Diff of the two buildlogs: -- --- b1/build.log 2025-08-02 10:37:28.894515810 +0000 +++ b2/build.log 2025-08-02 10:38:53.366621304 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Fri Sep 4 04:59:00 -12 2026 -I: pbuilder-time-stamp: 1788541140 +I: Current time: Sun Aug 3 00:37:31 +14 2025 +I: pbuilder-time-stamp: 1754131051 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/trixie-reproducible-base.tgz] I: copying local configuration @@ -22,52 +22,84 @@ dpkg-source: info: unpacking opkssh_0.4.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/852781/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/D01_modify_environment starting +debug: Running on codethink04-arm64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 Aug 2 10:37 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='arm64' - DEBIAN_FRONTEND='noninteractive' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="37" [3]="1" [4]="release" [5]="aarch64-unknown-linux-gnu") + BASH_VERSION='5.2.37(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=arm64 + DEBIAN_FRONTEND=noninteractive DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=12 ' - DISTRIBUTION='trixie' - HOME='/root' - HOST_ARCH='arm64' + DIRSTACK=() + DISTRIBUTION=trixie + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=aarch64 + HOST_ARCH=arm64 IFS=' ' - INVOCATION_ID='43a24f07c04f4d81a3c40dd33e19e06f' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='852781' - PS1='# ' - PS2='> ' + INVOCATION_ID=c255fc29c13d4405814489759d2f1b8a + LANG=C + LANGUAGE=nl_BE:nl + LC_ALL=C + MACHTYPE=aarch64-unknown-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=1856191 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.XMtD8wjK/pbuilderrc_ViaU --distribution trixie --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.XMtD8wjK/b1 --logfile b1/build.log opkssh_0.4.0-1.dsc' - SUDO_GID='109' - SUDO_UID='104' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://192.168.101.4:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.XMtD8wjK/pbuilderrc_vehB --distribution trixie --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/trixie-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.XMtD8wjK/b2 --logfile b2/build.log opkssh_0.4.0-1.dsc' + SUDO_GID=109 + SUDO_UID=104 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://192.168.101.4:3128 I: uname -a - Linux codethink03-arm64 6.1.0-37-cloud-arm64 #1 SMP Debian 6.1.140-1 (2025-05-22) aarch64 GNU/Linux + Linux i-capture-the-hostname 6.1.0-37-cloud-arm64 #1 SMP Debian 6.1.140-1 (2025-05-22) aarch64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 May 12 2025 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/852781/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 May 12 19:25 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -303,7 +335,7 @@ Get: 174 http://deb.debian.org/debian trixie/main arm64 golang-gopkg-ini.v1-dev all 1.67.0-1 [39.9 kB] Get: 175 http://deb.debian.org/debian trixie/main arm64 golang-github-spf13-viper-dev all 1.12.0-1 [68.9 kB] Get: 176 http://deb.debian.org/debian trixie/main arm64 golang-github-spf13-cobra-dev all 1.8.1-1 [75.2 kB] -Fetched 137 MB in 1s (130 MB/s) +Fetched 137 MB in 0s (280 MB/s) Preconfiguring packages ... Selecting previously unselected package golang-golang-x-sys-dev. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19965 files and directories currently installed.) @@ -880,8 +912,8 @@ Setting up tzdata (2025b-4) ... Current default time zone: 'Etc/UTC' -Local time is now: Fri Sep 4 16:59:32 UTC 2026. -Universal Time is now: Fri Sep 4 16:59:32 UTC 2026. +Local time is now: Sat Aug 2 10:37:58 UTC 2025. +Universal Time is now: Sat Aug 2 10:37:58 UTC 2025. