What happened in the reproducible builds effort this week: Toolchain fixes Eric Dorlan uploaded automake-1.15/1:1.15-2 which makes the output of mdate-sh deterministic. Original patch by Reiner Herrmann. Kenneth J. Pronovici uploaded epydoc/3.0.1+dfsg-8 which now honors SOURCE_DATE_EPOCH. Original patch by Reiner Herrmann. Chris Lamb submitted a patch to dh-python to make the order of the generated maintainer scripts deterministic. Chris also offered a fix for a source of non-determinism in dpkg-shlibdeps when packages have alternative dependencies. Dhole provided a patch to add support for SOURCE_DATE_EPOCH to gettext. Packages fixed The following 78 packages became reproducible in our setup due to changes in their build dependencies: chemical-mime-data, clojure-contrib, cobertura-maven-plugin, cpm, davical, debian-security-support, dfc, diction, dvdwizard, galternatives, gentlyweb-utils, gifticlib, gmtkbabel, gnuplot-mode, gplanarity, gpodder, gtg-trace, gyoto, highlight.js, htp, ibus-table, impressive, jags, jansi-native, jnr-constants, jthread, jwm, khronos-api, latex-coffee-stains, latex-make, latex2rtf, latexdiff, libcrcutil, libdc0, libdc1394-22, libidn2-0, libint, libjava-jdbc-clojure, libkryo-java, libphone-ui-shr, libpicocontainer-java, libraw1394, librostlab-blast, librostlab, libshevek, libstxxl, libtools-logging-clojure, libtools-macro-clojure, litl, londonlaw, ltsp, macsyfinder, mapnik, maven-compiler-plugin, mc, microdc2, miniupnpd, monajat, navit, pdmenu, pirl, plm, scikit-learn, snp-sites, sra-sdk, sunpinyin, tilda, vdr-plugin-dvd, vdr-plugin-epgsearch, vdr-plugin-remote, vdr-plugin-spider, vdr-plugin-streamdev, vdr-plugin-sudoku, vdr-plugin-xineliboutput, veromix, voxbo, xaos, xbae. The following packages became reproducible after getting fixed:

• analog/2:6.0-21 uploaded by Andreas Beckmann, original patch by Dhole.
• base-passwd/3.5.38 uploaded by Colin Watson, original patch by Juan Picca.
• debconf/1.5.57 uploaded by Colin Watson, original patch by Lunar.
• ipband/0.8.1-4 by Mats Erik Andersson.
• kfreebsd-10/10.1~svn274115-7 by Steven Chamberlain.
• libcommons-cli-java/1.3.1-1 by tony mancill.
• libpsl/0.7.1-1 by Daniel Kahn Gillmor.
• maven-archiver/2.6-3 by Emmanuel Bourg.
• mtink/1.0.16-9 by Graham Inggs.
• ocamlweb/1.39-2 uploaded by Mehdi Dogguy, original patch by Chris Lamb.
• rbdoom3bfg/1.0.3+repack1+git20150625-1 by Tobias Frost.
• spatialite-tools/4.2.1~rc1-2 by Bas Couwenberg.
• task/2.4.4+dfsg-1 by Sebastien Badia.

Some uploads fixed some reproducibility issues but not all of them:

• bullet/2.83.4+dfsg-1 by Markus Koschany.
• cdo/1.6.6+dfsg.1-2 by Alastair McKinstry.
• fish/2.2.0-1 uploaded by Tristan Seligmann, original patch by Chris Lamb.
• sympy/0.7.6-3 by Sergey B Kirpichev.
• xtables-addons/2.7-1 uploaded by Dmitry Smirnov, original patch by Reiner Herrmann.

Patches submitted which have not made their way to the archive yet:

• #792178 on gunroar by Reiner Herrmann: use C locale when sorting source files.
• #792181 on tth by Reiner Herrmann: remove timestamps from generated HTML files.
• #792285 on pkgconf by Juan Picca: set LC_ALL=C when running sort.
• #792319 on jsmath-fonts by Chris Lamb: set TZ=UTC when calling unzip.
• #792424 on swh-plugins by Chris Lamb: sort inputs in Makefile.
• #792525 on ruby-standalone by Reiner Herrmann: use UTC and C locale when formatting the manpage date for the documentation.
• #792528 on dict-foldoc by Reiner Herrmann: use C locale when formatting the date for the documentation.
• #792529 on tomatoes by Reiner Herrmann: use date from debian/changelog in version string.
• #792593 on lives by Dhole: process a Perl hash in stable order.
• #792596 on jsmath by Dhole: set TZ=UTC when calling unzip.
• #792597 on jsmath-fonts-sprite by Dhole: set TZ=UTC when calling unzip.
• #792598 on libreoffice-canzeley-client by Dhole: set TZ=UTC when calling unzip.
• #792599 on openthesaurus by Dhole: set TZ=UTC when calling unzip.
• #792602 on fonts-stix by Dhole: set TZ=UTC when calling unzip.
• #792667 on jack-audio-connection-kit by use date from debian/changelog in manpages.
• #792668 on pyhoca-gui by remove date from package version number.
• #792671 on apertium-dbus by remove *.pyo and *.pyc from binary package.
• #792673 on bup by use date from debian/changelog when generating version strings.
• #792684 on cain by Chris Lamb: ensure stable permissions when creating source tarball.
• #792709 on dict-jargon by Dhole: set timestamp in archive using the latest entry of debian/changelog.
• #792727 on libaqbanking by Micha Lenk (upstream): sort source files in documentation.
• #792763 on docbook-dsssl by Chris Lamb: sort input files when creating changelog.
• #792770 on lynx-cur by Reiner Herrmann: use C locale when sorting configuration files.
• #792771 on mu-cade by Reiner Herrmann: use C locale when sorting source files.
• #792772 on titanion by Reiner Herrmann: use C locale when sorting source files.
• #792783 on linuxlogo by Reiner Herrmann: use C locale when sorting source files.
• #792821 on pkg-config by Juan Picca: use C locale when sorting source files.
• #792828 on tiger by Daniel Kahn Gillmor: use C locale when listing soure files.

