The following contributors got their Debian Developer accounts in the last two months:
- Ross Gammon (rossgammon)
- Balasankar C (balasankarc)
- Roland Fehrenbacher (rfehren)
- Jonathan Cristopher Carter (jcc)
The following contributors were added as Debian Maintainers in the last two months:
- Jos Guti rrez de la Concha
- Paolo Greppi
- Ming-ting Yao Wei
- Boyuan Yang
- Paul Hardy
- Fabian Wolff
- Moritz Schlarb
- Shengjing Zhu
Congratulations!
What happened in the
Reproducible
Builds effort between June 19th and
June 25th 2016.
Media coverage
- Holger Levsen gave a talk at openSUSE Conference 2016 explaining the general idea and status of Reproducible Builds. This talk is available as video recording.
- This was followed by Bernhard Wiedemannn, detailing his work on Reproducible Builds for openSUSE which is also available as video recording:
- openSUSE uses SOURCE_DATE_EPOCH now too
- How to create bit-for-bit identical RPMs
- How strip-nondeterminism is Python and thus unsuitable for the openSUSE base system
- Mozilla awarded $77k to work on reproducible builds for Tails.
The goal is to enable anyone (given sufficient technical skills and
hardware resources) to rebuild from source a given Tails release, in
order to independently verify that it matches the ISO image that
was published. A substantial part of this work will be done in Debian:
for example, to make the side-effects of some packages'
post-installation scripts deterministic. On the longer term, this
work should benefit other projects that want to make their own
builds reproducible (e.g. operating system images for the cloud and
embedded systems, operating system installation media, other Live
systems).
GSoC and Outreachy updates
Toolchain fixes
Other upstream fixes
Emil Velikov searched on IRC for hints on how to guarantee unique values during
build
to invalidate
shader caches in Mesa, when also no
VCS information
is available. A possible solution is a timestamp, which is unique enough for
local builds, but can still be reproducible by allowing it to be overwritten
with
SOURCE_DATE_EPOCH
.
Packages fixed
The following 9 packages have become reproducible due to changes in their
build dependencies:
cclib
librun-parts-perl
llvm-toolchain-snapshot
python-crypto
python-openid
r-bioc-shortread
r-bioc-variantannotation
ruby-hdfeos5
sqlparse
The following packages have become reproducible after being fixed:
Some uploads have fixed some reproducibility issues, but not all of them:
Patches submitted that have not made their way to the archive yet:
- #827684 against cgoban by Chris Lamb: set
SHELL
to static value.
- #827731 against tin by Alexis Bienven e: drop patch which overwrites
__DATE__
/__TIME__
macros, since gcc can handle it now
- #827863 against swedish by Alexis Bienven e: use C locale for sorting.
- #827987 against glances by Chris Lamb: Use
SOURCE_DATE_EPOCH
for embedded timestamp.
- #827994 against cmtk by Chris Lamb: use C locale for sorting.
- #828008 against aghermann by Chris Lamb: honour
SOURCE_DATE_EPOCH
for timestamps embedded into manpages.
- #828012 against bind9 by Chris Lamb: honour
SOURCE_DATE_EPOCH
for embedded timestamp.
- #828017 against frog by Chris Lamb: don't include pyc/pyo files in the package.
- #828021 against extra-cmake-modules by Scarlett Clark: normalize permission and file order in tarballs.
- #828060 against libffado by Chris Lamb: exclude file with test output from package.
- #828066 against gsmlib by Chris Lamb: honour
SOURCE_DATE_EPOCH
for timestamps embedded into manpages.
- #828067 against grib-api by Chris Lamb: exclude pyc files from package.
- #828122 against libxmlbird by Chris Lamb: sort list of globbed files.
- #828123 against magnum by Chris Lamb: use static value for embedded hostname.
- #828131 against pyjwt by Chris Lamb: exclude coverage data from package.
- #828145 against mkdocs by Chris Lamb: honour
SOURCE_DATE_EPOCH
for embedded timestamp.
- #828164 against zeal by Chris Lamb: use UTC for embedded timestamp.
- #828168 against x42-plugins by Daniel Shahaf: use
printf
instead of non-portable echo
.
