Diff of the two buildlogs: -- --- b1/build.log 2021-11-09 16:20:55.131848510 +0000 +++ b2/build.log 2021-11-09 16:22:48.475966261 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Mon Dec 12 10:43:25 -12 2022 -I: pbuilder-time-stamp: 1670885005 +I: Current time: Wed Nov 10 06:20:57 +14 2021 +I: pbuilder-time-stamp: 1636474857 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/bullseye-reproducible-base.tgz] I: copying local configuration @@ -16,8 +16,8 @@ I: copying [./ruby-secure-headers_6.3.2-1.debian.tar.xz] I: Extracting source gpgv: unknown type of key resource 'trustedkeys.kbx' -gpgv: keyblock resource '/tmp/dpkg-verify-sig.YEkf6kKB/trustedkeys.kbx': General error -gpgv: Signature made Fri Jun 25 07:55:35 2021 -12 +gpgv: keyblock resource '/tmp/dpkg-verify-sig.cYlEBRnm/trustedkeys.kbx': General error +gpgv: Signature made Sat Jun 26 09:55:35 2021 +14 gpgv: using RSA key D30863E26020E543F4719A838F53E0193B294B75 gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./ruby-secure-headers_6.3.2-1.dsc @@ -29,135 +29,169 @@ dpkg-source: info: applying 03-fix-library-path.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/3861583/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/4057403/tmp/hooks/D01_modify_environment starting +debug: Running on ionos11-amd64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +Removing 'diversion of /bin/sh to /bin/sh.distrib by dash' +Adding 'diversion of /bin/sh to /bin/sh.distrib by bash' +Removing 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash' +Adding 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by bash' +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/4057403/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/4057403/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='amd64' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all,-fixfilepath parallel=16' - DISTRIBUTION='' - HOME='/root' - HOST_ARCH='amd64' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="1" [2]="4" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") + BASH_VERSION='5.1.4(1)-release' + BUILDDIR=/build + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=amd64 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all,-fixfilepath parallel=15' + DIRSTACK=() + DISTRIBUTION= + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=x86_64 + HOST_ARCH=amd64 IFS=' ' - INVOCATION_ID='d64227c955484585afb94c08ff1626cf' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='3861583' - PS1='# ' - PS2='> ' + INVOCATION_ID=87384216d600477e93143b6de8c71529 + LANG=C + LANGUAGE=et_EE:et + LC_ALL=C + MACHTYPE=x86_64-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=4057403 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.xwcOeGfduQ/pbuilderrc_aZgg --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bullseye-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.xwcOeGfduQ/b1 --logfile b1/build.log ruby-secure-headers_6.3.2-1.dsc' - SUDO_GID='111' - SUDO_UID='106' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://85.184.249.68:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.xwcOeGfduQ/pbuilderrc_lTTz --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bullseye-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.xwcOeGfduQ/b2 --logfile b2/build.log ruby-secure-headers_6.3.2-1.dsc' + SUDO_GID=111 + SUDO_UID=106 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://78.137.99.97:3128 I: uname -a - Linux ionos15-amd64 5.14.0-0.bpo.2-amd64 #1 SMP Debian 5.14.9-2~bpo11+1 (2021-10-10) x86_64 GNU/Linux + Linux i-capture-the-hostname 5.10.0-9-amd64 #1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux I: ls -l /bin total 5476 - -rwxr-xr-x 1 root root 1234376 Aug 4 2021 bash - -rwxr-xr-x 3 root root 38984 Jul 20 2020 bunzip2 - -rwxr-xr-x 3 root root 38984 Jul 20 2020 bzcat - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzcmp -> bzdiff - -rwxr-xr-x 1 root root 2225 Jul 20 2020 bzdiff - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzegrep -> bzgrep - -rwxr-xr-x 1 root root 4877 Sep 4 2019 bzexe - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzfgrep -> bzgrep - -rwxr-xr-x 1 root root 3775 Jul 20 2020 bzgrep - -rwxr-xr-x 3 root root 38984 Jul 20 2020 bzip2 - -rwxr-xr-x 1 root root 18424 Jul 20 2020 bzip2recover - lrwxrwxrwx 1 root root 6 Jul 20 2020 bzless -> bzmore - -rwxr-xr-x 1 root root 1297 Jul 20 2020 bzmore - -rwxr-xr-x 1 root root 43936 Sep 23 2020 cat - -rwxr-xr-x 1 root root 72672 Sep 23 2020 chgrp - -rwxr-xr-x 1 root root 64448 Sep 23 2020 chmod - -rwxr-xr-x 1 root root 72672 Sep 23 2020 chown - -rwxr-xr-x 1 root root 151168 Sep 23 2020 cp - -rwxr-xr-x 1 root root 125560 Dec 10 2020 dash - -rwxr-xr-x 1 root root 113664 Sep 23 2020 date - -rwxr-xr-x 1 root root 80968 Sep 23 2020 dd - -rwxr-xr-x 1 root