reproducible.debian.net The statistics on the main page of reproducible.debian.net are now updated every five minutes. A random unreviewed package is suggested in the look at a package form on every build. (h01ger) A new package set based new on the Core Internet Infrastructure census has been added. (h01ger) Testing of FreeBSD has started, though no results yet. More details have been posted to the freebsd-hackers mailing list. The build is run on a new virtual machine running FreeBSD 10.1 with 3 cores and 6 GB of RAM, also sponsored by Profitbricks. strip-nondeterminism development Andrew Ayer released version 0.009 of strip-nondeterminism. The new version will strip locales from Javadoc, include the name of files causing errors, and ignore unhandled (but rare) zip64 archives. debbindiff development Lunar continued its major refactoring to enhance code reuse and pave the way to fuzzy-matching and parallel processing. Most file comparators have now been converted to the new class hierarchy. In order to support for archive formats, work has started on packaging Python bindings for libarchive. While getting support for more archive formats with a common interface is very nice, libarchive is a stream oriented library and might have bad performance with how debbindiff currently works. Time will tell if better solutions need to be found. Documentation update Lunar started a Reproducible builds HOWTO intended to explain the different aspects of making software build reproducibly to the different audiences that might have to get involved like software authors, producers of binary packages, and distributors. Package reviews 17 obsolete reviews have been removed, 212 added and 46 updated this week. 15 new bugs for packages failing to build from sources have been reported by Chris West (Faux), and Mattia Rizzolo. Presentations Lunar presented Debian efforts and some recipes on making software build reproducibly at Libre Software Meeting 2015. Slides and a video recording are available. Misc. h01ger, dkg, and Lunar attended a Core Infrastructure Initiative meeting. The progress and tools mode for the Debian efforts were shown. Several discussions also helped getting a better understanding of the needs of other free software projects regarding reproducible builds. The idea of a global append only log, similar to the logs used for Certificate Transparency, came up on multiple occasions. Using such append only logs for keeping records of sources and build results has gotten the name Binary Transparency Logs . They would at least help identifying a compromised software signing key. Whether the benefits in using such logs justify the costs need more research.

Just a litte update on the DUCK challenge: In the last week, the following packages were fixed and uploaded into unstable:

• Alastair McKinstry uploaded grip-api
• Tiago Bortoletto Vaz uploaded musescore
• Azat Khuzhin uploaded blktool
• J rg Frings-F r uploaded libmongo-client
• C dric Boutillieruploaded ruby-oauth
• Rapha l Hertzoguploaded ditaa
• Maximiliano Curia uploaded attica-f5, kdelibs4support and kactivities-kf5
• Jeremy Lain uploaded sailcut
• Axel Beckert uploaded libtext-markdown-perl
• Benjamin Drung uploaded esperanza
• Joao Eriberto Mota Filho uploaded pasco
• Heiko Stuebner uploaded libnl3

Last week we had 10 packages uploaded & fixed, the current week resulted in 15 fixed packages. So there are currently 25 packages fixed by 20 different uploaders. I really hope i can meet you all at DebConf15!! The list of the fixed and updated packages is availabe here. I will try to update this ~daily. If I missed one of your uploads, please drop me a line. A big "Thank You" to you. There is still lots of time till the end of DebConf15 and the end of the DUCK Challenge, so please get involved. And rememeber:

Debian is undertaking a huge effort to develop a reproducible builds system. I'd like to thank you for that. This could be Debian's most important project, with how badly computer security has been going.

PerniciousPunk in Reddit's Ask me anything! to Neil McGovern, DPL. What happened in the reproducible builds effort this week: Toolchain fixes More tools are getting patched to use the value of the SOURCE_DATE_EPOCH environment variable as the current time:

• libxslt in #791815 (Dhole),
• texlive-bin via upstream (#792202) (akira),
• sphinx via upstream (Dmitry Shachnev).

In the reproducible experimental toolchain which have been uploaded:

• doxygen to support SOURCE_DATE_EPOCH (akira),
• debhelper now set SOURCE_DATE_EPOCH to the time of the latest debian/changelog entry when exporting build flags, patch sent as #791823 (Dhole),
• epydoc to support SOURCE_DATE_EPOCH (Reiner Herrmann),
• texlive-bin (akira) and libxslt (Dhole) with the aforementioned support for SOURCE_DATE_EPOCH.

