Source: gitsign
Version: 0.13.0-1
Severity: serious
Justification: FTBFS
Tags: trixie sid ftbfs
User: lucas@debian.org
Usertags: ftbfs-20250520 ftbfs-trixie

Hi,

During a rebuild of all packages in testing (trixie), your package failed
to build on arm64.


Relevant part (hopefully):

dh_auto_test -a -O--builddirectory=_build -O--buildsystem=golang
cd _build && go test -vet=off -v -p 8 github.com/sigstore/gitsign github.com/sigstore/gitsign/cmd/gitsign-credential-cache github.com/sigstore/gitsign/docs/cli github.com/sigstore/gitsign/internal github.com/sigstore/gitsign/internal/attest github.com/

sigstore/gitsign/internal/cache github.com/sigstore/gitsign/internal/cache/api github.com/sigstore/gitsign/internal/cache/service github.com/sigstore/gitsign/internal/cert github.com/sigstore/gitsign/internal/commands/attest github.com/sigstore/gitsign/
internal/commands/initialize github.com/sigstore/gitsign/internal/commands/root github.com/sigstore/gitsign/internal/commands/show github.com/sigstore/gitsign/internal/commands/verify github.com/sigstore/gitsign/internal/commands/verify-tag github.com/
sigstore/gitsign/internal/commands/version github.com/sigstore/gitsign/internal/config github.com/sigstore/gitsign/internal/fork/ietf-cms github.com/sigstore/gitsign/internal/fork/ietf-cms/timestamp github.com/sigstore/gitsign/internal/fulcio github.com/
sigstore/gitsign/internal/fulcio/fulcioroots github.com/sigstore/gitsign/internal/git github.com/sigstore/gitsign/internal/git/gittest github.com/sigstore/gitsign/internal/gitsign github.com/sigstore/gitsign/internal/gpg github.com/sigstore/gitsign/
internal/io github.com/sigstore/gitsign/internal/rekor github.com/sigstore/gitsign/internal/rekor/oid github.com/sigstore/gitsign/internal/signature github.com/sigstore/gitsign/internal/signerverifier github.com/sigstore/gitsign/pkg/fulcio github.com/
sigstore/gitsign/pkg/git github.com/sigstore/gitsign/pkg/gitsign github.com/sigstore/gitsign/pkg/predicate github.com/sigstore/gitsign/pkg/rekor github.com/sigstore/gitsign/pkg/version

