Diff of the two buildlogs: -- --- b1/build.log 2025-01-23 15:35:21.109446149 +0000 +++ b2/build.log 2025-01-23 15:36:20.290766438 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Wed Feb 25 09:57:34 -12 2026 -I: pbuilder-time-stamp: 1772056654 +I: Current time: Fri Jan 24 05:35:23 +14 2025 +I: pbuilder-time-stamp: 1737646523 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration @@ -28,54 +28,86 @@ dpkg-source: info: applying 0004-Skip-test-that-fails-depending-on-the-local-timezone.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/80680/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/D01_modify_environment starting +debug: Running on ionos2-i386. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 Jan 23 15:35 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='i386' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=22 ' - DISTRIBUTION='unstable' - HOME='/root' - HOST_ARCH='i386' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="37" [3]="1" [4]="release" [5]="i686-pc-linux-gnu") + BASH_VERSION='5.2.37(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=i386 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=10 ' + DIRSTACK=() + DISTRIBUTION=unstable + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=i686 + HOST_ARCH=i386 IFS=' ' - INVOCATION_ID='ccbbb116540a4c6b92ae74a3636e6af6' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - LD_LIBRARY_PATH='/usr/lib/libeatmydata' - LD_PRELOAD='libeatmydata.so' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='80680' - PS1='# ' - PS2='> ' + INVOCATION_ID=db701dd48777463bb00cee8afd48f5c9 + LANG=C + LANGUAGE=de_CH:de + LC_ALL=C + LD_LIBRARY_PATH=/usr/lib/libeatmydata + LD_PRELOAD=libeatmydata.so + MACHTYPE=i686-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=48439 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.9JUvfKef/pbuilderrc_nhEu --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.9JUvfKef/b1 --logfile b1/build.log ruby-certificate-authority_1.1.0-1.dsc' - SUDO_GID='112' - SUDO_UID='107' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://213.165.73.152:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.9JUvfKef/pbuilderrc_O3wI --distribution unstable --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.9JUvfKef/b2 --logfile b2/build.log ruby-certificate-authority_1.1.0-1.dsc' + SUDO_GID=112 + SUDO_UID=107 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://46.16.76.132:3128 I: uname -a - Linux ionos16-i386 6.1.0-30-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.124-1 (2025-01-12) x86_64 GNU/Linux + Linux i-capture-the-hostname 6.1.0-30-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.124-1 (2025-01-12) x86_64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 Nov 22 2024 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/80680/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 Nov 22 14:40 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -301,7 +333,7 @@ Get: 174 http://deb.debian.org/debian unstable/main i386 ruby-rspec-expectations all 3.13.0c0e0m0s1-2 [90.2 kB] Get: 175 http://deb.debian.org/debian unstable/main i386 ruby-rspec-mocks all 3.13.0c0e0m0s1-2 [81.3 kB] Get: 176 http://deb.debian.org/debian unstable/main i386 ruby-rspec all 3.13.0c0e0m0s1-2 [5184 B] -Fetched 60.0 MB in 0s (126 MB/s) +Fetched 60.0 MB in 2s (24.6 MB/s) Preconfiguring packages ... Selecting previously unselected package libpython3.13-minimal:i386. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19818 files and directories currently installed.) @@ -879,8 +911,8 @@ Setting up tzdata (2025a-1) ... Current default time zone: 'Etc/UTC' -Local time is now: Wed Feb 25 21:57:57 UTC 2026. -Universal Time is now: Wed Feb 25 21:57:57 UTC 2026. +Local time is now: Thu Jan 23 15:35:57 UTC 2025. +Universal Time is now: Thu Jan 23 15:35:57 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up ruby-method-source (1.0.0-3) ... @@ -1040,7 +1072,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/ruby-certificate-authority-1.1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-certificate-authority_1.1.0-1_source.changes +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for unstable +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/ruby-certificate-authority-1.1.