Johannes Schauer followed up on making sbuild build path deterministic with several ideas. Packages fixed The following 311 packages became reproducible due to changes in their build dependencies : 4ti2, alot, angband, appstream-glib, argvalidate, armada-backlight, ascii, ask, astroquery, atheist, aubio, autorevision, awesome-extra, bibtool, boot-info-script, bpython, brian, btrfs-tools, bugs-everywhere, capnproto, cbm, ccfits, cddlib, cflow, cfourcc, cgit, chaussette, checkbox-ng, cinnamon-settings-daemon, clfswm, clipper, compton, cppcheck, crmsh, cupt, cutechess, d-itg, dahdi-tools, dapl, darnwdl, dbusada, debian-security-support, debomatic, dime, dipy, dnsruby, doctrine, drmips, dsc-statistics, dune-common, dune-istl, dune-localfunctions, easytag, ent, epr-api, esajpip, eyed3, fastjet, fatresize, fflas-ffpack, flann, flex, flint, fltk1.3, fonts-dustin, fonts-play, fonts-uralic, freecontact, freedoom, gap-guava, gap-scscp, genometools, geogebra, git-reintegrate, git-remote-bzr, git-remote-hg, gitmagic, givaro, gnash, gocr, gorm.app, gprbuild, grapefruit, greed, gtkspellmm, gummiboot, gyp, heat-cfntools, herold, htp, httpfs2, i3status, imagetooth, imapcopy, imaprowl, irker, jansson, jmapviewer, jsdoc-toolkit, jwm, katarakt, khronos-opencl-man, khronos-opengl-man4, lastpass-cli, lava-coordinator, lava-tool, lavapdu, letterize, lhapdf, libam7xxx, libburn, libccrtp, libclaw, libcommoncpp2, libdaemon, libdbusmenu-qt, libdc0, libevhtp, libexosip2, libfreenect, libgwenhywfar, libhmsbeagle, libitpp, libldm, libmodbus, libmtp, libmwaw, libnfo, libpam-abl, libphysfs, libplayer, libqb, libsecret, libserial, libsidplayfp, libtime-y2038-perl, libxr, lift, linbox, linthesia, livestreamer, lizardfs, lmdb, log4c, logbook, lrslib, lvtk, m-tx, mailman-api, matroxset, miniupnpd, mknbi, monkeysign, mpi4py, mpmath, mpqc, mpris-remote, musicbrainzngs, network-manager, nifticlib, obfsproxy, ogre-1.9, opal, openchange, opensc, packaging-tutorial, padevchooser, pajeng, paprefs, pavumeter, pcl, pdmenu, pepper, perroquet, pgrouting, pixz, pngcheck, po4a, powerline, probabel, profitbricks-client, prosody, pstreams, pyacidobasic, pyepr, pymilter, pytest, python-amqp, python-apt, python-carrot, python-django, python-ethtool, python-mock, python-odf, python-pathtools, python-pskc, python-psutil, python-pypump, python-repoze.tm2, python-repoze.what, qdjango, qpid-proton, qsapecng, radare2, reclass, repsnapper, resource-agents, rgain, rttool, ruby-aggregate, ruby-albino, ruby-archive-tar-minitar, ruby-bcat, ruby-blankslate, ruby-coffee-script, ruby-colored, ruby-dbd-mysql, ruby-dbd-odbc, ruby-dbd-pg, ruby-dbd-sqlite3, ruby-dbi, ruby-dirty-memoize, ruby-encryptor, ruby-erubis, ruby-fast-xs, ruby-fusefs, ruby-gd, ruby-git, ruby-globalhotkeys, ruby-god, ruby-hike, ruby-hmac, ruby-integration, ruby-jnunemaker-matchy, ruby-memoize, ruby-merb-core, ruby-merb-haml, ruby-merb-helpers, ruby-metaid, ruby-mina, ruby-net-irc, ruby-net-netrc, ruby-odbc, ruby-ole, ruby-packet, ruby-parseconfig, ruby-platform, ruby-plist, ruby-popen4, ruby-rchardet, ruby-romkan, ruby-ronn, ruby-rubyforge, ruby-rubytorrent, ruby-samuel, ruby-shoulda-matchers, ruby-sourcify, ruby-test-spec, ruby-validatable, ruby-wirble, ruby-xml-simple, ruby-zoom, rumor, rurple-ng, ryu, sam2p, scikit-learn, serd, shellex, shorewall-doc, shunit2, simbody, simplejson, smcroute, soqt, sord, spacezero, spamassassin-heatu, spamprobe, sphinxcontrib-youtube, splitpatch, sratom, stompserver, syncevolution, tgt, ticgit, tinyproxy, tor, tox, transmissionrpc, tweeper, udpcast, units-filter, viennacl, visp, vite, vmfs-tools, waffle, waitress, wavtool-pl, webkit2pdf, wfmath, wit, wreport, x11proto-input, xbae, xdg-utils, xdotool, xsystem35, yapsy, yaz. Please note that some packages in the above list are falsely reproducible. In the experimental toolchain, debhelper exported TZ=UTC and this made packages capturing the current date (without the time) reproducible in the current test environment. The following packages became reproducible after getting fixed:

• 389-admin/1.1.42-1 uploaded by Timo Aaltonen, original patch by Chris Lamb.
• aroarfw/0.1~beta5-2 uploaded by Patrick Matth i, original patch by akira.
• clfft/2.4-2 by Ghislain Antony Vaillant.
• custom-tab-width/1.0.1-3 by Daniel Kahn Gillmor.
• debirf/0.35 uploaded by Daniel Kahn Gillmor, original patch by Chris Lamb.
• enigmail/2:1.8.2-3 by Daniel Kahn Gillmor.
• flashproxy/1.7-4 by Ximin Luo.
• getdns/0.2.0-2 by Daniel Kahn Gillmor.
• glfw3/3.1.1-1 by James Cowgill, reported by akira.
• gpgme1.0/1.5.5-3 by Daniel Kahn Gillmor.
• jzmq/3.1.0-4 by Jan Niehusmann.
• libcommons-cli-java/1.3.1-1 by tony mancill.
• liblo/0.28-5 uploaded by Felipe Sateler, original patch by akira.
• libmoe/1.5.8-2 uploaded by TANIGUCHI Takaki, original patch by Chris Lamb.
• libnet-interface-perl/1.012-2 uploaded by gregor herrmann, original patch by Chris Lamb.
• libxmlenc-java/0.52+dfsg-4 by Emmanuel Bourg.
• lintian/2.5.33 by Niels Thykier.
• litecoin/0.10.2.2-1 uploaded by Dmitry Smirnov, original patch by Chris Lamb.
• node-ws/0.7.2+ds1.349b7460-1 by Ximin Luo.
• pyevolve/0.6~rc1+svn398+dfsg-7 uploaded by Christian Kastner, original patch by Juan Picca.
• sendmail/8.14.9-3 by Andreas Beckmann.
• uthash/1.9.9.1+git20150507-2 by Ilias Tsitsimpis, report by Jakub Wilk.