? github.com/sigstore/gitsign [no test files]
? github.com/sigstore/gitsign/cmd/gitsign-credential-cache [no test files]
? github.com/sigstore/gitsign/docs/cli [no test files]
=== RUN TestStripUrl
--- PASS: TestStripUrl (0.00s)
PASS
ok github.com/sigstore/gitsign/internal 0.023s
=== RUN TestAttestCommitRef
=== RUN TestAttestCommitRef/base
LogEntry ID foo 1
=== RUN TestAttestCommitRef/noop
LogEntry ID foo 1
=== RUN TestAttestCommitRef/new_commit
LogEntry ID foo 1
--- PASS: TestAttestCommitRef (0.00s)
--- PASS: TestAttestCommitRef/base (0.00s)
--- PASS: TestAttestCommitRef/noop (0.00s)
--- PASS: TestAttestCommitRef/new_commit (0.00s)
=== RUN TestAttestTreeRef
=== RUN TestAttestTreeRef/base
LogEntry ID foo 1
=== RUN TestAttestTreeRef/noop
LogEntry ID foo 1
=== RUN TestAttestTreeRef/new_commit_same_tree
LogEntry ID foo 1
=== RUN TestAttestTreeRef/new_commit_new_tree
LogEntry ID foo 1
--- PASS: TestAttestTreeRef (0.01s)
--- PASS: TestAttestTreeRef/base (0.00s)
--- PASS: TestAttestTreeRef/noop (0.00s)
--- PASS: TestAttestTreeRef/new_commit_same_tree (0.00s)
--- PASS: TestAttestTreeRef/new_commit_new_tree (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/attest 0.119s
=== RUN TestCache
Get sbuild@/build/reproducible-path/gitsign-0.13.0/_build/src/github.com/sigstore/gitsign/internal/cache
Store sbuild@/build/reproducible-path/gitsign-0.13.0/_build/src/github.com/sigstore/gitsign/internal/cache
Get sbuild@/build/reproducible-path/gitsign-0.13.0/_build/src/github.com/sigstore/gitsign/internal/cache
gitsign-credential-cache: found credential!
Get sbuild@/build/reproducible-path/gitsign-0.13.0/_build/src/github.com/sigstore/gitsign/internal/cache
gitsign-credential-cache: found credential!
--- PASS: TestCache (0.45s)
PASS
ok github.com/sigstore/gitsign/internal/cache 0.474s
? github.com/sigstore/gitsign/internal/cache/api [no test files]
? github.com/sigstore/gitsign/internal/cache/service [no test files] ? github.com/sigstore/gitsign/internal/cert [no test files]
? github.com/sigstore/gitsign/internal/commands/attest [no test files] ? github.com/sigstore/gitsign/internal/commands/initialize [no test files]
? github.com/sigstore/gitsign/internal/commands/root [no test files] === RUN TestShow
=== RUN TestShow/fulcio-cert
=== RUN TestShow/gpg
--- PASS: TestShow (0.00s)
--- PASS: TestShow/fulcio-cert (0.00s)
--- PASS: TestShow/gpg (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/commands/show 0.028s
? github.com/sigstore/gitsign/internal/commands/verify [no test files] ? github.com/sigstore/gitsign/internal/commands/verify-tag [no test files]
? github.com/sigstore/gitsign/internal/commands/version [no test files] === RUN TestGet
--- PASS: TestGet (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/config 0.022s
=== RUN TestSign
--- PASS: TestSign (0.01s)
=== RUN TestSignDetached
sign_test.go:104: expected SigningTime to be now. Difference was -1.000503699s
--- FAIL: TestSignDetached (0.01s)
=== RUN TestSignDetachedWithOpenSSL
--- PASS: TestSignDetachedWithOpenSSL (0.04s)
=== RUN TestSignRemoveHeaders
--- PASS: TestSignRemoveHeaders (0.01s)
=== RUN TestAddTimestamps
--- PASS: TestAddTimestamps (0.06s)
=== RUN TestTimestampsVerifications
--- PASS: TestTimestampsVerifications (1.40s)
=== RUN TestVerify
--- PASS: TestVerify (0.00s)
=== RUN TestVerifyGPGSMAttached
--- PASS: TestVerifyGPGSMAttached (0.00s)
=== RUN TestVerifyGPGSMDetached
--- PASS: TestVerifyGPGSMDetached (0.00s)
=== RUN TestVerifyGPGSMNoCerts
--- PASS: TestVerifyGPGSMNoCerts (0.00s)
=== RUN TestVerifyOpenSSLAttached
--- PASS: TestVerifyOpenSSLAttached (0.00s)
=== RUN TestVerifyOpenSSLDetached
--- PASS: TestVerifyOpenSSLDetached (0.00s)
=== RUN TestVerifyChain
--- PASS: TestVerifyChain (0.02s)
=== RUN TestVerifyDSAWithSHA1
--- PASS: TestVerifyDSAWithSHA1 (0.00s)
FAIL
FAIL github.com/sigstore/gitsign/internal/fork/ietf-cms 6.642s
=== RUN TestRequestDo
--- PASS: TestRequestDo (0.00s)
=== RUN TestRequestMatches
--- PASS: TestRequestMatches (0.00s)
=== RUN TestGenerateNonce
--- PASS: TestGenerateNonce (0.00s)
=== RUN TestMessageImprint
--- PASS: TestMessageImprint (0.00s)
=== RUN TestErrorResponse
--- PASS: TestErrorResponse (0.00s)
=== RUN TestPKIFreeText
--- PASS: TestPKIFreeText (0.00s)
=== RUN TestTSTInfo
--- PASS: TestTSTInfo (0.00s)
=== RUN TestParseTimestampSymantec
--- PASS: TestParseTimestampSymantec (0.00s)
=== RUN TestParseTimestampSymantecWithCerts
--- PASS: TestParseTimestampSymantecWithCerts (0.00s)
=== RUN TestParseTimestampDigicert
--- PASS: TestParseTimestampDigicert (0.00s)
=== RUN TestParseTimestampComodo
--- PASS: TestParseTimestampComodo (0.00s)
=== RUN TestParseTimestampGlobalSign
--- PASS: TestParseTimestampGlobalSign (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/fork/ietf-cms/timestamp 0.030s ? github.com/sigstore/gitsign/internal/fulcio [no test files]
=== RUN TestNew
=== RUN TestNew/FromFile
=== RUN TestNew/Static
=== RUN TestNew/None
--- PASS: TestNew (0.69s)
--- PASS: TestNew/FromFile (0.00s)
--- PASS: TestNew/Static (0.00s)
--- PASS: TestNew/None (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/fulcio/fulcioroots 0.714s
? github.com/sigstore/gitsign/internal/git [no test files]
? github.com/sigstore/gitsign/internal/git/gittest [no test files] === RUN TestVerify
--- PASS: TestVerify (0.02s)
PASS
ok github.com/sigstore/gitsign/internal/gitsign 0.118s
? github.com/sigstore/gitsign/internal/gpg [no test files]
? github.com/sigstore/gitsign/internal/io [no test files]
? github.com/sigstore/gitsign/internal/rekor [no test files]
=== RUN TestOID
--- PASS: TestOID (0.00s)
=== RUN TestConvert
--- PASS: TestConvert (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/rekor/oid 0.059s
=== RUN TestMatchSAN
=== RUN TestMatchSAN/email_match
=== RUN TestMatchSAN/uri_match
=== RUN TestMatchSAN/no_match
--- PASS: TestMatchSAN (0.00s)
--- PASS: TestMatchSAN/email_match (0.00s)
--- PASS: TestMatchSAN/uri_match (0.00s)
--- PASS: TestMatchSAN/no_match (0.00s)
PASS
ok github.com/sigstore/gitsign/internal/signature 0.077s
? github.com/sigstore/gitsign/internal/signerverifier [no test files] === RUN TestKeyAlgorithm
=== RUN TestKeyAlgorithm/ecdsa
=== RUN TestKeyAlgorithm/fulcio
=== RUN TestKeyAlgorithm/#00
--- PASS: TestKeyAlgorithm (0.00s)
--- PASS: TestKeyAlgorithm/ecdsa (0.00s)
--- PASS: TestKeyAlgorithm/fulcio (0.00s)
--- PASS: TestKeyAlgorithm/#00 (0.00s)
=== RUN TestGetCert
--- PASS: TestGetCert (0.00s)
PASS
ok github.com/sigstore/gitsign/pkg/fulcio 0.048s
=== RUN TestObjectHash
=== RUN TestObjectHash/tag
=== RUN TestObjectHash/commit
--- PASS: TestObjectHash (0.00s)
--- PASS: TestObjectHash/tag (0.00s)
--- PASS: TestObjectHash/commit (0.00s)
=== RUN TestSignVerify
=== RUN TestSignVerify/detached(true)
=== RUN TestSignVerify/detached(true)/VerifySignature
=== RUN TestSignVerify/detached(true)/CertVerifier.Verify
=== RUN TestSignVerify/detached(false)
=== RUN TestSignVerify/detached(false)/VerifySignature
=== RUN TestSignVerify/detached(false)/CertVerifier.Verify
--- PASS: TestSignVerify (0.44s)
--- PASS: TestSignVerify/detached(true) (0.01s)
--- PASS: TestSignVerify/detached(true)/VerifySignature (0.00s)
--- PASS: TestSignVerify/detached(true)/CertVerifier.Verify (0.00s)
--- PASS: TestSignVerify/detached(false) (0.01s)
--- PASS: TestSignVerify/detached(false)/VerifySignature (0.00s)
--- PASS: TestSignVerify/detached(false)/CertVerifier.Verify (0.00s) PASS
ok github.com/sigstore/gitsign/pkg/git 0.465s
? github.com/sigstore/gitsign/pkg/gitsign [no test files]
? github.com/sigstore/gitsign/pkg/predicate [no test files]
? github.com/sigstore/gitsign/pkg/rekor [no test files]
=== RUN TestVersionText
--- PASS: TestVersionText (0.00s)
=== RUN TestEnv
--- PASS: TestEnv (0.00s)
PASS
ok github.com/sigstore/gitsign/pkg/version 0.011s
FAIL
dh_auto_test: error: cd _build && go test -vet=off -v -p 8 github.com/sigstore/gitsign github.com/sigstore/gitsign/cmd/gitsign-credential-cache github.com/sigstore/gitsign/docs/cli github.com/sigstore/gitsign/internal github.com/sigstore/gitsign/

