Diff of the two buildlogs: -- --- b1/build.log 2023-04-07 22:07:13.093955420 +0000 +++ b2/build.log 2023-04-07 22:08:50.366713278 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Thu May 9 16:29:11 -12 2024 -I: pbuilder-time-stamp: 1715315351 +I: Current time: Sat Apr 8 12:07:17 +14 2023 +I: pbuilder-time-stamp: 1680905237 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/bookworm-reproducible-base.tgz] I: copying local configuration @@ -16,7 +16,7 @@ I: copying [./ruby-sanitize_6.0.0.orig.tar.gz] I: copying [./ruby-sanitize_6.0.0-1.1.debian.tar.xz] I: Extracting source -gpgv: Signature made Mon Feb 20 07:44:02 2023 -12 +gpgv: Signature made Tue Feb 21 09:44:02 2023 +14 gpgv: using RSA key 4644409808C171E05531DDEE054CB8F31343CF44 gpgv: issuer "carnil@debian.org" gpgv: Can't check signature: No public key @@ -31,11 +31,20 @@ dpkg-source: info: applying Always-remove-noscript-elements.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/27500/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D01_modify_environment starting +debug: Running on codethink12-arm64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +lrwxrwxrwx 1 root root 4 Jan 6 03:20 /bin/sh -> dash +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D02_print_environment starting I: set BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME='pbuilder2' BUILD_ARCH='arm64' DEBIAN_FRONTEND='noninteractive' DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=8' @@ -45,38 +54,38 @@ IFS=' ' LANG='C' - LANGUAGE='en_US:en' + LANGUAGE='nl_BE:nl' LC_ALL='C' MAIL='/var/mail/root' OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' + PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path' PBCURRENTCOMMANDLINEOPERATION='build' PBUILDER_OPERATION='build' PBUILDER_PKGDATADIR='/usr/share/pbuilder' PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' PBUILDER_SYSCONFDIR='/etc' - PPID='27500' + PPID='12600' PS1='# ' PS2='> ' PS4='+ ' PWD='/' SHELL='/bin/bash' SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/pbuilderrc_PWvx --distribution bookworm --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/b1 --logfile b1/build.log ruby-sanitize_6.0.0-1.1.dsc' + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/pbuilderrc_DztI --distribution bookworm --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/bookworm-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/r-b-build.MOn1elEL/b2 --logfile b2/build.log --extrapackages usrmerge ruby-sanitize_6.0.0-1.1.dsc' SUDO_GID='117' SUDO_UID='110' SUDO_USER='jenkins' TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' + TZ='/usr/share/zoneinfo/Etc/GMT-14' USER='root' USERNAME='root' _='/usr/bin/systemd-run' http_proxy='http://192.168.101.16:3128' I: uname -a - Linux codethink13-arm64 4.15.0-208-generic #220-Ubuntu SMP Mon Mar 20 14:28:12 UTC 2023 aarch64 GNU/Linux + Linux i-capture-the-hostname 4.15.0-208-generic #220-Ubuntu SMP Mon Mar 20 14:28:12 UTC 2023 aarch64 GNU/Linux I: ls -l /bin - lrwxrwxrwx 1 root root 7 May 7 04:48 /bin -> usr/bin -I: user script /srv/workspace/pbuilder/27500/tmp/hooks/D02_print_environment finished + lrwxrwxrwx 1 root root 7 Apr 7 00:25 /bin -> usr/bin +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -253,7 +262,7 @@ Get: 129 http://deb.debian.org/debian bookworm/main arm64 ruby-mini-portile2 all 2.8.1-1 [17.4 kB] Get: 130 http://deb.debian.org/debian bookworm/main arm64 ruby-pkg-config all 1.5.1-1 [8332 B] Get: 131 http://deb.debian.org/debian bookworm/main arm64 ruby-nokogiri arm64 1.13.10+dfsg-2+b1 [247 kB] -Fetched 45.8 MB in 6s (7224 kB/s) +Fetched 45.8 MB in 3s (17.4 MB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libpython3.11-minimal:arm64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19616 files and directories currently installed.) @@ -800,8 +809,17 @@ Writing extended state information... Building tag database... -> Finished parsing the build-deps +Reading package lists... +Building dependency tree... +Reading state information... +usrmerge is already the newest version (35). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. I: Building the package -I: Running cd /build/ruby-sanitize-6.0.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-genchanges -S > ../ruby-sanitize_6.0.0-1.1_source.changes +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/A99_set_merged_usr starting +Re-configuring usrmerge... +I: user script /srv/workspace/pbuilder/12600/tmp/hooks/A99_set_merged_usr finished +hostname: Temporary failure in name resolution +I: Running cd /build/ruby-sanitize-6.0.