string values ('1' or '0' are the only valid strings) + +SecureHeaders::ClearSiteData + make_header + returns nil with nil config + returns nil with empty config + returns specified types + returns all types with `true` config + returns nil with opt-out config + validate_config! + fails for Array of non-String config + succeeds for `nil` config + succeeds for `true` config + succeeds for empty config + succeeds for Array of Strings config + succeeds for opt-out config + fails for other types of config + make_header_value + returns a string of quoted values that are comma separated + +SecureHeaders::ViewHelpers + raises an error when using hashed content with precomputed hashes, but none for the given file + raises an error when using hashed content without precomputed hashes + raises an error when using previously unknown hashed content with precomputed hashes for a given file + avoids calling content_security_policy_nonce internally + adds known hash values to the corresponding headers when the helper is used + +SecureHeaders::XFrameOptions #value - is expected to eq ["Strict-Transport-Security", "max-age=1234; includeSubdomains; preload"] - is expected to eq ["Strict-Transport-Security", "max-age=631138519"] - with an invalid configuration - with a string argument - raises an exception if max-age is not supplied - raises an exception with an invalid max-age - raises an exception with an invalid format + is expected to eq ["X-Frame-Options", "DENY"] + is expected to eq ["X-Frame-Options", "sameorigin"] + with invalid configuration + allows DENY + allows SAMEORIGIN + does not allow garbage + allows ALLOW-FROM* SecureHeaders::ReferrerPolicy is expected to eq ["Referrer-Policy", "no-referrer"] - is expected to eq ["Referrer-Policy", "origin-when-cross-origin"] is expected to eq ["Referrer-Policy", "origin-when-cross-origin, strict-origin-when-cross-origin"] + is expected to eq ["Referrer-Policy", "origin-when-cross-origin"] invalid configuration values doesn't accept invalid types doesn't accept invalid values valid configuration values - accepts 'origin-when-cross-origin' - accepts 'strict-origin-when-cross-origin' accepts 'same-origin' + accepts 'origin' + accepts nil + accepts 'no-referrer-when-downgrade' + accepts 'strict-origin-when-cross-origin' accepts 'unsafe-url' + accepts 'origin-when-cross-origin' + accepts 'strict-origin' accepts array of policy values accepts 'no-referrer' - accepts 'no-referrer-when-downgrade' - accepts 'origin' - accepts 'strict-origin' - accepts nil SecureHeaders::XContentTypeOptions #value @@ -1190,249 +1411,71 @@ doesn't accept anything besides no-sniff accepts nil -with an invalid configuration - raises an exception when configured without a boolean(true or OPT_OUT)/Hash - raises an exception when SameSite none and strict enforcement modes are configured with booleans - raises an exception when SameSite strict and lax enforcement modes are configured with booleans - raises an exception when SameSite lax and none enforcement modes are configured with booleans - raises an exception when both only and except filters are provided - raises an exception when both only and except filters are provided to SameSite configurations - raises an exception when SameSite strict and none enforcement modes are configured with booleans - raises an exception when not configured with a Hash - raises an exception when configured with false - raises an exception when both lax and strict only filters are provided to SameSite configurations - raises an exception when SameSite none and lax enforcement modes are configured with booleans - raises an exception when SameSite lax and strict enforcement modes are configured with booleans - raises an exception when SameSite lax and strict enforcement modes are configured with booleans - raises an exception when both lax and strict only filters are provided to SameSite configurations - raises an exception when SameSite is not configured with a Hash - -SecureHeaders::XFrameOptions - #value - is expected to eq ["X-Frame-Options", "sameorigin"] - is expected to eq ["X-Frame-Options", "DENY"] - with invalid configuration - does not allow garbage - allows ALLOW-FROM* - allows DENY - allows SAMEORIGIN - -SecureHeaders::ClearSiteData - make_header_value - returns a string of quoted values that are comma separated - validate_config! - succeeds for `nil` config - succeeds for Array of Strings config - succeeds for empty config - fails for Array of non-String config - succeeds for opt-out config - succeeds for `true` config - fails for other types of config - make_header - returns specified types - returns nil with empty config - returns nil with opt-out config - returns nil with nil config - returns all types with `true` config - -SecureHeaders::XXssProtection - is expected to eq ["X-XSS-Protection", "1; mode=block"] - is expected to eq ["X-XSS-Protection", "1; mode=block; report=https://www.secure.com/reports"] - with invalid configuration - should raise an error when providing a string that is not valid - when using a hash value - should raise an error if mode != block - should allow