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up golang-github-cespare-xxhash-dev (2.3.0-1) ... @@ -1028,7 +1060,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/opkssh-0.4.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../opkssh_0.4.0-1_source.changes +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for trixie +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/opkssh-0.4.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../opkssh_0.4.0-1_source.changes dpkg-buildpackage: info: source package opkssh dpkg-buildpackage: info: source version 0.4.0-1 dpkg-buildpackage: info: source distribution unstable @@ -1047,36 +1083,36 @@ dh_auto_configure -O--builddirectory=_build -O--buildsystem=golang dh_auto_build -O--builddirectory=_build -O--buildsystem=golang cd _build && go install -trimpath -v -p 12 github.com/openpubkey/opkssh github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh/internal/projectpath github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/policy/files github.com/openpubkey/opkssh/sshcert +internal/unsafeheader +internal/goarch internal/goexperiment internal/byteorder +internal/coverage/rtcov +internal/msan +internal/goos +internal/asan internal/profilerecord -internal/goarch internal/godebugs -internal/runtime/syscall -internal/asan -internal/unsafeheader -internal/goos -internal/msan -internal/runtime/math -sync/atomic internal/cpu +sync/atomic +internal/runtime/math +internal/abi +internal/runtime/syscall math/bits -internal/chacha8rand internal/itoa -internal/coverage/rtcov cmp unicode/utf8 -internal/abi unicode crypto/internal/fips140/alias -crypto/internal/fips140deps/byteorder crypto/internal/boring/sig +internal/chacha8rand +crypto/internal/fips140deps/byteorder encoding +crypto/internal/fips140/subtle +math unicode/utf16 container/list -math golang.org/x/crypto/internal/alias -crypto/internal/fips140/subtle golang.org/x/crypto/salsa20/salsa internal/nettrace vendor/golang.org/x/crypto/cryptobyte/asn1 @@ -1084,14 +1120,14 @@ log/internal log/slog/internal go.opentelemetry.io/otel/metric/embedded -internal/bytealg -internal/runtime/atomic -internal/runtime/sys go.opentelemetry.io/otel/trace/embedded -crypto/internal/fips140deps/cpu golang.org/x/exp/maps github.com/zitadel/oidc/pkg/oidc/grants/tokenexchange github.com/openpubkey/openpubkey/cosigner/msgs +internal/bytealg +internal/runtime/atomic +internal/runtime/sys +crypto/internal/fips140deps/cpu golang.org/x/exp/constraints golang.org/x/exp/slices internal/runtime/exithook @@ -1104,37 +1140,37 @@ internal/reflectlite iter crypto/subtle -sync weak +sync maps slices errors sort internal/bisect -log/slog/internal/buffer -internal/singleflight internal/testlog +internal/singleflight +log/slog/internal/buffer unique +runtime/cgo internal/oserror io -path math/rand/v2 strconv -runtime/cgo -syscall +path vendor/golang.org/x/net/dns/dnsmessage +syscall +hash internal/godebug -golang.org/x/crypto/blowfish -strings reflect -internal/saferio +crypto +crypto/internal/randutil bytes -hash +internal/saferio +strings golang.org/x/text/internal/tag net/netip -crypto/internal/randutil -crypto hash/crc32 +golang.org/x/crypto/blowfish crypto/internal/fips140deps/godebug math/rand vendor/golang.org/x/text/transform @@ -1143,13 +1179,13 @@ crypto/internal/impl bufio net/http/internal/ascii -html regexp/syntax net/http/internal/testcert +html golang.org/x/text/runes -crypto/internal/fips140/sha256 -crypto/internal/fips140/sha3 crypto/internal/fips140/sha512 +crypto/internal/fips140/sha3 +crypto/internal/fips140/sha256 crypto/tls/internal/fips140tls time internal/syscall/unix @@ -1159,160 +1195,160 @@ crypto/internal/fips140hash crypto/internal/fips140/check crypto/internal/fips140/aes +crypto/internal/fips140/tls12 crypto/internal/fips140/bigmod crypto/internal/fips140/nistec/fiat -crypto/internal/fips140/edwards25519/field crypto/internal/fips140/hkdf -crypto/internal/fips140/tls12 -regexp +crypto/internal/fips140/edwards25519/field crypto/internal/fips140/tls13 +regexp crypto/internal/fips140/edwards25519 context io/fs internal/poll +go.opentelemetry.io/otel/internal/baggage internal/filepathlite embed github.com/spf13/afero/internal/common -go.opentelemetry.io/otel/internal/baggage os crypto/internal/fips140/nistec internal/fmtsort go.opentelemetry.io/otel/internal/attribute encoding/binary encoding/base64 +golang.org/x/crypto/blake2b +golang.org/x/crypto/internal/poly1305 vendor/golang.org/x/crypto/internal/poly1305 golang.org/x/sys/unix -golang.org/x/crypto/internal/poly1305 -golang.org/x/crypto/blake2b golang.org/x/crypto/nacl/secretbox encoding/pem crypto/internal/sysrand +fmt +os/signal path/filepath -golang.org/x/sys/cpu -internal/sysinfo io/ioutil -os/signal -fmt +internal/sysinfo +golang.org/x/sys/cpu crypto/internal/entropy crypto/internal/fips140/drbg net -golang.org/x/crypto/sha3 +os/exec +github.com/spf13/afero/mem +github.com/openpubkey/opkssh/internal/projectpath crypto/internal/fips140/aes/gcm +crypto/internal/fips140/ecdh crypto/internal/fips140only crypto/internal/fips140/rsa crypto/internal/fips140/ed25519 -os/exec crypto/internal/fips140/mlkem -github.com/spf13/afero/mem +crypto/internal/fips140/ecdsa crypto/md5 crypto/rc4 -github.com/openpubkey/opkssh/internal/projectpath -crypto/internal/fips140/ecdh -crypto/internal/fips140/ecdsa -crypto/cipher +golang.org/x/crypto/sha3 encoding/hex -encoding/json -math/big -compress/flate +github.com/lestrrat-go/httpcc github.com/lestrrat-go/option -database/sql/driver github.com/lestrrat-go/blackmagic -github.com/lestrrat-go/httpcc -github.com/lestrrat-go/jwx/jwa +compress/flate +database/sql/driver +math/big +encoding/json +crypto/cipher net/url +github.com/lestrrat-go/jwx/jwa log vendor/golang.org/x/text/unicode/norm +vendor/golang.org/x/net/http2/hpack crypto/internal/boring +crypto/des +vendor/golang.org/x/crypto/chacha20 +vendor/golang.org/x/text/unicode/bidi crypto/sha1 crypto/ecdh crypto/sha512 +compress/gzip crypto/aes -crypto/des crypto/hmac -vendor/golang.org/x/crypto/chacha20 crypto/sha256 -vendor/golang.org/x/text/unicode/bidi -vendor/golang.org/x/net/http2/hpack mime -compress/gzip +vendor/golang.org/x/crypto/chacha20poly1305 mime/quotedprintable net/http/internal github.com/lestrrat-go/iter/arrayiter github.com/lestrrat-go/iter/mapiter +vendor/golang.org/x/text/secure/bidirule github.com/lestrrat-go/jwx/internal/base64 -vendor/golang.org/x/crypto/chacha20poly1305 golang.org/x/crypto/curve25519 -github.com/go-jose/go-jose/json github.com/lestrrat-go/jwx/internal/iter +github.com/go-jose/go-jose/json golang.org/x/crypto/pbkdf2 -encoding/gob github.com/muhlemmer/gu -vendor/golang.org/x/text/secure/bidirule +encoding/gob github.com/zitadel/schema golang.org/x/text/internal/language go.opentelemetry.io/otel/baggage github.com/davecgh/go-spew/spew vendor/golang.org/x/net/idna github.com/pmezard/go-difflib/difflib -gopkg.in/yaml.v3 github.com/lestrrat-go/jwx/internal/json +log/slog github.com/awnumar/memcall github.com/sirupsen/logrus -log/slog +go.opentelemetry.io/otel/attribute +go.opentelemetry.io/otel/codes +gopkg.in/yaml.v3 +flag +runtime/debug +golang.org/x/text/internal/language/compact crypto/rand crypto/internal/boring/bbig +github.com/awnumar/memguard/core crypto/elliptic encoding/asn1 -github.com/awnumar/memguard/core -crypto/ed25519 crypto/rsa +crypto/ed25519 crypto/internal/hpke crypto/dsa github.com/lestrrat-go/jwx/internal/pool github.com/lestrrat-go/jwx/x25519 golang.org/x/crypto/ed25519 -github.com/lestrrat-go/jwx/internal/ecutil filippo.io/bigmod -golang.org/x/text/internal/language/compact -go.opentelemetry.io/otel/attribute +golang.org/x/text/language +github.com/go-logr/logr +github.com/lestrrat-go/jwx/internal/ecutil +go.opentelemetry.io/otel/metric github.com/awnumar/memguard -go.opentelemetry.io/otel/codes -flag -runtime/debug +go.opentelemetry.io/otel/trace runtime/trace -github.com/go-logr/logr -golang.org/x/text/language +text/template/parse vendor/golang.org/x/crypto/cryptobyte crypto/x509/pkix -text/template/parse github.com/go-logr/logr/funcr +testing golang.org/x/text/unicode/norm -go.opentelemetry.io/otel/metric -go.opentelemetry.io/otel/trace os/user -testing -crypto/ecdsa -github.com/gorilla/securecookie golang.org/x/crypto/chacha20 -github.com/go-logr/stdr +github.com/gorilla/securecookie golang.org/x/crypto/ssh/internal/bcrypt_pbkdf +crypto/ecdsa encoding/csv -github.com/stretchr/testify/assert/yaml -github.com/go-jose/go-jose/cipher +github.com/go-logr/stdr text/template +github.com/go-jose/go-jose/cipher +github.com/stretchr/testify/assert/yaml html/template +vendor/golang.org/x/net/http/httpproxy github.com/google/uuid -crypto/x509 net/textproto -vendor/golang.org/x/net/http/httpproxy +crypto/x509 github.com/spf13/pflag vendor/golang.org/x/net/http/httpguts mime/multipart github.com/spf13/cobra -crypto/tls github.com/lestrrat-go/jwx/cert github.com/lestrrat-go/jwx/jwk/internal/x509 github.com/openpubkey/openpubkey/util +crypto/tls github.com/go-jose/go-jose golang.org/x/crypto/ssh github.com/openpubkey/openpubkey/oidc @@ -1320,27 +1356,27 @@ net/http/httptrace net/http github.com/lestrrat-go/httprc -github.com/zitadel/logging -golang.org/x/oauth2/internal go.opentelemetry.io/otel/propagation net/http/httptest +github.com/zitadel/logging +golang.org/x/oauth2/internal github.com/spf13/afero -golang.org/x/oauth2 go.opentelemetry.io/otel/internal/global -github.com/lestrrat-go/jwx/jwk +golang.org/x/oauth2 github.com/stretchr/testify/assert -github.com/zitadel/oidc/pkg/oidc +github.com/lestrrat-go/jwx/jwk golang.org/x/oauth2/clientcredentials +github.com/zitadel/oidc/pkg/oidc go.opentelemetry.io/otel -github.com/zitadel/oidc/pkg/http github.com/openpubkey/opkssh/policy/files +github.com/zitadel/oidc/pkg/http github.com/zitadel/oidc/pkg/client -github.com/stretchr/testify/require github.com/zitadel/oidc/pkg/client/rp +github.com/stretchr/testify/require github.com/lestrrat-go/jwx/internal/keyconv github.com/lestrrat-go/jwx/jws -github.com/openpubkey/openpubkey/pktoken/clientinstance github.com/openpubkey/openpubkey/gq +github.com/openpubkey/openpubkey/pktoken/clientinstance github.com/openpubkey/openpubkey/pktoken github.com/openpubkey/openpubkey/discover github.com/openpubkey/openpubkey/providers/mocks @@ -1393,7 +1429,7 @@ === RUN TestRun/Login_command_with_provider_bad_provider_good_azure_issuer_but_no_client_id_value === RUN TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_id_value === RUN TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_secret_value ---- PASS: TestRun (0.00s) +--- PASS: TestRun (0.01s) --- PASS: TestRun/No_arguments (0.00s) --- PASS: TestRun/Root_Help_flag (0.00s) --- PASS: TestRun/Add_Help_flag (0.00s) @@ -1410,17 +1446,17 @@ --- PASS: TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_id_value (0.00s) --- PASS: TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_secret_value (0.00s) PASS -ok github.com/openpubkey/opkssh 0.100s +ok github.com/openpubkey/opkssh 0.029s === RUN TestAddErrors --- PASS: TestAddErrors (0.00s) === RUN TestCreateSSHCert ---- PASS: TestCreateSSHCert (2.26s) +--- PASS: TestCreateSSHCert (1.25s) === RUN TestIdentityString ---- PASS: TestIdentityString (0.92s) +--- PASS: TestIdentityString (0.63s) === RUN TestAuthorizedKeysCommand ---- PASS: TestAuthorizedKeysCommand (0.39s) +--- PASS: TestAuthorizedKeysCommand (0.45s) PASS -ok github.com/openpubkey/opkssh/commands 3.611s +ok github.com/openpubkey/opkssh/commands 2.351s ? github.com/openpubkey/opkssh/internal/projectpath [no test files] === RUN TestProvidersPolicyRow_GetExpirationPolicy --- PASS: TestProvidersPolicyRow_GetExpirationPolicy (0.00s) @@ -1485,18 +1521,8 @@ === RUN TestDump_Success === PAUSE TestDump_Success === CONT TestPolicyApproved -=== CONT TestLoadUserPolicy_NoUserHomeDir ---- PASS: TestLoadUserPolicy_NoUserHomeDir (0.00s) -=== CONT TestDump_Success ---- PASS: TestDump_Success (0.00s) -=== CONT TestLoadSystemDefaultPolicy_Success ---- PASS: TestLoadSystemDefaultPolicy_Success (0.00s) -=== CONT TestLoadSystemDefaultPolicy_ErrorFile ---- PASS: TestLoadSystemDefaultPolicy_ErrorFile (0.00s) -=== CONT TestLoadPolicyAtPath_ReadError ---- PASS: TestLoadPolicyAtPath_ReadError (0.00s) -=== CONT TestLoadPolicyAtPath_BadPermissions ---- PASS: TestLoadPolicyAtPath_BadPermissions (0.00s) +=== CONT TestLoadUserPolicy_FailUserLookup +--- PASS: TestLoadUserPolicy_FailUserLookup (0.00s) === CONT TestLoadPolicyAtPath_FileMissing --- PASS: TestLoadPolicyAtPath_FileMissing (0.00s) === CONT TestLoadUserPolicy_Success_SkipInvalidEntries @@ -1505,38 +1531,48 @@ --- PASS: TestLoadUserPolicy_Success (0.00s) === CONT TestLoadUserPolicy_ErrorFile --- PASS: TestLoadUserPolicy_ErrorFile (0.00s) +=== CONT TestLoadUserPolicy_NoUserHomeDir +--- PASS: TestLoadUserPolicy_NoUserHomeDir (0.00s) +=== CONT TestLoadSystemDefaultPolicy_Success +--- PASS: TestLoadSystemDefaultPolicy_Success (0.00s) +=== CONT TestDump_Success +--- PASS: TestDump_Success (0.00s) +=== CONT TestLoadSystemDefaultPolicy_ErrorFile +--- PASS: TestLoadSystemDefaultPolicy_ErrorFile (0.00s) +=== CONT TestLoadPolicyAtPath_ReadError +--- PASS: TestLoadPolicyAtPath_ReadError (0.00s) === CONT TestPolicyApprovedOidcGroupWithAtSign +=== CONT TestLoadPolicyAtPath_BadPermissions === CONT TestPolicyDeniedNoUserEntry +--- PASS: TestLoadPolicyAtPath_BadPermissions (0.00s) === CONT TestPolicyDeniedBadUser === CONT TestLoad === RUN TestLoad/both_policies_are_missing multipolicyloader_test.go:187: Root policy: (*policy.Policy)(nil) multipolicyloader_test.go:188: User policy: (*policy.Policy)(nil) -2026/09/04 05:00:12 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist -2026/09/04 05:00:12 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH +2025/08/03 00:38:37 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +2025/08/03 00:38:37 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH === RUN TestLoad/only_root_policy_exists multipolicyloader_test.go:187: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} multipolicyloader_test.go:188: User policy: (*policy.Policy)(nil) -2026/09/04 05:00:12 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH +2025/08/03 00:38:37 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH === RUN TestLoad/only_user_policy_exists multipolicyloader_test.go:187: Root policy: (*policy.Policy)(nil) multipolicyloader_test.go:188: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo", "bob"}, Issuer:"https://example.com"}}} -2026/09/04 05:00:12 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +2025/08/03 00:38:37 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist === RUN TestLoad/both_user_and_root_policy_exist multipolicyloader_test.go:187: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} multipolicyloader_test.go:188: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}}} === RUN TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries multipolicyloader_test.go:187: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} multipolicyloader_test.go:188: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test", "test2", "test3"}, Issuer:"https://example.com"}}} -2026/09/04 