Ben Hutchings upstreamed several patches to fix Linux reproducibility issues which were quickly merged. Some uploads fixed some reproducibility issues but not all of them:

• apt-dater/1.0.2-1 uploaded by Patrick Matth i, original patch by Dhole, fixed upstream by Thomas Liske.
• argyll/1.7.0+repack-4 by J rg Frings-F rst.
• grads/2:2.0.2-4 by Alastair McKinstry.
• kfreebsd-10 by Steven Chamberlain.
• mariadb-10.0/10.0.20-2 by Otto Kek l inen.
• xtel/3.3.0-18 uploaded by Samuel Thibault, original patch by Dhole.

Uploads that should fix packages not in main:

• fglrx-driver/1:15.7-1 uploaded by Patrick Matth i, fixed by Andreas Beckmann.
• pycuda/2015.1.2-1 uploaded by Tomasz Rybak, patch by Juan Picca.

Patches submitted which have not made their way to the archive yet:

• #787675 on ricochet by Daniel Kahn Gillmor: use the debian/changelog date in the manpage.
• #791648 on fish by Chris Lamb: sort header files in documentation.
• #791691 on fritzing by Chris Lamb: sort the documentation author list using the C locale.
• #791834 on bitcoin by Reiner Herrmann: sort sources files using the C locale.
• #791845 on yacas by Reiner Herrmann: sort hints using the C locale.
• #791851 on scowl by Reiner Herrmann: sort dictionary files using the C locale.
• #791913 on ceph by Chris Lamb: sort configuration file names.
• #791923 on alpine by Chris Lamb: use debian/changelog date as build date and use debian as the builder hostname.
• #791960 on leveldb by Reiner Herrmann: sort sources files using th e C locale.
• #792054 on ben by Reiner Herrmann: use debian/changelog date as bui ld date.
• #792056 on val-and-rick by Reiner Herrmann: sort sources by filenames.

reproducible.debian.net A new package set has been added for lua maintainers. (h01ger) tracker.debian.org now only shows reproducibility issues for unstable. Holger and Mattia worked on several bugfixes and enhancements: finished initial test setup for NetBSD, rewriting more shell scripts in Python, saving UDD requests, and more debbindiff development Reiner Herrmann fixed text comparison of files with different encoding. Documentation update Juan Picca added to the commands needed for a local test chroot installation of the locales-all package. Package reviews 286 obsolete reviews have been removed, 278 added and 243 updated this week. 43 new bugs for packages failing to build from sources have been filled by Chris West (Faux), Mattia Rizzolo, and h01ger. The following new issues have been added: timestamps_in_manpages_generated_by_ronn, timestamps_in_documentation_generated_by_org_mode, and timestamps_in_pdf_generated_by_matplotlib. Misc. Reiner Herrmann has submitted patches for OpenWrt. Chris Lamb cleaned up some code and removed cruft in the misc.git repository. Mattia Rizzolo updated the prebuilder script to match what is currently done on reproducible.debian.net.

After announcing the DUCK challenge last week the following packages were fixed and uploaded into unstable:

• Daniel Kahn Gillmor uploaded assword
• Joachim Breitner uploaded haskell-glob
• Michael Prokop uploaded xmount
• Florian Schlichting uploaded libhtml-lint-perl and libhtml-wikiconverter-perl
• Maximiliano Curia uploaded kdeplasma-addons
• Nicolas Schier uploaded sleepenh
• Alastair McKinstry uploaded libdap
• Mart n Ferrariuploaded golang-procfs and golang-gingko

A big "Thank You" to you. The list of the fixed and updated packages is availabe here. I will try to update this ~daily. If I missed one of your uploads, please drop me a line. There is still lots of time till the end of DebConf15 and the end of the DUCK Challenge, so please get involved.

What happened about the reproducible builds effort this week: Media coverage Daniel Stender published an English translation of the article which originally appeared in Linux Magazin in Admin Magazine. Toolchain fixes Fixes landed in the Debian archive:

• Lunar uploaded docbook-to-man/1:2.0.0-34 which removes a timestamp in generated manpages. Original patch by Chris Lamb.
• Stefano Rivera uploaded dh-python/1.20150628-1 which now sorts namespace files. Original patch by Chris Lamb.
• Christian Hofstaedtler uploaded ruby2.2/2.2.2-2 which now uses UTC for the dates in gemspec files. Original patch by Chris Lamb.