root 93936 Sep 23 2020 df - -rwxr-xr-x 1 root root 147176 Sep 23 2020 dir - -rwxr-xr-x 1 root root 84440 Jul 28 2021 dmesg - lrwxrwxrwx 1 root root 8 Nov 6 2019 dnsdomainname -> hostname - lrwxrwxrwx 1 root root 8 Nov 6 2019 domainname -> hostname - -rwxr-xr-x 1 root root 39712 Sep 23 2020 echo - -rwxr-xr-x 1 root root 28 Nov 9 2020 egrep - -rwxr-xr-x 1 root root 39680 Sep 23 2020 false - -rwxr-xr-x 1 root root 28 Nov 9 2020 fgrep - -rwxr-xr-x 1 root root 69032 Jul 28 2021 findmnt - -rwsr-xr-x 1 root root 34896 Feb 26 2021 fusermount - -rwxr-xr-x 1 root root 203072 Nov 9 2020 grep - -rwxr-xr-x 2 root root 2346 Mar 2 2021 gunzip - -rwxr-xr-x 1 root root 6376 Mar 2 2021 gzexe - -rwxr-xr-x 1 root root 98048 Mar 2 2021 gzip - -rwxr-xr-x 1 root root 22600 Nov 6 2019 hostname - -rwxr-xr-x 1 root root 72840 Sep 23 2020 ln - -rwxr-xr-x 1 root root 56952 Feb 7 2020 login - -rwxr-xr-x 1 root root 147176 Sep 23 2020 ls - -rwxr-xr-x 1 root root 149736 Jul 28 2021 lsblk - -rwxr-xr-x 1 root root 85184 Sep 23 2020 mkdir - -rwxr-xr-x 1 root root 76896 Sep 23 2020 mknod - -rwxr-xr-x 1 root root 48064 Sep 23 2020 mktemp - -rwxr-xr-x 1 root root 59632 Jul 28 2021 more - -rwsr-xr-x 1 root root 55528 Jul 28 2021 mount - -rwxr-xr-x 1 root root 18664 Jul 28 2021 mountpoint - -rwxr-xr-x 1 root root 147080 Sep 23 2020 mv - lrwxrwxrwx 1 root root 8 Nov 6 2019 nisdomainname -> hostname - lrwxrwxrwx 1 root root 14 Apr 18 2021 pidof -> /sbin/killall5 - -rwxr-xr-x 1 root root 43872 Sep 23 2020 pwd - lrwxrwxrwx 1 root root 4 Aug 4 2021 rbash -> bash - -rwxr-xr-x 1 root root 52032 Sep 23 2020 readlink - -rwxr-xr-x 1 root root 72704 Sep 23 2020 rm - -rwxr-xr-x 1 root root 52032 Sep 23 2020 rmdir - -rwxr-xr-x 1 root root 27472 Sep 27 2020 run-parts - -rwxr-xr-x 1 root root 122224 Dec 22 2018 sed - lrwxrwxrwx 1 root root 4 Nov 23 06:05 sh -> dash - -rwxr-xr-x 1 root root 43808 Sep 23 2020 sleep - -rwxr-xr-x 1 root root 84928 Sep 23 2020 stty - -rwsr-xr-x 1 root root 71912 Jul 28 2021 su - -rwxr-xr-x 1 root root 39744 Sep 23 2020 sync - -rwxr-xr-x 1 root root 531928 Feb 16 2021 tar - -rwxr-xr-x 1 root root 14456 Sep 27 2020 tempfile - -rwxr-xr-x 1 root root 101408 Sep 23 2020 touch - -rwxr-xr-x 1 root root 39680 Sep 23 2020 true - -rwxr-xr-x 1 root root 14328 Feb 26 2021 ulockmgr_server - -rwsr-xr-x 1 root root 35040 Jul 28 2021 umount - -rwxr-xr-x 1 root root 39744 Sep 23 2020 uname - -rwxr-xr-x 2 root root 2346 Mar 2 2021 uncompress - -rwxr-xr-x 1 root root 147176 Sep 23 2020 vdir - -rwxr-xr-x 1 root root 63744 Jul 28 2021 wdctl - lrwxrwxrwx 1 root root 8 Nov 6 2019 ypdomainname -> hostname - -rwxr-xr-x 1 root root 1984 Mar 2 2021 zcat - -rwxr-xr-x 1 root root 1678 Mar 2 2021 zcmp - -rwxr-xr-x 1 root root 5880 Mar 2 2021 zdiff - -rwxr-xr-x 1 root root 29 Mar 2 2021 zegrep - -rwxr-xr-x 1 root root 29 Mar 2 2021 zfgrep - -rwxr-xr-x 1 root root 2081 Mar 2 2021 zforce - -rwxr-xr-x 1 root root 7585 Mar 2 2021 zgrep - -rwxr-xr-x 1 root root 2206 Mar 2 2021 zless - -rwxr-xr-x 1 root root 1842 Mar 2 2021 zmore - -rwxr-xr-x 1 root root 4553 Mar 2 2021 znew -I: user script /srv/workspace/pbuilder/3861583/tmp/hooks/D02_print_environment finished + -rwxr-xr-x 1 root root 1234376 Aug 5 10:25 bash + -rwxr-xr-x 3 root root 38984 Jul 21 2020 bunzip2 + -rwxr-xr-x 3 root root 38984 Jul 21 2020 bzcat + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzcmp -> bzdiff + -rwxr-xr-x 1 root root 2225 Jul 21 2020 bzdiff + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzegrep -> bzgrep + -rwxr-xr-x 1 root root 4877 Sep 5 2019 bzexe + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzfgrep -> bzgrep + -rwxr-xr-x 1 root root 3775 Jul 21 2020 bzgrep + -rwxr-xr-x 3 root root 38984 Jul 21 2020 bzip2 + -rwxr-xr-x 1 root root 18424 Jul 21 2020 bzip2recover + lrwxrwxrwx 1 root root 6 Jul 21 2020 bzless -> bzmore + -rwxr-xr-x 1 root root 1297 Jul 21 2020 bzmore + -rwxr-xr-x 1 root root 43936 Sep 24 2020 cat + -rwxr-xr-x 1 root root 72672 Sep 24 2020 chgrp + -rwxr-xr-x 1 root root 64448 Sep 24 2020 chmod + -rwxr-xr-x 1 root root 72672 Sep 24 2020 chown + -rwxr-xr-x 1 root root 151168 Sep 24 2020 cp + -rwxr-xr-x 1 root root 125560 Dec 11 2020 dash + -rwxr-xr-x 1 root root 113664 Sep 24 2020 date + -rwxr-xr-x 1 root root 80968 Sep 24 2020 dd + -rwxr-xr-x 1 root root 93936 Sep 24 2020 df + -rwxr-xr-x 1 root root 147176 Sep 24 2020 dir + -rwxr-xr-x 1 root root 84440 Jul 29 09:09 dmesg + lrwxrwxrwx 1 root root 8 Nov 8 2019 dnsdomainname -> hostname + lrwxrwxrwx 1 root root 8 Nov 8 2019 domainname -> hostname + -rwxr-xr-x 1 root root 39712 Sep 24 2020 echo + -rwxr-xr-x 1 root root 28 Nov 10 2020 egrep + -rwxr-xr-x 1 root root 39680 Sep 24 2020 false + -rwxr-xr-x 1 root root 28 Nov 10 2020 fgrep + -rwxr-xr-x 1 root root 69032 Jul 29 09:09 findmnt + -rwsr-xr-x 1 root root 34896 Feb 27 2021 fusermount + -rwxr-xr-x 1 root root 203072 Nov 10 2020 grep + -rwxr-xr-x 2 root root 2346 Mar 3 2021 gunzip + -rwxr-xr-x 1 root root 6376 Mar 3 2021 gzexe + -rwxr-xr-x 1 root root 98048 Mar 3 2021 gzip + -rwxr-xr-x 1 root root 22600 Nov 8 2019 hostname + -rwxr-xr-x 1 root root 72840 Sep 24 2020 ln + -rwxr-xr-x 1 root root 56952 Feb 8 2020 login + -rwxr-xr-x 1 root root 147176 Sep 24 2020 ls + -rwxr-xr-x 1 root root 149736 Jul 29 09:09 lsblk + -rwxr-xr-x 1 root root 85184 Sep 24 2020 mkdir + -rwxr-xr-x 1 root root 76896 Sep 24 2020 mknod + -rwxr-xr-x 1 root root 48064 Sep 24 2020 mktemp + -rwxr-xr-x 1 root root 59632 Jul 29 09:09 more + -rwsr-xr-x 1 root root 55528 Jul 29 09:09 mount + -rwxr-xr-x 1 root root 18664 Jul 29 09:09 mountpoint + -rwxr-xr-x 1 root root 147080 Sep 24 2020 mv + lrwxrwxrwx 1 root root 8 Nov 8 2019 nisdomainname -> hostname + lrwxrwxrwx 1 root root 14 Apr 19 2021 pidof -> /sbin/killall5 + -rwxr-xr-x 1 root root 43872 Sep 24 2020 pwd + lrwxrwxrwx 1 root root 4 Aug 5 10:25 rbash -> bash + -rwxr-xr-x 1 root root 52032 Sep 24 2020 readlink + -rwxr-xr-x 1 root root 72704 Sep 24 2020 rm + -rwxr-xr-x 1 root root 52032 Sep 24 2020 rmdir + -rwxr-xr-x 1 root root 27472 Sep 28 2020 run-parts + -rwxr-xr-x 1 root root 122224 Dec 23 2018 sed + lrwxrwxrwx 1 root root 4 Nov 10 06:21 sh -> bash + lrwxrwxrwx 1 root root 4 Oct 22 01:41 sh.distrib -> dash + -rwxr-xr-x 1 root root 43808 Sep 24 2020 sleep + -rwxr-xr-x 1 root root 84928 Sep 24 2020 stty + -rwsr-xr-x 1 root root 71912 Jul 29 09:09 su + -rwxr-xr-x 1 root root 39744 Sep 24 2020 sync + -rwxr-xr-x 1 root root 531928 Feb 17 2021 tar + -rwxr-xr-x 1 root root 14456 Sep 28 2020 tempfile + -rwxr-xr-x 1 root root 101408 Sep 24 2020 touch + -rwxr-xr-x 1 root root 39680 Sep 24 2020 true + -rwxr-xr-x 1 root root 14328 Feb 27 2021 ulockmgr_server + -rwsr-xr-x 1 root root 35040 Jul 29 09:09 umount + -rwxr-xr-x 1 root root 39744 Sep 24 2020 uname + -rwxr-xr-x 2 root root 2346 Mar 3 2021 uncompress + -rwxr-xr-x 1 root root 147176 Sep 24 2020 vdir + -rwxr-xr-x 1 root root 63744 Jul 29 09:09 wdctl + lrwxrwxrwx 1 root root 8 Nov 8 2019 ypdomainname -> hostname + -rwxr-xr-x 1 root root 1984 Mar 3 2021 zcat + -rwxr-xr-x 1 root root 1678 Mar 3 2021 zcmp + -rwxr-xr-x 1 root root 5880 Mar 3 2021 zdiff + -rwxr-xr-x 1 root root 29 Mar 3 2021 zegrep + -rwxr-xr-x 1 root root 29 Mar 3 2021 zfgrep + -rwxr-xr-x 1 root root 2081 Mar 3 2021 zforce + -rwxr-xr-x 1 root root 7585 Mar 3 2021 zgrep + -rwxr-xr-x 1 root root 2206 Mar 3 2021 zless + -rwxr-xr-x 1 root root 1842 Mar 3 2021 zmore + -rwxr-xr-x 1 root root 4553 Mar 3 2021 znew +I: user script /srv/workspace/pbuilder/4057403/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -362,7 +396,7 @@ Get: 155 http://deb.debian.org/debian bullseye/main amd64 ruby-rspec-mocks all 3.9.0c2e2m1s3-2 [81.4 kB] Get: 156 http://deb.debian.org/debian bullseye/main amd64 ruby-rspec all 3.9.0c2e2m1s3-2 [8348 B] Get: 157 http://deb.debian.org/debian bullseye/main amd64 ruby-useragent all 0.16.8-1.1 [12.0 kB] -Fetched 45.8 MB in 1s (89.6 MB/s) +Fetched 45.8 MB in 1s (59.3 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package bsdextrautils. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19655 files and directories currently installed.) @@ -1015,7 +1049,8 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/ruby-secure-headers-6.3.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-secure-headers_6.3.2-1_source.changes +hostname: Name or service not known +I: Running cd /build/ruby-secure-headers-6.3.2/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-secure-headers_6.3.2-1_source.changes dpkg-buildpackage: info: source package ruby-secure-headers dpkg-buildpackage: info: source version 6.3.2-1 dpkg-buildpackage: info: source distribution unstable @@ -1046,7 +1081,7 @@ dh_auto_install -O--buildsystem=ruby dh_ruby --install /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers dh_ruby --install -/usr/bin/ruby2.7 -S gem build --config-file /dev/null --verbose /tmp/d20221212-3865918-1rect7t/gemspec +/usr/bin/ruby2.7 -S gem build --config-file /dev/null --verbose /tmp/d20211110-4085017-iph027/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: license value 'Apache Public License 2.0' is invalid. Use a license identifier from http://spdx.org/licenses or 'Nonstandard' for a nonstandard license. @@ -1058,7 +1093,7 @@ Name: secure_headers Version: 6.3.2 File: secure_headers-6.3.2.gem -/usr/bin/ruby2.7 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-secure-headers/usr/share/rubygems-integration/all /tmp/d20221212-3865918-1rect7t/secure_headers-6.3.2.gem +/usr/bin/ruby2.7 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-secure-headers/usr/share/rubygems-integration/all /tmp/d20211110-4085017-iph027/secure_headers-6.3.2.