After a long ~5 years (from 2011) journey with approx I finally wanted to switch to something new like apt-cacher-ng. And after a bit of changes I finally managed to get apt-cacher-ng into my work flow.

Just finished my first book of Jonas Jonasson, a Swedish journalist and author. Most famous for his book The Hundred-Year-Old Man Who Climbed Out the Window and Disappeared, but author of two others. The one I read was The Girl Who Saved the King of Sweden, which strange enough became in German Die Analphabetin die rechnen konnte (The analphabet who could compute). The story recounts the countless turns the life of Nombeko Mayeki, a black girl born in Soweto as latrine cleaner, who manages to save the Swedish king as well as most of the world from an atomic desaster by first getting driven over by a drunkard of South African nuclear bomb engineer, then meeting a clique of three Chinese sisters excelling in faking antiquities, and two Mossad agents. With the (unwilling) help of those agents she escapes to Sweden (including the atomic bomb) where she meets twins of a psychotic father who brought them up as one child so that the spare one can eradicate the Swedish monarchy. After many twists and setbacks, including several meetings with the Chinese premier Hu Jintao, she finally manages to get rid of the atomic bomb, get her undercover twin a real identity, and set up a proper life ah, and not to forget, save the King of Sweden! A fast paced, surprisingly funny and lovely story about how little things can change our lives completely.

What happened in the Reproducible Builds effort between June 19th and June 25th 2016. Media coverage

• Holger Levsen gave a talk at openSUSE Conference 2016 explaining the general idea and status of Reproducible Builds. This talk is available as video recording.
• This was followed by Bernhard Wiedemannn, detailing his work on Reproducible Builds for openSUSE which is also available as video recording:
  • openSUSE uses SOURCE_DATE_EPOCH now too
  • How to create bit-for-bit identical RPMs
  • How strip-nondeterminism is Python and thus unsuitable for the openSUSE base system
• Mozilla awarded $77k to work on reproducible builds for Tails. The goal is to enable anyone (given sufficient technical skills and hardware resources) to rebuild from source a given Tails release, in order to independently verify that it matches the ISO image that was published. A substantial part of this work will be done in Debian: for example, to make the side-effects of some packages' post-installation scripts deterministic. On the longer term, this work should benefit other projects that want to make their own builds reproducible (e.g. operating system images for the cloud and embedded systems, operating system installation media, other Live systems).

GSoC and Outreachy updates

• Valerie Young published a report detailing what she did the last week regarding improving tests.reproducible-builds.org/debian.
• Ceridwen announced reprotest's arrival in the NEW queue and discussed autopkgtest's layout.

Toolchain fixes

• Anton Gladky uploaded an NMU of python-setuptools, which sorts entries in native_libs.txt files (#825857).

Other upstream fixes Emil Velikov searched on IRC for hints on how to guarantee unique values during build to invalidate shader caches in Mesa, when also no VCS information is available. A possible solution is a timestamp, which is unique enough for local builds, but can still be reproducible by allowing it to be overwritten with SOURCE_DATE_EPOCH. Packages fixed The following 9 packages have become reproducible due to changes in their build dependencies: cclib librun-parts-perl llvm-toolchain-snapshot python-crypto python-openid r-bioc-shortread r-bioc-variantannotation ruby-hdfeos5 sqlparse The following packages have become reproducible after being fixed:

• allegro4.4/2:4.4.2-9 by Tobias Hansen, original patch by Reiner Herrmann.
• atomicparsley/0.9.6-1 by Jonas Smedegaard.
• dwarfutils/20160613-1 by Fabian Wolff, original patch by Reiner Herrmann.
• dwm/6.1-3 by Hugo Lefeuvre, original patch by Reiner Herrmann.
• funtools/1.4.6+git150811-3 by Ole Streicher, original patch by Alexis Bienven e.
• golang-github-appc-spec/0.8.4+dfsg-1 by Dmitry Smirnov.
• golang-github-appc-docker2aci/0.11.1+dfsg-1 Dmitry Smirnov.
• hdf-eos5/5.1.15.dfsg.1-7 by Alastair McKinstry.
• hmmer2/2.3.2-11 by Sascha Steinbiss, original patch by Chris Lamb.
• jpy/0.8-2 by Alastair McKinstry.
• lazarus/1.6+dfsg-4 by Paul Gevers.
• pgbackrest/1.02-2 by Adrian Vondendriesch.
• siege/4.0.2-1 by Josue Abarca.
• starlink-pal/0.5.0-4 by Ole Streicher, original patch by Chris Lamb.
• stylish-haskell/0.5.17.0-2 by Sean Whitton.
• xprobe/0.3-3 by Sophie Brun, original patch by Reiner Herrmann.

Some uploads have fixed some reproducibility issues, but not all of them:

• hdfeos4/2.19v1.00+dfsg.1-5 by Alastair McKinstry.
• icu4j/57.1-2 by Tony Mancill, original patch by Chris Lamb.
• pari/2.7.6-1 by Bill Allombert,

Patches submitted that have not made their way to the archive yet:

• #827684 against cgoban by Chris Lamb: set SHELL to static value.
• #827731 against tin by Alexis Bienven e: drop patch which overwrites __DATE__/__TIME__ macros, since gcc can handle it now
• #827863 against swedish by Alexis Bienven e: use C locale for sorting.
• #827987 against glances by Chris Lamb: Use SOURCE_DATE_EPOCH for embedded timestamp.
• #827994 against cmtk by Chris Lamb: use C locale for sorting.
• #828008 against aghermann by Chris Lamb: honour SOURCE_DATE_EPOCH for timestamps embedded into manpages.
• #828012 against bind9 by Chris Lamb: honour SOURCE_DATE_EPOCH for embedded timestamp.
• #828017 against frog by Chris Lamb: don't include pyc/pyo files in the package.
• #828021 against extra-cmake-modules by Scarlett Clark: normalize permission and file order in tarballs.
• #828060 against libffado by Chris Lamb: exclude file with test output from package.
• #828066 against gsmlib by Chris Lamb: honour SOURCE_DATE_EPOCH for timestamps embedded into manpages.
• #828067 against grib-api by Chris Lamb: exclude pyc files from package.
• #828122 against libxmlbird by Chris Lamb: sort list of globbed files.
• #828123 against magnum by Chris Lamb: use static value for embedded hostname.
• #828131 against pyjwt by Chris Lamb: exclude coverage data from package.
• #828145 against mkdocs by Chris Lamb: honour SOURCE_DATE_EPOCH for embedded timestamp.
• #828164 against zeal by Chris Lamb: use UTC for embedded timestamp.
• #828168 against x42-plugins by Daniel Shahaf: use printf instead of non-portable echo.

Package reviews 139 reviews have been added, 20 have been updated and 21 have been removed in this week. New issues found:

• timestamps_in_pdf_generated_by_reportlab
• r_base_appends_built_header_to_description_files
• timestamps_in_documentation_generated_by_mkdocs

53 FTBFS bugs have been reported by Chris Lamb, Santiago Vila and Mateusz ukasik. diffoscope development

• Satyam Zode added argument completion.
• Chris Lamb made the confusing "No differences found inside, yet data differs" message less confusing.

Quote of the week "My builds are so reproducible, they fail exactly every second time." Johannes Ziemke (@discordianfish) Misc. This week's edition was written by Chris Lamb (lamby), Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.