Package reviews
139 reviews have been added, 20 have been updated and 21 have been removed in this week.
New issues found:
53 FTBFS bugs have been reported by Chris Lamb, Santiago Vila and Mateusz ukasik.
diffoscope development
Quote of the week
"My builds are so reproducible, they fail exactly every second time."
Johannes Ziemke (@discordianfish)
Misc.
This week's edition was written by Chris Lamb (lamby), Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.
What happened in the
Reproducible
Builds effort between June 5th and June 11th 2016:
Media coverage
Ed Maste gave a talk at
BSDCan 2016 on
reproducible builds
(
slides,
video).
GSoC and Outreachy updates
Weekly reports by our participants:
- Scarlett Clark
worked on making some packages reproducible, focusing on KDE backend and
utility programs.
- Ceridwen
published an initial design for the interface for
reprotest
, including a
discussion on different types of build variations and the difficulties of
specifying certain types of variations.
- Valerie Young improved documentation for
building our tests website, began migrating Debian-specific pages into a new
namespace, and planned future work around its navigation.
Documentation update
- Ximin Luo proposed a modification
to our
SOURCE_DATE_EPOCH
spec explaining
FORCE_SOURCE_DATE
.
Some upstream build tools (e.g. TeX, see below) have expressed a desire to
control which cases of embedded timestamps should obey
SOURCE_DATE_EPOCH
.
They were not convinced by our arguments on why this is a bad idea, so we
agreed on an environment variable
FORCE_SOURCE_DATE
for them to implement
their desired behaviour - named generically, so that at least we can set it
centrally. For more details, see the text just linked. However, we strongly
urge most build tools
not to use this, and instead obey
SOURCE_DATE_EPOCH
unconditionally in all cases.
Toolchain fixes
- TeX Live 2016 released
with
SOURCE_DATE_EPOCH
support for all engines except LuaTeX and original TeX.
- Continued discussion
(alternative archive)
with TeX upstream, about
SOURCE_DATE_EPOCH
corner cases, eventually
resulting in the FORCE_SOURCE_DATE
proposal from above.
- gcc-5/5.4.0-4 by Matthias Klose now avoids storing
-fdebug-prefix-map
in DW_AT_producer
, thanks to original patch by
Daniel Kahn Gillmor.
- sphinx/1.4.3-1 by Dmitry Shachnev now drops Debian-specific patches
relating to
SOURCE_DATE_EPOCH
applied upstream, original patch by Alexis
Bienven e.
- asciidoctor/1.5.4-2 by C dric Boutillier now supports
SOURCE_DATE_EPOCH
, thanks to original patch by Alexis Bienven e.
- dh-python/1.5.4-2 by Piotr O arowski now behaves better in some
cases, thanks to original patch by Chris Lamb.
Packages fixed
The following 16 packages have become reproducible due to changes in their
build-dependencies:
apertium-dan-nor
apertium-swe-nor
asterisk-prompt-fr-armelle
blktrace
canl-c
code-saturne
coinor-symphony
dsc-statistics
frobby
libphp-jpgraph
paje.app
proxycheck
pybit
spip
tircd
xbs
The following 5 packages are new in Debian and appear to be reproducible so
far:
golang-github-bowery-prompt
golang-github-pkg-errors
golang-gopkg-dancannon-gorethink.v2
libtask-kensho-perl
sspace
The following packages had older versions which were reproducible, and
their latest versions are now reproducible again after being fixed:
The following packages have become reproducible after being fixed:
Some uploads have fixed some reproducibility issues, but not all of them:
Patches submitted that have not made their way to the archive yet:
- #806331 against xz-utils by Ximin Luo: make the selected POSIX shell stable accross build environments
- #806494 against gnupg by intrigeri: Make man pages not embed a build-time dependent timestamp
- #806945 against bash by Reiner Herrmann and Ximin Luo: Use the system man2html, and set PGRP_PIPE unconditionally.