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-certificate-authority_1.1.0-1_source.changes dpkg-buildpackage: info: source package ruby-certificate-authority dpkg-buildpackage: info: source version 1.1.0-1 dpkg-buildpackage: info: source distribution unstable @@ -1074,7 +1110,7 @@ │ ruby-certificate-authority: Installing files and building extensions for ruby3.1│ └──────────────────────────────────────────────────────────────────────────────┘ -/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20260225-86070-c34qqp/gemspec +/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20250124-61878-aopi5a/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: open-ended dependency on coveralls (>= 0, development) is not recommended use a bounded requirement, such as '~> x.y' @@ -1091,7 +1127,7 @@ Name: certificate_authority Version: 1.1.0 File: certificate_authority-1.1.0.gem -/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-certificate-authority/usr/share/rubygems-integration/all /tmp/d20260225-86070-c34qqp/certificate_authority-1.1.0.gem +/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-certificate-authority/usr/share/rubygems-integration/all /tmp/d20250124-61878-aopi5a/certificate_authority-1.1.0.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/reproducible-path/ruby-certificate-authority-1.1.0/debian/ruby-certificate-authority/usr/share/rubygems-integration/all/gems/certificate_authority-1.1.0/lib/certificate_authority.rb /build/reproducible-path/ruby-certificate-authority-1.1.0/debian/ruby-certificate-authority/usr/share/rubygems-integration/all/gems/certificate_authority-1.1.0/lib/certificate_authority/certificate.rb @@ -1298,7 +1334,7 @@ CertificateAuthority::OCSPResponseBuilder should build from a OCSPRequestReader should build a response - should verify against the root + should verify against the root (FAILED - 1) should have a configurable nextUpdate verification mechanisms should support an everything's OK default (though somewhat useless) @@ -1431,359 +1467,42 @@ # ./spec/units/certificate_spec.rb:278:in `each' # ./spec/units/certificate_spec.rb:278:in `block (4 levels) in ' -Finished in 4.33 seconds (files took 0.64609 seconds to load) -189 examples, 0 failures, 2 pending +Failures: -[Coveralls] Outside the CI environment, not sending data. -mv ./.gem2deb.Gemfile.lock Gemfile.lock -/usr/bin/ruby3.3 /usr/bin/gem2deb-test-runner - -┌──────────────────────────────────────────────────────────────────────────────┐ -│ Checking Rubygems dependency resolution on ruby3.3 │ -└──────────────────────────────────────────────────────────────────────────────┘ - -RUBYLIB=. GEM_PATH=/build/reproducible-path/ruby-certificate-authority-1.1.0/debian/ruby-certificate-authority/usr/share/rubygems-integration/all:/build/reproducible-path/ruby-certificate-authority-1.1.0/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.3.0:/var/lib/gems/3.3.0:/usr/local/lib/ruby/gems/3.3.0:/usr/lib/ruby/gems/3.3.0:/usr/lib/i386-linux-gnu/ruby/gems/3.3.0:/usr/share/rubygems-integration/3.3.0:/usr/share/rubygems-integration/all:/usr/lib/i386-linux-gnu/rubygems-integration/3.3.0 ruby3.3 -e gem\ \"certificate_authority\" -mv Gemfile.lock ./.gem2deb.Gemfile.lock -mv ./.gem2deb.Gemfile.lock Gemfile.lock - -┌──────────────────────────────────────────────────────────────────────────────┐ -│ Run tests for ruby3.3 from debian/ruby-tests.rake │ -└──────────────────────────────────────────────────────────────────────────────┘ - -RUBYLIB=. GEM_PATH=/build/reproducible-path/ruby-certificate-authority-1.1.0/debian/ruby-certificate-authority/usr/share/rubygems-integration/all:/build/reproducible-path/ruby-certificate-authority-1.1.0/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.3.0:/var/lib/gems/3.3.0:/usr/local/lib/ruby/gems/3.3.0:/usr/lib/ruby/gems/3.3.0:/usr/lib/i386-linux-gnu/ruby/gems/3.3.0:/usr/share/rubygems-integration/3.3.0:/usr/share/rubygems-integration/all:/usr/lib/i386-linux-gnu/rubygems-integration/3.3.0 ruby3.3 -S rake --rakelibdir /gem2deb-nonexistent -f debian/ruby-tests.rake -mv Gemfile.lock ./.gem2deb.Gemfile.lock -/usr/bin/ruby3.3 -I/usr/share/rubygems-integration/all/gems/rspec-support-3.13.1/lib:/usr/share/rubygems-integration/all/gems/rspec-core-3.13.0/lib /usr/share/rubygems-integration/all/gems/rspec-core-3.13.0/exe/rspec --pattern ./spec/\*\*/\*_spec.rb --exclude-pattern ./spec/units/pkcs11_key_material_spec.rb --format documentation -[Coveralls] Set up the SimpleCov formatter. -[Coveralls] Using SimpleCov's default settings. - -CertificateAuthority::CertificateRevocationList - should accept a list of certificates - should complain if you add a certificate without a revocation time - should have a 'parent' that will be responsible for signing - should raise an error if you try and sign a CRL without attaching a parent - should be able to generate a proper CRL - should be able to mix Certificates and SerialNumbers for convenience - should have the correct number of entities - should have the serial numbers of revoked entities - should be valid according to OpenSSL and signer - Digests - should use SHA512 by default - should support alternate digests supported by OpenSSL - Next update - should be able to set a 'next_update' value - should throw an error if we try and sign up with a negative next_update - -CertificateAuthority::Certificate - should have a distinguished name - should have a serial number - should have a subject - should be able to have a parent entity - should have key material - should have a not_before field - should have a not_after field - should default to one year validity (PENDING: this test fails depending on the local timezone) - should be able to have a revoked at time - CertificateAuthority::SigningEntity - should behave as a signing entity - should only be a signing entity if it's identified as a CA - should be able to be identified as a root certificate - Root certificates - should be able to be identified as a root certificate - should only be a root certificate if the parent entity is itself - should be a root certificate by default - should be able to self-sign - should have the basicContraint CA:TRUE - Intermediate certificates - should be able to be identified as an intermediate certificate - should not be identified as a root - should only be an intermediate certificate if the parent is a different entity - should correctly be signed by a parent certificate - should have the basicContraint CA:TRUE - Terminal certificates - should not be identified as an intermediate certificate - should not be identified as a root - should have the basicContraint CA:FALSE - Signed certificates - should have a PEM encoded certificate body available - X.509 V3 Extensions on Signed Certificates - should support BasicConstraints - should support subjectKeyIdentifier - should support authorityKeyIdentifier - should order subjectKeyIdentifier before authorityKeyIdentifier - should support keyUsage - should support extendedKeyUsage - SubjectAltName - should have a subjectAltName if specified - should NOT have a subjectAltName if one was not specified - should replace email:copy with email address - AuthorityInfoAccess - should have an authority info access if specified - CrlDistributionPoints - should have a crlDistributionPoint if specified - should NOT have a crlDistributionPoint if one was not specified - CertificatePolicies - should have a certificatePolicy if specified - should contain a nested userNotice if specified (PENDING: No reason given) - should NOT include a certificatePolicy if not specified - Signing profile - should be able to sign with an optional policy hash - should support a default signing digest of SHA512 - should support a configurable digest algorithm - from_openssl - should reject non-Certificate arguments - should only be missing a private key - should check to make sure that if a certificate had extensions they were imported + 1) CertificateAuthority::OCSPResponseBuilder should verify against the root + Failure/Error: expect(response.basic.verify([root_cert],store)).to be_truthy -CertificateAuthority::DistinguishedName - should provide the standard x.509 distinguished name common attributes - should provide human-readable equivalents to the distinguished name common attributes - should require a common name - should be convertible to an OpenSSL::X509::Name - from_openssl - should reject non Name objects - should set the common_name attribute - should set the locality attribute - should set the state attribute - should set the country attribute - should set the organization attribute - should set the organizational_unit attribute - should create an equivalent object - CertificateAuthority::WrappedDistinguishedName - should mark the DN as having custom OIDs if there's an unknown subject element + expected: truthy value + got: false + # ./spec/units/ocsp_handler_spec.rb:79:in `block (2 levels) in ' -CertificateAuthority::Extensions - CertificateAuthority::Extensions::BasicConstraints - should only allow true/false - should respond to :path_len - should raise an error if :path_len isn't a non-negative integer - should generate a proper OpenSSL extension string - should parse values from a proper OpenSSL extension string - CertificateAuthority::Extensions::SubjectAlternativeName - should respond to :uris - should require 'uris' to be an Array - should generate a proper OpenSSL extension string for URIs - should parse URIs from a proper OpenSSL extension string - should respond to :dns_names - should require 'dns_names' to be an Array - should generate a proper OpenSSL extension string for DNS names - should parse DNS names from a proper OpenSSL extension string - should respond to :ips - should require 'ips' to be an Array - should generate a proper OpenSSL extension string for IPs - should parse IPs from a proper OpenSSL extension string - should generate a proper OpenSSL extension string for