Lunar: Reproducible builds: week 35 in Stretch cycle
What happened in the reproducible
builds effort between December 20th to December 26th:
Toolchain fixes
Mattia Rizzolo rebased our experimental versions of debhelper (twice!) and dpkg on top of the latest releases.
Reiner Herrmann submited a patch for mozilla-devscripts to sort the file list in generated
preferences.js
files.
To be able to lift the restriction that packages must be built in the same path, translation support for the __FILE__
C pre-processor macro would also be required. Joerg Sonnenberger submitted a patch back in 2010 that would still be useful today.
Chris Lamb started work on providing a deterministic mode for debootstrap.
Packages fixed
The following packages have become reproducible due to changes in their
build dependencies:
bouncycastle,
cairo-dock-plug-ins,
darktable,
gshare,
libgpod,
pafy,
ruby-redis-namespace,
ruby-rouge,
sparkleshare.
The following packages became reproducible after getting fixed:
- a7xpg/0.11.dfsg1-9 uploaded by Markus Koschany, original patch by Reiner Herrmann.
- at/3.1.18-1 uploaded by Laurent Bigonville, original patch by Reiner Herrmann, merged by Jose M Calhariz.
- bibtool/2.61+ds-2 by Jerome Benoit.
- bup/0.27-2 uploaded by Robert Edmonds, original patch by Chris Lamb.
- deja-dup/34.1-1 uploaded by Laurent Bigonville, original patch by Reiner Herrmann.
- gauche-gl/0.6-1 by NIIBE Yutaka.
- ifupdown/0.8 uploaded by Guus Sliepen, original patch by Lunar.
- jing-trang/20131210+dfsg+1-4 by Samuel Thibault.
- libp11/0.3.0-2 by Eric Dorland.
- pdns/4.0.0~alpha1-1 by Christian Hofstaedtler.
- pdns-recursor/4.0.0~alpha1-1 by Christian Hofstaedtler.
- qupzilla/1.8.9~dfsg1-1 uploaded by Georges Khaznadar, fixed upstream.
- ros-genpy/0.5.7-4 uploaded by Jochen Sprickerhof, original patch by Chris Lamb.
- signify/1.14-3 by Mattia Rizzolo, obsoleting patches submitted by Chris Lamb and akira.
- sleepyhead/0.9.8-2 by Sergio Durigan Junior.
- texi2html/1.82+dfsg1-5 by Mattia Rizzolo, previous patch by Juan Picca.
- titanion/0.3.dfsg1-6 by Markus Koschany, original patch by Reiner Herrmann.
- tj3/3.5.0-3 uploaded by Vincent Bernat, original patch by Vincent Bernat.
- vcsh/1.20151229-1 by Richard Hartmann.
- waitress/0.8.10-1 uploaded by Andrew Shadura, original patch by Juan Picca.
- xtel/3.3.0-19 by Samuel Thibault.
- kmod/22-1 uploaded by Marco d'Itri, original patch by Lunar.
- libgcrypt20/1.6.4-4 by Andreas Metzler.
- loadlin/1.6f-4 uploaded by Samuel Thibault, original patch by Chris Lamb.
- pathological/1.1.3-13 uploaded by Markus Koschany, original patch by Chris Lamb.
- yacas/1.3.6-1) uploaded by Muammar El Khatib, original patch by Reiner Herrmann.
- #808459 on pywavelets by Chris Lamb: add support for
SOURCE_DATE_EPOCH
in the documentation generator. - #808652 on nexuiz-data by Reiner Herrmann: sorts with the locale set to C.
- #808667 on libmouse-perl by Reiner Herrmann: sorts the list of filenames to be embedded.
- #808679 on libcorelinux by Reiner Herrmann: sort the list of files in the generated
Makefile
. - #808711 on ca-certificates by Reiner Herrmann: sort the list of certificates before it is embedded.
tmpfs
. (h01ger)
200 GiB have been added to jenkins.debian.net (thanks to ProfitBricks!) to make room for new jobs. The current count is at 962 and growing!
diffoscope development
Aside from some minor bugs that have been fixed, a one-line change made huge memory (and time) savings as the output of transformation tool is now streamed line by line instead of loaded entirely in memory at once.
disorderfs development
Andrew Ayer released disorderfs version 0.4.2-1 on December 22th. It fixes a memory corruption error when processing command line arguments that could cause command line options to be ignored.
Documentation update
Many small improvements for the documentation on reproducible-builds.org sent by Georg Koppen were merged.
Package reviews
666 (!) reviews have been removed, 189 added and 162 updated in the previous week.
151 new fail to build from source reports have been made by Chris West, Chris Lamb, Mattia Rizzolo, and Niko Tyni.
New issues identified: unsorted_filelist_in_xul_ext_preferences, nondeterminstic_output_generated_by_moarvm.
Misc.
Steven Chamberlain drew our attention to one analysis of the Juniper ScreenOS Authentication Backdoor: Whilst this may have been added in source code, it was well-disguised in the disassembly and just 7 instructions long. I thought this was a good example of the current state-of-the-art, and why we'd like our binaries and eventually, installer and VM images reproducible IMHO.
Joanna Rutkowska has mentioned possible ways for Qubes to become reproducible on their development mailing-list.