- #825857 against python-setuptools by Anton Gladky: sort libs in native_libs.txt
- #826408 against brainparty by Reiner Herrmann: Sort object files for deterministic linking order
- #826416 against blockout2 by Reiner Herrmann: Sort the list of source files
- #826418 against xgalaga++ by Reiner Herrmann: Sort source files to get a deterministic linking order
- #826423 against kraptor by Reiner Herrmann: Sort source files for deterministic linking order
- #826431 against traceroute by Reiner Herrmann: Sort lists of libraries/source/object files
- #826544 against doc-debian by intrigeri: make the created files stable regardless of the locale
- #826676 against python-openstackclient by Chris Lamb: make the build reproducible
- #826677 against cadencii by Chris Lamb: make the build reproducible
- #826760 against dctrl-tools by Reiner Herrmann: Sort object files for deterministic linking order
- #826951 against slicot by Alexis Bienven e: please make the build reproducible (fileordering)
- #826982 against hoichess by Reiner Herrmann: Sort object files for deterministic linking order
Package reviews
68 reviews have been added, 19 have been updated and 28 have been removed in this week. New and updated issues:
26 FTBFS bugs have been reported by Chris Lamb, 1 by Santiago Vila and 1 by Sascha Steinbiss.
diffoscope development
- Mattia Rizzolo uploaded diffoscope/54 to jessie-backports.
strip-nondeterminism development
- Mattia uploaded strip-nondeterminism/0.018-1 to jessie-backports, to
support a debhelper backport.
- Andrew Ayer uploaded strip-nondeterminism/0.018-2 fixing #826700, a packaging improvement for Multi-Arch to ease cross-build
situations.
- 2 days later Andrew released strip-nondeterminism/0.019; now
strip-nondeterminism is able to:
- recursively normalize JAR files embedded within JAR files (#823917)
- clamp the timestamp, the same way tar >=1.28-2.2 can (for now available only for gzip archives)
disorderfs development
tests.reproducible-builds.org
- Valerie Young namespaced the Debian-specific pages to /debian/
namespace, with redirects to
for the previous URLs.
- Holger Levsen improved the reliability of build jobs: the availability of
both build nodes (for a given build) is now being tested when a build job is
started, to better cope when one of the 25 build nodes go down for some reason.
- Ximin Luo improved the index of identified
issues to
include the total popcon scores of each issue, which is now also used for
sorting that page.
Misc.
Steven Chamberlain
submitted a patch to FreeBSD's
makefs
to allow reproducible builds of the kfreebsd installer.
Ed Maste
committed a patch to FreeBSD's
binutils to
enable determinstic archives by default in GNU ar.
Helmut Grohne
experimented
with
cross+native reproductions of
dash with some success, using
rebootstrap.
This week's edition was written by Ximin Luo, Chris Lamb, Holger Levsen, Mattia
Rizzolo and reviewed by a bunch of Reproducible builds folks on IRC.
What happened in the
Reproducible
Builds effort between May 22nd and May 28th 2016:
Media coverage
Documentation update
- The wiki page TimestampsProposal has been extended to cover more usage examples and to list more softwares supporting SOURCE_DATE_EPOCH. (Axel Beckert, Dhole and Ximin Luo)
- h01ger started a reference card for tools and information about reproducible builds but hasn't progressed much yet. Help with it is much welcome, this is also a good opportunity to learn about this project The idea is simply to have one coherent place with pointers to all the stuff we have and provide, without repeating nor replacing other documentation.
Toolchain fixes
- Alexis Bienven e submitted a patch (#824050) against emacs24 for
SOURCE_DATE_EPOCH
support in autoloads files, but upstream already disabled timestamps by default some time before.
- proj/4.9.2-3 uploaded by Bas Couwenberg (original patch by Alexis Bienven ) properly initializes memory with zero to prevent the nad2bin tool from leaking random memory content into output artefacts.
- Reiner Herrmann submitted a patch (#825569, upstream) against Ruby to sort object files in generated Makefiles, which are used to compile C sources that are part of Ruby projects.