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers/usr/share/rubygems-integration/all/gems/secure_headers-6.3.2/lib/secure_headers.rb /build/ruby-secure-headers-6.3.2/debian/ruby-secure-headers/usr/share/rubygems-integration/all/gems/secure_headers-6.3.2/lib/secure_headers/configuration.rb @@ -1114,235 +1149,235 @@ [Coveralls] Set up the SimpleCov formatter. [Coveralls] Using SimpleCov's default settings. -Randomized with seed 4850 +Randomized with seed 56554 -SecureHeaders::ReferrerPolicy - is expected to eq ["Referrer-Policy", "origin-when-cross-origin, strict-origin-when-cross-origin"] - is expected to eq ["Referrer-Policy", "no-referrer"] - is expected to eq ["Referrer-Policy", "origin-when-cross-origin"] - invalid configuration values - doesn't accept invalid values - doesn't accept invalid types - valid configuration values - accepts nil - accepts 'strict-origin' - accepts 'origin' - accepts 'strict-origin-when-cross-origin' - accepts array of policy values - accepts 'no-referrer-when-downgrade' - accepts 'no-referrer' - accepts 'same-origin' - accepts 'origin-when-cross-origin' - accepts 'unsafe-url' +SecureHeaders::ClearSiteData + validate_config! + fails for other types of config + succeeds for Array of Strings config + succeeds for `nil` config + fails for Array of non-String config + succeeds for empty config + succeeds for `true` config + succeeds for opt-out config + make_header + returns nil with empty config + returns nil with nil config + returns nil with opt-out config + returns all types with `true` config + returns specified types + make_header_value + returns a string of quoted values that are comma separated SecureHeaders::Cookie - preserves existing attributes prevents duplicate flagging of attributes applies httponly, secure, and samesite by default does not tamper with cookies when using OPT_OUT is used + preserves existing attributes + HttpOnly cookies + when configured with a boolean + flags cookies as HttpOnly + when configured with a Hash + does not flag cookies as HttpOnly when excluded + flags cookies as HttpOnly when whitelisted SameSite cookies + samesite: true sets all cookies to samesite=lax flags SameSite=None + flags SameSite=Lax does not flag cookies as SameSite=Strict when excluded - samesite: true sets all cookies to samesite=lax - ignores configuration if the cookie is already flagged - flags SameSite=Strict flags properly when both lax and strict are configured + ignores configuration if the cookie is already flagged + does not flag cookies as SameSite=None when excluded does not flag cookies as SameSite=Lax when excluded - flags SameSite=Lax flags SameSite=Strict when configured with a boolean + flags SameSite=Strict + flags SameSite=None when configured with a boolean flags SameSite=Lax when configured with a boolean flags SameSite=Strict when configured with a boolean - does not flag cookies as SameSite=None when excluded - flags SameSite=None when configured with a boolean Secure cookies when configured with a boolean flags cookies as Secure when configured with a Hash does not flag cookies as Secure when excluded flags cookies as Secure when whitelisted - HttpOnly cookies - when configured with a boolean - flags cookies as HttpOnly - when configured with a Hash - does not flag cookies as HttpOnly when excluded - flags cookies as HttpOnly when whitelisted - -SecureHeaders::PolicyManagement - #combine_policies - raises an error if appending to a OPT_OUT policy - does not combine the default-src value for directives that don't fall back to default sources - combines the default-src value with the override if the directive was unconfigured - overrides the :block_all_mixed_content flag - overrides the report_only flag - combines directives where the original value is nil and the hash is frozen - #validate_config! - rejects unknown directives / config - allows report_only to be set in a report-only config - requires a :default_src value - accepts OPT_OUT as a script-src value - doesn't allow report_only to be set in a non-report-only config - rejects anything not of the form allow-* as a sandbox value - requires :preserve_schemes to be a truthy value - accepts true as a sandbox policy - performs light validation on source lists - allows nil values - requires :block_all_mixed_content to be a boolean value - accepts anything of the form type/subtype as a plugin-type value - accepts all keys - requires :report_only to be a truthy value - requires all source lists to be an array of strings - requires a :script_src value - accepts anything of the form allow-* as a sandbox value - requires :upgrade_insecure_requests to be a boolean value - rejects anything not of the form