string values ('1' or '0' are the only valid strings) - should raise an error if an invalid key is supplied - should raise an error if no value key is supplied - -SecureHeaders::ExpectCertificateTransparency - is expected to eq "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" - is expected to eq "max-age=1234" - is expected to eq "max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" - is expected to eq "enforce, max-age=1234" - is expected to eq "max-age=1234" - with an invalid configuration - raises an exception when max-age is not provided - raises an exception with an invalid enforce value - raises an exception with an invalid max-age - raises an exception when configuration isn't a hash - -SecureHeaders::Middleware - respects overrides - uses named overrides - sets the headers - cookies - allows opting out of cookie protection with OPT_OUT alone - cookies should not be flagged - does not flags cookies as secure - cookies should be flagged - flags cookies as secure - cookies - sets the secure cookie flag correctly on interleaved http/https requests - disables secure cookies for non-https requests - flags cookies with a combination of SameSite configurations - flags cookies from configuration - -SecureHeaders::Configuration - has a default config - allows OPT_OUT - stores an override - has an 'noop' override - gives cookies a default config - allows me to be explicit too - dup results in a copy of the default config - deprecates the secure_cookies configuration - #named_append - raises on configuring an existing append - raises when an override with the given name exists - #override - raises on configuring an existing override - raises when a named append with the given name exists - -SecureHeaders - raises a NotYetConfiguredError if default has not been set - raises a NotYetConfiguredError if trying to opt-out of unconfigured headers - raises and ArgumentError when referencing an override that has not been set - raises a AlreadyConfiguredError if trying to configure and default has already been set - validation - validates your clear site data config upon configuration - validates your x_xss config upon configuration - validates your xfo config upon configuration - validates your csp config upon configuration - validates your xcto config upon configuration - validates your xdo config upon configuration - validates your hsts config upon configuration - validates your x_permitted_cross_domain_policies config upon configuration - validates your referrer_policy config upon configuration - raises errors for unknown directives - validates your cookies config upon configuration - #header_hash_for - allows you to override X-Frame-Options settings - allows you to opt out of individual headers via API - produces a hash of headers with default config - Carries options over when using overrides - allows you to override opting out - allows you to opt out entirely - Overrides the current default config if default config changes during request - does not set the HSTS header if request is over HTTP - content security policy - supports named appends - overrides individual directives - overrides non-existant directives - appends a nonce to the script-src when used - appends a nonce to a missing script-src value - appends a value to csp directive - appends a hash to a missing script-src value - does not support the deprecated `report_only: true` format - Raises an error if csp_report_only is used with `report_only: false` - setting two headers - allows appending to both policies - allows overriding both policies - sets different headers when the configs are different - allows appending to the report only policy - allows appending to the enforced policy - allows overriding the report only policy - allows you to opt-out of enforced CSP - allows overriding the enforced policy - sets identical values when the configs are the same - when inferring which config to modify - updates both headers if both are configured - updates the enforced header when configured - updates the report only header when configured +SecureHeaders::XDownloadOptions + is expected to eq ["X-Download-Options", "noopen"] + is expected to eq ["X-Download-Options", "noopen"] + invalid configuration values + doesn't accept anything besides noopen + accepts nil + accepts noopen SecureHeaders::PolicyManagement #combine_policies raises an error if appending to a OPT_OUT policy - does not combine the default-src value for directives that don't fall back to default sources - overrides the :block_all_mixed_content flag + overrides the report_only flag combines directives where the original value is nil and the hash is frozen + does not combine the default-src value for directives that don't fall back to default sources combines the default-src value with the override if the directive was unconfigured - overrides the report_only flag + overrides the :block_all_mixed_content flag #validate_config! - performs light validation on source lists - requires :report_only to be a truthy value - rejects anything not of the form allow-* as a sandbox value - rejects anything not of the form