Packages fixed
The following 18 packages have become reproducible due to changes in their
build dependencies:
canl-c
configshell
dbus-java
dune-common
frobby
frown
installation-guide
jexcelapi
libjsyntaxpane-java
malaga
octave-ocs
paje.app
pd-boids
pfstools
r-cran-rniftilib
scscp-imcce
snort
vim-addon-manager
The following packages have become reproducible after being fixed:
Some uploads have fixed some reproducibility issues, but not all of them:
Patches submitted that have not made their way to the archive yet:
- #803547 against bbswitch (reopened) by Reiner Herrmann: sort members of tar archive
- #806945 against bash (follow-up) by Reiner Herrmann: use system man2html instead of embedded copy
- #825122 against kapptemplate by Scarlett Clark: set owner/group of members in tarball to root
- #825138 against console-setup by Reiner Herrmann: fix umask issue; sort entries in shell script; sort fontsets/charmaps locale-independently
- #825285 against kodi by Lukas Rechberger: replace build timestamps with version numbers
- #825322 against choqok by Scarlett Clark: force UTF-8 locale so kconfig_compiler behaves correctly
- #825544 against wavemon by Reiner Herrmann: sort list of object files
- #825545 against dwm by Reiner Herrmann: sort list of header files
- #825547 against tennix by Reiner Herrmann: sort list of data files being archived
- #825584 against ffmpeg2theora by Reiner Herrmann: sort list of source files
- #825588 against kball by Reiner Herrmann: sort list of source files
- #825634 against miceamaze by Reiner Herrmann: sort list of object files
- #825643 against dash by Reiner Herrmann: fix sorting of struct members in generated source file
- #825655 against libselinux by Reiner Herrmann: sort list of source files
- #825656 against libsepol by Reiner Herrmann: sort list of source files
- #825674 against libsemanage by Reiner Herrmann: sort list of source files
Package reviews
123 reviews have been added, 57 have been updated and 135 have been removed in this week.
- 5 new issues have been identified:
21 FTBFS bugs have been reported by Chris Lamb and Santiago Vila.
strip-nondeterminism development
- strip-nondeterminsim development: treat *.htb as Zip files (by Sascha Steinbiss).
- strip-nondeterminism 0.017-1 uploaded by h01ger.
tests.reproducible-builds.org
- The kde pkg set was extended, though the change ain't visible yet, as there are currently non-installable packages in it (and so the set can't be computed). (h01ger)
Misc.
- Mattia improved misc.git/reports (=the tools to help writing the weekly statistics for this blog) some more.
This week's edition was written by Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.
What happened in the
Reproducible Builds effort between May 8th and May 14th 2016:
Documentation updates
Toolchain fixes
- dpkg 1.18.7 has been uploaded to unstable, after which Mattia Rizzolo took care of rebasing our patched version.
- gcc-5 and gcc-6 migrated to testing with the patch to honour
SOURCE_DATE_EPOCH
- Ximin Luo started an upstream discussion with the Ghostscript developers.
- Norbert Preining has uploaded a new version of texlive-bin with these changes relevant to us:
- imported Upstream version 2016.20160512.41045
support for suppressing timestamps (
SOURCE_DATE_EPOCH
) (Closes: #792202)
- add support for
SOURCE_DATE_EPOCH
also to luatex
- cdbs 0.4.131 has been uploaded to unstable by Jonas Smedegaard, fixing these issues relevant to us:
- #794241: export
SOURCE_DATE_EPOCH
. Original patch by akira
- #764478: call dh_strip_nondeterminism if available. Original patch by Holger Levsen
- libxslt 1.1.28-3 has been uploaded to unstable by Mattia Rizzolo, fixing the following toolchain issues:
- #823857: backport patch from upstream to provide stable IDs in the genrated documents.
- #791815: Honour
SOURCE_DATE_EPOCH
when embedding timestamps in docs. Patch by Eduard Sanou.
Packages fixed
The following 28 packages have become newly reproducible due to changes in
their build dependencies:
actor-framework
ask
asterisk-prompt-fr-armelle
asterisk-prompt-fr-proformatique
coccinelle
cwebx
d-itg
device-tree-compiler
flann
fortunes-es
idlastro
jabref
konclude
latexdiff
libint
minlog
modplugtools
mummer
mwrap
mxallowd
mysql-mmm
ocaml-atd
ocamlviz
postbooks
pycorrfit
pyscanfcs
python-pcs
weka
The following 9 packages had older versions which were reproducible, and
their latest versions are now reproducible again due to changes in their
build dependencies:
csync2
dune-common
dune-localfunctions
libcommons-jxpath-java
libcommons-logging-java
libstax-java
libyanfs-java
python-daemon
yacas
The following packages have become newly reproducible after being fixed:
The following packages had older versions which were reproducible, and
their latest versions are now reproducible again after being fixed:
- klibc/2.0.4-9 by Ben Hutchings.
