What happened in the Reproducible
effort between April 24th and 30th 2016.
Reproducible builds were mentioned explicitly in two talks at the Mini-DebConf in Vienna
- Martin Michlmayr had a talk in which he presented an overview about innovations and changes in Debian in the last years. Martin expressed his disappointment that there was no talk from us in Vienna (we'll fix this at DebConf16 in Cape Town) and described the reproducible builds work as "a real innovation". His talk is very much worth seeing, whatever your current perspective, it might change your view on Debian.
- Ben Hutchings explains how Secure Boot will use signed kernels via separate signature packages and how this was designed with reproducible builds in mind.
Aspiration together with the OTF CommunityLab released their report
about the Reproducible Builds summit in December 2015 in Athens
Now that the GCC development window has been opened again, the SOURCE_DATE_EPOCH
patch by Dhole and Matthias Klose to address the issue timestamps_from_cpp_macros
) has been applied upstream
and will be released with GCC 7.
Following that Matthias Klose also has uploaded gcc-5
/5.3.1-17 and gcc-6
/6.1.1-1 to unstable with a backport of that SOURCE_DATE_EPOCH
Emmanuel Bourg uploaded maven
/3.3.9-4, which uses SOURCE_DATE_EPOCH
Other upstream changes
Alexis Bienven e submitted a patch
to Sphinx which extends SOURCE_DATE_EPOCH
support for copyright years in generated documentation.
The following 12 packages have become reproducible due to changes in their
The following packages have became reproducible after being fixed:
Some uploads have fixed some reproducibility issues, but not all of them:
Patches submitted that have not made their way to the archive yet:
- #822566 against stk by Alexis Bienven e: sort lists of object files for reproducible linking order.
- #822948 against shotwell by Alexis Bienven e: normalize tarball permissions and use locale/timezone-independent modification time.
- #822963 against htop by Alexis Bienven e: use SOURCE_DATE_EPOCH for embedded copyright year, which has before already been applied in git and upstream.
95 reviews have been added, 15 have been updated and 129 have been removed in this week.
22 FTBFS bugs have been reported by Chris Lamb and Martin Michlmayr.
- diffoscope 52~bpo8+1 has been uploaded to jessie-backports by Mattia Rizzolo, where it is currently waiting for NEW-approval.
- Support for the deb(5) format (uncompressed data.tar/control.tar, control.tar.xz) (Closes: #818414) has been completed by Reiner Herrmann in git.
- Support for EPUB documents has been added (to the development version in git) by Holger Levsen, to address the timestamps_in_epub issue.
Amongst the 29 interns who will work on Debian through GSoC and Outreachy
there are four who will be contributing to Reproducible Builds for Debian and Free Software. We are very glad to welcome ceridwen, Satyam Zode, Scarlett Clark and Valerie Young and look forward to working together with them the coming months (and maybe beyond)!
This week's edition was written by Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.