Diff of the two buildlogs: -- --- b1/build.log 2025-04-07 11:58:50.838282713 +0000 +++ b2/build.log 2025-04-07 12:03:20.088357979 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Sun Apr 6 23:55:18 -12 2025 -I: pbuilder-time-stamp: 1744026918 +I: Current time: Mon May 11 08:21:54 +14 2026 +I: pbuilder-time-stamp: 1778437314 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/unstable-reproducible-base.tgz] I: copying local configuration @@ -22,52 +22,84 @@ dpkg-source: info: unpacking opkssh_0.4.0-1.debian.tar.xz I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/3773554/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/D01_modify_environment starting +debug: Running on codethink03-arm64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +'/bin/sh' -> '/bin/bash' +lrwxrwxrwx 1 root root 9 May 10 18:22 /bin/sh -> /bin/bash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build/reproducible-path' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='arm64' - DEBIAN_FRONTEND='noninteractive' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:globskipdots:hostcomplete:interactive_comments:patsub_replacement:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_LOADABLES_PATH=/usr/local/lib/bash:/usr/lib/bash:/opt/local/lib/bash:/usr/pkg/lib/bash:/opt/pkg/lib/bash:. + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="2" [2]="37" [3]="1" [4]="release" [5]="aarch64-unknown-linux-gnu") + BASH_VERSION='5.2.37(1)-release' + BUILDDIR=/build/reproducible-path + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=arm64 + DEBIAN_FRONTEND=noninteractive DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=12 ' - DISTRIBUTION='unstable' - HOME='/root' - HOST_ARCH='arm64' + DIRSTACK=() + DISTRIBUTION=unstable + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/root + HOSTNAME=i-capture-the-hostname + HOSTTYPE=aarch64 + HOST_ARCH=arm64 IFS=' ' - INVOCATION_ID='9870b2baf79c490ab7c4fafdc7bb95cd' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='3773554' - PS1='# ' - PS2='> ' + INVOCATION_ID=839056fa82224ff388cdb9bbf3d62071 + LANG=C + LANGUAGE=nl_BE:nl + LC_ALL=C + MACHTYPE=aarch64-unknown-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=3386320 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.Q4bGdxYK/pbuilderrc_6AoF --distribution unstable --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.Q4bGdxYK/b1 --logfile b1/build.log opkssh_0.4.0-1.dsc' - SUDO_GID='109' - SUDO_UID='104' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - _='/usr/bin/systemd-run' - http_proxy='http://192.168.101.4:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.Q4bGdxYK/pbuilderrc_pbZl --distribution unstable --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/unstable-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.Q4bGdxYK/b2 --logfile b2/build.log opkssh_0.4.0-1.dsc' + SUDO_GID=109 + SUDO_UID=104 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + _='I: set' + http_proxy=http://192.168.101.4:3128 I: uname -a - Linux codethink04-arm64 6.1.0-32-cloud-arm64 #1 SMP Debian 6.1.129-1 (2025-03-06) aarch64 GNU/Linux + Linux i-capture-the-hostname 6.1.0-32-cloud-arm64 #1 SMP Debian 6.1.129-1 (2025-03-06) aarch64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 Mar 4 11:20 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/3773554/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 Mar 4 2025 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -303,7 +335,7 @@ Get: 174 http://deb.debian.org/debian unstable/main arm64 golang-gopkg-ini.v1-dev all 1.67.0-1 [39.9 kB] Get: 175 http://deb.debian.org/debian unstable/main arm64 golang-github-spf13-viper-dev all 1.12.0-1 [68.9 kB] Get: 176 http://deb.debian.org/debian unstable/main arm64 golang-github-spf13-cobra-dev all 1.8.1-1 [75.2 kB] -Fetched 137 MB in 1s (137 MB/s) +Fetched 137 MB in 2s (59.2 MB/s) Preconfiguring packages ... Selecting previously unselected package golang-golang-x-sys-dev. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19945 files and directories currently installed.) @@ -880,8 +912,8 @@ Setting up tzdata (2025b-1) ... Current default time zone: 'Etc/UTC' -Local time is now: Mon Apr 7 11:56:31 UTC 2025. -Universal Time is now: Mon Apr 7 11:56:31 UTC 2025. +Local time is now: Sun May 10 18:23:39 UTC 2026. +Universal Time is now: Sun May 10 18:23:39 UTC 2026. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up golang-github-cespare-xxhash-dev (2.3.0-1) ... @@ -1028,7 +1060,11 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/reproducible-path/opkssh-0.4.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../opkssh_0.4.0-1_source.changes +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/A99_set_merged_usr starting +Not re-configuring usrmerge for unstable +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/A99_set_merged_usr finished +hostname: Name or service not known +I: Running cd /build/reproducible-path/opkssh-0.4.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../opkssh_0.4.0-1_source.changes dpkg-buildpackage: info: source package opkssh dpkg-buildpackage: info: source version 0.4.0-1 dpkg-buildpackage: info: source distribution unstable @@ -1048,39 +1084,43 @@ dh_auto_build -O--builddirectory=_build -O--buildsystem=golang cd _build && go install -trimpath -v -p 12 github.com/openpubkey/opkssh github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh/internal/projectpath github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/policy/files github.com/openpubkey/opkssh/sshcert internal/godebugs -internal/unsafeheader +internal/profilerecord +internal/goexperiment +internal/goarch internal/coverage/rtcov +internal/unsafeheader internal/asan -internal/profilerecord internal/msan -internal/goarch -internal/byteorder internal/goos -internal/goexperiment +internal/byteorder +internal/runtime/syscall +internal/abi +internal/cpu +internal/runtime/math +sync/atomic math/bits internal/itoa cmp -internal/runtime/syscall -internal/runtime/math -internal/cpu -unicode/utf8 unicode -crypto/internal/fips140/alias +unicode/utf8 internal/chacha8rand -sync/atomic +crypto/internal/fips140/alias crypto/internal/fips140deps/byteorder crypto/internal/boring/sig -internal/abi encoding crypto/internal/fips140/subtle -math unicode/utf16 container/list golang.org/x/crypto/internal/alias +math golang.org/x/crypto/salsa20/salsa internal/nettrace vendor/golang.org/x/crypto/cryptobyte/asn1 vendor/golang.org/x/crypto/internal/alias +internal/bytealg +internal/runtime/atomic +internal/runtime/sys +crypto/internal/fips140deps/cpu log/internal log/slog/internal go.opentelemetry.io/otel/metric/embedded @@ -1089,56 +1129,53 @@ github.com/zitadel/oidc/pkg/oidc/grants/tokenexchange github.com/openpubkey/openpubkey/cosigner/msgs golang.org/x/exp/constraints -internal/bytealg -internal/runtime/atomic -internal/runtime/sys -crypto/internal/fips140deps/cpu golang.org/x/exp/slices -internal/stringslite internal/runtime/exithook -go.opentelemetry.io/otel/internal +internal/stringslite internal/race +go.opentelemetry.io/otel/internal internal/runtime/maps internal/sync runtime internal/reflectlite sync +iter crypto/subtle weak -iter slices maps internal/bisect internal/testlog -internal/singleflight unique +internal/singleflight log/slog/internal/buffer -runtime/cgo errors +runtime/cgo sort -internal/godebug internal/oserror strconv io path -crypto/internal/fips140deps/godebug math/rand/v2 -math/rand vendor/golang.org/x/net/dns/dnsmessage -hash syscall -golang.org/x/text/internal/tag +hash +internal/saferio bytes strings +internal/godebug +golang.org/x/text/internal/tag crypto/internal/randutil -internal/saferio -hash/crc32 -vendor/golang.org/x/text/transform -golang.org/x/text/transform -reflect crypto net/netip +reflect +hash/crc32 golang.org/x/crypto/blowfish +crypto/internal/fips140deps/godebug +math/rand +vendor/golang.org/x/text/transform +golang.org/x/text/transform +golang.org/x/text/runes crypto/internal/fips140 crypto/internal/impl bufio @@ -1146,28 +1183,26 @@ regexp/syntax net/http/internal/testcert html -golang.org/x/text/runes crypto/internal/fips140/sha256 -crypto/internal/fips140/sha3 crypto/internal/fips140/sha512 crypto/tls/internal/fips140tls +crypto/internal/fips140/sha3 crypto/sha3 crypto/internal/fips140/hmac -crypto/internal/fips140/check +time +internal/syscall/unix +internal/syscall/execenv crypto/internal/fips140hash +crypto/internal/fips140/check crypto/internal/fips140/aes crypto/internal/fips140/bigmod crypto/internal/fips140/nistec/fiat crypto/internal/fips140/edwards25519/field -crypto/internal/fips140/tls12 crypto/internal/fips140/hkdf +crypto/internal/fips140/tls12 crypto/internal/fips140/tls13 -regexp crypto/internal/fips140/edwards25519 -time -internal/syscall/unix -internal/syscall/execenv -crypto/internal/fips140/nistec +regexp context io/fs internal/poll @@ -1176,60 +1211,61 @@ embed github.com/spf13/afero/internal/common os +crypto/internal/fips140/nistec internal/fmtsort encoding/binary go.opentelemetry.io/otel/internal/attribute fmt crypto/internal/sysrand os/signal -net -path/filepath golang.org/x/sys/cpu -io/ioutil +path/filepath internal/sysinfo +io/ioutil crypto/internal/entropy -crypto/internal/fips140/drbg encoding/base64 +vendor/golang.org/x/crypto/internal/poly1305 golang.org/x/sys/unix golang.org/x/crypto/blake2b golang.org/x/crypto/internal/poly1305 -vendor/golang.org/x/crypto/internal/poly1305 +crypto/internal/fips140/drbg +net +golang.org/x/crypto/nacl/secretbox +os/exec +github.com/spf13/afero/mem +github.com/openpubkey/opkssh/internal/projectpath +golang.org/x/crypto/sha3 crypto/internal/fips140/aes/gcm crypto/internal/fips140only crypto/internal/fips140/rsa crypto/internal/fips140/ecdh crypto/internal/fips140/ecdsa crypto/internal/fips140/ed25519 -crypto/internal/fips140/mlkem -encoding/pem -golang.org/x/crypto/nacl/secretbox crypto/md5 +encoding/pem +crypto/internal/fips140/mlkem crypto/rc4 -os/exec -golang.org/x/crypto/sha3 -github.com/spf13/afero/mem -github.com/openpubkey/opkssh/internal/projectpath crypto/cipher crypto/internal/boring crypto/des vendor/golang.org/x/crypto/chacha20 golang.org/x/crypto/chacha20 -math/big -database/sql/driver -encoding/json -github.com/lestrrat-go/option -encoding/hex crypto/sha1 crypto/ecdh -github.com/lestrrat-go/jwx/jwa crypto/sha512 +crypto/aes +crypto/hmac +crypto/sha256 +math/big +encoding/json +encoding/hex +database/sql/driver +github.com/lestrrat-go/option github.com/lestrrat-go/blackmagic github.com/lestrrat-go/httpcc +github.com/lestrrat-go/jwx/jwa compress/flate -crypto/aes -crypto/hmac vendor/golang.org/x/crypto/chacha20poly1305 -crypto/sha256 net/url log vendor/golang.org/x/text/unicode/norm @@ -1237,23 +1273,23 @@ mime mime/quotedprintable net/http/internal +vendor/golang.org/x/text/unicode/bidi github.com/lestrrat-go/iter/arrayiter github.com/lestrrat-go/iter/mapiter -vendor/golang.org/x/text/unicode/bidi github.com/lestrrat-go/jwx/internal/base64 -github.com/lestrrat-go/jwx/internal/iter