internal/attest github.com/sigstore/gitsign/internal/cache github.com/sigstore/gitsign/internal/cache/api github.com/sigstore/gitsign/internal/cache/service github.com/sigstore/gitsign/internal/cert github.com/sigstore/gitsign/internal/commands/attest
github.com/sigstore/gitsign/internal/commands/initialize github.com/sigstore/gitsign/internal/commands/root github.com/sigstore/gitsign/internal/commands/show github.com/sigstore/gitsign/internal/commands/verify github.com/sigstore/gitsign/internal/
commands/verify-tag github.com/sigstore/gitsign/internal/commands/version github.com/sigstore/gitsign/internal/config github.com/sigstore/gitsign/internal/fork/ietf-cms github.com/sigstore/gitsign/internal/fork/ietf-cms/timestamp github.com/sigstore/
gitsign/internal/fulcio github.com/sigstore/gitsign/internal/fulcio/fulcioroots github.com/sigstore/gitsign/internal/git github.com/sigstore/gitsign/internal/git/gittest github.com/sigstore/gitsign/internal/gitsign github.com/sigstore/gitsign/internal/
gpg github.com/sigstore/gitsign/internal/io github.com/sigstore/gitsign/internal/rekor github.com/sigstore/gitsign/internal/rekor/oid github.com/sigstore/gitsign/internal/signature github.com/sigstore/gitsign/internal/signerverifier github.com/sigstore/
gitsign/pkg/fulcio github.com/sigstore/gitsign/pkg/git github.com/sigstore/gitsign/pkg/gitsign github.com/sigstore/gitsign/pkg/predicate github.com/sigstore/gitsign/pkg/rekor github.com/sigstore/gitsign/pkg/version returned exit code 1