type/subtype as a plugin-type value -SecureHeaders::XDownloadOptions - is expected to eq ["X-Download-Options", "noopen"] - is expected to eq ["X-Download-Options", "noopen"] - invalid configuration values - doesn't accept anything besides noopen - accepts noopen +SecureHeaders::XPermittedCrossDomainPolicies + is expected to eq ["X-Permitted-Cross-Domain-Policies", "master-only"] + is expected to eq ["X-Permitted-Cross-Domain-Policies", "none"] + valid configuration values accepts nil + accepts 'by-ftp-filename' + accepts 'master-only' + accepts 'all' + accepts 'by-content-type' + invlaid configuration values + doesn't accept invalid values + +SecureHeaders::ViewHelpers + raises an error when using hashed content without precomputed hashes + adds known hash values to the corresponding headers when the helper is used + raises an error when using hashed content with precomputed hashes, but none for the given file + avoids calling content_security_policy_nonce internally + raises an error when using previously unknown hashed content with precomputed hashes for a given file + +SecureHeaders::XContentTypeOptions + #value + is expected to eq ["X-Content-Type-Options", "nosniff"] + is expected to eq ["X-Content-Type-Options", "nosniff"] + invalid configuration values + doesn't accept anything besides no-sniff + accepts nosniff + accepts nil SecureHeaders::ContentSecurityPolicy #name - when in enforce mode - is expected to eq "Content-Security-Policy" when in report-only mode is expected to eq "Content-Security-Policy-Report-Only" + when in enforce mode + is expected to eq "Content-Security-Policy" #value + allows script and style as a require-sri-src + does not add a directive if the value is an empty array (or all nil) + discards 'none' values if any other source expressions are present minifies source expressions based on overlapping wildcards - supports strict-dynamic and opting out of the appended 'unsafe-inline' - does not add a directive if the value is nil - supports script-src-attr directive - supports style-src-attr directive - removes http/s schemes from hosts - does not build directives with a value of OPT_OUT (and bypasses directive requirements) - removes nil from source lists - deprecates and escapes semicolons in directive source lists + supports strict-dynamic + does not remove schemes from report-uri values + supports style-src-elem directive discards source expressions (besides unsafe-* and non-host source values) when * is present - includes prefetch-src + does not add a directive if the value is nil creates sandbox policy when passed valid sandbox token values + includes navigate-to + does add a boolean directive if the value is true + removes nil from source lists + creates maximally strict sandbox policy when passed no sandbox token values + removes http/s schemes from hosts does not remove schemes when :preserve_schemes is true does not emit a warning when using frame-src - supports strict-dynamic deduplicates any source expressions + deprecates and escapes semicolons in directive source lists creates maximally strict sandbox policy when passed true - uses a safe but non-breaking default value - allows script and style as a require-sri-src - does not remove schemes from report-uri values - creates maximally strict sandbox policy when passed no sandbox token values - allows style as a require-sri-src - does add a boolean directive if the value is true + includes prefetch-src + supports style-src-attr directive deprecates and escapes semicolons in directive source lists - does not add a boolean directive if the value is false + does not build directives with a value of OPT_OUT (and bypasses directive requirements) allows script as a require-sri-src - discards 'none' values if any other source expressions are present - does not add a directive if the value is an empty array (or all nil) + supports strict-dynamic and opting out of the appended 'unsafe-inline' supports script-src-elem directive - includes navigate-to - supports style-src-elem directive + supports script-src-attr directive + uses a safe but non-breaking default value + allows style as a require-sri-src + does not add a boolean directive if the value is false -with an invalid configuration - raises an exception when both lax and strict only filters are provided to SameSite configurations - raises an exception when SameSite none and strict enforcement modes are configured with booleans - raises an exception when both only and except filters are provided to SameSite configurations - raises an exception when configured without a boolean(true or OPT_OUT)/Hash - raises an exception when both only and except filters are provided - raises an exception when SameSite strict and lax enforcement modes are configured with