Beat head against shiny cats (no animals were harmed). Discuss the spice of sillyness. Forward a wiki bounce to the person. Mention my gobby git mail cron job. Start adopting the adequate package. Discuss cats vs licensecheck with Jonas. Usual spam reporting. Review wiki RecentChanges. Whitelisted one user in the wiki anti-spam system. Finding myself longing for a web technology. Shudder and look at the twinklies.

What happened in the Reproducible Builds effort between May 8th and May 14th 2016: Documentation updates

• Ximin Luo spent some work on improving and updating our documentation:
  • updated the SOURCE_DATE_EPOCH adoption page at wiki.debian.org/ReproducibleBuilds/TimestampsProposal with a compilation of our reasonings versus common arguments encountered with package maintainers and upstream developers.
  • updated wiki.debian.org/ReproducibleBuilds/Howto
  • and also moved resolved issues to wiki.debian.org/ReproducibleBuilds/OldIssues.
• https://anonscm.debian.org/git/reproducible/ has been cleaned up by Ximin, including the removal of the link from diffoscope.git to debbindiff.git.

Toolchain fixes

• dpkg 1.18.7 has been uploaded to unstable, after which Mattia Rizzolo took care of rebasing our patched version.
  • this prompted h01ger to restart the discussion about reproducible dpkg for sid and stretch
  • to which Guillem replied with a status update.
• gcc-5 and gcc-6 migrated to testing with the patch to honour SOURCE_DATE_EPOCH
• Ximin Luo started an upstream discussion with the Ghostscript developers.
• Norbert Preining has uploaded a new version of texlive-bin with these changes relevant to us:
  • imported Upstream version 2016.20160512.41045 support for suppressing timestamps (SOURCE_DATE_EPOCH) (Closes: #792202)
  • add support for SOURCE_DATE_EPOCH also to luatex
• cdbs 0.4.131 has been uploaded to unstable by Jonas Smedegaard, fixing these issues relevant to us:
  • #794241: export SOURCE_DATE_EPOCH. Original patch by akira
  • #764478: call dh_strip_nondeterminism if available. Original patch by Holger Levsen
• libxslt 1.1.28-3 has been uploaded to unstable by Mattia Rizzolo, fixing the following toolchain issues:
  • #823857: backport patch from upstream to provide stable IDs in the genrated documents.
  • #791815: Honour SOURCE_DATE_EPOCH when embedding timestamps in docs. Patch by Eduard Sanou.

Packages fixed The following 28 packages have become newly reproducible due to changes in their build dependencies: actor-framework ask asterisk-prompt-fr-armelle asterisk-prompt-fr-proformatique coccinelle cwebx d-itg device-tree-compiler flann fortunes-es idlastro jabref konclude latexdiff libint minlog modplugtools mummer mwrap mxallowd mysql-mmm ocaml-atd ocamlviz postbooks pycorrfit pyscanfcs python-pcs weka The following 9 packages had older versions which were reproducible, and their latest versions are now reproducible again due to changes in their build dependencies: csync2 dune-common dune-localfunctions libcommons-jxpath-java libcommons-logging-java libstax-java libyanfs-java python-daemon yacas The following packages have become newly reproducible after being fixed:

• asymptote/2.38-1 by Norbert Preining, original patch by Alexis Bienven e.
• bnd/2.4.1-4 by Emmanuel Bourg.
• cgal/4.8-4 by Joachim Reichel.
• courier/0.76.1-2 by Ond ej Sur , original patch by Alexis Bienven e.
• dict-foldoc/20160505-1 by Iustin Pop, original patch by Reiner Herrmann.
• emoslib/2:4.4.1-2 by Alastair McKinstry, original patch by boyska.
• libksba/1.3.4-3 by Andreas Metzler.
• mp4h/1.3.1-15 by Axel Beckert.
• stk/4.5.2+dfsg-2 by Felipe Sateler, original patch by Alexis Bienven e.
• sympow/1.023-7 by Jerome Benoit.
• x11proto-input/2.3.2-1 by Julien Cristau, original patch by Eduard Sanou.

The following packages had older versions which were reproducible, and their latest versions are now reproducible again after being fixed:

• klibc/2.0.4-9 by Ben Hutchings.

Some uploads have fixed some reproducibility issues, but not all of them:

• allegro4.4/2:4.4.2-8 by Andreas R nnquist, original patch by Daniel Shahaf.
• gearmand/1.0.6-7 by Alexandre Mestiashvili, original patch by Chris Lamb.
• mame/0.172-1 by Jordi Mallach.
• python-babel/1.3+dfsg.1-7 by Jean-Michel Vourg re, original patch by Val Lorentz.
• openttd/1.6.0-1 by Matthijs Kooijman.
• blender/2.77.a+dfsg0-4 by Matteo F. Vescovi, original patch by Campbell Burton.
• unburden-home-dir/0.4 by Axel Beckert.
• refpolicy/2:2.20140421-10 by Laurent Bigonville, original patch by Chris Lamb.
• kdiff3/0.9.98-3 by Eike Sauer.

Patches submitted that have not made their way to the archive yet:

• #787424 against emacs24 by Alexis Bienven e: order hashes when generating .el files
• #823764 against sen by Daniel Shahaf: render the build timestamp in a consistent timezone
• #823797 against openclonk by Alexis Bienven e: honour SOURCE_DATE_EPOCH
• #823961 against herbstluftwm by Fabian Wolff: honour SOURCE_DATE_EPOCH
• #824049 against emacs24 by Alexis Bienven e: make start value of gensym-counter reproducible
• #824050 against emacs24 by Alexis Bienven e: make autoloads files reproducible
• #824182 against codeblocks by Fabian Wolff: honour SOURCE_DATE_EPOCH
• #824263 against cmake by Reiner Herrmann: sort file lists from file(GLOB ...)

Package reviews 344 reviews have been added, 125 have been updated and 20 have been removed in this week. 14 FTBFS bugs have been reported by Chris Lamb. tests.reproducible-builds.org

• bpi0 has been reinstalled with a new ssd. (vagrant/h01ger)
• A new navigation menu for the Debian pages at https://tests.reproducible-builds.org/ has been implemented. (h01ger)

Misc. Dan Kegel sent a mail to report about his experiments with a reproducible dpkg PPA for Ubuntu. According to him sudo add-apt-repository ppa:dank/dpkg && sudo apt-get update && sudo apt-get install dpkg should be enough to get reproducible builds on Ubuntu 16.04. This week's edition was written by Ximin Luo and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.

What happened in the reproducible builds effort between January 24th and January 30th:

Media coverage Holger Levsen was interviewed by the FOSDEM team to introduce his talk on Sunday 31st.

Toolchain fixes Jonas Smedegaard uploaded d-shlibs/0.63 which makes the order of dependencies generated by d-devlibdeps stable accross locales. Original patch by Reiner Herrmann.