golang.org/x/crypto/curve25519 github.com/go-jose/go-jose/json golang.org/x/crypto/pbkdf2 +compress/gzip encoding/gob github.com/muhlemmer/gu +github.com/lestrrat-go/jwx/internal/iter github.com/zitadel/schema -compress/gzip golang.org/x/text/internal/language -vendor/golang.org/x/text/secure/bidirule go.opentelemetry.io/otel/baggage github.com/davecgh/go-spew/spew github.com/pmezard/go-difflib/difflib +vendor/golang.org/x/text/secure/bidirule gopkg.in/yaml.v3 flag runtime/debug @@ -1263,40 +1299,40 @@ crypto/internal/boring/bbig crypto/elliptic encoding/asn1 -crypto/ed25519 -crypto/internal/hpke crypto/dsa crypto/rsa -github.com/lestrrat-go/jwx/internal/json +crypto/ed25519 +crypto/internal/hpke github.com/lestrrat-go/jwx/internal/pool github.com/lestrrat-go/jwx/x25519 golang.org/x/crypto/ed25519 filippo.io/bigmod -log/slog golang.org/x/text/internal/language/compact -go.opentelemetry.io/otel/attribute -go.opentelemetry.io/otel/codes testing github.com/lestrrat-go/jwx/internal/ecutil +github.com/lestrrat-go/jwx/internal/json +log/slog +go.opentelemetry.io/otel/attribute golang.org/x/text/language +go.opentelemetry.io/otel/codes text/template/parse +github.com/awnumar/memcall +github.com/sirupsen/logrus golang.org/x/text/unicode/norm vendor/golang.org/x/crypto/cryptobyte +github.com/awnumar/memguard/core crypto/x509/pkix +github.com/awnumar/memguard go.opentelemetry.io/otel/metric +github.com/go-logr/logr +crypto/ecdsa go.opentelemetry.io/otel/trace os/user +github.com/go-logr/logr/funcr +text/template github.com/gorilla/securecookie -crypto/ecdsa -github.com/go-logr/logr -github.com/awnumar/memcall -github.com/sirupsen/logrus -github.com/awnumar/memguard/core golang.org/x/crypto/ssh/internal/bcrypt_pbkdf -github.com/go-logr/logr/funcr encoding/csv -text/template -github.com/awnumar/memguard github.com/go-logr/stdr github.com/go-jose/go-jose/cipher github.com/stretchr/testify/assert/yaml @@ -1309,8 +1345,8 @@ vendor/golang.org/x/net/http/httpguts mime/multipart github.com/spf13/cobra -crypto/tls github.com/lestrrat-go/jwx/cert +crypto/tls github.com/lestrrat-go/jwx/jwk/internal/x509 github.com/openpubkey/openpubkey/util github.com/go-jose/go-jose @@ -1319,14 +1355,14 @@ github.com/zitadel/oidc/pkg/crypto net/http/httptrace net/http -github.com/zitadel/logging github.com/lestrrat-go/httprc +github.com/zitadel/logging golang.org/x/oauth2/internal go.opentelemetry.io/otel/propagation net/http/httptest github.com/spf13/afero -go.opentelemetry.io/otel/internal/global golang.org/x/oauth2 +go.opentelemetry.io/otel/internal/global github.com/stretchr/testify/assert github.com/lestrrat-go/jwx/jwk github.com/zitadel/oidc/pkg/oidc @@ -1335,8 +1371,8 @@ github.com/openpubkey/opkssh/policy/files github.com/zitadel/oidc/pkg/http github.com/zitadel/oidc/pkg/client -github.com/stretchr/testify/require github.com/zitadel/oidc/pkg/client/rp +github.com/stretchr/testify/require github.com/lestrrat-go/jwx/internal/keyconv github.com/lestrrat-go/jwx/jws github.com/openpubkey/openpubkey/gq @@ -1345,12 +1381,12 @@ github.com/openpubkey/openpubkey/discover github.com/openpubkey/openpubkey/providers/mocks github.com/openpubkey/openpubkey/cosigner -github.com/openpubkey/openpubkey/verifier github.com/openpubkey/openpubkey/providers +github.com/openpubkey/openpubkey/verifier github.com/openpubkey/opkssh/sshcert github.com/openpubkey/openpubkey/client -github.com/openpubkey/opkssh/policy github.com/openpubkey/openpubkey/client/choosers +github.com/openpubkey/opkssh/policy github.com/openpubkey/opkssh/commands github.com/openpubkey/opkssh dh_auto_test -O--builddirectory=_build -O--buildsystem=golang @@ -1393,34 +1429,34 @@ === RUN TestRun/Login_command_with_provider_bad_provider_good_azure_issuer_but_no_client_id_value === RUN TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_id_value === RUN TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_secret_value ---- PASS: TestRun (0.03s) +--- PASS: TestRun (0.01s) --- PASS: TestRun/No_arguments (0.00s) - --- PASS: TestRun/Root_Help_flag (0.00s) + --- PASS: TestRun/Root_Help_flag (0.01s) --- PASS: TestRun/Add_Help_flag (0.00s) --- PASS: TestRun/Login_Help_flag (0.00s) --- PASS: TestRun/Verify_Help_flag (0.00s) - --- PASS: TestRun/Version_flag (0.02s) + --- PASS: TestRun/Version_flag (0.00s) --- PASS: TestRun/Unrecognized_command (0.00s) --- PASS: TestRun/Add_command_with_missing_arguments (0.00s) --- PASS: TestRun/Login_command_with_bad_arguments (0.00s) --- PASS: TestRun/Login_command_with_missing_providers_arguments (0.00s) - --- PASS: TestRun/Login_command_with_provider_bad_provider_value (0.01s) + --- PASS: TestRun/Login_command_with_provider_bad_provider_value (0.00s) --- PASS: TestRun/Login_command_with_provider_bad_provider_issuer_value (0.00s) --- PASS: TestRun/Login_command_with_provider_bad_provider_good_azure_issuer_but_no_client_id_value (0.00s) --- PASS: TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_id_value (0.00s) --- PASS: TestRun/Login_command_with_provider_bad_provider_good_google_issuer_but_no_client_secret_value (0.00s) PASS -ok github.com/openpubkey/opkssh 0.179s +ok github.com/openpubkey/opkssh 0.132s === RUN TestAddErrors --- PASS: TestAddErrors (0.00s) === RUN TestCreateSSHCert ---- PASS: TestCreateSSHCert (2.00s) +--- PASS: TestCreateSSHCert (1.77s) === RUN TestIdentityString ---- PASS: TestIdentityString (3.58s) +--- PASS: TestIdentityString (1.44s) === RUN TestAuthorizedKeysCommand ---- PASS: TestAuthorizedKeysCommand (2.26s) +--- PASS: TestAuthorizedKeysCommand (5.38s) PASS -ok github.com/openpubkey/opkssh/commands 7.928s +ok github.com/openpubkey/opkssh/commands 8.645s ? github.com/openpubkey/opkssh/internal/projectpath [no test files] === RUN TestProvidersPolicyRow_GetExpirationPolicy --- PASS: TestProvidersPolicyRow_GetExpirationPolicy (0.00s) @@ -1490,6 +1526,7 @@ === CONT TestDump_Success --- PASS: TestDump_Success (0.00s) === CONT TestLoadSystemDefaultPolicy_Success +=== CONT TestPolicyApprovedOidcGroupWithAtSign --- PASS: TestLoadSystemDefaultPolicy_Success (0.00s) === CONT TestLoadSystemDefaultPolicy_ErrorFile --- PASS: TestLoadSystemDefaultPolicy_ErrorFile (0.00s) @@ -1507,72 +1544,71 @@ --- PASS: TestLoadUserPolicy_ErrorFile (0.00s) === CONT TestLoadUserPolicy_NoUserHomeDir --- PASS: TestLoadUserPolicy_NoUserHomeDir (0.00s) -=== CONT TestPolicyApprovedOidcGroupWithAtSign -=== CONT TestPolicyDeniedNoUserEntry -=== CONT TestPolicyApprovedOidcGroups -=== CONT TestAddAllowedPrincipal -=== RUN TestAddAllowedPrincipal/empty_policy - policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) - policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User(nil)} -=== RUN TestAddAllowedPrincipal/non-empty_policy._user_not_found - policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=bob@example.com) - policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} -=== RUN TestAddAllowedPrincipal/user_already_exists._new_principal - policy_test.go:128: AddAllowedPrincipal(principal=test3, userEmail=alice@example.com) - policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} -2025/04/06 23:58:06 Successfully added user with email alice@example.com with principal test3 to the policy file -=== RUN