05:00:12 warning: user policy /home/foo/.opk/auth_id has no valid user entries; an entry is considered valid if it gives foo access. +2025/08/03 00:38:37 warning: user policy /home/foo/.opk/auth_id has no valid user entries; an entry is considered valid if it gives foo access. --- PASS: TestLoad (0.00s) --- PASS: TestLoad/both_policies_are_missing (0.00s) --- PASS: TestLoad/only_root_policy_exists (0.00s) --- PASS: TestLoad/only_user_policy_exists (0.00s) --- PASS: TestLoad/both_user_and_root_policy_exist (0.00s) --- PASS: TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries (0.00s) -=== CONT TestLoadUserPolicy_FailUserLookup ---- PASS: TestLoadUserPolicy_FailUserLookup (0.00s) === CONT TestAddAllowedPrincipal === RUN TestAddAllowedPrincipal/empty_policy policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) @@ -1547,32 +1583,32 @@ === RUN TestAddAllowedPrincipal/user_already_exists._new_principal policy_test.go:128: AddAllowedPrincipal(principal=test3, userEmail=alice@example.com) policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} -2026/09/04 05:00:12 Successfully added user with email alice@example.com with principal test3 to the policy file +2025/08/03 00:38:37 Successfully added user with email alice@example.com with principal test3 to the policy file === RUN TestAddAllowedPrincipal/user_already_exists._principal_not_new. policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} -2026/09/04 05:00:12 User with email alice@example.com already has access under the principal test, skipping... +2025/08/03 00:38:37 User with email alice@example.com already has access under the principal test, skipping... --- PASS: TestAddAllowedPrincipal (0.00s) --- PASS: TestAddAllowedPrincipal/empty_policy (0.00s) --- PASS: TestAddAllowedPrincipal/non-empty_policy._user_not_found (0.00s) --- PASS: TestAddAllowedPrincipal/user_already_exists._new_principal (0.00s) --- PASS: TestAddAllowedPrincipal/user_already_exists._principal_not_new. (0.00s) +=== CONT TestPolicyEmailDifferentCase === CONT TestPolicyDeniedMissingOidcGroupsClaim === CONT TestPolicyDeniedOidcGroups -=== CONT TestPolicyEmailDifferentCase === CONT TestPolicyApprovedOidcGroups === CONT TestPolicyDeniedWrongIssuer ---- PASS: TestPolicyDeniedNoUserEntry (0.85s) ---- PASS: TestPolicyEmailDifferentCase (0.92s) ---- PASS: TestPolicyDeniedOidcGroups (1.58s) ---- PASS: TestPolicyApprovedOidcGroupWithAtSign (1.79s) ---- PASS: TestPolicyDeniedWrongIssuer (1.97s) ---- PASS: TestPolicyApprovedOidcGroups (2.36s) ---- PASS: TestPolicyDeniedBadUser (2.60s) ---- PASS: TestPolicyApproved (2.86s) ---- PASS: TestPolicyDeniedMissingOidcGroupsClaim (3.05s) +--- PASS: TestPolicyDeniedNoUserEntry (0.46s) +--- PASS: TestPolicyApproved (0.65s) +--- PASS: TestPolicyDeniedWrongIssuer (0.68s) +--- PASS: TestPolicyApprovedOidcGroups (0.71s) +--- PASS: TestPolicyDeniedBadUser (0.81s) +--- PASS: TestPolicyDeniedMissingOidcGroupsClaim (0.91s) +--- PASS: TestPolicyApprovedOidcGroupWithAtSign (0.99s) +--- PASS: TestPolicyEmailDifferentCase (1.16s) +--- PASS: TestPolicyDeniedOidcGroups (1.51s) PASS -ok github.com/openpubkey/opkssh/policy 3.120s +ok github.com/openpubkey/opkssh/policy 1.567s === RUN TestLog === RUN TestLog/empty === RUN TestLog/single_entry @@ -1587,25 +1623,25 @@ --- PASS: TestLog/check_clear (0.00s) === RUN TestPermissionsChecker === RUN TestPermissionsChecker/simple_happy_path_(all_match) -2026/09/04 05:00:12 Running, command: stat -c %U %G /test_file -2026/09/04 05:00:12 Got output: testOwner testGroup +2025/08/03 00:38:37 Running, command: stat -c %U %G /test_file +2025/08/03 00:38:37 Got output: testOwner testGroup === RUN TestPermissionsChecker/simple_happy_path_(owner_not_checked) -2026/09/04 05:00:12 Running, command: stat -c %U %G /test_file -2026/09/04 05:00:12 Got output: testOwner testGroup +2025/08/03 00:38:37 Running, command: stat -c %U %G /test_file +2025/08/03 00:38:37 Got output: testOwner testGroup === RUN TestPermissionsChecker/simple_happy_path_(group_not_checked) -2026/09/04 05:00:12 Running, command: stat -c %U %G /test_file -2026/09/04 05:00:12 Got output: testOwner testGroup +2025/08/03 00:38:37 Running, command: stat -c %U %G /test_file +2025/08/03 00:38:37 Got output: testOwner testGroup === RUN TestPermissionsChecker/simple_happy_path_(only_perm_checked) === RUN TestPermissionsChecker/error_(owner_doesn't_match) -2026/09/04 05:00:12 Running, command: stat -c %U %G /test_file -2026/09/04 05:00:12 Got output: testOwner testGroup +2025/08/03 00:38:37 Running, command: stat -c %U %G /test_file +2025/08/03 00:38:37 Got output: testOwner testGroup === RUN TestPermissionsChecker/error_(owner_doesn't_match)#01 -2026/09/04 05:00:12 Running, command: stat -c %U %G /test_file -2026/09/04 05:00:12 Got output: testOwner testGroup +2025/08/03 00:38:37 Running, command: stat -c %U %G /test_file +2025/08/03 00:38:37 Got output: testOwner testGroup === RUN TestPermissionsChecker/error_(perms_don't_match) === RUN TestPermissionsChecker/error_(stat_command_error) -2026/09/04 05:00:12 Running, command: stat -c %U %G /test_file -2026/09/04 05:00:12 Got output: +2025/08/03 00:38:37 Running, command: stat -c %U %G /test_file +2025/08/03 00:38:37 Got output: --- PASS: TestPermissionsChecker (0.00s) --- PASS: TestPermissionsChecker/simple_happy_path_(all_match) (0.00s) --- PASS: TestPermissionsChecker/simple_happy_path_(owner_not_checked) (0.00s) @@ -1628,7 +1664,7 @@ --- PASS: TestToTable/multiple_rows_with_comment (0.00s) --- PASS: TestToTable/realistic_input (0.00s) PASS -ok github.com/openpubkey/opkssh/policy/files 0.052s +ok github.com/openpubkey/opkssh/policy/files 0.017s === RUN TestCASignerCreation === PAUSE TestCASignerCreation === RUN TestInvalidSshPublicKey @@ -1638,11 +1674,11 @@ === CONT TestCASignerCreation === CONT TestSshCertCreation === CONT TestInvalidSshPublicKey ---- PASS: TestCASignerCreation (0.02s) ---- PASS: TestSshCertCreation (0.80s) ---- PASS: TestInvalidSshPublicKey (1.39s) +--- PASS: TestCASignerCreation (0.01s) +--- PASS: TestSshCertCreation (0.86s) +--- PASS: TestInvalidSshPublicKey (1.00s) PASS -ok github.com/openpubkey/opkssh/sshcert 1.452s +ok github.com/openpubkey/opkssh/sshcert 1.028s create-stamp debian/debhelper-build-stamp dh_testroot -O--builddirectory=_build -O--buildsystem=golang dh_prep -O--builddirectory=_build -O--buildsystem=golang @@ -1669,8 +1705,8 @@ dpkg-gencontrol: warning: package opkssh: substitution variable ${misc:Static-Built-Using} unused, but is defined dh_md5sums -O--builddirectory=_build -O--buildsystem=golang dh_builddeb -O--builddirectory=_build -O--buildsystem=golang -dpkg-deb: building package 'opkssh-dbgsym' in '../opkssh-dbgsym_0.4.0-1_arm64.deb'. dpkg-deb: building package 'opkssh' in '../opkssh_0.4.0-1_arm64.deb'. +dpkg-deb: building package 'opkssh-dbgsym' in '../opkssh-dbgsym_0.4.0-1_arm64.deb'. dpkg-deb: building package 'golang-github-openpubkey-opkssh-dev' in '../golang-github-openpubkey-opkssh-dev_0.4.0-1_all.deb'. dpkg-genbuildinfo --build=binary -O../opkssh_0.4.0-1_arm64.buildinfo dpkg-genchanges --build=binary -O../opkssh_0.4.0-1_arm64.changes @@ -1679,12 +1715,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/1856191/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/852781 and its subdirectories -I: Current time: Fri Sep 4 05:00:27 -12 2026 -I: pbuilder-time-stamp: 1788541227 +I: removing directory /srv/workspace/pbuilder/1856191 and its subdirectories +I: Current time: Sun Aug 3 00:38:52 +14 2025 +I: pbuilder-time-stamp: 1754131132