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-genchanges -S > ../ruby-sanitize_6.0.0-1.1_source.changes dpkg-buildpackage: info: source package ruby-sanitize dpkg-buildpackage: info: source version 6.0.0-1.1 dpkg-buildpackage: info: source distribution unstable @@ -830,7 +848,7 @@ dh_prep -O--buildsystem=ruby dh_auto_install --destdir=debian/ruby-sanitize/ -O--buildsystem=ruby dh_ruby --install /build/ruby-sanitize-6.0.0/debian/ruby-sanitize -/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20240509-1598-7x425a/gemspec +/usr/bin/ruby3.1 -S gem build --config-file /dev/null --verbose /tmp/d20230408-24272-iy5gvo/gemspec Failed to load /dev/null because it doesn't contain valid YAML hash WARNING: open-ended dependency on nokogiri (>= 1.12.0) is not recommended if nokogiri is semantically versioned, use: @@ -840,7 +858,7 @@ Name: sanitize Version: 6.0.0 File: sanitize-6.0.0.gem -/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-sanitize/usr/share/rubygems-integration/all /tmp/d20240509-1598-7x425a/sanitize-6.0.0.gem +/usr/bin/ruby3.1 -S gem install --config-file /dev/null --verbose --local --verbose --no-document --ignore-dependencies --install-dir debian/ruby-sanitize/usr/share/rubygems-integration/all /tmp/d20230408-24272-iy5gvo/sanitize-6.0.0.gem Failed to load /dev/null because it doesn't contain valid YAML hash /build/ruby-sanitize-6.0.0/debian/ruby-sanitize/usr/share/rubygems-integration/all/gems/sanitize-6.0.0/lib/sanitize.rb /build/ruby-sanitize-6.0.0/debian/ruby-sanitize/usr/share/rubygems-integration/all/gems/sanitize-6.0.0/lib/sanitize/config.rb @@ -885,289 +903,289 @@ RUBYLIB=. GEM_PATH=/build/ruby-sanitize-6.0.0/debian/ruby-sanitize/usr/share/rubygems-integration/all:/build/ruby-sanitize-6.0.0/debian/.debhelper/generated/_source/home/.local/share/gem/ruby/3.1.0:/var/lib/gems/3.1.0:/usr/local/lib/ruby/gems/3.1.0:/usr/lib/ruby/gems/3.1.0:/usr/lib/aarch64-linux-gnu/ruby/gems/3.1.0:/usr/share/rubygems-integration/3.1.0:/usr/share/rubygems-integration/all:/usr/lib/aarch64-linux-gnu/rubygems-integration/3.1.0 ruby3.1 -S rake -f debian/ruby-tests.rake /usr/bin/ruby3.1 -w -I"test" /usr/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/rake_test_loader.rb "test/test_clean_comment.rb" "test/test_clean_css.rb" "test/test_clean_doctype.rb" "test/test_clean_element.rb" "test/test_config.rb" "test/test_malicious_css.rb" "test/test_malicious_html.rb" "test/test_parser.rb" "test/test_sanitize.rb" "test/test_sanitize_css.rb" "test/test_transformers.rb" -v /usr/lib/aarch64-linux-gnu/rubygems-integration/3.1.0/gems/nokogiri-1.13.10/lib/nokogiri/version/info.rb:85: warning: possibly useless use of a variable in void context -Run options: -v --seed 37288 +Run options: -v --seed 32533 # Running: -Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.03 s = . -Sanitize::instance methods::#node!#test_0001_should sanitize a Nokogiri::XML::Node = 0.00 s = . +Sanitize::class methods::.node!#test_0001_should sanitize a Nokogiri::XML::Node with the given config = 0.02 s = . +Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . +Sanitize::instance methods::#fragment#test_0003_should not choke on fragments containing or
= 0.00 s = . Sanitize::instance methods::#fragment#test_0007_should strip non-characters = 0.00 s = . +Sanitize::instance methods::#fragment#test_0001_should sanitize an HTML fragment = 0.01 s = . +Sanitize::instance methods::#fragment#test_0005_should normalize newlines = 0.00 s = . Sanitize::instance methods::#fragment#test_0002_should not modify the input string = 0.00 s = . Sanitize::instance methods::#fragment#test_0004_should not choke on frozen fragments = 0.00 s = . -Sanitize::instance methods::#fragment#test_0005_should normalize newlines = 0.00 s = . Sanitize::instance methods::#fragment#test_0006_should strip control characters (except ASCII whitespace) = 0.00 s = . -Sanitize::instance methods::#fragment#test_0001_should sanitize an HTML fragment = 0.00 s = . -Sanitize::instance methods::#fragment#test_0003_should not choke on fragments containing or = 0.00 s = . -Sanitize::initializer#test_0001_should not modify a transformers array in the given config = 0.00 s = . -Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . -Sanitize::class methods::.fragment#test_0001_should sanitize an