Diff of the two buildlogs: -- --- b1/build.log 2025-09-13 13:39:14.369127652 +0000 +++ b2/build.log 2025-09-13 13:41:48.105320749 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Fri Oct 16 07:54:25 -12 2026 -I: pbuilder-time-stamp: 1792180465 +I: Current time: Sun Sep 14 03:39:15 +14 2025 +I: pbuilder-time-stamp: 1757770755 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/forky-reproducible-base.tgz] I: copying local configuration @@ -24,53 +24,85 @@ dpkg-source: info: applying fix-32bit.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/1758011/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/D01_modify_environment starting +debug: Running on ionos11-amd64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 Sep 13 13:39 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='amd64' - DEBIAN_FRONTEND='noninteractive' - DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=42 ' - DISTRIBUTION='forky' - HOME='/root' - HOST_ARCH='amd64' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="3" [2]="3" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") + BASH_VERSION='5.3.3(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=amd64 + DEBIAN_FRONTEND=noninteractive + DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=40 ' + DIRSTACK=() + DISTRIBUTION=forky + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=x86_64 + HOST_ARCH=amd64 IFS=' ' - INVOCATION_ID='49f05a8165764c2a9016ffde63d2a2af' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='1758011' - PS1='# ' - PS2='> ' + INVOCATION_ID=177dfafd79a74152b09215ad53416621 + LANG=C + LANGUAGE=et_EE:et + LC_ALL=C + MACHTYPE=x86_64-pc-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=3601927 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.XvazYAwI/pbuilderrc_AJhX --distribution forky --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/forky-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.XvazYAwI/b1 --logfile b1/build.log opkssh_0.8.0-2.dsc' - SUDO_GID='110' - SUDO_HOME='/var/lib/jenkins' - SUDO_UID='105' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://213.165.73.152:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.XvazYAwI/pbuilderrc_oaQF --distribution forky --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/forky-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.XvazYAwI/b2 --logfile b2/build.log opkssh_0.8.0-2.dsc' + SUDO_GID=111 + SUDO_HOME=/var/lib/jenkins + SUDO_UID=106 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://46.16.76.132:3128 I: uname -a - Linux ionos5-amd64 6.12.43+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1 (2025-08-27) x86_64 GNU/Linux + Linux i-capture-the-hostname 6.12.43+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.43-1 (2025-08-27) x86_64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 Aug 10 2025 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/1758011/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 Aug 10 12:30 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -309,7 +341,7 @@ Get: 175 http://deb.debian.org/debian forky/main amd64 golang-gopkg-ini.v1-dev all 1.67.0-1 [39.9 kB] Get: 176 http://deb.debian.org/debian forky/main amd64 golang-github-spf13-viper-dev all 1.12.0-1 [68.9 kB] Get: 177 http://deb.debian.org/debian forky/main amd64 golang-github-spf13-cobra-dev all 1.8.1-1 [75.2 kB] -Fetched 143 MB in 48s (2954 kB/s) +Fetched 143 MB in 2s (62.8 MB/s) Preconfiguring packages ... Selecting previously unselected package golang-golang-x-sys-dev. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19917 files and directories currently installed.) @@ -890,8 +922,8 @@ Setting up tzdata (2025b-5) ... Current default time zone: 'Etc/UTC' -Local time is now: Fri Oct 16 20:01:15 UTC 2026. -Universal Time is now: Fri Oct 16 20:01:15 UTC 2026. +Local time is now: Sat Sep 13 13:40:57 UTC 2025. +Universal Time is now: Sat Sep 13 13:40:57 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up golang-github-cespare-xxhash-dev (2.3.0-1) ... @@ -1038,7 +1070,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/opkssh-0.8.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../opkssh_0.8.0-2_source.changes +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for forky +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/opkssh-0.8.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../opkssh_0.8.0-2_source.changes dpkg-buildpackage: info: source package opkssh dpkg-buildpackage: info: source version 0.8.0-2 dpkg-buildpackage: info: source distribution unstable @@ -1056,61 +1092,61 @@ dh_autoreconf -O--builddirectory=_build -O--buildsystem=golang dh_auto_configure -O--builddirectory=_build -O--buildsystem=golang dh_auto_build -O--builddirectory=_build -O--buildsystem=golang - cd _build && go install -trimpath -v -p 42 github.com/openpubkey/opkssh github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh/commands/config github.com/openpubkey/opkssh/internal/projectpath github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/policy/files github.com/openpubkey/opkssh/policy/plugins github.com/openpubkey/opkssh/sshcert -internal/itoa -internal/msan -internal/goexperiment -math/bits -internal/coverage/rtcov -internal/unsafeheader + cd _build && go install -trimpath -v -p 40 github.com/openpubkey/opkssh github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh/commands/config github.com/openpubkey/opkssh/internal/projectpath github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/policy/files github.com/openpubkey/opkssh/policy/plugins github.com/openpubkey/opkssh/sshcert +internal/godebugs +internal/byteorder +internal/goarch internal/goos -crypto/internal/fips140/alias -log/slog/internal -go.opentelemetry.io/otel/metric/embedded -internal/asan +internal/unsafeheader vendor/golang.org/x/crypto/internal/alias -cmp encoding -go.opentelemetry.io/otel/trace/embedded -internal/nettrace -log/internal +crypto/internal/boring/sig +crypto/internal/fips140/alias +internal/msan +log/slog/internal +github.com/zitadel/oidc/pkg/oidc/grants/tokenexchange container/list -unicode/utf8 -github.com/openpubkey/openpubkey/cosigner/msgs -internal/godebugs -vendor/golang.org/x/crypto/cryptobyte/asn1 -unicode/utf16 internal/profilerecord -golang.org/x/crypto/internal/alias -golang.org/x/exp/maps -internal/cpu -internal/byteorder -github.com/zitadel/oidc/pkg/oidc/grants/tokenexchange +go.opentelemetry.io/otel/metric/embedded +internal/itoa internal/runtime/atomic internal/runtime/syscall -unicode -internal/goarch -crypto/internal/boring/sig -golang.org/x/exp/constraints +math/bits +golang.org/x/exp/maps +github.com/openpubkey/openpubkey/cosigner/msgs +go.opentelemetry.io/otel/trace/embedded +unicode/utf16 +internal/asan sync/atomic -crypto/internal/fips140/subtle +golang.org/x/crypto/internal/alias +vendor/golang.org/x/crypto/cryptobyte/asn1 +golang.org/x/exp/constraints +unicode/utf8 +log/internal +internal/nettrace crypto/internal/fips140deps/byteorder +unicode +internal/cpu +internal/goexperiment +internal/coverage/rtcov +cmp internal/runtime/math internal/chacha8rand internal/runtime/sys internal/abi +crypto/internal/fips140/subtle golang.org/x/crypto/salsa20/salsa golang.org/x/exp/slices -crypto/internal/fips140deps/cpu internal/runtime/exithook +crypto/internal/fips140deps/cpu internal/bytealg math +internal/stringslite internal/race internal/sync internal/runtime/maps -internal/stringslite -runtime go.opentelemetry.io/otel/internal +runtime iter internal/reflectlite crypto/subtle @@ -1118,212 +1154,212 @@ sync maps slices -internal/singleflight -internal/bisect -unique -log/slog/internal/buffer -internal/testlog -runtime/cgo -internal/godebug errors -internal/oserror -crypto/internal/fips140deps/godebug -math/rand sort -strconv +internal/oserror path -net/netip +vendor/golang.org/x/net/dns/dnsmessage math/rand/v2 +strconv +internal/bisect +internal/singleflight +log/slog/internal/buffer +internal/testlog +unique io -vendor/golang.org/x/net/dns/dnsmessage -golang.org/x/text/internal/tag -golang.org/x/crypto/blowfish -reflect syscall -crypto/internal/randutil -internal/saferio +runtime/cgo +internal/godebug hash bytes +internal/saferio +crypto/internal/randutil +golang.org/x/text/internal/tag +hash/crc32 strings +crypto/internal/fips140deps/godebug +math/rand crypto -hash/crc32 -golang.org/x/text/transform +net/netip +golang.org/x/crypto/blowfish +reflect vendor/golang.org/x/text/transform +golang.org/x/text/transform crypto/internal/impl -html crypto/internal/fips140 -regexp/syntax net/http/internal/ascii net/http/internal/testcert bufio github.com/kballard/go-shellquote golang.org/x/text/runes +html +regexp/syntax crypto/tls/internal/fips140tls -crypto/internal/fips140/sha512 -crypto/internal/fips140/sha3 crypto/internal/fips140/sha256 +crypto/internal/fips140/sha3 +crypto/internal/fips140/sha512 crypto/sha3 crypto/internal/fips140/hmac -internal/syscall/execenv -time -internal/syscall/unix crypto/internal/fips140/check crypto/internal/fips140hash -crypto/internal/fips140/hkdf -crypto/internal/fips140/tls12 -crypto/internal/fips140/edwards25519/field crypto/internal/fips140/aes +crypto/internal/fips140/edwards25519/field crypto/internal/fips140/bigmod +crypto/internal/fips140/hkdf +crypto/internal/fips140/tls12 crypto/internal/fips140/nistec/fiat +internal/syscall/execenv +internal/syscall/unix +time crypto/internal/fips140/tls13 -regexp crypto/internal/fips140/edwards25519 +regexp +crypto/internal/fips140/nistec context io/fs internal/poll +go.opentelemetry.io/otel/internal/baggage +internal/filepathlite github.com/spf13/afero/internal/common embed -internal/filepathlite -go.opentelemetry.io/otel/internal/baggage -crypto/internal/fips140/nistec -internal/fmtsort go.opentelemetry.io/otel/internal/attribute +internal/fmtsort encoding/binary os encoding/base64 -vendor/golang.org/x/crypto/internal/poly1305 golang.org/x/crypto/internal/poly1305 +vendor/golang.org/x/crypto/internal/poly1305 golang.org/x/sys/unix encoding/pem golang.org/x/crypto/nacl/secretbox -internal/sysinfo -io/ioutil -os/signal crypto/internal/sysrand path/filepath +io/ioutil +os/signal +vendor/golang.org/x/sys/cpu +internal/sysinfo golang.org/x/sys/cpu fmt -vendor/golang.org/x/sys/cpu +net crypto/internal/entropy crypto/internal/fips140/drbg +golang.org/x/crypto/sha3 +golang.org/x/crypto/blake2b crypto/internal/fips140only crypto/internal/fips140/ecdh +crypto/internal/fips140/aes/gcm crypto/internal/fips140/ecdsa crypto/internal/fips140/rsa crypto/internal/fips140/ed25519 -crypto/internal/fips140/aes/gcm crypto/internal/fips140/mlkem -github.com/spf13/afero/mem github.com/openpubkey/opkssh/internal/projectpath +github.com/spf13/afero/mem os/exec -crypto/rc4 crypto/md5 -golang.org/x/crypto/sha3 -golang.org/x/crypto/blake2b +crypto/rc4 crypto/cipher github.com/lestrrat-go/option -github.com/lestrrat-go/blackmagic +encoding/hex +log github.com/lestrrat-go/httpcc -encoding/json +net/http/internal +mime/quotedprintable net/url -log +github.com/lestrrat-go/iter/arrayiter +github.com/lestrrat-go/iter/mapiter compress/flate +mime vendor/golang.org/x/net/http2/hpack -encoding/hex -net/http/internal github.com/lestrrat-go/jwx/internal/base64 -mime/quotedprintable -database/sql/driver -github.com/muhlemmer/gu -github.com/pmezard/go-difflib/difflib +github.com/lestrrat-go/blackmagic +encoding/json +encoding/csv +os/user +github.com/go-jose/go-jose/json github.com/zitadel/schema +github.com/muhlemmer/gu flag +github.com/pmezard/go-difflib/difflib runtime/debug -encoding/gob +golang.org/x/text/unicode/norm +runtime/trace golang.org/x/text/internal/language +gopkg.in/yaml.v3 +vendor/golang.org/x/text/unicode/norm +database/sql/driver +text/template/parse math/big -github.com/go-jose/go-jose/json -crypto/internal/boring +encoding/gob crypto/des -vendor/golang.org/x/crypto/chacha20 -runtime/trace golang.org/x/crypto/chacha20 -golang.org/x/text/unicode/norm -text/template/parse github.com/lestrrat-go/jwx/jwa -mime -github.com/lestrrat-go/iter/arrayiter -github.com/lestrrat-go/iter/mapiter -encoding/csv -vendor/golang.org/x/text/unicode/norm -gopkg.in/yaml.v3 +vendor/golang.org/x/crypto/chacha20 +crypto/internal/boring +github.com/davecgh/go-spew/spew crypto/ecdh crypto/sha512 crypto/aes -crypto/sha1 crypto/hmac +crypto/sha1 crypto/sha256 -github.com/davecgh/go-spew/spew -golang.org/x/crypto/ssh/internal/bcrypt_pbkdf +github.com/lestrrat-go/jwx/internal/iter golang.org/x/crypto/pbkdf2 -vendor/golang.org/x/text/unicode/bidi +golang.org/x/crypto/ssh/internal/bcrypt_pbkdf vendor/golang.org/x/crypto/chacha20poly1305 -github.com/lestrrat-go/jwx/internal/iter +vendor/golang.org/x/text/unicode/bidi golang.org/x/crypto/curve25519 go.opentelemetry.io/otel/baggage -testing compress/gzip +testing vendor/golang.org/x/text/secure/bidirule golang.org/x/text/internal/language/compact -golang.org/x/text/language text/template -github.com/awnumar/memcall +golang.org/x/text/language vendor/golang.org/x/net/idna -github.com/lestrrat-go/jwx/internal/json -go.opentelemetry.io/otel/codes +github.com/awnumar/memcall go.opentelemetry.io/otel/attribute +go.opentelemetry.io/otel/codes +github.com/lestrrat-go/jwx/internal/json log/slog github.com/sirupsen/logrus -crypto/internal/boring/bbig crypto/rand -encoding/asn1 -crypto/dsa +crypto/internal/boring/bbig github.com/lestrrat-go/jwx/internal/pool crypto/elliptic +crypto/dsa filippo.io/bigmod +encoding/asn1 crypto/ed25519 github.com/lestrrat-go/jwx/x25519 crypto/internal/hpke -github.com/gorilla/securecookie -github.com/awnumar/memguard/core crypto/rsa +github.com/awnumar/memguard/core +golang.org/x/crypto/ed25519 +github.com/gorilla/securecookie github.com/stretchr/testify/assert/yaml -go.opentelemetry.io/otel/metric go.opentelemetry.io/otel/trace -golang.org/x/crypto/ed25519 +go.opentelemetry.io/otel/metric github.com/awnumar/memguard github.com/lestrrat-go/jwx/internal/ecutil html/template -github.com/go-logr/logr crypto/x509/pkix vendor/golang.org/x/crypto/cryptobyte +github.com/go-logr/logr github.com/go-logr/logr/funcr -os/user -net crypto/ecdsa github.com/go-logr/stdr github.com/go-jose/go-jose/cipher vendor/golang.org/x/net/http/httpproxy -github.com/google/uuid net/textproto +github.com/google/uuid crypto/x509 github.com/spf13/pflag vendor/golang.org/x/net/http/httpguts mime/multipart github.com/spf13/cobra +github.com/lestrrat-go/jwx/cert github.com/lestrrat-go/jwx/jwk/internal/x509 github.com/openpubkey/openpubkey/util -github.com/lestrrat-go/jwx/cert github.com/go-jose/go-jose golang.org/x/crypto/ssh crypto/tls @@ -1333,14 +1369,14 @@ net/http github.com/lestrrat-go/httprc go.opentelemetry.io/otel/propagation -golang.org/x/oauth2/internal github.com/zitadel/logging +golang.org/x/oauth2/internal net/http/httptest github.com/spf13/afero go.opentelemetry.io/otel/internal/global golang.org/x/oauth2 -github.com/stretchr/testify/assert github.com/lestrrat-go/jwx/jwk +github.com/stretchr/testify/assert golang.org/x/oauth2/clientcredentials github.com/zitadel/oidc/pkg/oidc go.opentelemetry.io/otel @@ -1348,8 +1384,8 @@ github.com/openpubkey/opkssh/policy/files github.com/zitadel/oidc/pkg/http github.com/zitadel/oidc/pkg/client -github.com/stretchr/testify/require github.com/zitadel/oidc/pkg/client/rp +github.com/stretchr/testify/require github.com/lestrrat-go/jwx/internal/keyconv github.com/lestrrat-go/jwx/jws github.com/openpubkey/openpubkey/pktoken/clientinstance @@ -1357,8 +1393,8 @@ github.com/openpubkey/openpubkey/pktoken github.com/openpubkey/openpubkey/discover github.com/openpubkey/opkssh/policy/plugins -github.com/openpubkey/openpubkey/providers/mocks github.com/openpubkey/openpubkey/cosigner +github.com/openpubkey/openpubkey/providers/mocks github.com/openpubkey/openpubkey/verifier github.com/openpubkey/openpubkey/providers github.com/openpubkey/opkssh/sshcert @@ -1369,7 +1405,7 @@ github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh dh_auto_test -O--builddirectory=_build -O--buildsystem=golang - cd _build && go test -vet=off -v -p 42 github.com/openpubkey/opkssh github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh/commands/config github.com/openpubkey/opkssh/internal/projectpath github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/policy/files github.com/openpubkey/opkssh/policy/plugins github.com/openpubkey/opkssh/sshcert + cd _build && go test -vet=off -v -p 40 github.com/openpubkey/opkssh github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh/commands/config github.com/openpubkey/opkssh/internal/projectpath github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/policy/files github.com/openpubkey/opkssh/policy/plugins github.com/openpubkey/opkssh/sshcert === RUN TestIsOpenSSHVersion8Dot1OrGreater === RUN TestIsOpenSSHVersion8Dot1OrGreater/Exact_8.1 === RUN TestIsOpenSSHVersion8Dot1OrGreater/Above_8.1_(8.4) @@ -1443,72 +1479,72 @@ PASS ok