Packages fixed The following 53 packages have become reproducible due to changes in their build dependencies: appstream-glib, aptitude, arbtt, btrfs-tools, cinnamon-settings-daemon, cppcheck, debian-security-support, easytag, gitit, gnash, gnome-control-center, gnome-keyring, gnome-shell, gnome-software, graphite2, gtk+2.0, gupnp, gvfs, gyp, hgview, htmlcxx, i3status, imms, irker, jmapviewer, katarakt, kmod, lastpass-cli, libaccounts-glib, libam7xxx, libldm, libopenobex, libsecret, linthesia, mate-session-manager, mpris-remote, network-manager, paprefs, php-opencloud, pisa, pyacidobasic, python-pymzml, python-pyscss, qtquick1-opensource-src, rdkit, ruby-rails-html-sanitizer, shellex, slony1-2, spacezero, spamprobe, sugar-toolkit-gtk3, tachyon, tgt. The following packages became reproducible after getting fixed:

• angband-doc/3.0.3.6 by Manoj Srivastava, obsolete patch by Chris Lamb.
• atdgen/1.7.2-1 by St phane Glondu.
• bibtool/2.63+ds-1 by Jerome Benoit.
• cglib/3.2.0-1 by Emmanuel Bourg.
• cmst/2016.01.28-1 by Alf Gaida.
• coreutils/8.25-1 uploded by Michael Stone, fixed upstream.
• doc-base/0.10.7 uploaded by Robert Luberda, original patch by Dhole.
• fpc/3.0.0+dfsg-1 uploaded by Paul Gevers.
• libaqbanking/5.6.4beta-1 by Micha Lenk.
• libgcrypt20/1.6.4-5 uploaded by Andreas Metzler, original patch by Lunar.
• libgwenhywfar/4.15.2beta-1 by Micha Lenk.
• libxdmcp/1:1.1.2-1.1 by Helmut Grohne (report).
• lpe/1.2.8-2 by Adam Majer, obsolete patches (#778197, #793697 by Chris Lamb and akira.
• mariadb-10.0/10.0.23-2 by Otto Kek l inen.
• mixxx/2.0.0~dfsg-1 by Sebastian Ramacher.
• pd-lua/0.7.3-1 by IOhannes m zm lnig.
• pd-zexy/2.2.6-2 by IOhannes m zm lnig.
• polymake/3.0-1 uploaded by David Bremner, fixed upstream.
• prometheus/0.16.2+ds-1 by Mart n Ferrari.
• screengrab/1.95+20160128-1 uploaded by Alf Gaida (report).
• spykeviewer/0.4.4-1 by Robert Pr pper, original patch by Reiner Herrmann.
• testdisk/7.0-1 uploaded by Roland Stigge, upstream patch reported by Mattia Rizzolo.
• xorg/1:7.7+13 uploaded by Timo Aaltonen, original patch by Dhole, merged by Andreas Boll.

Some uploads fixed some reproducibility issues, but not all of them:

• gnubg/1.05.000-4 by Russ Allbery.
• grcompiler/4.2-6 by Hideki Yamane.
• sdlgfx/2.0.25-5 fix by Felix Geyer, uploaded by Gianfranco Costamagna.

Patches submitted which have not made their way to the archive yet:

• #812876 on glib2.0 by Lunar: ensure that functions are sorted using the C locale when giotypefuncs.c is generated.

diffoscope development diffoscope 48 was released on January 26th. It fixes several issues introduced by the retrieval of extra symbols from Debian debug packages. It also restores compatibility with older versions of binutils which does not support readelf --decompress.

strip-nondeterminism development strip-nondeterminism 0.015-1 was uploaded on January 27th. It fixes handling of signed JAR files which are now going to be ignored to keep the signatures intact.

Package reviews 54 reviews have been removed, 36 added and 17 updated in the previous week. 30 new FTBFS bugs have been submitted by Chris Lamb, Michael Tautschnig, Mattia Rizzolo, Tobias Frost.

Misc. Alexander Couzens and Bryan Newbold have been busy fixing more issues in OpenWrt. Version 1.6.3 of FreeBSD's package manager pkg(8) now supports SOURCE_DATE_EPOCH. Ross Karchner did a lightning talk about reproducible builds at his work place and shared the slides.

Since ages I wanted have replaced this freaking backup solution of our Network Equipment based on some hacky shell scripts and expect uploading the configs on a TFTP server. Years ago I stumbled upon RANCID (Really Awesome New Cisco confIg Differ) but had no time to implement it. Now I returned to my idea to get rid of all our old crap.
I don't know where, I think it was at DENOG2, I saw RANCID coupled with a VCS, where the NOC was notified about configuration (and inventory) changes by mailing the configuration diff and the history was indeed in the VCS.
The good old RANCID seems not to support to write into a VCS out of the box. But for the rescue there is rancid-git, a fork that promises git extensions and support for colorized emails. So far so good. While I was searching for a VCS capable RANCID, somewhere under a stone I found Oxidized, a 'silly attempt at rancid'. Looking at it, it seems more sophisticated, so I thought this might be the right attempt. Unfortunately there is no Debian package available, but I found an ITP created by Jonas. Anyway, for just looking into it, I thought the Docker path for a testbed might be a good idea, as no Debian package ist available (yet). For oxidized configuration is only a configfile needed and as nodes source a rancid compatible router.db file can be used (beside SQLite and http backend). A migration into a production environment seems pretty easy. So I gave it a go. I assume Docker is installed already. There seems to be a Docker image on Docker Hub, that looks official, but it seems not maintained (actually). An issue is open for automated building the image.

Creating Oxidized container image The official documentation describes the procedure. I used a slightly different approach.

docking-station:~# mkdir -p /srv/docker/oxidized/  
docking-station:~# git clone https://github.com/ytti/oxidized \  
 /srv/docker/oxidized/oxidized.git
docking-station:~# docker build -q -t oxidized/oxidized:latest \  
 /srv/docker/oxidized/oxidized.git

I thought it might be a good idea to also tag the image with the actual version of the gem.

docking-station:~# docker tag oxidized/oxidized:latest \  
 oxidized/oxidized:0.11.0
docking-station:~# docker images   grep oxidized  
oxidized/oxidized   latest    35a325792078  15 seconds ago  496.1 MB  
oxidized/oxidized   0.11.0    35a325792078  15 seconds ago  496.1 MB  

Create initial default configuration like described in the documentation.

docking-station:~# mkir -p /srv/docker/oxidized/.config/  
docking-station:~# docker run -e CONFIG_RELOAD_INTERVAL=600 \  
 -v /srv/docker/oxidized/.config/:/root/.config/oxidized \
 -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized

Adjusting configuration After this I adjusted the default configuration for writing a log, the nodes config into a bare git, having nodes secrets in router.db and some hooks for debugging.

Creating node configuration

docking-station:~# echo "7204vxr.lab.cyconet.org:cisco:admin:password:enable" >> \  
 /srv/docker/oxidized/.config/router.db
docking-station:~# echo "ccr1036.lab.cyconet.org:routeros:admin:password" >> \  
 /srv/docker/oxidized/.config/router.db

Starting the oxidized beast

docking-station:~# docker run -e CONFIG_RELOAD_INTERVAL=600 \  
 -v /srv/docker/oxidized/.config/:/root/.config/oxidized \
 -p 8888:8888/tcp -t oxidized/oxidized:latest oxidized
Puma 2.16.0 starting...  
* Min threads: 0, max threads: 16
* Environment: development
* Listening on tcp://127.0.0.1:8888

If you want to have the container get started with the docker daemon automatically, you can start the container with --restart always and docker will take care of it. If I wanted to make it running permanent, I would use a systemd unitfile.