Some uploads have fixed some reproducibility issues, but not all of them:
Patches submitted that have not made their way to the archive yet:
- #787424 against emacs24 by Alexis Bienven e: order hashes when generating .el files
- #823764 against sen by Daniel Shahaf: render the build timestamp in a consistent timezone
- #823797 against openclonk by Alexis Bienven e: honour
SOURCE_DATE_EPOCH
- #823961 against herbstluftwm by Fabian Wolff: honour
SOURCE_DATE_EPOCH
- #824049 against emacs24 by Alexis Bienven e: make start value of gensym-counter reproducible
- #824050 against emacs24 by Alexis Bienven e: make autoloads files reproducible
- #824182 against codeblocks by Fabian Wolff: honour
SOURCE_DATE_EPOCH
- #824263 against cmake by Reiner Herrmann: sort file lists from
file(GLOB ...)
Package reviews
344 reviews have been added, 125 have been updated and 20 have been removed in this week.
14 FTBFS bugs have been reported by Chris Lamb.
tests.reproducible-builds.org
Misc.
Dan Kegel sent a mail to report about his experiments with a
reproducible dpkg PPA for Ubuntu. According to him
sudo add-apt-repository ppa:dank/dpkg && sudo apt-get update && sudo apt-get install dpkg
should be enough to get reproducible builds on Ubuntu 16.04.
This week's edition was written by Ximin Luo and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.
This month I've worked on the following things for Debian:
To begin with that, I've set up a Debhelper sequencer script for dh-buildinfo, this
add-on now can be used with dh $@ --with buildinfo
in deb/rules
instead of having to
explicitly call it somewhere in an override.
Debops
I've set up initial Debian packages of Debops, a collection of fine crafted
Ansible roles and playbooks especially for Debian servers, shipped with a couple
of convenience and wrapper scripts in Python.
There are two binary packages, one for the toolset (debops), and the other for the
playbooks and roles of the project (debops-playbooks).
The application is easy to use, just initialize a new project with debops-init foo
and add your server(s) to foo/ansible/inventory/hosts
belonging to groups representing
services and things you want to employ on them.
Like the group [debops_gitlab]
automatically installs a complete running Gitlab setup
on one or a multitude of servers in the same run with the debops
command.
Use other groups like [debops_mariadb_server]
accordingly in the same host inventory.
Ansible runs agent less, so you don't have to prepare freshly setup servers with nothing
special to use that tool randomly (like on localhost).
The list of things you could deploy with Debops is quite amazing and you've got dozens
of services at your hand.
The new packages are currently in experimental because they need some more fine
tuning, like there are a couple of minor error messages which recently occur using it,
but it works well.
The (early staged) documentation unfortunately couldn't be packaged because of the
scattered resp. collective nature of the project (all parts have their own Github repositories),
and also how to generate the upstream tarball remains a bit of a challenge (currently,
it's the outcome of debops-init
).
I'll have this package in unstable soon. More info on Debops is coming up, then.
Hashicorp's Packer
I'm very glad to announce that Packer is ready being available in unstable,
and the two year old RFP bug could be finally closed.
It's another great and much convenient devops tool which does a lot of different
things in an automated fashion using only a single "one-argument" CLI tool in combination
with a couple of lines in a configuration script (thanks to Yaroslav Halchenko for the tip).
Packer helps creating machine images for different platforms.
This is like when you use e.g. Debian installations in a Qemu box for testing or development
purposes.
Instead of setting up a new virtual machine manually like installing Debian on
another computer this process could be automated with Packer, like I've written about
in this blog entry here.
You just need a template containing instructions for the included Qemu-builder and a preseeding
script for the Debian installer, and there you go drinking your coffee while Packer does all
the work for you: downloading the installation ISO image, creating the new virtual harddrive,
booting the emulator, running the whole installation process automatically like answering questions,
selecting things, rebooting without ISO image to complete the installation etc.
A couple of minutes and you have a new pre-baked virtual machine image like from a vendoring
machine, a fresh one everytime you need it.