TestAddAllowedPrincipal/user_already_exists._principal_not_new. - policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) - policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} -2025/04/06 23:58:06 User with email alice@example.com already has access under the principal test, skipping... ---- PASS: TestAddAllowedPrincipal (0.00s) - --- PASS: TestAddAllowedPrincipal/empty_policy (0.00s) - --- PASS: TestAddAllowedPrincipal/non-empty_policy._user_not_found (0.00s) - --- PASS: TestAddAllowedPrincipal/user_already_exists._new_principal (0.00s) - --- PASS: TestAddAllowedPrincipal/user_already_exists._principal_not_new. (0.00s) === CONT TestLoad === RUN TestLoad/both_policies_are_missing multipolicyloader_test.go:187: Root policy: (*policy.Policy)(nil) multipolicyloader_test.go:188: User policy: (*policy.Policy)(nil) -2025/04/06 23:58:06 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist -2025/04/06 23:58:06 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH +2026/05/11 08:25:34 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +2026/05/11 08:25:34 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH === RUN TestLoad/only_root_policy_exists multipolicyloader_test.go:187: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} multipolicyloader_test.go:188: User policy: (*policy.Policy)(nil) -2025/04/06 23:58:06 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH +2026/05/11 08:25:34 warning: failed to load user policy: failed to read user policy file /home/foo/.opk/auth_id: error reading foo home policy using command sudo -n /usr/local/bin/opkssh readhome foo got output and err exec: "sudo": executable file not found in $PATH === RUN TestLoad/only_user_policy_exists multipolicyloader_test.go:187: Root policy: (*policy.Policy)(nil) multipolicyloader_test.go:188: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo", "bob"}, Issuer:"https://example.com"}}} -2025/04/06 23:58:06 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist +2026/05/11 08:25:34 warning: failed to load system default policy: failed to read system default policy file /etc/opk/auth_id: failed to describe the file at path: open /etc/opk/auth_id: file does not exist === RUN TestLoad/both_user_and_root_policy_exist multipolicyloader_test.go:187: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} multipolicyloader_test.go:188: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"foo"}, Issuer:"https://example.com"}}} === RUN TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries multipolicyloader_test.go:187: Root policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} multipolicyloader_test.go:188: User policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"bob@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}, policy.User{IdentityAttribute:"charlie@example.com", Principals:[]string{"test", "test2", "test3"}, Issuer:"https://example.com"}}} -2025/04/06 23:58:06 warning: user policy /home/foo/.opk/auth_id has no valid user entries; an entry is considered valid if it gives foo access. +2026/05/11 08:25:34 warning: user policy /home/foo/.opk/auth_id has no valid user entries; an entry is considered valid if it gives foo access. --- PASS: TestLoad (0.00s) --- PASS: TestLoad/both_policies_are_missing (0.00s) --- PASS: TestLoad/only_root_policy_exists (0.00s) --- PASS: TestLoad/only_user_policy_exists (0.00s) --- PASS: TestLoad/both_user_and_root_policy_exist (0.00s) --- PASS: TestLoad/both_user_and_root_policy_exist_but_no_valid_user_policy_entries (0.00s) +=== CONT TestAddAllowedPrincipal +=== RUN TestAddAllowedPrincipal/empty_policy + policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) + policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User(nil)} +=== RUN