Reload configuration immediately If you don't want to wait to automatically reload of the configuration, you can trigger it.

docking-station:~# curl -s http://localhost:8888/reload?format=json \  
 -O /dev/null
docking-station:~# tail -2 /srv/docker/oxidized/.config/log/oxidized.log  
I, [2016-01-29T16:50:46.971904 #1]  INFO -- : Oxidized starting, running as pid 1  
I, [2016-01-29T16:50:47.073307 #1]  INFO -- : Loaded 2 nodes  

Writing nodes configuration

docking-station:/srv/docker/oxidized/.config/oxidized.git# git shortlog  
Oxidizied (2):  
      update 7204vxr.lab.cyconet.org
      update ccr1036.lab.cyconet.org

Writing the nodes configurations into a local bare git repository is neat but far from perfect. It would be cool to have all the stuff in a central VCS. So I'm pushing it every 5 minutes into one with a cron job.

docking-station:~# cat /etc/cron.d/doxidized  
# m h dom mon dow user  command                                                 
*/5 * * * *    root    $(/srv/docker/oxidized/bin/oxidized_cron_git_push.sh)
docking-station:~# cat /srv/docker/oxidized/bin/oxidized_cron_git_push.sh  
#!/bin/bash
DOCKER_OXIDIZED_BASE="/srv/docker/oxidized/"  
OXIDIZED_GIT_DIR=".config/oxidized.git"
cd $ DOCKER_OXIDIZED_BASE /$ OXIDIZED_GIT_DIR   
git push origin master --quiet  

Now having all the nodes configurations in a source code hosting system, we can browse the configurations, changes, history and even establish notifications for changes. Mission accomplished! Now I can test the coverage of our equipment. The last thing that would make me super happy, a oxidized Debian package!

Siri and I are on a journey through India and Nepal, with the aim of learning about needs of Debian derivatives, to improve Debian and encourage closer integration.

C-DAC and BOSS Centre for Development of Advanced Computing (C-DAC) is a large organization serving country- and state-level institutions in India, with offices and training facilities several major cities. In Chennai, C-DAC has a staff of 25 developers working full time on Barath Operating System Solutions (BOSS). BOSS is a Debian derivative with several flavors - a desktop for use at primary schools (EduBOSS), a desktop for governmental offices (BOSS), and a range of server-oriented use cases using same core as the desktops with various (non-packaged) code and configuration on top. The core common to all BOSS flavors is a derivative of Debian. Major work has been in strengthening localization and related code - including the development of a font covering all officially supported indic scripts, tuning input methods configuration, and bugfixing LibreOffice handling of complex scripts. All that work is all passed directly to upstream code projects (some still show as derived work until sifting down again into Debian). Besides locale derivations, BOSS currently includes 11 packages not yet in Debian - a mixture of package dependencies, branding data and configuration tweaks. Seems most if not all can fit into Debian with a bit of restructuring work.

small computers As some of you know, I always had a special interest in low-resource (yet general purpose) computers (partly driven by my lack of money to spend on shinier hardware), and since ~2009 particularly in ARM-based computers. After 4 days of meetings and discussion with C-DAC, - literally few minutes before departure - I casually mentioned my interest in small computers, and much to my surprise it turned out that C-DAC also works on that, just didn't get around to mention it yet at the Debian wiki page. C-DAC have worked for a year on tuning BOSS to work on the Vidyut laptop (successor to the Aakash tablet). All except builtin camera is allegedly working. C-DAC is also looking into Olimex boards - my favorites - possibly for use with small server setups but our time was up, we had to leave for our train to Pune, so details on that we will have to figure out through mail.

collaboration In the past, C-DAC have kept in touch with their users through BOSS-specific places like a dedicated IRC channel. Recent changes in management style at the development office have caused less attention available to that communication, however. C-DAC have politely offered their code changes upstram for years, but maybe "too polite": Maybe they have offered only polished fixes, being less loud about "interesting problems". I suggested, as way to improve while limiting (ideally avoiding) extra work, is to mentally take a step up the stream: Treat BOSS not as a derivative but a subset of Debian itself, hang out and discuss issues and ideas at debian irc channels, and maintain your packages directly in Debian. Only parts unfit for Debian - secret stuff done for India military, and dirty configuration hacks not yet possible within Debian Policy - really need to be kept away from Debian. C-DAC agreed, and Debian now has a BOSS team! Anyone interested to follow BOSS as a Debian blend, and perhaps even contribute with opinions and/or code, is quite welcome to join the newly created mailinglist on Debian Alioth: https://lists.alioth.debian.org/mailman/listinfo/boss-devel. Our meetings with BOSS developers have been very pleasant. Even those working at the top of cloud or big data stacks - furthest away from our mindset of tightly "locking down" all parts as packages - were patient with us. Thanks in particular to Prema S and Prathibha B, working on packaging of BOSS for the past 5+ years, and both likely to enter the Debian New Maintainer Queue before long

Siri and I are now three weeks into our two months journey, by train through India and by bus in Nepal. During my Asia 2011 journey I promised myself (and Chandan) that next visit to India would be together with Siri. Here we are, few hours away from next 20 hour train ride towards Hyderabad in South India, both with running noses from a cold week in Nepal. Theme of our trip is Debian Pure Blends. More specifically, we will meet with distribution developers and designers to try understand why they fork from (other forks of) Debian, and how Debian might improve to better serve them - ideally be able to fully contain such projects within Debian itself. Distributions we will look into - some more detailed than others - include

• Hamara Linux
• NepaLinux
• SWECHA OS
• IT@School
• BOSS Linux

Thanks to the organizations and individuals hosting us on our journey.

Siri and I are on a journey through India and Nepal, with the aim of learning about needs of Debian derivatives, to improve Debian and encourage closer integration.

Distribution IT@school is a distribution originally based on Debian, later rebased on Ubuntu. Next release will possibly again be a direct derivative of Debian, or maybe even - time will tell - a Debian pure blend.

Aim is education As its name indicates, IT@school is targeted at schools: The system is used in 8th - 10th grades of most (or all?) public primary schools in Kerala, Together with KEK members Anto and Fayad, Siri and I met with former and current key participants in the project where we learned about its history and current status, and discussed some differences between Ubuntu and Debian. IT@school has a strong emphasis on the educational aspect, arguably setting it apart from Skolelinux/DebianEdu which emphasizes the technical aspect of relieving teachers from admin tasks. In the early years of deployment the project faced many hardware issues - e.g. in getting sound cards to work. This was seen not as problems but as beneficial learning for the teachers facing those issues. Kerala public school system has set the standard for other states in India, but sadly political support within the state has been weak in recent years. It is hoped that next election - this April - will bring a positive change.

School book IT@school is accompagnied by a school book written specifically for use of the included tools. No explicit license is applied to the book (which means it defaults to classic copyright). Possibly it will get Creative Commons licensed. If the school book gets a DFSG-free license, several collaboration opportunities emerge: Currently the book is drafted in LibreOffice but then - due to state procedures - finalized with PageMaker. Would be interesting to setup an alternate process using only Free tools - either with Scribus or XeLaTeX. An important detail here is to ensure that the process supports malayalam script.

Curriculum Work is in progress mapping FLOSS tools to the state curriculum. I recommended to share that work publicly with a Free license, to encourage comparisons across countries, and invite collaboration e.g. with Skolelunux/DebianEdu.