github.com/openpubkey/opkssh 0.027s === RUN TestAddErrors -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal foo to the policy file +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal foo to the policy file --- PASS: TestAddErrors (0.00s) === RUN TestAddUniqueness -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal user1 to the policy file -2026/10/16 08:01:51 User with email alice@example.com already has access under the principal user1, skipping... -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal user2 to the policy file -2026/10/16 08:01:51 User with email alice@example.com already has access under the principal user2, skipping... +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal user1 to the policy file +2025/09/14 03:41:26 User with email alice@example.com already has access under the principal user1, skipping... +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal user2 to the policy file +2025/09/14 03:41:26 User with email alice@example.com already has access under the principal user2, skipping... --- PASS: TestAddUniqueness (0.00s) === RUN TestLoginCmd === RUN TestLoginCmd/Good_path_with_no_vars -2026/10/16 08:01:53 DEBUG: running login command with args: {Fs:0xc00027dd40 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:false DisableBrowserOpenArg:false PrintIdTokenArg:true KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc00029dbc0 Config:0xc0001f4de0 pkt: signer: alg: client: principals:[]} -2026/10/16 08:01:53 Warning: could not find issuer https://accounts.example.com in client config providers +2025/09/14 03:41:26 DEBUG: running login command with args: {Fs:0xc000367ce0 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:false DisableBrowserOpenArg:false PrintIdTokenArg:true KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc00024f9e0 Config:0xc0001b0de0 pkt: signer: alg: client: principals:[]} +2025/09/14 03:41:26 Warning: could not find issuer https://accounts.example.com in client config providers Writing opk ssh public key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa-cert.pub and corresponding secret key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa id_token: { "iss": "https://accounts.example.com", "sub": "me", - "exp": 1792188113, - "iat": 1792180913, + "exp": 1757778086, + "iat": 1757770886, "email": "arthur.aardvark@example.com", - "nonce": "vrHxfrn7LNBHMUaSgKnmZW0SilMfALqIbei71Tmju18" + "nonce": "hMXzBCyoRAKOafvV9NYEVs4-K5oCqCgsmSObLHm7oIs" } Keys generated for identity Email, sub, issuer, audience: arthur.aardvark@example.com me https://accounts.example.com test_client_id === RUN TestLoginCmd/Good_path_(load_config) -2026/10/16 08:01:54 DEBUG: running login command with args: {Fs:0xc00024a990 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:false DisableBrowserOpenArg:false PrintIdTokenArg:true KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc0005940f0 Config: pkt: signer: alg: client: principals:[]} -2026/10/16 08:01:54 failed to find client config file to generate a default config, run `opkssh login --create-config` to create a default config file -2026/10/16 08:01:54 Warning: could not find issuer https://accounts.example.com in client config providers +2025/09/14 03:41:28 DEBUG: running login command with args: {Fs:0xc0003d88a0 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:false DisableBrowserOpenArg:false PrintIdTokenArg:true KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc0003b96a0 Config: pkt: signer: alg: client: principals:[]} +2025/09/14 03:41:28 failed to find client config file to generate a default config, run `opkssh login --create-config` to create a default config file +2025/09/14 03:41:28 Warning: could not find issuer https://accounts.example.com in client config providers Writing opk ssh public key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa-cert.pub and corresponding secret key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa id_token: { "iss": "https://accounts.example.com", "sub": "me", - "exp": 1792188114, - "iat": 1792180914, + "exp": 1757778088, + "iat": 1757770888, "email": "arthur.aardvark@example.com", - "nonce": "9yJGoa6UzAq1MmV3Ujm7UZ0VgCnANZyzlsAL0k6ymB8" + "nonce": "h-A8gY16wchicJ6vu1ymwiZZMDSILjsUWqTRcqfit5U" } Keys generated for identity Email, sub, issuer, audience: arthur.aardvark@example.com me https://accounts.example.com test_client_id === RUN TestLoginCmd/Good_path_with_SendAccessToken_set_in_arg_and_config -2026/10/16 08:01:54 DEBUG: running login command with args: {Fs:0xc0003aeba0 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:true DisableBrowserOpenArg:false PrintIdTokenArg:false KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc000045090 Config:0xc00027d7d0 pkt: signer: alg: client: principals:[]} +2025/09/14 03:41:29 DEBUG: running login command with args: {Fs:0xc0002daf90 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:true DisableBrowserOpenArg:false PrintIdTokenArg:false KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc00011d140 Config:0xc00025d650 pkt: signer: alg: client: principals:[]} Writing opk ssh public key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa-cert.pub and corresponding secret key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa Keys generated for identity Email, sub, issuer, audience: arthur.aardvark@example.com me https://accounts.example.com test_client_id === RUN TestLoginCmd/Good_path_with_SendAccessToken_set_in_config_but_not_in_arg -2026/10/16 08:01:55 DEBUG: running login command with args: {Fs:0xc0002303c0 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:false DisableBrowserOpenArg:false