Packer supports a number of builders for different target platforms
(desktop virtualization solutions as much as public cloud providers and private cloud software),
can build in parallel, and also the full range of common provisioners can be employed
in the process to equip the newly installed OSs.
Vagrant boxes could be generated by one of the included postprocessors.
I'll write more on Packer here on this blog, soon.
There were more then two dozens of packages missing to complete Packer, which is
the achievement of combined forces within the pkg-go group. Much thanks esp. to Alexandre
Viau who have worked on the most of the needed new packages.
Thanks also to the FTP-masters which were always very quick in reviewing the Go packages,
so that it could be proceeded to build and package the sub dependent new ones always consecutively.
Squirrel3
I've didn't had the most work with it and just sponsored this for Fabian Wolff, but want to
highlight here that there's a new package of Squirrel now available in
Debian.
Squirrel is a lightweight scripting language, somewhat comparable to Lua. It's
fully object-oriented and highly embeddable, it's used in a lot of commerical computer
games under the hood for implementing intelligence for bots next to other things,
but also for the Internet of Things (it's embedded in hardware from Electric Imp).
Squirrel functions could be called from C++.
I've filed an ITP bug for Squirrel already in 2011 (#651195), but always something else
got in the way, and it ended up being an RFP. I'm really glad that it got picked up
and completed.
misc
There were a couple of uploads on updated upstream tarballs and for fixing bugs,
namely afl/2.10b-1 and 2.11b-1,
python-afl/0.5.3-1, pyutilib/5.3.2-1, pyomo/4.3.11327-1,
libvigraimpex/1.10.0+git20160211.167be93dfsg-2 (fix of #820429, thanks for Tobias Frost),
and gamera/3.4.2+svn1454-1.
For the pkg-go group, I've set up a new package of github-mitchellh-ioprogress (which is
needed by the official DigitalOcean CLI tool doctl, now RFP #807956 instead of ITP
due to the lack of time - again facing a lot of missing packages),
and provided a little patch for dh-make-golang updating some standards.
For Packer I've also updated azure-go-autorest and azure-sdk as team upload (#821938, #821832),
but it came out that the project which is currently under heavy development towards
a new official release broke a lot in the past weeks (and no Git branching have been used),
so that Packer as a matter of fact needed a vendored snapshot, although there have been only a
couple of commits in between.
Docker-registry hat the same problem with the new package of azure-sdk/2.1.1~beta1, so that it
needed to be fixed, too (#822146).
By the way, the tool ratt comes very handy for automatically test building down all
reverse dependencies, not only for Go packages (thanks to Tianon Gravi for the tip).
Finally, I've posted the needed reverse depencies as RFP bugs for Terraform
(again quite a lot), Vuls, and cve-dictionary, which is needed for Vuls.
I'll let them rest a while waiting to get picked up before working anything down.
This month I've worked on the these things for Debian:
To begin with that, I've set up a Debhelper sequencer script for dh-buildinfo, this
add-on now can be used with dh $@ --with buildinfo
in deb/rules
instead of having to
explicitly call it somewhere in an override.
Debops
I've set up initial Debian packages of Debops, a collection of fine crafted
Ansible roles and playbooks especially for Debian servers (servers which run on Debian),
which are shipped with a couple of helper and wrapper scripts in Python.
There are two binary packages, one for the toolset (debops), and the other for the
playbooks and roles of the project (debops-playbooks).
The application is easy to use, just initialize a new project with debops-init foo
and add your server(s) to foo/ansible/inventory/hosts
belonging to groups representing
services and things you want to employ on them.
For example, the group [debops_gitlab]
automatically installs a complete running Gitlab setup
on one or a multitude of servers in the same run with the debops
command.
Other groups like [debops_mariadb_server]
could be used accordingly in the same host inventory.
Ansible works without agent, so you don't have to prepare freshly setup servers with nothing
special to use that tool randomly (like on localhost).
The list of things you could deploy with Debops is quite amazing and dozens
of services are at hand.
The new Debian packages are currently in experimental because they need some more fine
tuning, e.g. there are a couple of minor error messages which recently occur using it,
but it works well.
