Debian is undertaking a huge effort to develop a reproducible builds system.
I'd like to thank you for that. This could be Debian's most important
project, with how badly computer security has been going.
PerniciousPunk in Reddit's Ask me anything! to Neil McGovern, DPL.
What happened in the reproducible
builds effort this week:
Toolchain fixes
More tools are getting patched to use the value of the SOURCE_DATE_EPOCH environment variable as the current time:
In the
reproducible experimental toolchain which have been uploaded:
Johannes Schauer followed up on
making sbuild build path deterministic with several ideas.
Packages fixed
The following 311 packages became reproducible due to changes in their
build dependencies :
4ti2,
alot,
angband,
appstream-glib,
argvalidate,
armada-backlight,
ascii,
ask,
astroquery,
atheist,
aubio,
autorevision,
awesome-extra,
bibtool,
boot-info-script,
bpython,
brian,
btrfs-tools,
bugs-everywhere,
capnproto,
cbm,
ccfits,
cddlib,
cflow,
cfourcc,
cgit,
chaussette,
checkbox-ng,
cinnamon-settings-daemon,
clfswm,
clipper,
compton,
cppcheck,
crmsh,
cupt,
cutechess,
d-itg,
dahdi-tools,
dapl,
darnwdl,
dbusada,
debian-security-support,
debomatic,
dime,
dipy,
dnsruby,
doctrine,
drmips,
dsc-statistics,
dune-common,
dune-istl,
dune-localfunctions,
easytag,
ent,
epr-api,
esajpip,
eyed3,
fastjet,
fatresize,
fflas-ffpack,
flann,
flex,
flint,
fltk1.3,
fonts-dustin,
fonts-play,
fonts-uralic,
freecontact,
freedoom,
gap-guava,
gap-scscp,
genometools,
geogebra,
git-reintegrate,
git-remote-bzr,
git-remote-hg,
gitmagic,
givaro,
gnash,
gocr,
gorm.app,
gprbuild,
grapefruit,
greed,
gtkspellmm,
gummiboot,
gyp,
heat-cfntools,
herold,
htp,
httpfs2,
i3status,
imagetooth,
imapcopy,
imaprowl,
irker,
jansson,
jmapviewer,
jsdoc-toolkit,
jwm,
katarakt,
khronos-opencl-man,
khronos-opengl-man4,
lastpass-cli,
lava-coordinator,
lava-tool,
lavapdu,
letterize,
lhapdf,
libam7xxx,
libburn,
libccrtp,
libclaw,
libcommoncpp2,
libdaemon,
libdbusmenu-qt,
libdc0,
libevhtp,
libexosip2,
libfreenect,
libgwenhywfar,
libhmsbeagle,
libitpp,
libldm,
libmodbus,
libmtp,
libmwaw,
libnfo,
libpam-abl,
libphysfs,
libplayer,
libqb,
libsecret,
libserial,
libsidplayfp,
libtime-y2038-perl,
libxr,
lift,
linbox,
linthesia,
livestreamer,
lizardfs,
lmdb,
log4c,
logbook,
lrslib,
lvtk,
m-tx,
mailman-api,
matroxset,
miniupnpd,
mknbi,
monkeysign,
mpi4py,
mpmath,
mpqc,
mpris-remote,
musicbrainzngs,
network-manager,
nifticlib,
obfsproxy,
ogre-1.9,
opal,
openchange,
opensc,
packaging-tutorial,
padevchooser,
pajeng,
paprefs,
pavumeter,
pcl,
pdmenu,
pepper,
perroquet,
pgrouting,
pixz,
pngcheck,
po4a,
powerline,
probabel,
profitbricks-client,
prosody,
pstreams,
pyacidobasic,
pyepr,
pymilter,
pytest,
python-amqp,
python-apt,
python-carrot,
python-django,
python-ethtool,
python-mock,
python-odf,
python-pathtools,
python-pskc,
python-psutil,
python-pypump,
python-repoze.tm2,
python-repoze.what,
qdjango,
qpid-proton,
qsapecng,
radare2,
reclass,
repsnapper,
resource-agents,
rgain,
rttool,
ruby-aggregate,
ruby-albino,
ruby-archive-tar-minitar,
ruby-bcat,
ruby-blankslate,
ruby-coffee-script,
ruby-colored,
ruby-dbd-mysql,
ruby-dbd-odbc,
ruby-dbd-pg,
ruby-dbd-sqlite3,
ruby-dbi,
ruby-dirty-memoize,
ruby-encryptor,
ruby-erubis,
ruby-fast-xs,
ruby-fusefs,
ruby-gd,
ruby-git,
ruby-globalhotkeys,
ruby-god,
ruby-hike,
ruby-hmac,
ruby-integration,
ruby-jnunemaker-matchy,
ruby-memoize,
ruby-merb-core,
ruby-merb-haml,
ruby-merb-helpers,
ruby-metaid,
ruby-mina,
ruby-net-irc,
ruby-net-netrc,
ruby-odbc,
ruby-ole,
ruby-packet,
ruby-parseconfig,
ruby-platform,
ruby-plist,
ruby-popen4,
ruby-rchardet,
ruby-romkan,
ruby-ronn,
ruby-rubyforge,
ruby-rubytorrent,
ruby-samuel,
ruby-shoulda-matchers,
ruby-sourcify,
ruby-test-spec,
ruby-validatable,
ruby-wirble,
ruby-xml-simple,
ruby-zoom,
rumor,
rurple-ng,
ryu,
sam2p,
scikit-learn,
serd,
shellex,
shorewall-doc,
shunit2,
simbody,
simplejson,
smcroute,
soqt,
sord,
spacezero,
spamassassin-heatu,
spamprobe,
sphinxcontrib-youtube,
splitpatch,
sratom,
stompserver,
syncevolution,
tgt,
ticgit,
tinyproxy,
tor,
tox,
transmissionrpc,
tweeper,
udpcast,
units-filter,
viennacl,
visp,
vite,
vmfs-tools,
waffle,
waitress,
wavtool-pl,
webkit2pdf,
wfmath,
wit,
wreport,
x11proto-input,
xbae,
xdg-utils,
xdotool,
xsystem35,
yapsy,
yaz.