Blend for SBCs Some Kerala higher education schools (sorry, don't remember which) have bought some thousands of RaspberryPi2. I suggested to create a Debian Blend for SBCs (Single Board Computers) - we will see what comes of that idea

Blend for education I also suggested to make a Debian blend around IT@school distribution itself, with its strong focus on educational content - i.e. not just as addon to technical tools but the primary purpose pulling in tools as needed.

What happened in the reproducible builds effort between January 3rd and January 9th 2016:

Toolchain fixes David Bremner uploaded dh-elpa/0.0.18 which adds a --fix-autoload-date option (on by default) to take autoload dates from changelog. Lunar updated and sent the patch adding the generation of .buildinfo to dpkg.

Packages fixed The following packages have become reproducible due to changes in their build dependencies: aggressive-indent-mode, circe, company-mode, db4o, dh-elpa, editorconfig-emacs, expand-region-el, f-el, geiser, hyena, js2-mode, markdown-mode, mono-fuse, mysql-connector-net, openbve, regina-normal, sml-mode, vala-mode-el. The following packages became reproducible after getting fixed:

• avrdude/6.2-5 by Milan Kupcevic.
• ca-certificates/20160104 by Michael Shuler, original patch by Reiner Herrmann.
• cryptsetup/2:1.7.0-1 uploaded by Jonas Meurer, original patches (#780864, #794106) by Dhole and Valentin Lorentz.
• gpaw/0.11.0.13004-3 by Graham Inggs.
• graphite2/1.3.4-2 uploaded by Rene Engelhard, original patch by Reiner Herrmann.
• manpages/4.04-0.1 uploaded by Tobias Quathamer, original patch by Lunar.
• medicalterms/20160103-1 uploaded by Tobias Quathamer, reported by Daniel Kahn Gillmor.
• metview/4.5.7-3 uploaded by Alastair McKinstry, original patch by Reiner Herrmann.
• oasis3/3.mct+dfsg.121022-7 uploaded by Alastair McKinstry, original patch by Reiner Herrmann.
• postgresql-9.5/9.5.0-1 by Christoph Berg.
• python-caja/1.12.0-1 uploaded by Mike Gabriel, original patch by Chris Lamb.
• qutemol/0.4.1~cvs20081111-5 by Graham Inggs.
• robocode/1.9.2.5-1 by Markus Koschany.
• rungetty/1.2-16 by Rhonda D'Vine, original patches (#777447, #793717) by Chris Lamb and akira.
• t-prot/3.4-4 by Rhonda D'Vine.
• tetrinet/0.11+CVS20070911-2 by Rhonda D'Vine, original patch by Chris Lamb.
• tworld/1.3.2-2 by Rhonda D'Vine, original patch by Chris Lamb.
• visp-images/3.0.0-2 uploaded by Fabien Spindler, original patch by Chris Lamb.
• xblast-tnt-levels/20050106-3 by Rhonda D'Vine, original patch by Chris Lamb.
• xblast-tnt-models/20050106-4 by Rhonda D'Vine, original patch by Chris Lamb.
• xblast-tnt-musics/20050106-3 by Rhonda D'Vine, original patch by Chris Lamb.
• xblast-tnt-sounds/20040429-3 by Rhonda D'Vine, original patch by Chris Lamb.

Some uploads fixed some reproducibility issues, but not all of them:

• ace-of-penguins/1.5~rc1-1 by Markus Koschany, original patch by Reiner Herrmann.
• disque/1.0~rc1-4 by Chris Lamb.
• elki/0.7.0-4 by Erich Schubert.
• xnecview/1.35-8 by Tobias Frost, original patch by Chris Lamb.

Patches submitted which have not made their way to the archive yet:

• #809780 on flask-restful by Chris Lamb: implement support for SOURCE_DATE_EPOCH in the build system.
• #810259 on avfs by Chris Lamb: implement support for SOURCE_DATE_EPOCH in the build system.
• #810509 on apt by Mattia Rizzolo: ensure a stable file order is given to the linker.

reproducible.debian.net Add 2 more armhf build nodes provided by Vagrant Cascadian. This added 7 more armhf builder jobs. We now run around 900 tests of armhf packages each day. (h01ger) The footer of each page now indicates by which Jenkins jobs build it. (h01ger)

diffoscope development diffoscope 45 has been released on January 4th. It features huge memory improvements when comparing large files, several fixes of squashfs related issues that prevented comparing two Tails images, and improve the file list of tar and cpio archive to be more precise and consistent over time. It also fixes a typo that prevented the Mach-O to work (Rainer M ller), improves comparisons of ELF files when specified on the command line, and solves a few more encoding issues.

Package reviews 134 reviews have been removed, 30 added and 37 updated in the previous week. 20 new fail to build from source issues were reported by Chris Lamb and Chris West. prebuilder will now skip installing diffoscope to save time if the build results are identical. (Reiner Herrmann)

the upload of perl 5.22 to unstable some days ago provided ample opportunity to fix some new RC bugs. here's the list of my work:

• #768687 src:libdata-hal-perl: "libdata-hal-perl: FTBFS: test suite broken by newer liburi-namespacemap-perl versions"
  add patch from new upstream's git repo (pkg-perl)
• #787912 src:libdata-dump-streamer-perl: "libdata-dump-streamer-perl: FTBFS with perl 5.22"
  upload new upstream release (pkg-perl)
• #789142 src:libdata-hal-perl: "libdata-hal-perl: FTBFS with perl 5.22 (Module::Build)"
  upload with explicit build dependency on Module::Build (pkg-perl)
• #791520 libmojomojo-perl: "libmojomojo-perl: FTBFS: test failures"
  close bug in the BTS, already fixed since months (pkg-perl)
• #801659 libxml-compile-dumper-perl: "libxml-compile-dumper-perl: depends on libdata-dump-streamer-perl, broken by perl 5.22"
  close as the dependency is fixed (pkg-perl)
• #808284 libalien-wxwidgets-perl: "libalien-wxwidgets-perl: Broken dependencies in binary package after BinNMU"
  fix wxwidgets version detection logic (pkg-perl)
• #808310 libchemistry-formula-perl: "libchemistry-formula-perl: bogus dependency on perlapi-5.20.2"
  fix perl library paths in debian/rules, NMU
• #808327 wmanager: "wmanager: Depends on virtual package "perl5" which will is gone with perl/5.22"
  sponsor maintainer upload
• #808395 src:libprelude: "libprelude: FTBFS everywhere"
  add patch to handle swig changes, NMU
• #808412 src:ippl: "ippl: Depends on virtual package "perl5-base" which is gone with perl/5.22"
  drop perl5-base dependency, NMU with maintainer's permission
• #808454 src:libdata-faker-perl: "libdata-faker-perl: FTBFS under some locales (eg. fr_CH.UTF-8)"
  set C locale for tests (pkg-perl)
• #808473 liblemonldap-ng-manager-perl: "liblemonldap-ng-manager-perl: manager unaccessible without doc symlink in /var/lib/lemonldap-ng"
  upload package prepared by Xavier Guimard (pkg-perl)
• #808474 liblemonldap-ng-manager-perl: "liblemonldap-ng-manager-perl: Manager shows garbage where the menu is supposed to be"
  upload package prepared by Xavier Guimard (pkg-perl)
• #808480 libdevel-bt-perl: "libdevel-bt-perl: FTBFS on mips*: test failures"
  add (build)dep on perl-debug (pkg-perl)
• #808489 src:acm: "acm: FTBFS: Type of arg 1 to dbmclose must be hash (not constant item) at ./create-tables-5 (perl 5.22?)"
  send patch to BTS
• #808507 uwsgi-plugin-mono: "uwsgi-plugin-mono: Please refresh architectures list for current Mono in Unstable"
  sponsor upload for jonas
• #808825 libperl-apireference-perl: "libperl-apireference-perl: FTBFS: missing support for Perl 5.22.1"
  add support for 5.22.1 (pkg-perl)
• #809006 libnet-cups-perl: "libnet-cups-perl: empty package"
  add patch to fix broken version check in Makefile.PL (pkg-perl)

the upload of perl 5.22 to unstable some days ago provided ample opportunity to fix some new RC bugs. here's the list of my work:

• #768687 src:libdata-hal-perl: "libdata-hal-perl: FTBFS: test suite broken by newer liburi-namespacemap-perl versions"
  add patch from new upstream's git repo (pkg-perl)
• #787912 src:libdata-dump-streamer-perl: "libdata-dump-streamer-perl: FTBFS with perl 5.22"
  upload new upstream release (pkg-perl)
• #789142 src:libdata-hal-perl: "libdata-hal-perl: FTBFS with perl 5.22 (Module::Build)"
  upload with explicit build dependency on Module::Build (pkg-perl)
• #791520 libmojomojo-perl: "libmojomojo-perl: FTBFS: test failures"
  close bug in the BTS, already fixed since months (pkg-perl)
• #801659 libxml-compile-dumper-perl: "libxml-compile-dumper-perl: depends on libdata-dump-streamer-perl, broken by perl 5.22"
  close as the dependency is fixed (pkg-perl)
• #808284 libalien-wxwidgets-perl: "libalien-wxwidgets-perl: Broken dependencies in binary package after BinNMU"
  fix wxwidgets version detection logic (pkg-perl)
• #808310 libchemistry-formula-perl: "libchemistry-formula-perl: bogus dependency on perlapi-5.20.2"
  fix perl library paths in debian/rules, NMU
• #808327 wmanager: "wmanager: Depends on virtual package "perl5" which will is gone with perl/5.22"
  sponsor maintainer upload
• #808395 src:libprelude: "libprelude: FTBFS everywhere"
  add patch to handle swig changes, NMU
• #808412 src:ippl: "ippl: Depends on virtual package "perl5-base" which is gone with perl/5.22"
  drop perl5-base dependency, NMU with maintainer's permission
• #808454 src:libdata-faker-perl: "libdata-faker-perl: FTBFS under some locales (eg. fr_CH.UTF-8)"
  set C locale for tests (pkg-perl)
• #808473 liblemonldap-ng-manager-perl: "liblemonldap-ng-manager-perl: manager unaccessible without doc symlink in /var/lib/lemonldap-ng"
  upload package prepared by Xavier Guimard (pkg-perl)
• #808474 liblemonldap-ng-manager-perl: "liblemonldap-ng-manager-perl: Manager shows garbage where the menu is supposed to be"
  upload package prepared by Xavier Guimard (pkg-perl)
• #808480 libdevel-bt-perl: "libdevel-bt-perl: FTBFS on mips*: test failures"
  add (build)dep on perl-debug (pkg-perl)
• #808489 src:acm: "acm: FTBFS: Type of arg 1 to dbmclose must be hash (not constant item) at ./create-tables-5 (perl 5.22?)"
  send patch to BTS
• #808507 uwsgi-plugin-mono: "uwsgi-plugin-mono: Please refresh architectures list for current Mono in Unstable"
  sponsor upload for jonas
• #808825 libperl-apireference-perl: "libperl-apireference-perl: FTBFS: missing support for Perl 5.22.1"
  add support for 5.22.1 (pkg-perl)
• #809006 libnet-cups-perl: "libnet-cups-perl: empty package"
  add patch to fix broken version check in Makefile.PL (pkg-perl)

Siri and I are on a journey through India and Nepal, with the aim of learning about needs of Debian derivatives, to improve Debian and encourage closer integration.

Distribution Hamara Linux is a distribution based on Trisquel, hence descending from Debian via Ubuntu. Next release will be a direct derivative of Debian. We recommended to package missing parts for Debian itself, even if Hamara needs them faster than deemed "stable" in Debian. ITP bugreports is since filed for theme and install routine.

Visual design Hamara Linux ships with a coherent visual style, covering widget theme, install routine, boot and login, and a range of wallpapers. Siri has begun comparing widget theme against Debian. We might try distill diffs for each Debian Ubuntu Trisquel Hamara derivation.

System contents and setup Hamara Linux comes in two flavors: Hamara Namaste with a GNOME desktop, and Hamara Sugam with an Lxde desktop. I have begun decomposing the package sets into classes for Boxer, at the same time extending Boxer.

# Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2015-12-21 15:00+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Title # #, no-wrap msgid "I want your input" msgstr "" #. type: Plain text #, no-wrap msgid "\n" msgstr "" #. type: Plain text #, no-wrap msgid "\n" msgstr "" #. type: Plain text msgid "You want to share an opinion with me, or raise a question?" msgstr "" #. type: Plain text msgid "Great, please do: I love exchanging opinions and ideas." msgstr "" #. type: Plain text msgid "" "You can [contact me discretely][]. Please consider, however, to speak in " "public instead, allowing others to benefit from our exchange." msgstr "" #. type: Plain text msgid "" "Don't worry if it is interesting to others - the World is big and someone " "somewhere always cares!" msgstr "" #. type: Plain text msgid "[contact me discretely]:" msgstr "" #. type: Title ## #, no-wrap msgid "Email - encourages reflection" msgstr "" #. type: Plain text msgid "Post to a public mailinglist." msgstr "" #. type: Plain text msgid "" "If uncertain that I am subscribed to the list, or if you want my special " "attention (but think twice if that's really needed!), add my [private " "mail](mailto:dr@jones.dk) as cc." msgstr "" #. type: Title ## #, no-wrap msgid "Chat - more casual" msgstr "" #. type: Plain text msgid "" "I am also [reachable via chat][]. Chat is nice for shorter " "questions/comments, and when you need to discuss what you want to say at " "all." msgstr "" #. type: Plain text msgid "[reachable via chat]:" msgstr "" #. type: Title ## #, no-wrap msgid "Blog - best for reuse" msgstr ""

# Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2015-12-21 15:00+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Title # #, no-wrap msgid "issues handling issues" msgstr "" #. type: Plain text #, no-wrap msgid "\n" msgstr "" #. type: Plain text #, no-wrap msgid "\n" msgstr "" #. type: Plain text msgid "" "I get lots of emails, some of which are "issues": Friends, colleagues, " "clients and machines tell me about stuff that is broken. and ask for new " "features." msgstr "" #. type: Plain text msgid "I currently handle issues somewhat like this:" msgstr "" #. type: Plain text #, no-wrap msgid "[[!graph src="""\n" msgstr "" #. type: Plain text #, no-wrap msgid "" "rankdir=LR\n" "inbox [label="incoming mails"]\n" "todobox [label="mail threads about issues"]\n" "issueboxes [label="issue-mails grouped by project" style=dotted]\n" "solve [label="fix issue"]\n" "archivebox [label="archived mails"]\n" "inbox -> todobox\n" "todobox -> issueboxes [style=dotted]\n" "todobox -> solve\n" "todobox -> archivebox\n" msgstr "" #. type: Plain text msgid "FIXME: Describe graf in steps." msgstr "" #. type: Plain text msgid "" "The idea was to organize issues in queues per project, but organizing emails " "requires understanding them, and that takes time: Too often I end up " "skipping that task, leading to weak overview of pending issues." msgstr "" #. type: Plain text msgid "Here's" msgstr "" #. type: Plain text #, no-wrap msgid "" "rankdir=LR\n" "inbox [label="incoming mails"]\n" "todobox [label="mail threads about issues"]\n" "new [label="unprocessed issues"]\n" "open [label="open issues"]\n" "solve [label="fix issue"]\n" "inbox -> todobox -> archivebox\n" "todobox -> new -> open\n" "open -> solve\n" "open -> done\n" msgstr ""