TestAddAllowedPrincipal/non-empty_policy._user_not_found + policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=bob@example.com) + policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} +=== RUN TestAddAllowedPrincipal/user_already_exists._new_principal + policy_test.go:128: AddAllowedPrincipal(principal=test3, userEmail=alice@example.com) + policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test", "test2"}, Issuer:"https://example.com"}}} +2026/05/11 08:25:34 Successfully added user with email alice@example.com with principal test3 to the policy file +=== RUN TestAddAllowedPrincipal/user_already_exists._principal_not_new. + policy_test.go:128: AddAllowedPrincipal(principal=test, userEmail=alice@example.com) + policy_test.go:129: Initial policy: &policy.Policy{Users:[]policy.User{policy.User{IdentityAttribute:"alice@example.com", Principals:[]string{"test"}, Issuer:"https://example.com"}}} +2026/05/11 08:25:34 User with email alice@example.com already has access under the principal test, skipping... +--- PASS: TestAddAllowedPrincipal (0.00s) + --- PASS: TestAddAllowedPrincipal/empty_policy (0.00s) + --- PASS: TestAddAllowedPrincipal/non-empty_policy._user_not_found (0.00s) + --- PASS: TestAddAllowedPrincipal/user_already_exists._new_principal (0.00s) + --- PASS: TestAddAllowedPrincipal/user_already_exists._principal_not_new. (0.00s) === CONT TestPolicyDeniedMissingOidcGroupsClaim -=== CONT TestPolicyDeniedBadUser +=== CONT TestPolicyDeniedOidcGroups +=== CONT TestPolicyApprovedOidcGroups === CONT TestPolicyDeniedWrongIssuer +=== CONT TestPolicyDeniedNoUserEntry +=== CONT TestPolicyDeniedBadUser === CONT TestPolicyEmailDifferentCase -=== CONT TestPolicyDeniedOidcGroups ---- PASS: TestPolicyApprovedOidcGroups (1.26s) ---- PASS: TestPolicyApprovedOidcGroupWithAtSign (2.81s) ---- PASS: TestPolicyDeniedMissingOidcGroupsClaim (2.85s) ---- PASS: TestPolicyApproved (3.26s) ---- PASS: TestPolicyDeniedNoUserEntry (3.27s) ---- PASS: TestPolicyEmailDifferentCase (3.62s) ---- PASS: TestPolicyDeniedBadUser (4.47s) ---- PASS: TestPolicyDeniedOidcGroups (4.61s) ---- PASS: TestPolicyDeniedWrongIssuer (5.39s) +--- PASS: TestPolicyEmailDifferentCase (0.82s) +--- PASS: TestPolicyDeniedOidcGroups (1.20s) +--- PASS: TestPolicyDeniedBadUser (1.59s) +--- PASS: TestPolicyDeniedWrongIssuer (1.86s) +--- PASS: TestPolicyApprovedOidcGroupWithAtSign (2.28s) +--- PASS: TestPolicyApprovedOidcGroups (2.36s) +--- PASS: TestPolicyDeniedMissingOidcGroupsClaim (2.68s) +--- PASS: TestPolicyDeniedNoUserEntry (3.57s) +--- PASS: TestPolicyApproved (4.33s) PASS -ok github.com/openpubkey/opkssh/policy 5.544s +ok github.com/openpubkey/opkssh/policy 4.420s === RUN TestLog === RUN TestLog/empty === RUN TestLog/single_entry @@ -1587,25 +1623,25 @@ --- PASS: TestLog/check_clear (0.00s) === RUN TestPermissionsChecker === RUN TestPermissionsChecker/simple_happy_path_(all_match) -2025/04/06 23:58:06 Running, command: stat -c %U %G /test_file -2025/04/06 23:58:06 Got output: testOwner testGroup +2026/05/11 08:25:34 Running, command: stat -c %U %G /test_file +2026/05/11 08:25:34 Got output: testOwner testGroup === RUN TestPermissionsChecker/simple_happy_path_(owner_not_checked) -2025/04/06 23:58:06 Running, command: stat -c %U %G /test_file -2025/04/06 23:58:06 Got output: testOwner testGroup +2026/05/11 08:25:34 Running, command: stat -c %U %G /test_file +2026/05/11 08:25:34 Got output: testOwner testGroup === RUN TestPermissionsChecker/simple_happy_path_(group_not_checked) -2025/04/06 23:58:06 Running, command: stat -c %U %G /test_file -2025/04/06 23:58:06 Got output: testOwner testGroup +2026/05/11 08:25:34 Running, command: stat -c %U %G /test_file +2026/05/11 08:25:34 Got output: testOwner testGroup === RUN TestPermissionsChecker/simple_happy_path_(only_perm_checked) === RUN TestPermissionsChecker/error_(owner_doesn't_match) -2025/04/06 23:58:06 Running, command: stat -c %U %G /test_file -2025/04/06 23:58:06 Got output: testOwner testGroup +2026/05/11 08:25:34 Running, command: stat -c %U %G /test_file +2026/05/11 08:25:34 Got output: testOwner testGroup === RUN TestPermissionsChecker/error_(owner_doesn't_match)#01 -2025/04/06 23:58:06 Running, command: stat -c %U %G /test_file -2025/04/06 23:58:06 Got output: testOwner testGroup +2026/05/11 08:25:34 Running, command: stat -c %U %G /test_file +2026/05/11 08:25:34 Got output: testOwner testGroup === RUN TestPermissionsChecker/error_(perms_don't_match) === RUN TestPermissionsChecker/error_(stat_command_error) -2025/04/06 23:58:06 Running, command: stat -c %U %G /test_file -2025/04/06 23:58:06 Got output: +2026/05/11 08:25:34 Running, command: stat -c %U %G /test_file +2026/05/11 08:25:34 Got output: --- PASS: TestPermissionsChecker (0.00s) --- PASS: TestPermissionsChecker/simple_happy_path_(all_match) (0.00s) --- PASS: TestPermissionsChecker/simple_happy_path_(owner_not_checked) (0.00s) @@ -1628,7 +1664,7 @@ --- PASS: TestToTable/multiple_rows_with_comment (0.00s) --- PASS: TestToTable/realistic_input (0.00s) PASS -ok github.com/openpubkey/opkssh/policy/files 0.096s +ok github.com/openpubkey/opkssh/policy/files 0.045s === RUN TestCASignerCreation === PAUSE TestCASignerCreation === RUN TestInvalidSshPublicKey @@ -1636,13 +1672,13 @@ === RUN TestSshCertCreation === PAUSE TestSshCertCreation === CONT TestCASignerCreation -=== CONT TestInvalidSshPublicKey === CONT TestSshCertCreation ---- PASS: TestCASignerCreation (0.03s) ---- PASS: TestInvalidSshPublicKey (1.21s) ---- PASS: TestSshCertCreation (3.54s) +=== CONT TestInvalidSshPublicKey +--- PASS: TestCASignerCreation (0.04s) +--- PASS: TestInvalidSshPublicKey (0.85s) +--- PASS: TestSshCertCreation (2.17s) PASS -ok github.com/openpubkey/opkssh/sshcert 3.592s +ok github.com/openpubkey/opkssh/sshcert 2.252s create-stamp debian/debhelper-build-stamp dh_testroot -O--builddirectory=_build -O--buildsystem=golang dh_prep -O--builddirectory=_build -O--buildsystem=golang @@ -1669,9 +1705,9 @@ dpkg-gencontrol: warning: package opkssh: substitution variable ${misc:Static-Built-Using} unused, but is defined dh_md5sums -O--builddirectory=_build -O--buildsystem=golang dh_builddeb -O--builddirectory=_build -O--buildsystem=golang +dpkg-deb: building package 'opkssh' in '../opkssh_0.4.0-1_arm64.deb'. dpkg-deb: building package 'golang-github-openpubkey-opkssh-dev' in '../golang-github-openpubkey-opkssh-dev_0.4.0-1_all.deb'. dpkg-deb: building package 'opkssh-dbgsym' in '../opkssh-dbgsym_0.4.0-1_arm64.deb'. -dpkg-deb: building package 'opkssh' in '../opkssh_0.4.0-1_arm64.deb'. dpkg-genbuildinfo --build=binary -O../opkssh_0.4.0-1_arm64.buildinfo dpkg-genchanges --build=binary -O../opkssh_0.4.0-1_arm64.changes dpkg-genchanges: info: binary-only upload (no source code included) @@ -1679,12 +1715,14 @@ dpkg-buildpackage: info: binary-only upload (no source included) dpkg-genchanges: info: including full source code in upload I: copying local configuration +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/3386320/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/3773554 and its subdirectories -I: Current time: Sun Apr 6 23:58:49 -12 2025 -I: pbuilder-time-stamp: 1744027129 +I: removing directory /srv/workspace/pbuilder/3386320 and its subdirectories +I: Current time: Mon May 11 08:26:18 +14 2026 +I: pbuilder-time-stamp: 1778437578