HTML fragment with the given config = 0.00 s = . -Sanitize::instance methods::#document#test_0005_should strip control characters (except ASCII whitespace) = 0.00 s = . -Sanitize::instance methods::#document#test_0004_should normalize newlines = 0.00 s = . -Sanitize::instance methods::#document#test_0001_should sanitize an HTML document = 0.00 s = . +Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.06 s = . +Sanitize::class methods::.document#test_0001_should sanitize an HTML document with the given config = 0.00 s = . +Sanitize::instance methods::#document#test_0002_should not modify the input string = 0.00 s = . Sanitize::instance methods::#document#test_0003_should not choke on frozen documents = 0.00 s = . +Sanitize::instance methods::#document#test_0004_should normalize newlines = 0.00 s = . Sanitize::instance methods::#document#test_0006_should strip non-characters = 0.00 s = . -Sanitize::instance methods::#document#test_0002_should not modify the input string = 0.00 s = . -Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . -Sanitize::class methods::.node!#test_0001_should sanitize a Nokogiri::XML::Node with the given config = 0.00 s = . -Sanitize::instance methods::#fragment::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH::and :max_tree_depth of -1 is supplied in :parser_options#test_0001_does not raise an ArgumentError exception = 0.02 s = . +Sanitize::instance methods::#document#test_0005_should strip control characters (except ASCII whitespace) = 0.00 s = . +Sanitize::instance methods::#document#test_0001_should sanitize an HTML document = 0.01 s = . +Sanitize::instance methods::#document::when html body exceeds Nokogiri::Gumbo::DEFAULT_MAX_TREE_DEPTH#test_0001_raises an ArgumentError exception = 0.00 s = . +Sanitize::instance methods::#node!#test_0001_should sanitize a Nokogiri::XML::Node = 0.00 s = . +Sanitize::class methods::.fragment#test_0001_should sanitize an HTML fragment with the given config = 0.00 s = . Sanitize::instance methods::#node!::when the given node is a document and isn't allowlisted#test_0001_should raise a Sanitize::Error = 0.00 s = . -Sanitize::class methods::.document#test_0001_should sanitize an HTML document with the given config = 0.00 s = . -Sanitize::CSS::functionality:::at_rules#test_0001_should remove blockless at-rules that aren't allowlisted = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0019_should not allow protocol-based JS injection: spaces and entities = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0002_should clean basic HTML = 0.01 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0010_should not allow protocol-based JS injection: preceding colon = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0004_should clean unclosed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0006_should not allow protocol-based JS injection: simple, no spaces = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0007_should not allow protocol-based JS injection: simple, spaces before = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0013_should not allow protocol-based JS injection: long UTF-8 encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0020_should not allow protocol whitespace = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0011_should not allow protocol-based JS injection: UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0016_should not allow protocol-based JS injection: hex encoding without semicolons = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0015_should not allow protocol-based JS injection: long hex encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0017_should not allow protocol-based JS injection: null char = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0012_should not allow protocol-based JS injection: long UTF-8 encoding = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0005_should clean malicious HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0009_should not allow protocol-based JS injection: simple, spaces before and after = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0003_should clean malformed HTML = 0.00 s = . -Sanitize::Transformers::CleanElement::Relaxed config#test_0008_should not allow protocol-based JS injection: simple, spaces after = 0.00 s = . -Malicious HTML::foreign content bypass in unsafe custom config that allows MathML or SVG#test_0003_forcibly escapes text content inside `