Lunar submitted to Debian the patch already sent upstream adding a --clamp-mtime option to tar. Patches have been submitted to add support for SOURCE_DATE_EPOCH to txt2man (Reiner Herrmann), epydoc (Reiner Herrmann), GCC (Dhole), and Doxygen (akira). Dhole uploaded a new experimental debhelper to the reproducible repository which exports SOURCE_DATE_EPOCH. As part of the experiment, the patch also sets TZ to UTC which should help with most timezone issues. It might still be problematic for some packages which would change their settings based on this. Mattia Rizzolo sent upstream a patch originally written by Lunar to make the generate-id() function be deterministic in libxslt. While that patch was quickly rejected by upstream, Andrew Ayer came up with a much better one which sadly could have some performance impact. Daniel Veillard replied with another patch that should be deterministic in most cases without needing extra data structures. It's impact is currently being investigated by retesting packages on reproducible.debian.net. akira added a new option to sbuild for configuring the path in which packages are built. This will be needed for the srebuild script. Niko Tyni asked Perl upstream about it using the __DATE__ and __TIME__ C processor macros. Packages fixed The following 143 packages became reproducible due to changes in their build dependencies: alot, argvalidate, astroquery, blender, bpython, brian, calibre, cfourcc, chaussette, checkbox-ng, cloc, configshell, daisy-player, dipy, dnsruby, dput-ng, dsc-statistics, eliom, emacspeak, freeipmi, geant321, gpick, grapefruit, heat-cfntools, imagetooth, jansson, jmapviewer, lava-tool, libhtml-lint-perl, libtime-y2038-perl, lift, lua-ldoc, luarocks, mailman-api, matroxset, maven-hpi-plugin, mknbi, mpi4py, mpmath, msnlib, munkres, musicbrainzngs, nova, pecomato, pgrouting, pngcheck, powerline, profitbricks-client, pyepr, pylibssh2, pylogsparser, pystemmer, pytest, python-amqp, python-apt, python-carrot, python-crypto, python-darts.lib.utils.lru, python-demgengeo, python-graph, python-mock, python-musicbrainz2, python-pathtools, python-pskc, python-psutil, python-pypump, python-repoze.sphinx.autointerface, python-repoze.tm2, python-repoze.what-plugins, python-repoze.what, python-repoze.who-plugins, python-xstatic-term.js, reclass, resource-agents, rgain, rttool, ruby-aggregate, ruby-archive-tar-minitar, ruby-bcat, ruby-blankslate, ruby-coffee-script, ruby-colored, ruby-dbd-mysql, ruby-dbd-odbc, ruby-dbd-pg, ruby-dbd-sqlite3, ruby-dbi, ruby-dirty-memoize, ruby-encryptor, ruby-erubis, ruby-fast-xs, ruby-fusefs, ruby-gd, ruby-git, ruby-globalhotkeys, ruby-god, ruby-hike, ruby-hmac, ruby-integration, ruby-ipaddress, ruby-jnunemaker-matchy, ruby-memoize, ruby-merb-core, ruby-merb-haml, ruby-merb-helpers, ruby-metaid, ruby-mina, ruby-net-irc, ruby-net-netrc, ruby-odbc, ruby-packet, ruby-parseconfig, ruby-platform, ruby-plist, ruby-popen4, ruby-rchardet, ruby-romkan, ruby-rubyforge, ruby-rubytorrent, ruby-samuel, ruby-shoulda-matchers, ruby-sourcify, ruby-test-spec, ruby-validatable, ruby-wirble, ruby-xml-simple, ruby-zoom, ryu, simplejson, spamassassin-heatu, speaklater, stompserver, syncevolution, syncmaildir, thin, ticgit, tox, transmissionrpc, vdr-plugin-xine, waitress, whereami, xlsx2csv, zathura. The following packages became reproducible after getting fixed:

• ansible/1.9.2+dfsg-1 by Harlan Lieberman-Berg.
• antpm/1.16-9 uploaded by Kristof Ralovich, original patch by Dhole.
• ccseapps/2.5-6 by Alastair McKinstry.
• clblas/2.4-2 uploaded by Ghislain Antony Vaillant, original patch by akira.
• dictionaries-common/1.26.1 by Agustin Martin Domingo.
• djvulibre/3.5.27.1-2 uploaded by Barak A. Pearlmutter, original patch by Dhole.
• exim4/4.86~RC4-1 by Andreas Metzler.
• geis/2.2.17-1 uploaded by Stephen M. Webb, original patch by akira.
• guymager/0.7.4-2 uploaded by Michael Prokop, original patch by Reiner Herrman.
• irrlicht/1.8.1+dfsg1-2 uploaded by Vincent Cheng, original patch by akira.
• ismrmrd/1.2.3-2 by Ghislain Antony Vaillant.
• ispell-et/1:20030606-24 by Agustin Martin Domingo.
• jacktrip/1.1~repack-1 uploaded by IOhannes m zm lnig, original patch by akira.
• ksshaskpass/4:5.3.1-1 by Maximiliano Curia, report by Daniel Kahn Gillmor.
• libencode-jis2k-perl/0.03-1 by gregor herrmann.
• libosmium/2.1.0-4 by Bas Couwenberg.
• libzorpll/3.9.4.1-2 by SZALAY Attila.
• linop/0.8.2-3 uploaded by Ghislain Antony Vaillant, original patch by Juan Picca.
• lmdb/0.9.15-1 uploaded by Ond ej Sur , original patch by akira.
• manuel/1.8.0-3 by Daniel Stender.
• nss-wrapper/1.0.3-3 by Jakub Wilk.
• orthanc/0.9.0+dfsg-1 prepared by Sebastien Jodogne, issues fixed in upstream version.
• osmcoastline/2.0.1-2 by Bas Couwenberg.
• osmium-tool/1.0.1-2 uploaded by Bas Couwenberg, original patch by Chris Lamb.
• pelican/3.6.0-4 uploaded by Vincent Cheng, original patch by Chris Lamb.
• py-lmdb/0.86-1 uploaded by Robert Edmonds, original patch by Chris Lamb.
• python-pysqlite2/2.6.3-4 uploaded by Joel Rosdahl, original patch by Juan Picca.
• stx-btree/0.9-2 uploaded by Yury Stankevich, original patch by akira.
• wxwidgets3.0/3.0.2+dfsg-1 by Olly Betts.
• y-u-no-validate/2013052401-4 by Jakub Wilk.
• yudit/2.9.6-4 uploaded by Hideki Yamane, original patch by Chris Lamb.

Some uploads fixed some reproducibility issues but not all of them:

• cdo/1.6.6+dfsg.1-1 uploaded by Alastair McKinstry.
• dsdo/1.6.36-6 by Agustin Martin Domingo.
• liboro-java/2.0.8a-11 by Emmanuel Bourg.
• simgrid/3.11.1-10 uploaded by Martin Quinson, original patch by akira.