booleans - raises an exception when SameSite strict and none enforcement modes are configured with booleans - raises an exception when SameSite none and lax enforcement modes are configured with booleans - raises an exception when SameSite lax and strict enforcement modes are configured with booleans - raises an exception when configured with false - raises an exception when both lax and strict only filters are provided to SameSite configurations - raises an exception when not configured with a Hash - raises an exception when SameSite lax and none enforcement modes are configured with booleans - raises an exception when SameSite is not configured with a Hash - raises an exception when SameSite lax and strict enforcement modes are configured with booleans +SecureHeaders::ReferrerPolicy + is expected to eq ["Referrer-Policy", "origin-when-cross-origin, strict-origin-when-cross-origin"] + is expected to eq ["Referrer-Policy", "no-referrer"] + is expected to eq ["Referrer-Policy", "origin-when-cross-origin"] + valid configuration values + accepts array of policy values + accepts 'origin-when-cross-origin' + accepts 'no-referrer-when-downgrade' + accepts nil + accepts 'no-referrer' + accepts 'strict-origin-when-cross-origin' + accepts 'same-origin' + accepts 'unsafe-url' + accepts 'strict-origin' + accepts 'origin' + invalid configuration values + doesn't accept invalid values + doesn't accept invalid types -SecureHeaders::ViewHelpers - raises an error when using hashed content with precomputed hashes, but none for the given file - avoids calling content_security_policy_nonce internally - adds known hash values to the corresponding headers when the helper is used - raises an error when using previously unknown hashed content with precomputed hashes for a given file - raises an error when using hashed content without precomputed hashes +SecureHeaders::XDownloadOptions + is expected to eq ["X-Download-Options", "noopen"] + is expected to eq ["X-Download-Options", "noopen"] + invalid configuration values + accepts nil + doesn't accept anything besides noopen + accepts noopen -SecureHeaders::StrictTransportSecurity - #value - is expected to eq ["Strict-Transport-Security", "max-age=631138519"] - is expected to eq ["Strict-Transport-Security", "max-age=1234; includeSubdomains; preload"] - with an invalid configuration - with a string argument - raises an exception if max-age is not supplied - raises an exception with an invalid format - raises an exception with an invalid max-age +SecureHeaders::Middleware + respects overrides + uses named overrides + sets the headers + cookies + flags cookies from configuration + flags cookies with a combination of SameSite configurations + sets the secure cookie flag correctly on interleaved http/https requests + disables secure cookies for non-https requests + cookies + allows opting out of cookie protection with OPT_OUT alone + cookies should not be flagged + does not flags cookies as secure + cookies should be flagged + flags cookies as secure SecureHeaders - raises a NotYetConfiguredError if trying to opt-out of unconfigured headers + raises a NotYetConfiguredError if default has not been set raises and ArgumentError when referencing an override that has not been set + raises a NotYetConfiguredError if trying to opt-out of unconfigured headers raises a AlreadyConfiguredError if trying to configure and default has already been set - raises a NotYetConfiguredError if default has not been set #header_hash_for - Carries options over when using overrides + allows you to opt out entirely + allows you to opt out of individual headers via API + produces a hash of headers with default config allows you to override X-Frame-Options settings + does not set the HSTS header if request is over HTTP Overrides the current default config if default config changes during request - allows you to opt out entirely allows you to override opting out - does not set the HSTS header if request is over HTTP - produces a hash of headers with default config - allows you to opt out of individual headers via API + Carries options over when using overrides content security policy does not support the deprecated `report_only: true` format - overrides non-existant directives - supports named appends - appends a hash to a missing script-src value - appends a nonce to a missing script-src value appends a value to csp directive + supports named appends appends a nonce to the script-src when used overrides individual directives Raises an error if csp_report_only is used with `report_only: false` + appends a nonce to a missing script-src value + appends a hash to a missing script-src value + overrides non-existant directives setting two headers sets different headers when the configs are