Diff of the two buildlogs: -- --- b1/build.log 2025-11-14 00:45:41.661136671 +0000 +++ b2/build.log 2025-11-14 00:47:49.053290313 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Wed Dec 16 19:04:46 -12 2026 -I: pbuilder-time-stamp: 1797491086 +I: Current time: Fri Nov 14 14:45:43 +14 2025 +I: pbuilder-time-stamp: 1763081143 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/forky-reproducible-base.tgz] I: copying local configuration @@ -24,52 +24,84 @@ dpkg-source: info: applying patch-out-simplecov.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/366883/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/D01_modify_environment starting +debug: Running on infom01-amd64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 Nov 14 00:45 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='amd64' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=16 ' - DISTRIBUTION='forky' - HOME='/root' - HOST_ARCH='amd64' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="3" [2]="3" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") + BASH_VERSION='5.3.3(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=amd64 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=12 nocheck' + DIRSTACK=() + DISTRIBUTION=forky + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=x86_64 + HOST_ARCH=amd64 IFS=' ' - INVOCATION_ID='ab8d22bc412e4194a3ab17f0757b406c' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='366883' - PS1='# ' - PS2='> ' + INVOCATION_ID=09971e96ade243fb88cb8697a63cb255 + LANG=C + LANGUAGE=et_EE:et + LC_ALL=C + MACHTYPE=x86_64-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=4036419 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.EPEM28sN/pbuilderrc_Numr --distribution forky --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/forky-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.EPEM28sN/b1 --logfile b1/build.log ruby-rack-oauth2_2.2.1-1.dsc' - SUDO_GID='109' - SUDO_HOME='/var/lib/jenkins' - SUDO_UID='104' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.EPEM28sN/pbuilderrc_fKmC --distribution forky --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/forky-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.EPEM28sN/b2 --logfile b2/build.log ruby-rack-oauth2_2.2.1-1.dsc' + SUDO_GID=109 + SUDO_HOME=/var/lib/jenkins + SUDO_UID=104 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' I: uname -a - Linux infom02-amd64 6.12.48+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.48-1 (2025-09-20) x86_64 GNU/Linux + Linux i-capture-the-hostname 6.12.48+deb13-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.48-1 (2025-09-20) x86_64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 Aug 10 2025 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/366883/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 Aug 10 12:30 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -284,7 +316,7 @@ Get: 151 http://deb.debian.org/debian forky/main amd64 ruby-rspec all 3.13.0c0e0m0s1-2 [5184 B] Get: 152 http://deb.debian.org/debian forky/main amd64 ruby-rspec-its all 1.3.0-1 [6864 B] Get: 153 http://deb.debian.org/debian forky/main amd64 ruby-webmock all 3.25.1-1 [68.8 kB] -Fetched 38.5 MB in 1s (47.3 MB/s) +Fetched 38.5 MB in 3s (13.9 MB/s) Preconfiguring packages ... Selecting previously unselected package libexpat1:amd64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19862 files and directories currently installed.) @@ -791,8 +823,8 @@ Setting up tzdata (2025b-5) ... Current default time zone: 'Etc/UTC' -Local time is now: Thu Dec 17 07:08:17 UTC 2026. -Universal Time is now: Thu Dec 17 07:08:17 UTC 2026. +Local time is now: Fri Nov 14 00:47:09 UTC 2025. +Universal Time is now: Fri Nov 14 00:47:09 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up ruby-minitest (5.25.4-3) ... @@ -931,7 +963,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/ruby-rack-oauth2-2.2.1/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-rack-oauth2_2.2.1-1_source.changes +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for forky +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/ruby-rack-oauth2-2.2.1/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-rack-oauth2_2.2.1-1_source.changes dpkg-buildpackage: info: source package ruby-rack-oauth2 dpkg-buildpackage: info: source version 2.2.1-1 dpkg-buildpackage: info: source distribution unstable @@ -953,8 +989,7 @@ dh_ruby --configure dh_auto_build -O--buildsystem=ruby dh_ruby --build - dh_auto_test -O--buildsystem=ruby - dh_ruby --test +dh: command-omitted: The call to "dh_auto_test -O--buildsystem=ruby" was omitted due to "DEB_BUILD_OPTIONS=nocheck" create-stamp debian/debhelper-build-stamp dh_testroot -O--buildsystem=ruby dh_prep -O--buildsystem=ruby @@ -965,7 +1000,7 @@ │ ruby-rack-oauth2: Installing files and building extensions for ruby3.3 │ └──────────────────────────────────────────────────────────────────────────────┘ -/usr/bin/ruby3.3 -S gem build --config-file /dev/null --verbose /tmp/d20261216-381351-5s82lo/gemspec +/usr/bin/ruby3.3 -S gem build --config-file /dev/null --verbose /tmp/d20251114-4053108-tx9779/gemspec WARNING: open-ended dependency on rack (>= 2.1.0) is not recommended if rack is semantically versioned, use: add_runtime_dependency "rack", "~> 2.1", ">= 2.1.0" @@ -994,7 +1029,7 @@ Name: rack-oauth2 Version: 2.2.1 File: rack-oauth2-2.2.1.gem -/usr/bin/ruby3.3 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-rack-oauth2/usr/share/rubygems-integration/all /tmp/d20261216-381351-5s82lo/rack-oauth2-2.2.1.gem +/usr/bin/ruby3.3 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-rack-oauth2/usr/share/rubygems-integration/all /tmp/d20251114-4053108-tx9779/rack-oauth2-2.2.1.gem /build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/ruby-rack-oauth2/usr/share/rubygems-integration/all/gems/rack-oauth2-2.2.1/VERSION /build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/ruby-rack-oauth2/usr/share/rubygems-integration/all/gems/rack-oauth2-2.2.1/lib/rack/oauth2.rb /build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/ruby-rack-oauth2/usr/share/rubygems-integration/all/gems/rack-oauth2-2.2.1/lib/rack/oauth2/access_token.rb @@ -1061,884 +1096,7 @@ cd - cd - dh_installchangelogs -pruby-rack-oauth2 /build/reproducible-path/ruby-rack-oauth2-2.2.1/CHANGELOG.md upstream -/usr/bin/ruby3.3 /usr/bin/gem2deb-test-runner - -┌──────────────────────────────────────────────────────────────────────────────┐ -│ Checking Rubygems dependency resolution on ruby3.3 │ -└──────────────────────────────────────────────────────────────────────────────┘ - -RUBYLIB=. GEM_PATH=/build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/ruby-rack-oauth2/usr/share/rubygems-integration/all:/build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.3.0:/var/lib/gems/3.3.0:/usr/local/lib/ruby/gems/3.3.0:/usr/lib/ruby/gems/3.3.0:/usr/lib/x86_64-linux-gnu/ruby/gems/3.3.0:/usr/share/rubygems-integration/3.3.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/3.3.0 ruby3.3 -e gem\ \"rack-oauth2\" - -┌──────────────────────────────────────────────────────────────────────────────┐ -│ Run tests for ruby3.3 from debian/ruby-tests.rake │ -└──────────────────────────────────────────────────────────────────────────────┘ - -RUBYLIB=. GEM_PATH=/build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/ruby-rack-oauth2/usr/share/rubygems-integration/all:/build/reproducible-path/ruby-rack-oauth2-2.2.1/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.3.0:/var/lib/gems/3.3.0:/usr/local/lib/ruby/gems/3.3.0:/usr/lib/ruby/gems/3.3.0:/usr/lib/x86_64-linux-gnu/ruby/gems/3.3.0:/usr/share/rubygems-integration/3.3.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/3.3.0 ruby3.3 -S rake --rakelibdir /gem2deb-nonexistent -f debian/ruby-tests.rake -/usr/bin/ruby3.3 -I/usr/share/rubygems-integration/all/gems/rspec-support-3.13.1/lib:/usr/share/rubygems-integration/all/gems/rspec-core-3.13.0/lib /usr/share/rubygems-integration/all/gems/rspec-core-3.13.0/exe/rspec --pattern ./spec/\*\*/\*_spec.rb --format documentation - -Rack::OAuth2::AccessToken::Authenticator - when Bearer token is given - behaves like authenticator - should let the token authenticate the request - -Rack::OAuth2::AccessToken::Bearer - .authenticate - should set Authorization header - -Rack::OAuth2::AccessToken - access_token - is expected to == "access_token" - refresh_token - is expected to == "refresh_token" - expires_in - is expected to == 3600 - scope - is expected to == [:scope1, :scope2] - token_response - is expected to == {:access_token=>"access_token", :expires_in=>3600, :refresh_token=>"refresh_token", :scope=>"scope1 scope2", :token_type=>:bearer} - when access_token is missing - is expected to raise AttrRequired::AttrMissing - otherwise - is expected not to raise Exception - when extension params given - raw_attributes - is expected to include :ex_key - when extension params given - raw_attributes - is expected to include :ex_key - when extension params given - raw_attributes - is expected to include :ex_key - when extension params given - raw_attributes - is expected to include :ex_key - -Rack::OAuth2::Client::Error - status - is expected to == 400 - message - is expected to == "invalid_request :: Include invalid parameters" - response - is expected to == {:error=>:invalid_request, :error_description=>"Include invalid parameters", :error_uri=>"http://server.example.com/error/invalid_request"} - -Rack::OAuth2::Client::Grant::AuthorizationCode - when code is given - when redirect_uri is given - redirect_uri - is expected to == "https://client.example.com/callback" - as_json - is expected to == {:code=>"code", :grant_type=>:authorization_code, :redirect_uri=>"https://client.example.com/callback"} - otherwise - redirect_uri - is expected to be nil - as_json - is expected to == {:code=>"code", :grant_type=>:authorization_code, :redirect_uri=>nil} - otherwise - is expected to raise AttrRequired::AttrMissing - -Rack::OAuth2::Client::Grant::ClientCredentials - as_json - is expected to == {:grant_type=>:client_credentials} - -Rack::OAuth2::Client::Grant::JWTBearer - when JWT assertion is given - as_json - is expected to == {:assertion=>"header.payload.signature", :grant_type=>"urn:ietf:params:oauth:grant-type:jwt-bearer"} - otherwise - is expected to raise AttrRequired::AttrMissing - -Rack::OAuth2::Client::Grant::Password - when username is given - when password is given - as_json - is expected to == {:grant_type=>:password, :password=>"password", :username=>"username"} - otherwise - is expected to raise AttrRequired::AttrMissing - otherwise - is expected to raise AttrRequired::AttrMissing - -Rack::OAuth2::Client::Grant::RefreshToken - when refresh_token is given - as_json - is expected to == {:grant_type=>:refresh_token, :refresh_token=>"refresh_token"} - otherwise - is expected to raise AttrRequired::AttrMissing - -Rack::OAuth2::Client::Grant::SAML2Bearer - when JWT assertion is given - as_json - is expected to == {:assertion=>"...", :grant_type=>"urn:ietf:params:oauth:grant-type:saml2-bearer"} - otherwise - is expected to raise AttrRequired::AttrMissing - -Rack::OAuth2::Client - identifier - is expected to == "client_id" - secret - is expected to == "client_secret" - authorization_endpoint - is expected to == "/oauth2/authorize" - token_endpoint - is expected to == "/oauth2/token" - revocation_endpoint - is expected to == "/oauth2/revoke" - when identifier is missing - is expected to raise AttrRequired::AttrMissing - #authorization_uri - is expected to include "https://server.example.com/oauth2/authorize" - is expected to include "client_id=client_id" - is expected to include "redirect_uri=https%3A%2F%2Fclient.example.com%2Fcallback" - is expected to include "response_type=code" - when endpoints are absolute URIs - is expected to include "https://server2.example.com/oauth/authorize" - when scheme is specified - is expected to include "http://server.example.com/oauth2/authorize" - when response_type is token - is expected to include "response_type=token" - when response_type is an Array - is expected to include "response_type=token%20code" - when scope is given - is expected to include "scope=scope1%20scope2" - #authorization_code= - is expected to be an instance of Rack::OAuth2::Client::Grant::AuthorizationCode - #resource_owner_credentials= - is expected to be an instance of Rack::OAuth2::Client::Grant::Password - #refresh_token= - is expected to be an instance of Rack::OAuth2::Client::Grant::RefreshToken - #access_token! - *args handling - client authentication method - should be Basic auth as default - when Basic auth method is used - when client_id is a url - should be encoded in "application/x-www-form-urlencoded" - when basic_without_www_form_urlencode method is used - when client_id is a url - should be encoded in "application/x-www-form-urlencoded" - when jwt_bearer auth method specified - when client_secret is given - should be JWT bearer client assertion w/ auto-generated HS256-signed JWT assertion - when private_key is given - when RSA key - should be JWT bearer client assertion w/ auto-generated RS256-signed JWT assertion - when EC key - should be JWT bearer client assertion w/ auto-generated ES256-signed JWT assertion - when client_assertion is explicitly given - should be JWT bearer client assertion w/ specified assertion - when other auth method specified - should be body params - when auth method is specified as Hash - should be removed before sending request - scopes - when scope option given - should specify given scope - unknown params - should be included in body params - local_http_config handling - example at ./spec/rack/oauth2/client_spec.rb:313 - when bearer token is given - is expected to be an instance of Rack::OAuth2::AccessToken::Bearer - token_type - is expected to == :bearer - access_token - is expected to == "access_token" - refresh_token - is expected to == "refresh_token" - expires_in - is expected to == 3600 - when token type is "Bearer", not "bearer" - is expected to be an instance of Rack::OAuth2::AccessToken::Bearer - token_type - is expected to == :bearer - when unknown-type token is given - is expected to raise StandardError with "Unknown Token Type" - when error response is given - is expected to raise Rack::OAuth2::Client::Error - when no body given - when error given - is expected to raise Rack::OAuth2::Client::Error - #revoke! - local_http_config handling - example at ./spec/rack/oauth2/client_spec.rb:406 - when access_token given - is expected to == :success - when refresh_token given - as argument - is expected to == :success - as grant - example at ./spec/rack/oauth2/client_spec.rb:469 - when error response given - is expected to raise Rack::OAuth2::Client::Error - when no token given - is