Just to give a brief recap of why I'm writing this post, I've to describe a brief encounter I had with systemd which rendered my system unbootable. I first felt its systemd's problem but later figured out it was my mistake. So below is brief story divided into 2 sections Problem and Solution. Here Problem describes issue I faced with systemd and Solution discusses the .mount and .automount suffix files used by systemd.

What happened in the reproducible builds effort this week: Toolchain fixes Guillem Jover uploaded dpkg/1.18.2 which makes dependency comparisons deep by comparing not only the first dependency alternative, to get them sorted in a reproducible way. Original patch by Chris Lamb. Dhole updated the patch adding support for SOURCE_DATE_EPOCH in gettext. A modified package is in the experimental reproducible repository. Valentin Lorentz submitted a patch adding support for SOURCE_DATE_EPOCH to ocamldoc. Valentin Lorentz also opened a bug about the inability to set an arbitrary RNG seed for ocamlopt which would be a way to fix an issue affecting many OCaml packages. Dhole submitted a patch adding support for SOURCE_DATE_EPOCH in qhelpgenerator. A modified package has been sent to the experimental repository as well. Several packages have been updated for the experimental toolchain: doxygen (akira), and dpkg (h01ger). Also, h01ger has built and uploaded all experimental packages having arch:any packages for armhf: dpkg, gettext, doxygen, fontforge, libxslt and texlive-bin. We are now providing our toolchain for armhf and amd64. Packages fixed As you might have noticed, Debian sid is currently largely uninstallable, due to the GCC 5 transition, which also can be see in our reproducibility test setup. Please help! The following packages became reproducible due to changes in their build dependencies: glosstex, indent, ktikz, liblouis, libmicrohttpd, linkchecker, multiboot, qterm, rrep, trueprint, twittering-mode. The following packages became reproducible after getting fixed:

• aegisub/3.2.2+dfsg-1 uploaded by Sebastian Reichel, original patch.
• libinline-java-perl/0.56-2 uploaded by Jonas Smedegaard, original patch by Chris Lamb.
• mime-support/3.59 uploaded by Charles Plessy, original patch by akira.
• osmo/0.2.14-1 by Markus Koschany.
• python-cyclone/1.1-2 by Lunar.

Patches submitted which have not made their way to the archive yet:

• #794395 on classified-ads by Reiner Herrmann: removes timestamps in embedded PNG images. Already merged upstream.
• #794398 on clhep by Reiner Herrmann: sort with LC_ALL set to C.
• #794399 on parsec47 by Reiner Herrmann: sort with LC_ALL set to C.
• #794400 on tumiki-fighters by Reiner Herrmann: sort with LC_ALL set to C.
• #794603 on xchat by Valentin Lorentz: call strip-nondeterminism and remove time C pre-processor macros.
• #794740 on camitk by akira: use SOURCE_DATE_EPOCH as build date.
• #794779 on foxyproxy by Dhole: set TZ to UTC when using zip.
• #794781 on xul-ext-monkeysphere by Dhole: set TZ to UTC when using zip.
• #794792 on freeipmi by Dhole: use latest entry from debian/changelog as build date.
• #794793 on doc-base by Dhole: use UTC timezone when generating source date string.
• #794795 on debiandoc-sgml-doc by Dhole: remove date. A better approach has been suggested by maintainer.
• #794892 on autogen by Valentin Lorentz: use a constant time as timeout instead of measuring how long it takes for ./configure to run, use C locale when sorting, and use UTC when converting dates. Upstream made a new pre-release providing a --enable-timeout option. Date related issues will need more work to have portable solutions.

Lunar reported an issue on an unstable ABI from a generated header in icedove reminding of an issue affecting libical-dev. The bug has since been fixed by Carsten Schoenert. akira identified an unreferenced embeded code copy (causing unreproducibility!) in gperf. reproducible.debian.net The scheduler has temporarily been changed to not schedule any already tested packages for sid and experimental, due to the the GCC 5 transitions, which are well visible in our graphs now. On the plus side this has caused our stretch testing to catch up (and improve stats). (h01ger) depwait packages (packages where the Build-Depends cannot be satisfied) are now listed in the last 24h and last 48h pages (Mattia Rizzolo) Two new amd64 build nodes (with 8 cores and 32 GB RAM each) have been added, kindly sponsored by Profitbricks. (h01ger) The 4 armhf (setup last week by Vagrant Cascadian) and 2 amd64 build nodes have been made available to Jenkins. Remote job scheduling has been implemented and 35 new jobs have been added for pbuilder and schroot creation and maintenance of the nodes. (h01ger) The manual scheduler gained a flag (-a/--architecture) to select which arch to schedule in. (Mattia Rizzolo) armhf will only be testing stretch for now, due to limited hardware ressources. (h01ger) The page listing maintainers of unreproducible packages gained internal anchors. As an example, one can now link to unreproducible orphaned packages. (Mattia Rizzolo) Packages with a bug tagged pending are marked using a new symbol: a brown P (Mattia Rizzolo) diffoscope development debbindiff is now called diffoscope! It also has a website at diffoscope.org. The name was changed to better reflect that it became a general purpose tool, capable of comparing many different archive formats, or directories. Version 29 is the renaming release. Amongst a couple of other cosmetic changes a favicon showing the new logo has been added to the generated HTML reports. Version 30 replaces the file matching algorithm for files listed in .changes to a smarter one that removes only the version number. It also fixes a bug where squashfs directories were being extracted even if their content was being compared at a later stage. It also fixes an issue with the test suite that was detected by debci. Documentation update More rationale have been added for supporting SOURCE_DATE_EPOCH The unfinished Reproducible Builds HOWTO is now visible on the web, feedback and patches most welcome. Package reviews 261 obsolete reviews have been removed, 73 added and 145 updated this week.