different - allows appending to the report only policy - sets identical values when the configs are the same - allows appending to the enforced policy - allows overriding the enforced policy allows appending to both policies + sets identical values when the configs are the same allows you to opt-out of enforced CSP + allows appending to the enforced policy + allows appending to the report only policy allows overriding both policies allows overriding the report only policy + allows overriding the enforced policy when inferring which config to modify updates the enforced header when configured updates both headers if both are configured updates the report only header when configured validation - validates your cookies config upon configuration - validates your x_xss config upon configuration validates your csp config upon configuration - validates your xdo config upon configuration raises errors for unknown directives - validates your xcto config upon configuration - validates your referrer_policy config upon configuration - validates your clear site data config upon configuration - validates your xfo config upon configuration + validates your cookies config upon configuration validates your x_permitted_cross_domain_policies config upon configuration validates your hsts config upon configuration + validates your referrer_policy config upon configuration + validates your xcto config upon configuration + validates your x_xss config upon configuration + validates your xfo config upon configuration + validates your clear site data config upon configuration + validates your xdo config upon configuration -SecureHeaders::Middleware - uses named overrides - respects overrides - sets the headers - cookies - allows opting out of cookie protection with OPT_OUT alone - cookies should be flagged - flags cookies as secure - cookies should not be flagged - does not flags cookies as secure - cookies - flags cookies from configuration - sets the secure cookie flag correctly on interleaved http/https requests - disables secure cookies for non-https requests - flags cookies with a combination of SameSite configurations +with an invalid configuration + raises an exception when SameSite lax and strict enforcement modes are configured with booleans + raises an exception when SameSite strict and none enforcement modes are configured with booleans + raises an exception when both only and except filters are provided + raises an exception when SameSite is not configured with a Hash + raises an exception when both lax and strict only filters are provided to SameSite configurations + raises an exception when both lax and strict only filters are provided to SameSite configurations + raises an exception when configured without a boolean(true or OPT_OUT)/Hash + raises an exception when not configured with a Hash + raises an exception when SameSite none and lax enforcement modes are configured with booleans + raises an exception when SameSite none and strict enforcement modes are configured with booleans + raises an exception when both only and except filters are provided to SameSite configurations + raises an exception when SameSite lax and strict enforcement modes are configured with booleans + raises an exception when SameSite strict and lax enforcement modes are configured with booleans + raises an exception when configured with false + raises an exception when SameSite lax and none enforcement modes are configured with booleans SecureHeaders::XXssProtection is expected to eq ["X-XSS-Protection", "1; mode=block; report=https://www.secure.com/reports"] @@ -1350,92 +1385,92 @@ with invalid configuration should raise an error when providing a string that is not valid when using a hash value - should allow string values ('1' or '0' are the only valid strings) should raise an error if mode != block - should raise an error if no value key is supplied should raise an error if an invalid key is supplied + should allow string values ('1' or '0' are the only valid strings) + should raise an error if no value key is supplied -SecureHeaders::XContentTypeOptions - #value - is expected to eq ["X-Content-Type-Options", "nosniff"] - is expected to eq ["X-Content-Type-Options", "nosniff"] - invalid configuration values - accepts nosniff - accepts nil - doesn't accept anything besides no-sniff - -SecureHeaders::XPermittedCrossDomainPolicies - is expected to eq ["X-Permitted-Cross-Domain-Policies", "master-only"] - is expected to eq ["X-Permitted-Cross-Domain-Policies", "none"] - invlaid configuration values - doesn't accept invalid values - valid configuration values - accepts 'by-ftp-filename' - accepts nil - accepts 'all' - accepts 'by-content-type' - accepts 'master-only' +SecureHeaders::PolicyManagement + #validate_config! + performs