expected to raise ArgumentError - when no host info - #authorization_uri - is expected to raise Exception with "No Host Info" - #access_token! - is expected to raise Exception with "No Host Info" - #revoke! - is expected to raise Exception with "No Host Info" - -Rack::OAuth2 - logger - is expected to be a kind of Logger - debugging? - is expected to == false - .debug! - debugging? - is expected to == true - .debug - should enable debugging within given block - should not force disable debugging - -Rack::OAuth2::Server::Abstract::Error - when full attributes are given - status - is expected to == 400 - error - is expected to == :invalid_request - description - is expected to == "Missing some required params" - uri - is expected to == "http://server.example.com/error" - protocol_params - is expected to == {:error=>:invalid_request, :error_description=>"Missing some required params", :error_uri=>"http://server.example.com/error"} - when optional attributes are not given - status - is expected to == 400 - error - is expected to == :invalid_request - description - is expected to be nil - uri - is expected to be nil - protocol_params - is expected to == {:error=>:invalid_request, :error_description=>nil, :error_uri=>nil} - -Rack::OAuth2::Server::Abstract::BadRequest - status - is expected to == 400 - -Rack::OAuth2::Server::Abstract::Unauthorized - status - is expected to == 401 - -Rack::OAuth2::Server::Abstract::Forbidden - status - is expected to == 403 - -Rack::OAuth2::Server::Abstract::ServerError - status - is expected to == 500 - -Rack::OAuth2::Server::Abstract::TemporarilyUnavailable - status - is expected to == 503 - -Rack::OAuth2::Server::Authorize::Code - when approved - status - is expected to == 302 - location - is expected to == "http://client.example.com/callback?code=authorization_code&state=state" - when redirect_uri already includes query - location - is expected to == "http://client.example.com/callback?k=v&code=authorization_code&state=state" - when redirect_uri is missing - is expected to raise AttrRequired::AttrMissing - when code is missing - is expected to raise AttrRequired::AttrMissing - when denied - should redirect with error in query - -Rack::OAuth2::Server::Authorize::BadRequest - is expected to be a kind of Rack::OAuth2::Server::Abstract::BadRequest - protocol_params - is expected to == {:error=>:invalid_request, :error_description=>nil, :error_uri=>nil, :state=>nil} - #finish - when redirect_uri is given - when protocol_params_location = :query - should redirect with error in query - when protocol_params_location = :fragment - should redirect with error in fragment - otherwise - should redirect without error - otherwise - should raise itself - -Rack::OAuth2::Server::Authorize::ErrorMethods - bad_request! - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when response_type = :code - should set protocol_params_location = :query - when response_type = :token - should set protocol_params_location = :fragment - invalid_request! - should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :invalid_request - unauthorized_client! - should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :unauthorized_client - access_denied! - should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :access_denied - unsupported_response_type! - should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :unsupported_response_type - invalid_scope! - should raise Rack::OAuth2::Server::Authorize::BadRequest with error = :invalid_scope - server_error! - should raise Rack::OAuth2::Server::Authorize::ServerError with error = :server_error - temporarily_unavailable! - should raise Rack::OAuth2::Server::Authorize::TemporarilyUnavailable with error = :temporarily_unavailable - -Rack::OAuth2::Server::Authorize::Extension::CodeAndToken - when approved - status - is expected to == 302 - location - is expected to include "http://client.example.com/callback#" - location - is expected to include "code=authorization_code" - location - is expected to include "access_token=access_token" - location - is expected to include "token_type=bearer" - when refresh_token is given - location - is expected to include "http://client.example.com/callback#" - location - is expected to include "code=authorization_code" - location - is expected to include "access_token=access_token" - location - is expected to include "token_type=bearer" - when denied - should redirect with error in fragment - -Rack::OAuth2::Server::Authorize::Token - when approved - status - is expected to == 302 - location - is expected to == "http://client.example.com/callback#access_token=access_token&state=state&token_type=bearer" - when refresh_token is given - location - is expected to == "http://client.example.com/callback#access_token=access_token&state=state&token_type=bearer" - when redirect_uri is missing - is expected to raise AttrRequired::AttrMissing - when access_token is missing - is expected to raise AttrRequired::AttrMissing - when denied - should redirect with error in fragment - -Rack::OAuth2::Server::Authorize - when response_type is missing - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when redirect_uri is missing - is expected not to raise Exception - when client_id is missing - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when unknown response_type is given - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when all required parameters are valid - when response_type = :code - status - is expected to == 200 - when response_type = :token - status - is expected to == 200 - Rack::OAuth2::Server::Authorize::Request - #varified_redirect_uri - when an Array of pre-registered URIs are given - when given redirect_uri is valid against one of them - should be valid - otherwise - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when exact mathed redirect_uri is given - should be valid - when partially mathed redirect_uri is given - when partial matching allowed - should be valid - otherwise - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when invalid redirect_uri is given - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - when redirect_uri is missing - when pre-registered redirect_uri is a String - should use pre-registered redirect_uri - when pre-registered redirect_uri is an Array - when only 1 - when partial match allowed - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - otherwise - should use pre-registered redirect_uri - when more than 2 - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - extensibility - extensions - is expected to == [Rack::OAuth2::Server::Authorize::Extension::CodeAndToken] - code token - is expected to == Rack::OAuth2::Server::Authorize::Extension::CodeAndToken - token code - is expected to == Rack::OAuth2::Server::Authorize::Extension::CodeAndToken - token code id_token - is expected to raise Rack::OAuth2::Server::Authorize::BadRequest - id_token - is expected to == Rack::OAuth2::Server::Authorize::Extension::IdToken - extensions - is expected to == [Rack::OAuth2::Server::Authorize::Extension::CodeAndToken, Rack::OAuth2::Server::Authorize::Extension::IdToken] - -Rack::OAuth2::Server::Authorize::Code - authorization request - when code_challenge is given - when code_challenge_method is given - code_challenge - is expected to == "Zto6O4jBncf-l4GBROKfxWezXoz7SKa6XOkgTphFlqQ" - code_challenge_method - is expected to == "S256" - when code_challenge_method is omitted - code_challenge - is expected to == "bDhkiCHfevM-5UCqabJB15I4iJ3kWrWb3RgqSDzekHs" - code_challenge_method - is expected to == nil - otherwise - code_challenge - is expected to == nil - code_challenge_method - is expected to == nil - token request - when code_verifier is given - code_verifier - is expected to == "6054e65a4b9061f91529ea27647a6e3d" - #verify_code_verifier! - when code_verifier is given with code_challenge_method=plain - is expected not to raise Exception - when collect code_challenge is given - is expected not to raise Exception - when wrong code_challenge is blank - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - when code_challenge is nil - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - when unknown code_challenge_method is given - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - otherwise - code_verifier - is expected to == nil - #verify_code_verifier! - when code_verifier is given with code_challenge_method=plain - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - when collect code_challenge is given - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - when wrong code_challenge is blank - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - when code_challenge is nil - is expected not to raise Exception - when unknown code_challenge_method is given - is expected to raise Rack::OAuth2::Server::Token::BadRequest with message matching /invalid_grant/ - -Rack::OAuth2::Server::Authorize::Code - authorization request - when response_mode is given - response_mode - is expected to == "form_post" - otherwise - response_mode - is expected to == nil - -Rack::OAuth2::Server::Resource::Bearer::Unauthorized - is expected to be a kind of Rack::OAuth2::Server::Resource::Unauthorized - #scheme - scheme - is expected to == :Bearer - #finish - should use Bearer scheme - -Rack::OAuth2::Server::Resource::Bearer::ErrorMethods - unauthorized! - is expected to raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized - invalid_token! - should raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized with error = :invalid_token - -Rack::OAuth2::Server::Resource::Bearer - when no access token is given - behaves like skipped_authentication_request - should skip OAuth 2.0 authentication - when valid_token is given - when token is in Authorization header - behaves like authenticated_bearer_request - should be authenticated - when token is in params - behaves like