Search Results: "Alessandro Ghedini"

15 September 2017

Chris Lamb: Which packages on my system are reproducible?

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users. The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced either maliciously or accidentally during this compilation process. As part of this project I wrote a script to determine which packages installed on your system are "reproducible" or not:
$ apt install devscripts
[ ]
$ reproducible-check
[ ]
W: subversion (1.9.7-2) is unreproducible (libsvn-perl, libsvn1, subversion) <>
W: taglib (1.11.1+dfsg.1-0.1) is unreproducible (libtag1v5, libtag1v5-vanilla) <>
W: tcltk-defaults (8.6.0+9) is unreproducible (tcl, tk) <>
W: tk8.6 (8.6.7-1) is unreproducible (libtk8.6, tk8.6) <>
W: valgrind (1:3.13.0-1) is unreproducible <>
W: wavpack (5.1.0-2) is unreproducible (libwavpack1) <>
W: x265 (2.5-2) is unreproducible (libx265-130) <>
W: xen (4.8.1-1+deb9u1) is unreproducible (libxen-4.8, libxenstore3.0) <>
W: xmlstarlet (1.6.1-2) is unreproducible <>
W: xorg-server (2:1.19.3-2) is unreproducible (xserver-xephyr, xserver-xorg-core) <>
282/4494 (6.28%) of installed binary packages are unreproducible.
Whether a package is "reproducible" or not is determined by querying the Debian Reproducible Builds testing framework.

The --raw command-line argument lets you play with the data in more detail. For example, you can see who maintains your unreproducible packages:
$ reproducible-check --raw   dd-list --stdin
Alec Leamas <>
   lirc (U)
Alessandro Ghedini <>
Alessio Treglia <>
   fluidsynth (U)
   libsoxr (U)
[ ]

reproducible-check is available in devscripts since version 2.17.10, which landed in Debian unstable on 14th September 2017.

20 June 2015

Lunar: Reproducible builds: week 5 in Stretch cycle

What happened about the reproducible builds effort for this week: Toolchain fixes Uploads that should help other packages: Patch submitted for toolchain issues: Some discussions have been started in Debian and with upstream: Packages fixed The following 8 packages became reproducible due to changes in their build dependencies: access-modifier-checker, apache-log4j2, jenkins-xstream, libsdl-perl, maven-shared-incremental, ruby-pygments.rb, ruby-wikicloth, uimaj. The following packages became reproducible after getting fixed: Some uploads fixed some reproducibility issues but not all of them: Patches submitted which did not make their way to the archive yet: Discussions that have been started: Holger Levsen added two new package sets: pkg-javascript-devel and pkg-php-pear. The list of packages with and without notes are now sorted by age of the latest build. Mattia Rizzolo added support for email notifications so that maintainers can be warned when a package becomes unreproducible. Please ask Mattia or Holger or in the #debian-reproducible IRC channel if you want to be notified for your packages! strip-nondeterminism development Andrew Ayer fixed the gzip handler so that it skip adding a predetermined timestamp when there was none. Documentation update Lunar added documentation about mtimes of file extracted using unzip being timezone dependent. He also wrote a short example on how to test reproducibility. Stephen Kitt updated the documentation about timestamps in PE binaries. Documentation and scripts to perform weekly reports were published by Lunar. Package reviews 50 obsolete reviews have been removed, 51 added and 29 updated this week. Thanks Chris West and Mathieu Bridon amongst others. New identified issues: Misc. Lunar will be talking (in French) about reproducible builds at Pas Sage en Seine on June 19th, at 15:00 in Paris. Meeting will happen this Wednesday, 19:00 UTC.

15 December 2013

Alessandro Ghedini: Building Debian packages using Linux namespaces

In the past few days I have been messing around with Linux namespaces, and developed a little tool (pflask) that automates the creation of simple Linux containers based on them (a sort of chroot(8) on steroids if you will). While the whole raison d' tre behind this project was "just because", and many more mature solutions exist, I decided that it'd be nice to find an actual use case for this (otherwise I tend to lose interest pretty quickly) so I wrote a lil (and rather dumb) pbuilder clone that uses pflask instead of chroot. The nice thing about pflask is that, differently from e.g. LXC, it doesn't need any pre-configuration and can be used directly on a vanilla debootstrap(8)ed Debian system:
$ sudo mkdir -p /var/cache/pflask
$ sudo debootstrap --variant=buildd $DIST /var/cache/pflask/base-$DIST-$ARCH
Where $DIST and $ARCH are e.g. unstable and amd64. Once that's done just run pflask-debuild on the package sources:
$ apt-get source somepackage
$ cd somepackage-XYX
$ pflask-debuild
The script will take care of creating a new container, chroot(2)ing into it, installing all the required dependencies, building and signing the package (it also runs lintian!). The main difference from pbuilder is that pflask will mount a copy-on-write filesystem (using AuFS) on the / of the container so that any modification (e.g. installation of packages) can be easily discarded once the container terminates (similarly to what cowbuilder(8) does, modulo the hardlinks hack). Additionally, thanks to the mount namespace created inside the container, all of this will be isolated from the host system and other containers, so that multiple packages can be built simultaneously on the same base debootstrapped directory. Another possibility would be that of disabling the network inside the container using a network namespace, in order to prevent the package build system from downloading stuff from Internet while at the same time maintaining the network active on the host system, but I haven't done any experiment in this direction yet. Note though that all of this is rather crude and experimental, but as a little hack it seems to work rather well (YMMV).

10 June 2012

Alessandro Ghedini: Ecasound 2.9.0 with LV2 support in unstable

A few hours ago I uploaded ecasound 2.9.0, which brings, among other things, support for LV2 plugins and a few new commands for the interactive mode. Enjoy :)

25 April 2012

Alessandro Ghedini: Rakudo Perl 6 2012.01 uploaded to unstable

I ve uploaded yesterday the rakudo package version 0.1~2012.01-1 to unstable. It ships the Rakudo upstream release from January, running on top of the Parrot stable release 4.0.0 (which was uploaded earlier). Rakudo is a compiler that implements the Perl 6 specification and runs on top of the Parrot virtual machine (if you are interested on Perl 6 you may have a look at some nice articles, and at the talk of Damian Conway, about Perl 6). This is the first upload since a few months, and the first release being uploaded to Debian based on the nom (New Object Model) development branch of Rakudo, which opened the door for substantial performance improvements. This release brings other nice things too, such as the support for meta-programming, better package and exception handling and more. The latest upstream release 2012.04 (which brings, among other things, improvements in startup times thanks to bounded serialization) has been released a few days ago and uses the new Parrot stable release 4.3.0 (which has been released about a week ago), so we hope to test and upload both in time for the Wheezy freeze (and hopefully we ll be a bit more timely for future updates too).

1 April 2012

Gregor Herrmann: RC bugs 2012/13

due to some new incoming RC bugs, this week was more devoted to fixing bugs in "our" (= the Debian Perl Group's) packages. here's the list:

18 March 2012

Gregor Herrmann: RC bugs 2012/10-11

since I was travelling in the pre-ultimate week for a few days, there was no report about my RC bugs fixing activities. so here we go with an overview covering two weeks:

20 November 2011

Gregor Herrmann: RC bugs 2011/46

as expected this week was characterised by fixing bugs around the perl 5.14 transition. besides that I've also uploaded a couple of NMUs with patches kindly provided in the BTS by some tireless bug fixers.