URIs IPs and DNS names together - should parse URIs IPs and DNS names together from a proper OpenSSL extension string - emails - should require 'emails' to be an Array - should generate a proper OpenSSL extension string for emails +Finished in 5.5 seconds (files took 1.02 seconds to load) +189 examples, 1 failure, 2 pending -CertificateAuthority::KeyMaterial - CertificateAuthority::MemoryKeyMaterial should know if a key is in memory or hardware - should use memory by default - CertificateAuthority::SigningRequestKeyMaterial should know if a key is in memory or hardware - should use memory by default - reading keys from PEM - should include a means of reading an RSA keypair - should include a means of reading encrypted RSA keypairs - should raise an exception if you read an encrypted keypair w/ bad password - should include a means of reading a public-only PEM formatted key +Failed examples: -CertificateAuthority::MemoryKeyMaterial - should be able to generate an RSA key - should generate a proper OpenSSL::PKey::RSA - should be able to specify the size of the modulus to generate - should not validate without public and private keys - with generated key - should be able to retrieve the private key - should be able to retrieve the public key - -CertificateAuthority::SigningRequestKeyMaterial - should generate from a CSR - should be able to expose a public key - should not have a private key - should raise when signature does not verify - -CertificateAuthority::OCSPRequestReader - should read in the DER encoded body - should read out certificate serial numbers - -CertificateAuthority::OCSPResponseBuilder - should build from a OCSPRequestReader - should build a response - should verify against the root - should have a configurable nextUpdate - verification mechanisms - should support an everything's OK default (though somewhat useless) - should support an overridable verification mechanism callback - -CertificateAuthority::OCSPHandler - should be able to accept an OCSP Request - should raise an error if you try and extract certificates without a raw request - should return a hash of extracted certificates from OCSP requests - should be able to generate an OCSP response - should require a 'parent' entity for signing - should raise an error if you ask for the signed OCSP response without generating it - should raise an error if you generate a response without adding all certificates in request - should raise an error if you generate a response without adding a parent signing entity - Response - should have a correct status/status string - should have an embedded BasicResponse with certificate statuses - should have a next_update time - -CertificateAuthority::SerialNumber - should support basic integer serial numbers - should not allow negative serial numbers - -CertificateAuthority::SigningRequest - should generate from a PEM CSR - should generate a proper DN from the CSR - should expose the underlying OpenSSL CSR - should expose the PEM encoded original CSR - transforming to a certificate - should allow transformation to a certificate - should be signable w/ a serial number - Netscape SPKAC - should process a netscape SPKAC - Generating CSRs - should generate a CSR - should generate a signed CSR - should generate a CSR w/ a subjectAlternativeName extension - -Using OpenSSL - Signing CSRs - With a server CSR - it should behave like a csr operation - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - With a client CSR - it should behave like a csr operation - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - Handling externally supplied CAs and certs - A custom CA signing a client cert - it should behave like comparing a pair of openssl certs - using openssl - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - using certificate_authority - should match the original ca's distinguished name - should match the original openssl ca - should match the original cert's distinguished name - should match the original openssl cert - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - A custom CA signing a server cert - it should behave like comparing a pair of openssl certs - using openssl - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - using certificate_authority - should match the original ca's distinguished name - should match the original openssl ca - should match the original cert's distinguished name - should match the original openssl cert - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - Github's signer - it should behave like comparing a pair of openssl certs - using openssl - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - using certificate_authority - should match the original ca's distinguished name - should match