authenticated_bearer_request - should be authenticated - when invalid authorization header is given - behaves like skipped_authentication_request - should skip OAuth 2.0 authentication - when invalid_token is given - when token is in Authorization header - behaves like unauthorized_bearer_request - should be unauthorized - when token is in params - behaves like unauthorized_bearer_request - should be unauthorized - realm - when specified - should use specified realm - otherwize - should use default realm - when multiple access_token is given - when token is in Authorization header and params - behaves like bad_bearer_request - should be bad_request - -Rack::OAuth2::Server::Resource::BadRequest - is expected to be a kind of Rack::OAuth2::Server::Abstract::BadRequest - #finish - should respond in JSON - -Rack::OAuth2::Server::Resource::Unauthorized - is expected to be a kind of Rack::OAuth2::Server::Abstract::Unauthorized - #scheme - is expected to raise RuntimeError with "Define me!" - when scheme is defined - #finish - should respond in JSON - when error_code is not invalid_token - should have error_code in body but not in WWW-Authenticate header - when no error_code is given - should have error_code in body but not in WWW-Authenticate header - when realm is specified - should use given realm - -Rack::OAuth2::Server::Resource::Forbidden - is expected to be a kind of Rack::OAuth2::Server::Abstract::Forbidden - #finish - should respond in JSON - when scope option is given - should have blank WWW-Authenticate header - -Rack::OAuth2::Server::Resource::Bearer::ErrorMethods - bad_request! - is expected to raise Rack::OAuth2::Server::Resource::BadRequest - unauthorized! - is expected to raise RuntimeError with "Define me!" - invalid_request! - should raise Rack::OAuth2::Server::Resource::BadRequest with error = :invalid_request - invalid_token! - is expected to raise RuntimeError with "Define me!" - insufficient_scope! - should raise Rack::OAuth2::Server::Resource::Forbidden with error = :insufficient_scope - -Rack::OAuth2::Server::Resource - realm - is expected to == "realm" - -Rack::OAuth2::Server::Resource::Request - #setup! - is expected to raise RuntimeError with "Define me!" - #oauth2? - is expected to raise RuntimeError with "Define me!" - -Rack::OAuth2::Server::Token::AuthorizationCode - should prevent to be cached - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - body - is expected to include "\"token_type\":\"bearer\"" - when code is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - -Rack::OAuth2::Server::Token::ClientCredentials - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - body - is expected to include "\"token_type\":\"bearer\"" - basic auth - status - is expected to == 200 - compliance with RFC6749 sec 2.3.1 - status - is expected to == 200 - -Rack::OAuth2::Server::Token::BadRequest - is expected to be a kind of Rack::OAuth2::Server::Abstract::BadRequest - #finish - should respond in JSON - -Rack::OAuth2::Server::Token::Unauthorized - is expected to be a kind of Rack::OAuth2::Server::Abstract::Unauthorized - #finish - should respond in JSON - -Rack::OAuth2::Server::Token::ErrorMethods - bad_request! - is expected to raise Rack::OAuth2::Server::Token::BadRequest - unauthorized! - is expected to raise Rack::OAuth2::Server::Token::Unauthorized - invalid_request! - should raise Rack::OAuth2::Server::Token::BadRequest with error = :invalid_request - invalid_client! - should raise Rack::OAuth2::Server::Token::Unauthorized with error = :invalid_client - invalid_grant! - should raise Rack::OAuth2::Server::Token::BadRequest with error = :invalid_grant - unauthorized_client! - should raise Rack::OAuth2::Server::Token::BadRequest with error = :unauthorized_client - unsupported_grant_type! - should raise Rack::OAuth2::Server::Token::BadRequest with error = :unsupported_grant_type - invalid_scope! - should raise Rack::OAuth2::Server::Token::BadRequest with error = :invalid_scope - -Rack::OAuth2::Server::Token::JWTBearer - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - body - is expected to include "\"token_type\":\"bearer\"" - when assertion is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - -Rack::OAuth2::Server::Token::Password - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - body - is expected to include "\"token_type\":\"bearer\"" - when username is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - when password is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - -Rack::OAuth2::Server::Token::RefreshToken - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - body - is expected to include "\"token_type\":\"bearer\"" - when refresh_token is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - -Rack::OAuth2::Server::Token::SAML2Bearer - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - body - is expected to include "\"token_type\":\"bearer\"" - when assertion