What happened in the
reproducible
builds effort this week:
Toolchain fixes
Niko Tyni wrote a new
patch adding support for
SOURCE_DATE_EPOCH in
Pod::Man. This would complement or replace the previously implemented
POD_MAN_DATE environment variable in a more generic way.
Niko Tyni
proposed a fix to prevent
mtime variation in directories due to
debhelper usage of
cp --parents -p.
Packages fixed
The following 119 packages became reproducible due to changes in their
build dependencies:
aac-tactics,
aafigure,
apgdiff,
bin-prot,
boxbackup,
calendar,
camlmix,
cconv,
cdist,
cl-asdf,
cli-common,
cluster-glue,
cppo,
cvs,
esdl,
ess,
faucc,
fauhdlc,
fbcat,
flex-old,
freetennis,
ftgl,
gap,
ghc,
git-cola,
globus-authz-callout-error,
globus-authz,
globus-callout,
globus-common,
globus-ftp-client,
globus-ftp-control,
globus-gass-cache,
globus-gass-copy,
globus-gass-transfer,
globus-gram-client,
globus-gram-job-manager-callout-error,
globus-gram-protocol,
globus-gridmap-callout-error,
globus-gsi-callback,
globus-gsi-cert-utils,
globus-gsi-credential,
globus-gsi-openssl-error,
globus-gsi-proxy-core,
globus-gsi-proxy-ssl,
globus-gsi-sysconfig,
globus-gss-assist,
globus-gssapi-error,
globus-gssapi-gsi,
globus-net-manager,
globus-openssl-module,
globus-rsl,
globus-scheduler-event-generator,
globus-xio-gridftp-driver,
globus-xio-gsi-driver,
globus-xio,
gnome-control-center,
grml2usb,
grub,
guilt,
hgview,
htmlcxx,
hwloc,
imms,
kde-l10n,
keystone,
kimwitu++,
kimwitu-doc,
kmod,
krb5,
laby,
ledger,
libcrypto++,
libopendbx,
libsyncml,
libwps,
lprng-doc,
madwimax,
maria,
mediawiki-math,
menhir,
misery,
monotone-viz,
morse,
mpfr4,
obus,
ocaml-csv,
ocaml-reins,
ocamldsort,
ocp-indent,
openscenegraph,
opensp,
optcomp,
opus,
otags,
pa-bench,
pa-ounit,
pa-test,
parmap,
pcaputils,
perl-cross-debian,
prooftree,
pyfits,
pywavelets,
pywbem,
rpy,
signify,
siscone,
swtchart,
tipa,
typerep,
tyxml,
unison2.32.52,
unison2.40.102,
unison,
uuidm,
variantslib,
zipios++,
zlibc,
zope-maildrophost.
The following packages became reproducible after getting fixed:
Packages which could not be tested:
Some uploads fixed some reproducibility issues but not all of them:
Patches submitted which have not made their way to the archive yet:
Lunar reported that
test strings depend on default character encoding of the build system in
ongl.
reproducible.debian.net
The 189 packages composing the Arch Linux core repository are
now being tested. No packages are currently reproducible, but most of the time the difference is limited to metadata. This has already gained some interest in the Arch Linux community.
An explicit log message is now visible when a build has been killed due to the 12 hours timeout. (h01ger)
Remote build setup has been made more robust and self maintenance has been further improved. (h01ger)
The minimum age for rescheduling of already tested
amd64 packages has been lowered from 14 to 7 days, thanks to the increase of hardware resources sponsored by
ProfitBricks last week. (h01ger)
diffoscope development
diffoscope version 37 has been released on October 15th. It adds support for two new file formats (CBFS images and Debian
.dsc files). After proposing the required changes to
TLSH, fuzzy hashes are now computed incrementally. This will avoid reading entire files in memory which caused problems for large packages.
New tests have been added for the command-line interface. More character encoding issues have been fixed. Malformed
md5sums will now be compared as binary files instead of making diffoscope crash amongst several other minor fixes.
Version 38 was released two days later to fix the versioned dependency on
python3-tlsh.
strip-nondeterminism development
strip-nondeterminism version 0.013-1 has been uploaded to the archive. It fixes an
issue with nonconformant PNG files with trailing garbage reported by Roland Rosenfeld.
disorderfs development
disorderfs version 0.4.1-1 is a stop-gap release that will
disable lock propagation, unless
--share-locks=yes is specified, as it still is affected by unidentified issues.
Documentation update
Lunar has been busy creating a proper website for
reproducible-builds.org that would be a common location for news, documentation, and tools for all free software projects working on reproducible builds. It's not yet ready to be published, but it's surely getting there.
Package reviews
103
reviews have been removed, 394 added and 29 updated this week.
72 FTBFS issues were reported by Chris West and Niko Tyni.
New issues:
random_order_in_static_libraries,
random_order_in_md5sums.