type/subtype as a plugin-type value + accepts true as a sandbox policy accepts anything of the form type/subtype as a plugin-type value - requires :block_all_mixed_content to be a boolean value + requires :report_only to be a truthy value allows nil values - requires all source lists to be an array of strings + requires :preserve_schemes to be a truthy value allows report_only to be set in a report-only config rejects unknown directives / config - requires :upgrade_insecure_requests to be a boolean value - accepts OPT_OUT as a script-src value - accepts true as a sandbox policy - requires a :script_src value - accepts all keys + performs light validation on source lists + requires a :default_src value accepts anything of the form allow-* as a sandbox value + rejects anything not of the form type/subtype as a plugin-type value + requires :block_all_mixed_content to be a boolean value + requires a :script_src value + requires all source lists to be an array of strings + accepts OPT_OUT as a script-src value + rejects anything not of the form allow-* as a sandbox value + requires :upgrade_insecure_requests to be a boolean value doesn't allow report_only to be set in a non-report-only config - requires :preserve_schemes to be a truthy value - requires a :default_src value - -SecureHeaders::XDownloadOptions - is expected to eq ["X-Download-Options", "noopen"] - is expected to eq ["X-Download-Options", "noopen"] - invalid configuration values - accepts noopen - doesn't accept anything besides noopen - accepts nil + accepts all keys -SecureHeaders::ContentSecurityPolicy - #name - when in report-only mode - is expected to eq "Content-Security-Policy-Report-Only" - when in enforce mode - is expected to eq "Content-Security-Policy" - #value - deduplicates any source expressions - does not add a boolean directive if the value is false - allows script and style as a require-sri-src - uses a safe but non-breaking default value - includes navigate-to - supports strict-dynamic and opting out of the appended 'unsafe-inline' - does add a boolean directive if the value is true - allows script as a require-sri-src - allows style as a require-sri-src - deprecates and escapes semicolons in directive source lists - supports style-src-attr directive - supports script-src-elem directive - does not add a directive if the value is an empty array (or all nil) - includes prefetch-src - does not add a directive if the value is nil - creates sandbox policy when passed valid sandbox token values - minifies source expressions based on overlapping wildcards - does not remove schemes from report-uri values - removes http/s schemes from hosts - creates maximally strict sandbox policy when passed no sandbox token values - supports strict-dynamic - discards source expressions (besides unsafe-* and non-host source values) when * is present - discards 'none' values if any other source expressions are present - supports script-src-attr directive - deprecates and escapes semicolons in directive source lists - supports style-src-elem directive - removes nil from source lists - does not emit a warning when using frame-src - does not build directives with a value of OPT_OUT (and bypasses directive requirements) - creates maximally strict sandbox policy when passed true - does not remove schemes when :preserve_schemes is true +SecureHeaders::ExpectCertificateTransparency + is expected to eq "max-age=1234" + is expected to eq "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" + is expected to eq "max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" + is expected to eq "enforce, max-age=1234" + is expected to eq "max-age=1234" + with an invalid configuration + raises an exception when configuration isn't a hash + raises an exception with an invalid enforce value + raises an exception when max-age is not provided + raises an exception with an invalid max-age SecureHeaders::XPermittedCrossDomainPolicies - is expected to eq ["X-Permitted-Cross-Domain-Policies", "none"] is expected to eq ["X-Permitted-Cross-Domain-Policies", "master-only"] + is expected to eq ["X-Permitted-Cross-Domain-Policies", "none"] + invlaid configuration values + doesn't accept invalid values valid configuration values - accepts nil - accepts 'by-ftp-filename' accepts 'all' - accepts 'master-only' accepts 'by-content-type' - invlaid configuration values - doesn't accept invalid values + accepts 'by-ftp-filename' + accepts 'master-only' + accepts nil -Finished in 0.69429 seconds (files took 1.3 seconds to load) +Finished in 1.8 seconds (files took 3.95 seconds to load) 240 examples, 0 failures -Randomized with seed 27131 +Randomized with seed 22368 [Coveralls] Outside the CI environment, not sending data. @@ -1465,12 +1508,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/1538/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/4235 and its subdirectories -I: Current time: Wed May 24 12:02:49 -12 2023 -I: pbuilder-time-stamp: 1684972969 +I: removing directory /srv/workspace/pbuilder/1538 and its subdirectories +I: Current time: Thu May 25 14:09:25 +14 2023 +I: pbuilder-time-stamp: 1684973365