Patches submitted which have not made their way to the archive yet:

• #790357 on clanlib by Chris Lamb: sort keys from Perl hash when generating documentation.
• #790374 on oxygen-icons by Dhole: removes the timestamps from the the generated png icons and make symlink deduplication deterministic
• #790380 on gearmand by Chris Lamb: don't package unreproducible example files
• #790387 on kbtin by Chris Lamb: use UTC timezone when fixing manual date
• #790389 on xtrkcad by Chris Lamb use time of latest debian/changelog entry as build date
• #790410 on pyke by Chris Lamb: use C locale for time strings
• #790503 on libnet-interface-perl by Chris Lamb: sort Perl hash keys when generating C code
• #790696 on python-pygraphviz by Chris Lamb: set documentation date for Sphinx.
• #790697 on python-repoze.who by Chris Lamb: set documentation date for Sphinx.
• #790741 on libapache-poi-java by Chris Lamb: set build stamp to time of latest debian/changelog entry.
• #790763 on openchange by Chris Lamb: use UTC when writing timestamp in manpage.
• #790783 on jargon-text by Daniel Kahn Gillmor: set C.UTF-8 as locate to always output unicode when converting HTML to text.
• #791423 on linuxtv-dvb-apps by Reiner Herrmann: set LC_ALL to C before sorting #defines..

reproducible.debian.net A new package set for the X Strike Force has been added. (h01ger) Bugs tagged with locale are now visible in the statistics. (h01ger) Some work has been done add tests for NetBSD. (h01ger) Many changes by Mattia Rizzolo have been merged on the whole infrastructure:

• IRC notifications when known reproducible packages stops buildig successfully.
• Packages marked ftbfs_due_to_obsolete_dependencies now appears as FTBFS on the package tracker.
• When listing packages affected by an issue, packages without bugs are grouped together, making it easier to spot the ones who requires work.
• Both build logs are now saved separately. A diff between the two files is available.
• The text output of debbindiff is now available as well for easier search and reports.
• Build logs and debbindiff output are now stored compressed with gzip.
• The builder used for a given test is now recorded in the database.
• The manual scheduler available from Alioth gained new options:
  • -i/--issues: schedule all packages affected by the given issue.
  • -r/--status: schedule all packages with the given status.
  • -b/--before: schedule all packages built before the given date
  • -t/--after: schedule all packages built after the given date.
  • --noisy: notify the IRC channel also when the build starts, with a URL to watch it in real time.

debbindiff development Version 26 has been released on June 28th fixing the comparison of files of unknown format. (Lunar) A missing dependency identified in python-rpm affecting debbindiff installation without recommended packages was promptly fixed by Michal iha . Lunar also started a massive code rearchitecture to enhance code reuse and enable new features. Nothing visible yet, though. Documentation update josch and Mattia Rizzolo documented how to reschedule packages from Alioth. Package reviews 142 obsolete reviews have been removed, 344 added and 107 updated this week. Chris West (Faux) filled 13 new bugs for packages failing to build from sources. The following new issues have been added: snapshot_placeholder_replaced_with_timestamp_in_pom_properties, different_encoding, timestamps_in_documentation_generated_by_org_mode and timestamps_in_pdf_generated_by_matplotlib.

What happened about the reproducible builds effort this week: Toolchain fixes Norbert Preining uploaded texinfo/6.0.0.dfsg.1-2 which makes texinfo indices reproducible. Original patch by Chris Lamb. Lunar submitted recently rebased patches to make the file order of files inside .deb stable. akira filled #789843 to make tex4ht stop printing timestamps in its HTML output by default. Dhole wrote a patch for xutils-dev to prevent timestamps when creating gzip compresed files. Reiner Herrmann sent a follow-up patch for wheel to use UTC as timezone when outputing timestamps. Mattia Rizzolo started a discussion regarding the failure to build from source of subversion when -Wdate-time is added to CPPFLAGS which happens when asking dpkg-buildflags to use the reproducible profile. SWIG errors out because it doesn't recognize the aforementioned flag. Trying to get the .buildinfo specification to more definitive state, Lunar started a discussion on storing the checksums of the binary package used in dpkg status database. akira discovered while proposing a fix for simgrid that CMake internal command to create tarballs would record a timestamp in the gzip header. A way to prevent it is to use the GZIP environment variable to ask gzip not to store timestamps, but this will soon become unsupported. It's up for discussion if the best place to fix the problem would be to fix it for all CMake users at once. Infrastructure-related work Andreas Henriksson did a delayed NMU upload of pbuilder which adds minimal support for build profiles and includes several fixes from Mattia Rizzolo affecting reproducibility tests. Neils Thykier uploaded lintian which both raises the severity of package-contains-timestamped-gzip and avoids false positives for this tag (thanks to Tomasz Buchert). Petter Reinholdtsen filled #789761 suggesting that how-can-i-help should prompt its users about fixing reproducibility issues. Packages fixed The following packages became reproducible due to changes in their build dependencies: autorun4linuxcd, libwildmagic, lifelines, plexus-i18n, texlive-base, texlive-extra, texlive-lang. The following packages became reproducible after getting fixed:

• 0xffff/6.1-3 uploaded by Sebastian Reichel, original patch by Dhole.
• fusionforge/6.0-1 uploaded by Roland Mas and fixed upstream.
• geis/2.2.17-1 uploaded by Stephen M. Webb, original patch by akira.
• gramadoir/0.7-3 uploaded by Alastair McKinstry, original patch by Chris Lamb.
• ht/2.1.0-1 by Anton Gladky.
• ispell-fo/0.4.2-8 by Agustin Martin Domingo.
• ispell-gl/0.5-42 by Agustin Martin Domingo.
• libosmium by Bas Couwenberg.
• maven-dependency-analyzer/1.4-1 by Emmanuel Bourg.
• migrate/0.9.6-2 uploaded by Thomas Goirand, original patch by Juan Picca.
• mustache-java/0.8.17-3 by Miguel Landaeta.
• myspell-pt-br/20131030-6 by Agustin Martin Domingo.
• myspell.pt/20091013-9 by Agustin Martin Domingo.
• nss-wrapper/1.0.3-3 by Jakub Wilk.
• osmcoastline by Bas Couwenberg.
• osmium-tool/1.0.1-2 uploaded by Bas Couwenberg, original patch by Chris Lamb.
• python-gmpy2/2.0.5-1 by Martin Kelly.
• python-pathlib/1.0.1-2 uploaded by Frank Brehm, original patch by Reiner Herrmann
• python-pysaml2/2.4.0-2 uploaded by Thomas Goirand, original patch by Juan Picca.
• python-pysqlite2 uploaded by Joel Rosdahl, original patch by Juan Picca.
• python-scrapy/1.0.0-1 uploaded by Yaroslav Halchenko, original patch by Juan Picca.
• softcatala-spell/0.20111230b-9 by Agustin Martin Domingo.
• tempest/4-2 uploaded by Thomas Goirand, original patch by Juan Picca.
• tiptop/2.2-3 by Tomasz Buchert.
• ucl/1.03+repack-3 by Robert Luberda.
• welcome2l/3.04-26 by Robert Luberda.
• xuxen-eu-spell/0.4.20081029-11 by Agustin Martin Domingo.
• y-u-no-validate/2013052401-4 uploaded by Jakub Wilk, original patch by Chris Lamb.

Some uploads fixed some reproducibility issues but not all of them:

• camitk/3.4.0-2 by Emmanuel Promayon.
• mariadb-10.0/10.0.20-1 by Otto Kek l inen.
• mathjax-docs/2.5+20150518-1 uploaded by Dmitry Shachnev, original patch by Juan Picca.
• wxwidgets3.0/3.0.2-2 by Olly Betts.

Untested uploaded as they are not in main:

• nvidia-persistenced/352.21-1 by Andreas Beckmann.
• nvidia-modprobe/349.16-1 by Andreas Beckmann.

Patches submitted which have not made their way to the archive yet:

• #789648 on apt-dater by Dhole: allow the build date to be set externally and set it to the time of the latest debian/changelog entry.
• #789715 on simgrid by akira: fix doxygen and patch CMakeLists.txt to give GZIP=-n for tar.
• #789728 on aegisub by Juan Picca: get rid of __DATE__ and __TIME__ macros.
• #789747 on dipy by Juan Picca: set documentation date for Sphinx.
• #789748 on jansson by Juan Picca: set documentation date for Sphinx.
• #789799 on tmexpand by Chris Lamb: remove timestamps, hostname and username from the build output.
• #789804 on libevocosm by Chris Lamb: removes generated files which include extra information about the build environment.
• #789963 on qrfcview by Dhole: removes the timestamps from the the generated PNG icon.
• #789965 on xtel by Dhole: removes extra timestamps from compressed files by gzip and from the PNG icon.
• #790010 on simbody by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790023 on stx-btree by akira: pass HTML_TIMESTAMP=NO to Doxygen.
• #790034 on siscone by akira: removes $datetime from footer.html used by Doxygen.
• #790035 on thepeg by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790072 on libxray-spacegroup-perl by Chris Lamb: set $Storable::canonical = 1 to make space_groups.db.PL output deterministic.
• #790074 on visp by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790081 on wfmath by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790082 on wreport by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790088 on yudit by Chris Lamb: removes timestamps from the build system by passing a static comment.
• #790122 on clblas by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790133 on dcmtk by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790139 on glfw3 by akira: patch for Doxygen timestamps further improved by James Cowgill by removing $datetime from the footer.
• #790228 on gtkspellmm by akira: set HTML_TIMESTAMP=NO in Doxygen configuration.
• #790232 on ucblogo by Reiner Herrmann: set LC_ALL to C before sorting.
• #790235 on basemap by Juan Picca: set documentation date for Sphinx.
• #790258 on guymager by Reiner Herrmann: use the date from the latest debian/changelog as build date
• #790309 on pelican by Chris Lamb: removes useless (and unreproducible) tests.

debbindiff development debbindiff/23 includes a few bugfixes by Helmut Grohne that result in a significant speedup (especially on larger files). It used to exhibit the quadratic time string concatenation antipattern. Version 24 was released on June 23rd in a hurry to fix an undefined variable introduced in the previous version. (Reiner Herrmann) debbindiff now has a test suite! It is written using the PyTest framework (thanks Isis Lovecruft for the suggestion). The current focus has been on the comparators, and we are now at 93% of code coverage for these modules. Several problems were identified and fixed in the process: paths appearing in output of javap, readelf, objdump, zipinfo, unsqusahfs; useless MD5 checksum and last modified date in javap output; bad handling of charsets in PO files; the destination path for gzip compressed files not ending in .gz; only metadata of cpio archives were actually compared. stat output was further trimmed to make directory comparison more useful. Having the test suite enabled a refactoring of how comparators were written, switching from a forest of differences to a single tree. This helped removing dust from the oldest parts of the code. Together with some other small changes, version 25 was released on June 27th. A follow up release was made the next day to fix a hole in the test suite and the resulting unidentified leftover from the comparator refactoring. (Lunar) Documentation update Ximin Luo improved code examples for some proposed environment variables for reference timestamps. Dhole added an example on how to fix timestamps C pre-processor macros by adding a way to set the build date externally. akira documented her fix for tex4ht timestamps. Package reviews 94 obsolete reviews have been removed, 330 added and 153 updated this week. Hats off for Chris West (Faux) who investigated many fail to build from source issues and reported the relevant bugs. Slight improvements were made to the scripts for editing the review database, edit-notes and clean-notes. (Mattia Rizzolo) Meetings A meeting was held on June 23rd. Minutes are available. The next meeting will happen on Tuesday 2015-07-07 at 17:00 UTC. Misc. The Linux Foundation announced that it was funding the work of Lunar and h01ger on reproducible builds in Debian and other distributions. This was further relayed in a Bits from Debian blog post.