The (early staged) documentation unfortunately couldn't be packaged because of the
scattered resp. collective nature of the project (all parts have their own Github
repositories), and also how to generate the upstream tarball remains a bit of a
challenge (currently, it's the outcome of debops-init
).
I'll have this package in unstable soon. More info on Debops is coming up, then.
HashiCorp's Packer
I'm very glad to announce that Packer is ready being available in unstable,
and the RFP bug could be finally closed after I've taken it over.
It's another great and much convenient devops tool which does a lot of different
things in an automated fashion using only a single "one-argument" CLI tool in combination
with a couple of lines in a configuration script (thanks to Yaroslav Halchenko for the tip).
Packer helps creating machine images for different platforms.
This is like when you use e.g. Debian installations in a Qemu box for testing or development
purposes.
Instead of setting up a new virtual machine manually the same way as installing Debian on
another computer this process can be completely automated with Packer, like I've written about
in this blog entry here.
You just need a template which contains instructions for the included Qemu builder and a
preseeding script for the Debian installer, and there you go drinking your coffee while
Packer does all the work:
download the ISO image for installation, create the new virtual harddrive, boot the
emulator, run the whole installation process automatically like with answering questions,
selecting things, reboot without ISO image to complete the installation etc.
A couple of minutes and you have a new pre-baked virtual machine image like from a vendoring
machine, another fresh one could be created anytime.
Packer supports a number of builders for different target platforms
(desktop virtualization solutions as much as public cloud providers and private cloud software),
can build in parallel, and also the full range of common provisioners can be employed
in the process to equip the newly installed OSs with services and programs.
Vagrant boxes could be generated by one of the included postprocessors.
I'll write more on Packer here on this blog, soon.
There were more then two dozens of packages missing to complete Packer, which is
the achievement of combined forces within the pkg-go group. Much thanks esp. to Alexandre
Viau who have worked on the most of the needed new packages.
Thanks also to the FTP masters which were always very quick in reviewing the Go packages,
so that it could be proceeded to build and package the sub dependent new ones always
consecutively.
Squirrel3
I've didn't had the major work of that and just sponsored this for Fabian Wolff, but want
to highlight here that there's a new package of Squirrel now available in
Debian.
Squirrel is a lightweight scripting language, somewhat comparable to Lua. It's
fully object-oriented and highly embeddable, it's used in a lot of commerical computer
games under the hood for implementing intelligence for bots next to other things,
but also for the Internet of Things (it's embedded in hardware from Electric Imp).
Squirrel functions could be called from C++.
I've filed an ITP bug for Squirrel already in 2011 (#651195), but always something else
had a higher priority, and it ended up being an RFP. I'm really glad that it got picked up
and completed quickly afterwards.
misc
There were a couple of uploads on updated upstream tarballs and for fixing bugs,
namely afl/2.10b-1 and 2.11b-1,
python-afl/0.5.3-1, pyutilib/5.3.2-1, pyomo/4.3.11327-1,
libvigraimpex/1.10.0+git20160211.167be93dfsg-2 (fix of #820429, thanks to Tobias Frost),
and gamera/3.4.2+svn1454-1.
For the pkg-go group, I've set up a new package of github-mitchellh-ioprogress (which is
needed by the official DigitalOcean CLI tool doctl, now RFP #807956 instead of ITP
due to the lack of time, again a lot of missing packages are missing for that),
and provided a little patch for dh-make-golang updating some standards.
For Packer I've also updated azure-go-autorest and azure-sdk as team upload (#821938, #821832),
but it came out that the project which is currently under heavy development towards
a new official release broke a lot in the past weeks (no Git branching have been used),
so that Packer as a matter of fact needed a vendored snapshot, although there have been only
a couple of commits in between.
Docker-registry has the same problem with the new package of azure-sdk/2.1.1~beta1, so that it
needed to be fixed, too (#822146).
By the way, the tool ratt comes very handy for automatically test building down all
reverse dependencies, not only for Go packages (thanks to Tianon Gravi for the tip).
Finally, I've posted the needed reverse depencies as RFP bugs for Terraform
(again quite a lot), Vuls, and cve-dictionary, which is needed for Vuls.
I'll let them rest a while waiting to get picked up before working anything down.