PrintIdTokenArg:false KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc0003d2e50 Config:0xc00027d7d0 pkt: signer: alg: client: principals:[]} +2025/09/14 03:41:30 DEBUG: running login command with args: {Fs:0xc0002db0b0 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:false DisableBrowserOpenArg:false PrintIdTokenArg:false KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc000045cc0 Config:0xc00025d650 pkt: signer: alg: client: principals:[]} Writing opk ssh public key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa-cert.pub and corresponding secret key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa Keys generated for identity Email, sub, issuer, audience: arthur.aardvark@example.com me https://accounts.example.com test_client_id === RUN TestLoginCmd/Good_path_with_SendAccessToken_Arg_(issuer_not_found_in_config) -2026/10/16 08:01:56 DEBUG: running login command with args: {Fs:0xc0000fec90 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:true DisableBrowserOpenArg:false PrintIdTokenArg:false KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc0003d3d10 Config:0xc0001f4de0 pkt: signer: alg: client: principals:[]} +2025/09/14 03:41:30 DEBUG: running login command with args: {Fs:0xc0003528a0 AutoRefreshArg:false ConfigPathArg: CreateConfigArg:false ConfigureArg:false LogDirArg:./logs SendAccessTokenArg:true DisableBrowserOpenArg:false PrintIdTokenArg:false KeyPathArg: ProviderArg: ProviderAliasArg: SSHConfigured:false Verbosity:2 overrideProvider:0xc0003b8830 Config:0xc0001b0de0 pkt: signer: alg: client: principals:[]} Writing opk ssh public key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa-cert.pub and corresponding secret key to /build/reproducible-path/opkssh-0.8.0/debian/.debhelper/generated/_source/home/.ssh/id_ecdsa Keys generated for identity Email, sub, issuer, audience: arthur.aardvark@example.com me https://accounts.example.com test_client_id ---- PASS: TestLoginCmd (4.31s) - --- PASS: TestLoginCmd/Good_path_with_no_vars (1.01s) - --- PASS: TestLoginCmd/Good_path_(load_config) (0.52s) - --- PASS: TestLoginCmd/Good_path_with_SendAccessToken_set_in_arg_and_config (0.52s) - --- PASS: TestLoginCmd/Good_path_with_SendAccessToken_set_in_config_but_not_in_arg (0.64s) - --- PASS: TestLoginCmd/Good_path_with_SendAccessToken_Arg_(issuer_not_found_in_config) (0.51s) +--- PASS: TestLoginCmd (4.02s) + --- PASS: TestLoginCmd/Good_path_with_no_vars (0.37s) + --- PASS: TestLoginCmd/Good_path_(load_config) (1.61s) + --- PASS: TestLoginCmd/Good_path_with_SendAccessToken_set_in_arg_and_config (0.96s) + --- PASS: TestLoginCmd/Good_path_with_SendAccessToken_set_in_config_but_not_in_arg (0.82s) + --- PASS: TestLoginCmd/Good_path_with_SendAccessToken_Arg_(issuer_not_found_in_config) (0.10s) === RUN TestDetermineProvider === RUN TestDetermineProvider/Good_path_with_env_vars === RUN TestDetermineProvider/Good_path_with_env_vars_and_provider_arg_(provider_arg_takes_precedence) @@ -1528,9 +1564,9 @@ === RUN TestNewLogin --- PASS: TestNewLogin (0.00s) === RUN TestCreateSSHCert ---- PASS: TestCreateSSHCert (0.45s) +--- PASS: TestCreateSSHCert (0.37s) === RUN TestIdentityString ---- PASS: TestIdentityString (1.09s) +--- PASS: TestIdentityString (0.61s) === RUN TestPrettyPrintIdToken --- PASS: TestPrettyPrintIdToken (0.43s) === RUN TestAuthorizedKeysCommand @@ -1551,12 +1587,12 @@ === RUN TestAuthorizedKeysCommand/Happy_Path === RUN TestAuthorizedKeysCommand/Happy_Path_(with_auth_token) === RUN TestAuthorizedKeysCommand/Wrong_auth_token ---- PASS: TestAuthorizedKeysCommand (0.68s) +--- PASS: TestAuthorizedKeysCommand (0.35s) --- PASS: TestAuthorizedKeysCommand/Happy_Path (0.00s) --- PASS: TestAuthorizedKeysCommand/Happy_Path_(with_auth_token) (0.00s) --- PASS: TestAuthorizedKeysCommand/Wrong_auth_token (0.00s) PASS -ok github.com/openpubkey/opkssh/commands 6.959s +ok github.com/openpubkey/opkssh/commands 5.794s === RUN TestParseConfig --- PASS: TestParseConfig (0.00s) === RUN TestParseConfigWithSendAccessToken @@ -1657,103 +1693,100 @@ === RUN TestDump_Success === PAUSE TestDump_Success === CONT TestPolicyApproved +=== CONT TestAddAllowedPrincipal +=== RUN TestAddAllowedPrincipal/empty_policy +=== CONT TestLoadUserPolicy_ErrorFile +=== CONT TestPolicyDeniedWrongIssuer +--- PASS: TestLoadUserPolicy_ErrorFile (0.00s) +=== CONT TestLoadPolicyAtPath_FileMissing +--- PASS: TestLoadPolicyAtPath_FileMissing (0.00s) === CONT TestDump_Success +=== CONT TestLoadUserPolicy_NoUserHomeDir --- PASS: TestDump_Success (0.00s) +=== CONT TestLoadSystemDefaultPolicy_Success +--- PASS: TestLoadUserPolicy_NoUserHomeDir (0.00s) +--- PASS: TestLoadSystemDefaultPolicy_Success (0.00s) +=== CONT TestLoadPolicyAtPath_ReadError +--- PASS: TestLoadPolicyAtPath_ReadError (0.00s) === CONT TestLoadPolicyAtPath_BadPermissions -=== CONT TestLoadPolicyAtPath_FileMissing --- PASS: TestLoadPolicyAtPath_BadPermissions (0.00s) ---- PASS: TestLoadPolicyAtPath_FileMissing (0.00s) -=== CONT TestPolicyDeniedBadUser -=== CONT TestAddAllowedPrincipal -=== CONT TestLoadUserPolicy_Success_SkipInvalidEntries -=== CONT TestPolicyEmailDifferentCase === CONT TestPolicyApprovedOidcGroups ---- PASS: TestLoadUserPolicy_Success_SkipInvalidEntries (0.00s) -=== CONT TestPolicyDeniedNoUserEntry +=== CONT TestLoad +=== RUN TestLoad/both_policies_are_missing + multipolicyloader_test.go:189: Root policy: (*policy.Policy)(nil) + multipolicyloader_test.go:190: User policy: (*policy.Policy)(nil) +=== CONT TestEnforceTableTest +2025/09/14 03:41:26 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +2025/09/14 03:41:26 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: mock error +=== RUN TestLoad/only_root_policy_exists + multipolicyloader_test.go:189: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} + multipolicyloader_test.go:190: User policy: (*policy.Policy)(nil) +2025/09/14 03:41:26 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: mock error +=== CONT TestPolicyDeniedMissingOidcGroupsClaim +=== RUN TestLoad/only_user_policy_exists + multipolicyloader_test.go:189: Root policy: (*policy.Policy)(nil) + multipolicyloader_test.go:190: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo", "bob"}, Issuer:"https://example.com"}}} +2025/09/14 03:41:26 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +=== RUN TestLoad/both_user_and_root_policy_exist + multipolicyloader_test.go:189: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} + multipolicyloader_test.go:190: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}}} +=== RUN TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries + multipolicyloader_test.go:189: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} + multipolicyloader_test.go:190: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test", "test2", "test3"}, Issuer:"https://example.com"}}} +2025/09/14 03:41:26 warning: user policy /home/foo/.opk/auth_id has no valid user entries; an entry is considered valid if it gives foo access. +--- PASS: TestLoad (0.00s) + --- PASS: TestLoad/both_policies_are_missing (0.00s) + --- PASS: TestLoad/only_root_policy_exists (0.00s) + --- PASS: TestLoad/only_user_policy_exists (0.00s) + --- PASS: TestLoad/both_user_and_root_policy_exist (0.00s) + --- PASS: TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries (0.00s) === CONT TestPolicyDeniedOidcGroups === CONT TestPolicyApprovedOidcGroupWithAtSign -=== RUN TestAddAllowedPrincipal/empty_policy -=== CONT TestLoadSystemDefaultPolicy_ErrorFile -=== CONT TestLoadPolicyAtPath_ReadError -=== CONT TestLoadUserPolicy_Success -=== CONT TestLoadUserPolicy_ErrorFile -=== CONT TestLoadUserPolicy_NoUserHomeDir +=== CONT TestLoadUserPolicy_Success_SkipInvalidEntries +--- PASS: TestLoadUserPolicy_Success_SkipInvalidEntries (0.00s) +=== CONT TestPolicyDeniedBadUser === CONT TestLoadUserPolicy_FailUserLookup -=== CONT TestLoadSystemDefaultPolicy_Success -=== CONT TestPolicyDeniedMissingOidcGroupsClaim -=== CONT TestLoad -=== CONT TestEnforceTableTest -=== CONT TestPolicyDeniedWrongIssuer +--- PASS: TestLoadUserPolicy_FailUserLookup (0.00s) +=== CONT TestLoadUserPolicy_Success +--- PASS: TestLoadUserPolicy_Success (0.00s) === CONT TestPolicySub +=== CONT TestPolicyDeniedNoUserEntry +=== CONT TestPolicyEmailDifferentCase === NAME TestAddAllowedPrincipal/empty_policy policy_test.go:263: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User(nil)} -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal test to the policy file ---- PASS: TestLoadSystemDefaultPolicy_ErrorFile (0.00s) ---- PASS: TestLoadUserPolicy_Success (0.00s) ---- PASS: TestLoadPolicyAtPath_ReadError (0.00s) ---- PASS: TestLoadUserPolicy_NoUserHomeDir (0.00s) ---- PASS: TestLoadUserPolicy_FailUserLookup (0.00s) -=== RUN TestLoad/both_policies_are_missing ---- PASS: TestLoadUserPolicy_ErrorFile (0.00s) ---- PASS: TestLoadSystemDefaultPolicy_Success (0.00s) -=== NAME TestLoad/both_policies_are_missing - multipolicyloader_test.go:189: Root policy: (*policy.Policy)(nil) +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal test to the policy file === RUN TestAddAllowedPrincipal/non-empty_policy._user_not_found -=== NAME TestLoad/both_policies_are_missing - multipolicyloader_test.go:190: User policy: (*policy.Policy)(nil) -=== NAME TestAddAllowedPrincipal/non-empty_policy._user_not_found policy_test.go:263: AddAllowedPrincipal(principal=test, userEmail=bob@example.com) policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 Successfully added user with email bob@example.com with principal test to the policy file +2025/09/14 03:41:26 Successfully added user with email bob@example.com with principal test to the policy file === RUN TestAddAllowedPrincipal/user_already_exists._new_principal policy_test.go:263: AddAllowedPrincipal(principal=test3, userEmail=alice@example.com) policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal test3 to the policy file -2026/10/16 08:01:51 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal test3 to the policy file +=== CONT TestLoadSystemDefaultPolicy_ErrorFile +--- PASS: TestLoadSystemDefaultPolicy_ErrorFile (0.00s) === RUN TestAddAllowedPrincipal/user_already_exists._principal_not_new. -2026/10/16 08:01:51 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: mock error policy_test.go:263: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 User with email alice@example.com already has access under the principal test, skipping... +2025/09/14 03:41:26 User with email alice@example.com already has access under the principal test, skipping... === RUN TestAddAllowedPrincipal/policy_has_duplicate_entries,_then_add_a_duplicate_entry policy_test.go:263: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 User with email alice@example.com already has access under the principal test, skipping... -=== RUN TestLoad/only_root_policy_exists +2025/09/14 03:41:26 User with email alice@example.com already has access under the principal test, skipping... === RUN TestAddAllowedPrincipal/add_the_same_user_but_new_principal policy_test.go:263: AddAllowedPrincipal(principal=test2, userEmail=alice@example.com) -=== NAME TestLoad/only_root_policy_exists - multipolicyloader_test.go:189: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} - multipolicyloader_test.go:190: User policy: (*policy.Policy)(nil) -2026/10/16 08:01:51 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: mock error -=== NAME TestAddAllowedPrincipal/add_the_same_user_but_new_principal policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test1"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal test2 to the policy file -=== RUN TestLoad/only_user_policy_exists +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal test2 to the policy file === RUN TestAddAllowedPrincipal/add_duplicate_entry_with_complex_policy -=== NAME TestLoad/only_user_policy_exists - multipolicyloader_test.go:189: Root policy: (*policy.Policy)(nil) -=== NAME TestAddAllowedPrincipal/add_duplicate_entry_with_complex_policy policy_test.go:263: AddAllowedPrincipal(principal=test2, userEmail=alice@example.com) -=== NAME TestLoad/only_user_policy_exists - multipolicyloader_test.go:190: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo", "bob"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist -=== RUN TestLoad/both_user_and_root_policy_exist -=== NAME TestAddAllowedPrincipal/add_duplicate_entry_with_complex_policy policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test1"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"test2"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test1", "test2", "test3"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 User with email alice@example.com already has access under the principal test2, skipping... +2025/09/14 03:41:26 User with email alice@example.com already has access under the principal test2, skipping... === RUN TestAddAllowedPrincipal/add_matching_user_but_new_principal_with_complex_policy -=== NAME TestLoad/both_user_and_root_policy_exist - multipolicyloader_test.go:189: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} - multipolicyloader_test.go:190: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}}} -=== NAME TestAddAllowedPrincipal/add_matching_user_but_new_principal_with_complex_policy policy_test.go:263: AddAllowedPrincipal(principal=test4, userEmail=alice@example.com) policy_test.go:264: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test1"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"test2"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test1", "test2", "test3"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 Successfully added user with email alice@example.com with principal test4 to the policy file -=== RUN TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries - multipolicyloader_test.go:189: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} ---- PASS: TestAddAllowedPrincipal (0.01s) +2025/09/14 03:41:26 Successfully added user with email alice@example.com with principal test4 to the policy file +--- PASS: TestAddAllowedPrincipal (0.00s) --- PASS: TestAddAllowedPrincipal/empty_policy (0.00s) --- PASS: TestAddAllowedPrincipal/non-empty_policy._user_not_found (0.00s) --- PASS: TestAddAllowedPrincipal/user_already_exists._new_principal (0.00s) @@ -1762,35 +1795,26 @@ --- PASS: TestAddAllowedPrincipal/add_the_same_user_but_new_principal (0.00s) --- PASS: TestAddAllowedPrincipal/add_duplicate_entry_with_complex_policy (0.00s) --- PASS: TestAddAllowedPrincipal/add_matching_user_but_new_principal_with_complex_policy (0.00s) -=== NAME TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries - multipolicyloader_test.go:190: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test", "test2", "test3"}, Issuer:"https://example.com"}}} -2026/10/16 08:01:51 warning: user policy /home/foo/.opk/auth_id has no valid user entries; an entry is considered valid if it gives foo access. ---- PASS: TestLoad (0.00s) - --- PASS: TestLoad/both_policies_are_missing (0.00s) - --- PASS: TestLoad/only_root_policy_exists (0.00s) - --- PASS: TestLoad/only_user_policy_exists (0.00s) - --- PASS: TestLoad/both_user_and_root_policy_exist (0.00s) - --- PASS: TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries (0.00s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyDeniedBadUser (0.39s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyApprovedOidcGroups (0.54s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyEmailDifferentCase (0.72s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyDeniedOidcGroups (0.79s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyApprovedOidcGroupWithAtSign (0.80s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyApproved (0.93s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicySub (0.96s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyDeniedMissingOidcGroupsClaim (1.00s) -2026/10/16 08:01:52 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyDeniedWrongIssuer (1.14s) -2026/10/16 08:01:53 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestPolicyDeniedNoUserEntry (1.49s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyApproved (0.12s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyApprovedOidcGroupWithAtSign (0.43s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicySub (0.47s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyDeniedOidcGroups (0.53s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyDeniedBadUser (0.58s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyDeniedNoUserEntry (0.60s) +2025/09/14 03:41:26 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyEmailDifferentCase (0.67s) +2025/09/14 03:41:27 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyApprovedOidcGroups (0.94s) +2025/09/14 03:41:27 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyDeniedMissingOidcGroupsClaim (1.03s) +2025/09/14 03:41:27 