<p>Dear #Debian <a href="/tags/Ruby" class="tag">#Ruby</a> programmers,</p> <p>How do I, within Debian, update Ruby Gems?<br> I need to update to a version of rubygems &gt; 1.8.11, on a machine running Debian stable. (This is not unrelated to the broken blog entries with bad html formatting you may have seen recently on Debian Planet).</p> <p>rubygems.org recommends &quot;gem update --system&quot;. <br> This issues a warning on Debian, which can be bypassed by setting an env variable. But then this installs stuff in &#47;usr&#47;local, and my Ruby stuff fails to find &#39;bundle&#39; etc. which is in &#47;var&#47;lib&#47;gems on Debian.</p> <p>So how do I update gems on debian stable?</p> <p>(* I am only running 1 Ruby application on the machine in question, and don&#39;t mind that the gems are out-of-sync with Debian gems).</p> <p>(mckinstry@debian.org please if you have an answer).</p>

<p>Why does it not occur to coffee machine makers that their users are probably caffeine-deprived and need simple controls ?</p>

<p><a href="http://www.physorg.com/news/2011-12-debunks-myths-gender-%0Amath.html">Study debunks myths about gender and math performance</a></p> <p><a href="/tags/math" class="tag">#math</a> , <a href="/tags/gender" class="tag">#gender</a>, <a href="/tags/physorg" class="tag">#physorg</a></p> <blockquote> <p>A major study of recent international data on school mathematics performance casts doubt on some common assumptions about gender and math achievement in particular, the idea that girls and women have less ability due to a difference in biology.</p> <p>&quot;We found that boys as well as girls tend to do better in math when raised in countries where females have better equality, and that&#39;s new and important,&quot; says Kane. &quot;It makes sense that when women are well-educated and earn a good income, the math scores of their children of both genders benefit.&quot;</p> <p>Mertz adds, &quot;Many folks believe gender equity is a win-lose zero-sum game: If females are given more, males end up with less. Our results indicate that, at least for math achievement, gender equity is a win-win situation.&quot;</p> </blockquote>

<p><a href="/tags/occupy" class="tag">#occupy</a> <a href="/tags/ows" class="tag">#ows</a></p>

From a comment by Brad K at Causon&#39;s Book: It is a couple of days old now, so I imagine you have seen this. One hedge broker for grain and cattle, Barnhardt Capital Management (http://barnhardt.biz/) has called it quits. Most agribusiness deals with futures and options on their crops to make a good part of their annual income. According to Ann: &quot;The reason for my decision to pull the plug was excruciatingly simple: I could no longer tell my clients that their monies and positions were safe in the futures and options markets because they are not. And this goes not just for my clients, but for every futures and options account in the United States. The entire system has been utterly destroyed by the MF Global collapse. &quot; Interesting times. As the global financial system (not just banks) is wobbling, we need to ensure the food supplies. Time to plant veg and stock up on tins?

Thanks to Ken MacLeod.

Never Again I grew up in the era of old men at Church, wearing poppies and their medals this time of year, in commemoration of their friends and neighbours who had died in the Great War. On the 11 November, they would remember the Armistice, those who had died, and with silence respect the promise that it be the War to End All Wars. Because for them this was not an ironical phrase, but a promise betrayed; that Never Again should this happen. As the last of those men have died, the commemorations of the Armistice have been insidiously hijacked, and using &#39;honouring our troops&#39;, those who never had to see their brothers drown in the mud at Passchendale have moved from &#39;Never Again&#39; to &#39;Always Ready&#39;, always ready to fight, always read to go to war. As a pacifist I have always felt uneasy about war commemorations. But it is all too late that I realise why I never really had a problem with those who fought in the war, and never talked of its horrors. Its those for whom the commemoration is a time for fine speeches, then back to the office to prepare for the next war that I despise. Never again.

Censoring the Frozen Planet The Guardian reports on Discovery&#39;s decision not to screen the climate change episode in the US is an injustice to the startling beauty on show during the series. #censorship, #climatechange

#Occupy Oakland evicted but .. &quot;Bam. We&#39;re back at Oscar Grant Plaza. They spent half a milion dollars to evict us, only to figure out that we won&#39;t quit. 2500 people here. Holding General Assembly.&quot;

Avoid Evil Social Networks This is a test of a patch for the public atom feed from Diaspora*. If all is going well, the title in the web page should be h4 and a link, but plain text in the atom feed. And there should be links in the text. Well, the atom feed looked fine in vim for me. I recommend looking at Charlie Stross&#39;s latest post. Its about the evils of Klout, and how it is almost certainly illegal in Europe due to its very flagrant abuses of &quot;clients&quot; privacy.

Testing with Links How about links?. And a youtube link http://www.youtube.com/watch?v=vP4QTyVQTUo

Bike Scheme for Galway From the Galway Advertiser: Galway has emerged as a frontrunner in terms of its suitability for the introduction of a public bike scheme, similar to that already in action in Dublin, and which could see the setting up of 23 docking stations for 250 public bikes across the city at a estimated cost of 1.55 million. Tags: #Galway, #cycling

The medieval, unaccountable Corporation of London is ripe for protest George Monbiot the Guardian.co.uk, on the unreal #politics of London. A place worth #protesting.

I'm building a debian package, CDAT. The latest version 6.0.alpha uses CMAKE to build, rather than configure. The trouble is that CMake doesn't build. It doesn't even fail.

$ mkdir build
$ cd build
$ cmake ..
()-- Configuring done
-- Generating done
-- Build files have been written to: /home/amckinstry/deb-packages /cdat/cdat-6.0.alpha/build
$ make
$

The problem is, 'make' does nothing. A Makefile is generated by CMake, which calls cmake which calls make again on ./CMakeFiles/Makefile2 ... which does nothing useful. Apparently the CMake is supposed to put useful stuff in there, but doesn't. What puts stuff into Makefile2, and where should I pick up the bugs trail? Tags lazyweb, cmake, debian