Please note that some packages in the above list are
falsely reproducible. In the experimental toolchain,
debhelper
exported
TZ=UTC
and this made packages capturing the current date (without the time) reproducible in the current test environment.
The following packages became reproducible after getting fixed:
- 389-admin/1.1.42-1 uploaded by Timo Aaltonen, original patch by Chris Lamb.
- aroarfw/0.1~beta5-2 uploaded by Patrick Matth i, original patch by akira.
- clfft/2.4-2 by Ghislain Antony Vaillant.
- custom-tab-width/1.0.1-3 by Daniel Kahn Gillmor.
- debirf/0.35 uploaded by Daniel Kahn Gillmor, original patch by Chris Lamb.
- enigmail/2:1.8.2-3 by Daniel Kahn Gillmor.
- flashproxy/1.7-4 by Ximin Luo.
- getdns/0.2.0-2 by Daniel Kahn Gillmor.
- glfw3/3.1.1-1 by James Cowgill, reported by akira.
- gpgme1.0/1.5.5-3 by Daniel Kahn Gillmor.
- jzmq/3.1.0-4 by Jan Niehusmann.
- libcommons-cli-java/1.3.1-1 by tony mancill.
- liblo/0.28-5 uploaded by Felipe Sateler, original patch by akira.
- libmoe/1.5.8-2 uploaded by TANIGUCHI Takaki, original patch by Chris Lamb.
- libnet-interface-perl/1.012-2 uploaded by gregor herrmann, original patch by Chris Lamb.
- libxmlenc-java/0.52+dfsg-4 by Emmanuel Bourg.
- lintian/2.5.33 by Niels Thykier.
- litecoin/0.10.2.2-1 uploaded by Dmitry Smirnov, original patch by Chris Lamb.
- node-ws/0.7.2+ds1.349b7460-1 by Ximin Luo.
- pyevolve/0.6~rc1+svn398+dfsg-7 uploaded by Christian Kastner, original patch by Juan Picca.
- sendmail/8.14.9-3 by Andreas Beckmann.
- uthash/1.9.9.1+git20150507-2 by Ilias Tsitsimpis, report by Jakub Wilk.
Ben Hutchings
upstreamed several patches to fix Linux reproducibility issues which were quickly merged.
Some uploads fixed some reproducibility issues but not all of them:
Uploads that should fix packages not in
main:
- fglrx-driver/1:15.7-1 uploaded by Patrick Matth i, fixed by Andreas Beckmann.
- pycuda/2015.1.2-1 uploaded by Tomasz Rybak, patch by Juan Picca.
Patches submitted which have not made their way to the archive yet:
- #787675 on ricochet by Daniel Kahn Gillmor: use the
debian/changelog
date in the manpage.
- #791648 on fish by Chris Lamb: sort header files in documentation.
- #791691 on fritzing by Chris Lamb: sort the documentation author list using the C locale.
- #791834 on bitcoin by Reiner Herrmann: sort sources files using the C locale.
- #791845 on yacas by Reiner Herrmann: sort hints using the C locale.
- #791851 on scowl by Reiner Herrmann: sort dictionary files using the C locale.
- #791913 on ceph by Chris Lamb: sort configuration file names.
- #791923 on alpine by Chris Lamb: use
debian/changelog
date as build date and use debian
as the builder hostname.
- #791960 on leveldb by Reiner Herrmann: sort sources files using th
e C locale.
- #792054 on ben by Reiner Herrmann: use
debian/changelog
date as bui
ld date.
- #792056 on val-and-rick by Reiner Herrmann: sort sources by filenames.
reproducible.debian.net
A new package set has been added for
lua maintainers. (h01ger)
tracker.debian.org now only shows reproducibility issues for
unstable.
Holger and Mattia worked on
several bugfixes and enhancements: finished initial test setup for NetBSD, rewriting more shell scripts in Python, saving UDD requests, and more
debbindiff development
Reiner Herrmann fixed text comparison of files with different encoding.
Documentation update
Juan Picca added to the commands needed for a
local test chroot installation of the
locales-all package.
Package reviews
286 obsolete
reviews have
been removed, 278 added and 243 updated this week.
43 new bugs for packages failing to build from sources have been filled by Chris West (Faux), Mattia Rizzolo, and h01ger.
The following new issues have been added:
timestamps_in_manpages_generated_by_ronn,
timestamps_in_documentation_generated_by_org_mode, and
timestamps_in_pdf_generated_by_matplotlib.
Misc.
Reiner Herrmann has submitted
patches for OpenWrt.
Chris Lamb cleaned up some code and removed cruft in the
misc.git repository. Mattia Rizzolo updated the
prebuilder script to match what is currently done on
reproducible.debian.net
.