the original openssl ca - should match the original cert's distinguished name - should match the original openssl cert - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - Apple's WWDR signer - it should behave like comparing a pair of openssl certs - using openssl - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - using certificate_authority - should match the original ca's distinguished name - should match the original openssl ca - should match the original cert's distinguished name - should match the original openssl cert - it should behave like an ossl issuer and its signed cert - should issue a certificate verified by the issuer - should issue a certificate with a matching issuer subject string - should issue a certificate with a matching issuer subject openssl name - -Pending: (Failures listed here are expected and do not affect your suite's status) - - 1) CertificateAuthority::Certificate should default to one year validity - # this test fails depending on the local timezone - # ./spec/units/certificate_spec.rb:477 - - 2) CertificateAuthority::Certificate X.509 V3 Extensions on Signed Certificates CertificatePolicies should contain a nested userNotice if specified - # No reason given - Failure/Error: expect(ext.to_a[1]).to include("Testing explicit text!") - expected "" to include "Testing explicit text!" - # ./spec/units/certificate_spec.rb:280:in `block (5 levels) in ' - # ./spec/units/certificate_spec.rb:278:in `each' - # ./spec/units/certificate_spec.rb:278:in `block (4 levels) in ' - -Finished in 4.3 seconds (files took 0.7193 seconds to load) -189 examples, 0 failures, 2 pending +rspec ./spec/units/ocsp_handler_spec.rb:74 # CertificateAuthority::OCSPResponseBuilder should verify against the root [Coveralls] Outside the CI environment, not sending data. +Stopped processing SimpleCov as a previous error not related to SimpleCov has been detected +/usr/bin/ruby3.1 -I/usr/share/rubygems-integration/all/gems/rspec-support-3.13.1/lib:/usr/share/rubygems-integration/all/gems/rspec-core-3.13.0/lib /usr/share/rubygems-integration/all/gems/rspec-core-3.13.0/exe/rspec --pattern ./spec/\*\*/\*_spec.rb --exclude-pattern ./spec/units/pkcs11_key_material_spec.rb --format documentation failed mv ./.gem2deb.Gemfile.lock Gemfile.lock - -┌──────────────────────────────────────────────────────────────────────────────┐ -│ dh_ruby --install finished │ -└──────────────────────────────────────────────────────────────────────────────┘ - - dh_installdocs -O--buildsystem=ruby - dh_ruby_fixdocs -O--buildsystem=ruby - dh_installchangelogs -O--buildsystem=ruby - dh_installsystemduser -O--buildsystem=ruby - dh_perl -O--buildsystem=ruby - dh_link -O--buildsystem=ruby - dh_strip_nondeterminism -O--buildsystem=ruby - dh_compress -X.rb -O--buildsystem=ruby - dh_fixperms -O--buildsystem=ruby - dh_missing -O--buildsystem=ruby - dh_ruby_fixdepends -O--buildsystem=ruby - dh_installdeb -O--buildsystem=ruby - dh_gencontrol -O--buildsystem=ruby -dpkg-gencontrol: warning: Depends field of package ruby-certificate-authority: substitution variable ${shlibs:Depends} used, but is not defined -dpkg-gencontrol: warning: package ruby-certificate-authority: substitution variable ${ruby:Versions} used, but is not defined - dh_md5sums -O--buildsystem=ruby - dh_builddeb -O--buildsystem=ruby -dpkg-deb: building package 'ruby-certificate-authority' in '../ruby-certificate-authority_1.1.0-1_all.deb'. - dpkg-genbuildinfo --build=binary -O../ruby-certificate-authority_1.1.0-1_i386.buildinfo - dpkg-genchanges --build=binary -O../ruby-certificate-authority_1.1.0-1_i386.changes -dpkg-genchanges: info: binary-only upload (no source code included) - dpkg-source --after-build . -dpkg-buildpackage: info: binary-only upload (no source included) -dpkg-genchanges: info: including full source code in upload +ERROR: Test "ruby3.1" failed. Exiting. +dh_auto_install: error: dh_ruby --install /build/reproducible-path/ruby-certificate-authority-1.1.0/debian/ruby-certificate-authority returned exit code 1 +make: *** [debian/rules:7: binary] Error 25 +dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 I: copying local configuration +E: Failed autobuilding of package +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/C01_cleanup starting +debug output: disk usage on i-capture-the-hostname at Thu Jan 23 15:36:18 UTC 2025 +Filesystem Size Used Avail Use% Mounted on +tmpfs 3.9G 0 3.9G 0% /dev/shm + +I: user script /srv/workspace/pbuilder/48439/tmp/hooks/C01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/80680 and its subdirectories -I: Current time: Wed Feb 25 09:58:19 -12 2026 -I: pbuilder-time-stamp: 1772056699 +I: removing directory /srv/workspace/pbuilder/48439 and its subdirectories