What happened in the reproducible builds effort this week: Toolchain fixes

• Joachim Breitner uploaded haskell-devscripts/0.9.11 which ads support for UTF-8 encoded debian/control file with all locales. Original patch by Chris Lamb.
• Jonas Smedegaard uploaded ghostscript which adds support for SOURCE_DATE_EPOCH. Original patch by Dhole.

akira submitted a patch to make cdbs export SOURCE_DATE_EPOCH. She uploded a package with the enhancement to the experimental reproducible repository. Packages fixed The following 15 packages became reproducible due to changes in their build dependencies: dracut, editorconfig-core, elasticsearch, fish, libftdi1, liblouisxml, mk-configure, nanoc, octave-bim, octave-data-smoothing, octave-financial, octave-ga, octave-missing-functions, octave-secs1d, octave-splines, valgrind. The following packages became reproducible after getting fixed:

• ant-contrib/1.0~b3+svn177-7 by Emmanuel Bourg.
• authbind/2.1.1+nmu1 uploaded by Johannes Schauer, original patch by akira.
• elektra/0.8.12-1 uploaded by Pino Toscano, original patch by akira.
• glance/2015.1.0-3 by Thomas Goirand.
• gnumeric/1.12.23-1 uploaded by Dmitry Smirnov, original patch by Daniel Kahn Gillmor.
• libdevice-cdio-perl/0.3.0-5 uploaded by gregor herrmann, report by Chris Lamb.
• libxray-scattering-perl/3.0.1-1.1 uploaded by gregor herrmann, original patch by Reiner Herrmann.
• libxray-spacegroup-perl/0.1.1-2.1 uploaded by gregor herrmann, original patch by Chris Lamb.
• ryu/3.23-2 by Dariusz Dwornikowski.

Some uploads fixed some reproducibility issues but not all of them:

• apophenia/0.999e+ds-1 uploaded by Jerome Benoit, original patch by akira.
• xbs/0-10 uploaded by Matthew Vernon, original patch by Colin Watson.
• bbswitch/0.8-2 uploaded by Vincent Cheng, original patch by Chris Lamb.
• mariadb-10.0/10.0.20-3 by Otto Kek l inen.
• icedove/38.0.1-1 uploaded by Christoph Goehre, improvements by Carsten Schoenert.
• apache2/2.4.16-1 uploaded by Stefan Fritsch, improvements by Jean-Michel Vourg re.

In contrib, Dmitry Smirnov improved libdvd-pkg with 1.3.99-1-1. Patches submitted which have not made their way to the archive yet:

• #793705 on mime-support by akira: set the mtimes of all files which are modified during builds to the latest debian/changelog entry.
• #793922 on polymake by Chris Lamb: sort Perl hash keys.
• #793980 on lsof by Valentin Lorentz: removes extra informations from the build system..
• #793996 on at by Valentin Lorentz: use absolute values for chmod.
• #794005 on python-dtcwt by Chris Lamb: use a constant seed for the random number generator.
• #794011 on gzip by Valentin Lorentz: remove date from texinfo header.
• #794014 on moin by Dhole: normalizes the timezone and fixes timestamps from the files compressed with zip.
• #794106 on cryptsetup by Valentin Lorentz: use date from latest debian/changelog entry in manpage.
• #794130 on coq by Valentin Lorentz: use C locale and UTC timezone when generating the build date.
• #794225 on libsyncml by akira: export SOURCE_DATE_EPOCH.
• #794239 on zipios++ by akira: export SOURCE_DATE_EPOCH.
• #794247 on whizzytex by Dhole: remove current date from documentation.
• #794248 on cortado by Dhole: allow the build date to be set externally and use time from the latest debian/changelog entry.
• #794395 on classified-ads by Reiner Herrmann: remove timestamps from PNG images.
• #794398 on clhep by Reiner Herrmann: sort source file list.
• #794399 on parsec47 by Reiner Herrmann: use C locale when sorting source files.
• #794400 on tumiki-fighters by Reiner Herrmann: use C locale when sorting source files.

reproducible.debian.net Four armhf build hosts were provided by Vagrant Cascadian and have been configured to be used by jenkins.debian.net. Work on including armhf builds in the reproducible.debian.net webpages has begun. So far the repository comparison page just shows us which armhf binary packages are currently missing in our repo. (h01ger) The scheduler has been changed to re-schedule more packages from stretch than sid, as the gcc5 transition has started This mostly affects build log age. (h01ger) A new depwait status has been introduced for packages which can't be built because of missing build dependencies. (Mattia Rizzolo) debbindiff development Finally, on August 31st, Lunar released debbindiff 27 containing a complete overhaul of the code for the comparison stage. The new architecture is more versatile and extensible while minimizing code duplication. libarchive is now used to handle cpio archives and iso9660 images through the newly packaged python-libarchive-c. This should also help support a couple other archive formats in the future. Symlinks and devices are now properly compared. Text files are compared as Unicode after being decoded, and encoding differences are reported. Support for Sqlite3 and Mono/.NET executables has been added. Thanks to Valentin Lorentz, the test suite should now run on more systems. A small defiency in unquashfs has been identified in the process. A long standing optimization is now performed on Debian package: based on the content of the md5sums control file, we skip comparing files with matching hashes. This makes debbindiff usable on packages with many files. Fuzzy-matching is now performed for files in the same container (like a tarball) to handle renames. Also, for Debian .changes, listed files are now compared without looking the embedded version number. This makes debbindiff a lot more useful when comparing different versions of the same package. Based on the rearchitecturing work has been done to allow parallel processing. The branch now seems to work most of the time. More test needs to be done before it can be merged. The current fuzzy-matching algorithm, ssdeep, has showed disappointing results. One important use case is being able to properly compare debug symbols. Their path is made using the Build ID. As this identifier is made with a checksum of the binary content, finding things like CPP macros is much easier when a diff of the debug symbols is available. Good news is that TLSH, another fuzzy-matching algorithm, has been tested with much better results. A package is waiting in NEW and the code is ready for it to become available. A follow-up release 28 was made on August 2nd fixing content label used for gzip2, bzip2 and xz files and an error on text files only differing in their encoding. It also contains a small code improvement on how comments on Difference object are handled. This is the last release name debbindiff. A new name has been chosen to better reflect that it is not a Debian specific tool. Stay tuned! Documentation update Valentin Lorentz updated the patch submission template to suggest to write the kind of issue in the bug subject. Small progress have been made on the Reproducible Builds HOWTO while preparing the related CCCamp15 talk. Package reviews 235 obsolete reviews have been removed, 47 added and 113 updated this week. 42 reports for packages failing to build from source have been made by Chris West (Faux). New issue added this week: haskell_devscripts_locale_substvars. Misc. Valentin Lorentz wrote a script to report packages tested as unreproducible installed on a system. We encourage everyone to run it on their systems and give feedback!

After more than five years of being a Debian developer, here is my first post on Planet Debian! I currently maintain 165 packages. My focus has changed since 2009, but those are still mostly sysadmin packages:

• ctdb (under the pkg-samba umbrella), the clustered database used by samba
• c-icap and c-icap-modules: a c-icap server mostly useful with squid and providing url blacklists and antivirus filtering
• pkg-php-tools: easy packaging of PHP packages (PEAR, PECL and Composer) as .deb
• 124 php-horde* (Horde) packages: A groupware and webmail, written in PHP
• 12 PHP PEAR, Composer, or PECL packages (those are Horde dependencies)
• I m mostly maintaining alone the above packages. Any help is appreciated!
• python-ceres, graphite-carbon and graphite-web: Graphite is an high performance monitoring and graphing software. Jonas Genannt is maintaining the packages well and I only do review
• 20 shinken packages : a monitoring solution, compatible with nagios configuration files and written in python. Thibault Cohen is doing most of the packaging, and I give advice
• svox: The TTS from Android (unfortunately non-free because of missing or outdated sources). This is now under the Debian Accessibility Team umbrella
• kolabadmin: this is the last remaining piece from my former pkg-kolab membership (unfortunately kolab server won t be in jessie, you can help the team for Stretch)

Now that the first post is online, I will try to keep up!