The full build log is available from: http://qa-logs.debian.net/2025/05/20/gitsign_0.13.0-1_testing-arm64.log

All bugs filed during this archive rebuild are listed at: https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ftbfs-20250520;users=lucas@debian.org
or: https://udd.debian.org/bugs/?release=na&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=ftbfs-20250520&fusertaguser=lucas@debian.org&allbugs=1&cseverity=1&ctags=1&caffected=1#results

A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute!

If you reassign this bug to another package, please mark it as 'affects'-ing this package. See https://www.debian.org/Bugs/server-control#affects

If you fail to reproduce this, please provide a build log and diff it with mine so that we can identify if something relevant changed in the meantime.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format.
tags 1106316 patch
thanks

Hello.

There was already a patch called

0001-Don-t-hard-fail-on-slow-systems.-624.patch

to fix a similar problem in another test. If you were to do the same
with "TestSignDetached", which is the failing test now, I suppose you
would do as in the attached patch.

This is however different than the fix I see here:

https://github.com/sigstore/gitsign/pull/664/commits/39f7bdbc0c3b0267fa25f26f317366da7022a4af

so I hope you can determine which one is the good fix.

BTW: I tested building the package on a arm64 machine with 1 CPU, which is supposed
to be "slow", and the build was successful (but I only tried once). I believe this
issue has nothing to do with the architecture.

Thanks. LS0tIGdpdHNpZ24tMC4xMy4wLm9yaWcvaW50ZXJuYWwvZm9yay9pZXRmLWNtcy9zaWduX3Rl c3QuZ28KKysrIGdpdHNpZ24tMC4xMy4wL2ludGVybmFsL2ZvcmsvaWV0Zi1jbXMvc2lnbl90 ZXN0LmdvCkBAIC0xMDEsNyArMTAxLDkgQEAgZnVuYyBUZXN0U2lnbkRldGFjaGVkKHQgKnRl c3RpbmcuVCkgewogCS8vIGNoZWNrIHRoYXQgd2UncmUgaW5jbHVkaW5nIHNpZ25pbmcgdGlt ZSBhdHRyaWJ1dGUKIAlzdCwgZXJyIDo9IHNkMi5wc2QuU2lnbmVySW5mb3NbMF0uR2V0U2ln bmluZ1RpbWVBdHRyaWJ1dGUoKQogCWlmIHN0LkFmdGVyKHRpbWUuTm93KCkuQWRkKHRpbWUu U2Vjb25kKSkgfHwgc3QuQmVmb3JlKHRpbWUuTm93KCkuQWRkKC10aW1lLlNlY29uZCkpIHsK LQkJdC5GYXRhbCgiZXhwZWN0ZWQgU2lnbmluZ1RpbWUgdG8gYmUgbm93LiBEaWZmZXJlbmNl IHdhcyIsIHN0LlN1Yih0aW1lLk5vdygpKSkKKwkJaWYgc3QuU3ViKHRpbWUuTm93KCkpID4g NSB7CisJCQl0LkZhdGFsKCJleHBlY3RlZCBTaWduaW5nVGltZSB0byBiZSBub3cuIERpZmZl cmVuY2Ugd2FzIiwgc3QuU3ViKHRpbWUuTm93KCkpKQorCQl9CiAJfQogfQogCg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is a multi-part message in MIME format...

Your message dated Mon, 02 Jun 2025 07:18:57 +0000
with message-id <E1uLzRh-007jlh-3K@fasolo.debian.org>
and subject line Bug#1106316: fixed in gitsign 0.13.0-2
has caused the Debian Bug report #1106316,
regarding gitsign: FTBFS in testing/arm64: dh_auto_test fails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
1106316: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106316
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Received: (at submit) by bugs.debian.org; 22 May 2025 18:57:55 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
(2021-04-09) on buxtehude.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-105.4 required=4.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,
FROMDEVELOPER,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,
USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST autolearn=ham
autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 80; hammy, 150; neutral, 212; spammy,
0. spammytokens:
hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
0.000-+--H*RT:311, 0.000-+--H*RT:108
Return-path: <lucas@debian.org>
Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:10