is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - -Rack::OAuth2::Server::Token - when multiple client credentials are given - when different credentials are given - should fail with unsupported_grant_type - when same credentials are given - should ignore duplicates - when unsupported grant_type is given - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"unsupported_grant_type\"" - when client_id is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - when grant_type is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - when client_id is given via JWT client assertion - when client_assertion is invalid JWT - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - when client_assertion_type is missing - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - when client_assertion_type is unknown - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - when client_assertion issuer is different from client_id - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - otherwise - status - is expected to == 200 - content_type - is expected to == "application/json" - body - is expected to include "\"access_token\":\"access_token\"" - when invalid_request - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_request\"" - body - is expected to include "\"error_description\":\"The request is missing a required parameter, includes an unsupported paramet...tials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.\"" - when invalid_client - status - is expected to == 401 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_client\"" - body - is expected to include "\"error_description\":\"The client identifier provided is invalid, the client failed to authenticate...lude its credentials, provided multiple client credentials, or used unsupported credentials type.\"" - headers - is expected to include "WWW-Authenticate" - when invalid_grant - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_grant\"" - body - is expected to include "\"error_description\":\"The provided access grant is invalid, expired, or revoked (e.g. invalid asse...token, bad end-user password credentials, or mismatching authorization code and redirection URI).\"" - when unauthorized_client - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"unauthorized_client\"" - body - is expected to include "\"error_description\":\"The authenticated client is not authorized to use the access grant type provided.\"" - when unsupported_grant_type - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"unsupported_grant_type\"" - body - is expected to include "\"error_description\":\"The access grant included - its type or another attribute - is not supported by the authorization server.\"" - when invalid_scope - status - is expected to == 400 - content_type - is expected to == "application/json" - body - is expected to include "\"error\":\"invalid_scope\"" - body - is expected to include "\"error_description\":\"The requested scope is invalid, unknown, malformed, or exceeds the previously granted scope.\"" - when skip_www_authenticate option is specified on invalid_client - headers - is expected not to include "WWW-Authenticate" - when responding - when access_token is missing - is expected to raise AttrRequired::AttrMissing - extensibility - extensions - is expected to == [Rack::OAuth2::Server::Token::Extension::Example] - JWT assertion - is expected to == Rack::OAuth2::Server::Token::Extension::Example - -Rack::OAuth2::Util - .www_form_url_encode - is expected to == "%3D%2B+.-%2F" - .www_form_urldecode - is expected to == "=+ .-/" - .base64_encode - is expected to == "PSsgLi0v" - .compact_hash - is expected to == {:k1=>"v1"} - .parse_uri - when String is given - is expected to be a kind of URI::Generic - when URI is given - should be itself - when invalid URI is given - is expected to raise URI::InvalidURIError - otherwise - is expected to raise StandardError - .redirect_uri - when location = :fragment - is expected to == "http://client.example.com#k1=v1" - when location = :query - is expected to == "http://client.example.com?k1=v1" - .uri_match? - when invalid URI is given - is expected to == false - when exactly same - is expected to == true - when path prefix matches - is expected to == true - otherwise - is expected to == false - -Finished in 1.11 seconds (files took 1.1 seconds to load) -339 examples, 0 failures - +DEB_BUILD_OPTIONS includes nocheck, skipping all checks (test suite etc). ┌──────────────────────────────────────────────────────────────────────────────┐ │ dh_ruby --install finished │ @@ -1969,12 +1127,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/4036419/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/366883 and its subdirectories -I: Current time: Wed Dec 16 19:08:41 -12 2026 -I: pbuilder-time-stamp: 1797491321 +I: removing directory /srv/workspace/pbuilder/4036419 and its subdirectories +I: Current time: Fri Nov 14 14:47:48 +14 2025 +I: pbuilder-time-stamp: 1763081268