What happened in the reproducible
effort between December 20th to December 26th:
Mattia Rizzolo rebased our experimental versions
(twice!) and dpkg
on top of the latest releases.
Reiner Herrmann submited a patch
to sort the file list in generated
To be able to lift the restriction that packages must be built in the same path, translation support for the
C pre-processor macro would also be required. Joerg Sonnenberger submitted a patch
back in 2010 that would still be useful today.
Chris Lamb started work on providing a deterministic mode
The following packages have become reproducible due to changes in their
The following packages became reproducible after getting fixed:
- a7xpg/0.11.dfsg1-9 uploaded by Markus Koschany, original patch by Reiner Herrmann.
- at/3.1.18-1 uploaded by Laurent Bigonville, original patch by Reiner Herrmann, merged by Jose M Calhariz.
- bibtool/2.61+ds-2 by Jerome Benoit.
- bup/0.27-2 uploaded by Robert Edmonds, original patch by Chris Lamb.
- deja-dup/34.1-1 uploaded by Laurent Bigonville, original patch by Reiner Herrmann.
- gauche-gl/0.6-1 by NIIBE Yutaka.
- ifupdown/0.8 uploaded by Guus Sliepen, original patch by Lunar.
- jing-trang/20131210+dfsg+1-4 by Samuel Thibault.
- libp11/0.3.0-2 by Eric Dorland.
- pdns/4.0.0~alpha1-1 by Christian Hofstaedtler.
- pdns-recursor/4.0.0~alpha1-1 by Christian Hofstaedtler.
- qupzilla/1.8.9~dfsg1-1 uploaded by Georges Khaznadar, fixed upstream.
- ros-genpy/0.5.7-4 uploaded by Jochen Sprickerhof, original patch by Chris Lamb.
- signify/1.14-3 by Mattia Rizzolo, obsoleting patches submitted by Chris Lamb and akira.
- sleepyhead/0.9.8-2 by Sergio Durigan Junior.
- texi2html/1.82+dfsg1-5 by Mattia Rizzolo, previous patch by Juan Picca.
- titanion/0.3.dfsg1-6 by Markus Koschany, original patch by Reiner Herrmann.
- tj3/3.5.0-3 uploaded by Vincent Bernat, original patch by Vincent Bernat.
- vcsh/1.20151229-1 by Richard Hartmann.
- waitress/0.8.10-1 uploaded by Andrew Shadura, original patch by Juan Picca.
- xtel/3.3.0-19 by Samuel Thibault.
Some uploads fixed some reproducibility issues, but not all of them:
Patches submitted which have not made their way to the archive yet:
Statistics for package sets are now visible for the armhf architecture
The second build now has a longer timeout (18 hours) than the first build (12 hours). This should prevent wasting resources when a machine is loaded. (h01ger)
Builds of Arch Linux packages are now done using a
200 GiB have been added to jenkins.debian.net
(thanks to ProfitBricks
!) to make room for new jobs. The current count
is at 962 and growing!
Aside from some minor bugs that have been fixed, a one-line change
made huge memory (and time) savings as the output of transformation tool is now streamed line by line instead of loaded entirely in memory at once.
Andrew Ayer released disorderfs
on December 22th. It fixes a memory corruption error
when processing command line arguments that could cause command line options to be ignored.
Many small improvements for the documentation on reproducible-builds.org
sent by Georg Koppen were merged.
666 (!) reviews
have been removed, 189 added and 162 updated in the previous week.
151 new fail to build from source reports have been made by Chris West, Chris Lamb, Mattia Rizzolo, and Niko Tyni.
New issues identified: unsorted_filelist_in_xul_ext_preferences
Steven Chamberlain drew our attention
to one analysis of the Juniper ScreenOS Authentication Backdoor
: Whilst this may have been added in source code, it was well-disguised in the disassembly and just 7 instructions long. I thought this was a good example of the current state-of-the-art, and why we'd like our binaries and eventually, installer and VM images reproducible IMHO.
Joanna Rutkowska has mentioned possible ways
for Qubes to become reproducible on their development mailing-list.