light validation on source lists + accepts OPT_OUT as a script-src value + requires :block_all_mixed_content to be a boolean value + requires :report_only to be a truthy value + requires all source lists to be an array of strings + rejects anything not of the form allow-* as a sandbox value + requires :upgrade_insecure_requests to be a boolean value + requires a :script_src value + rejects unknown directives / config + allows nil values + requires :preserve_schemes to be a truthy value + accepts anything of the form allow-* as a sandbox value + accepts true as a sandbox policy + allows report_only to be set in a report-only config + accepts all keys + accepts anything of the form type/subtype as a plugin-type value + requires a :default_src value + doesn't allow report_only to be set in a non-report-only config + rejects anything not of the form type/subtype as a plugin-type value + #combine_policies + overrides the :block_all_mixed_content flag + combines the default-src value with the override if the directive was unconfigured + overrides the report_only flag + does not combine the default-src value for directives that don't fall back to default sources + combines directives where the original value is nil and the hash is frozen + raises an error if appending to a OPT_OUT policy -SecureHeaders::ClearSiteData - make_header - returns nil with nil config - returns specified types - returns all types with `true` config - returns nil with opt-out config - returns nil with empty config - make_header_value - returns a string of quoted values that are comma separated - validate_config! - succeeds for opt-out config - fails for Array of non-String config - succeeds for `true` config - succeeds for `nil` config - fails for other types of config - succeeds for Array of Strings config - succeeds for empty config +SecureHeaders::StrictTransportSecurity + #value + is expected to eq ["Strict-Transport-Security", "max-age=1234; includeSubdomains; preload"] + is expected to eq ["Strict-Transport-Security", "max-age=631138519"] + with an invalid configuration + with a string argument + raises an exception if max-age is not supplied + raises an exception with an invalid max-age + raises an exception with an invalid format SecureHeaders::Configuration - allows OPT_OUT - gives cookies a default config - dup results in a copy of the default config deprecates the secure_cookies configuration - has a default config + gives cookies a default config stores an override - allows me to be explicit too has an 'noop' override + allows me to be explicit too + allows OPT_OUT + has a default config + dup results in a copy of the default config #named_append - raises when an override with the given name exists raises on configuring an existing append + raises when an override with the given name exists #override - raises on configuring an existing override raises when a named append with the given name exists + raises on configuring an existing override SecureHeaders::ExpectCertificateTransparency - is expected to eq "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" - is expected to eq "enforce, max-age=1234" is expected to eq "max-age=1234" is expected to eq "max-age=1234" is expected to eq "max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" + is expected to eq "enforce, max-age=1234, report-uri=\"https://report-uri.io/expect-ct\"" + is expected to eq "enforce, max-age=1234" with an invalid configuration - raises an exception when configuration isn't a hash raises an exception with an invalid max-age - raises an exception when max-age is not provided + raises an exception when configuration isn't a hash raises an exception with an invalid enforce value + raises an exception when max-age is not provided SecureHeaders::XFrameOptions #value is expected to eq ["X-Frame-Options", "DENY"] is expected to eq ["X-Frame-Options", "sameorigin"] with invalid configuration - allows DENY - allows ALLOW-FROM* does not allow garbage allows SAMEORIGIN + allows DENY + allows ALLOW-FROM* -Finished in 0.14608 seconds (files took 0.40615 seconds to load) +Finished in 0.30311 seconds (files took 0.76951 seconds to load) 240 examples, 0 failures -Randomized with seed 4850 +Randomized with seed 56554 [Coveralls] Outside the CI environment, not sending data. @@ -1467,12 +1502,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/4057403/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/4057403/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/3861583 and its subdirectories -I: Current time: Mon Dec 12 10:43:56 -12 2022 -I: pbuilder-time-stamp: 1670885036 +I: removing directory /srv/workspace/pbuilder/4057403 and its subdirectories +I: Current time: Wed Nov 10 06:22:48 +14 2021 +I: pbuilder-time-stamp: 1636474968