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestPolicyDeniedWrongIssuer (1.03s) === RUN TestEnforceTableTest/Happy_path_(No_userinfo_supplied_but_ID_Token_has_groups_claim) === PAUSE TestEnforceTableTest/Happy_path_(No_userinfo_supplied_but_ID_Token_has_groups_claim) === RUN TestEnforceTableTest/No_groups_claim_in_ID_Token @@ -1808,32 +1832,32 @@ === RUN TestEnforceTableTest/policy_loader_failure === PAUSE TestEnforceTableTest/policy_loader_failure === CONT TestEnforceTableTest/Happy_path_(No_userinfo_supplied_but_ID_Token_has_groups_claim) -=== CONT TestEnforceTableTest/corrupted_userinfo -=== CONT TestEnforceTableTest/Missing_groups_claim_in_userinfo -=== CONT TestEnforceTableTest/Happy_path_(Valid_user_info) -=== CONT TestEnforceTableTest/sub_in_userinfo_does_not_match_sub_in_ID_Token_does_not_match === CONT TestEnforceTableTest/Wrong_groups_claim_in_userinfo -=== CONT TestEnforceTableTest/policy_loader_failure +=== CONT TestEnforceTableTest/Happy_path_(Valid_user_info) === CONT TestEnforceTableTest/No_groups_claim_in_ID_Token -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d -2026/10/16 08:01:57 Skipping policy plugins: no plugins found at /etc/opk/policy.d ---- PASS: TestEnforceTableTest (5.64s) +=== CONT TestEnforceTableTest/Missing_groups_claim_in_userinfo +=== CONT TestEnforceTableTest/policy_loader_failure +=== CONT TestEnforceTableTest/corrupted_userinfo +=== CONT TestEnforceTableTest/sub_in_userinfo_does_not_match_sub_in_ID_Token_does_not_match +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +2025/09/14 03:41:30 Skipping policy plugins: no plugins found at /etc/opk/policy.d +--- PASS: TestEnforceTableTest (4.48s) --- PASS: TestEnforceTableTest/Happy_path_(Valid_user_info) (0.00s) - --- PASS: TestEnforceTableTest/Happy_path_(No_userinfo_supplied_but_ID_Token_has_groups_claim) (0.00s) --- PASS: TestEnforceTableTest/Missing_groups_claim_in_userinfo (0.00s) - --- PASS: TestEnforceTableTest/policy_loader_failure (0.00s) - --- PASS: TestEnforceTableTest/Wrong_groups_claim_in_userinfo (0.00s) --- PASS: TestEnforceTableTest/No_groups_claim_in_ID_Token (0.00s) - --- PASS: TestEnforceTableTest/corrupted_userinfo (0.01s) + --- PASS: TestEnforceTableTest/policy_loader_failure (0.01s) --- PASS: TestEnforceTableTest/sub_in_userinfo_does_not_match_sub_in_ID_Token_does_not_match (0.01s) + --- PASS: TestEnforceTableTest/Happy_path_(No_userinfo_supplied_but_ID_Token_has_groups_claim) (0.01s) + --- PASS: TestEnforceTableTest/Wrong_groups_claim_in_userinfo (0.01s) + --- PASS: TestEnforceTableTest/corrupted_userinfo (0.01s) PASS -ok github.com/openpubkey/opkssh/policy 5.659s +ok github.com/openpubkey/opkssh/policy 4.497s === RUN TestLog === RUN TestLog/empty === RUN TestLog/single_entry @@ -1881,7 +1905,7 @@ --- PASS: TestToTable/multiple_rows_with_comment (0.00s) --- PASS: TestToTable/realistic_input (0.00s) PASS -ok github.com/openpubkey/opkssh/policy/files 0.006s +ok github.com/openpubkey/opkssh/policy/files 0.007s === RUN TestLoadPolicyPluginsMissing --- PASS: TestLoadPolicyPluginsMissing (0.00s) === RUN TestLoadPolicyPlugins @@ -1919,19 +1943,19 @@ === RUN TestPluginUnsetsEnvVar --- PASS: TestPluginUnsetsEnvVar (0.00s) === RUN TestPublicCheckPolicy ---- PASS: TestPublicCheckPolicy (0.36s) +--- PASS: TestPublicCheckPolicy (0.43s) === RUN TestNewTokens === RUN TestNewTokens/Happy_path_(all_tokens) === RUN TestNewTokens/Happy_path_(minimal_tokens) === RUN TestNewTokens/Happy_path_(string_list_audience) === RUN TestNewTokens/Wrong_type_for_email_verified_claim_in_ID_token ---- PASS: TestNewTokens (3.17s) +--- PASS: TestNewTokens (2.27s) --- PASS: TestNewTokens/Happy_path_(all_tokens) (0.00s) --- PASS: TestNewTokens/Happy_path_(minimal_tokens) (0.00s) --- PASS: TestNewTokens/Happy_path_(string_list_audience) (0.00s) --- PASS: TestNewTokens/Wrong_type_for_email_verified_claim_in_ID_token (0.00s) PASS -ok github.com/openpubkey/opkssh/policy/plugins 3.543s +ok github.com/openpubkey/opkssh/policy/plugins 2.708s === RUN TestCASignerCreation === PAUSE TestCASignerCreation === RUN TestInvalidSshPublicKey @@ -1939,17 +1963,17 @@ === RUN TestSshCertCreation === PAUSE TestSshCertCreation === CONT TestCASignerCreation -=== CONT TestInvalidSshPublicKey === CONT TestSshCertCreation +=== CONT TestInvalidSshPublicKey === RUN TestSshCertCreation/Happy_Path_(no_access_token) --- PASS: TestCASignerCreation (0.00s) ---- PASS: TestInvalidSshPublicKey (0.23s) +--- PASS: TestInvalidSshPublicKey (0.49s) === RUN TestSshCertCreation/Happy_Path_(with_access_token) ---- PASS: TestSshCertCreation (1.00s) - --- PASS: TestSshCertCreation/Happy_Path_(no_access_token) (0.57s) - --- PASS: TestSshCertCreation/Happy_Path_(with_access_token) (0.43s) +--- PASS: TestSshCertCreation (0.93s) + --- PASS: TestSshCertCreation/Happy_Path_(no_access_token) (0.72s) + --- PASS: TestSshCertCreation/Happy_Path_(with_access_token) (0.21s) PASS -ok github.com/openpubkey/opkssh/sshcert 1.009s +ok github.com/openpubkey/opkssh/sshcert 0.936s create-stamp debian/debhelper-build-stamp dh_testroot -O--builddirectory=_build -O--buildsystem=golang dh_prep -O--builddirectory=_build -O--buildsystem=golang @@ -1984,12 +2008,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: not including original source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/3601927/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/1758011 and its subdirectories -I: Current time: Fri Oct 16 08:02:13 -12 2026 -I: pbuilder-time-stamp: 1792180933 +I: removing directory /srv/workspace/pbuilder/3601927 and its subdirectories +I: Current time: Sun Sep 14 03:41:47 +14 2025 +I: pbuilder-time-stamp: 1757770907