What happened about the reproducible
effort for this week:
On June 7th, Reiner Herrmann
the project at the
in Karlsruhe, Germany.
Video and audio
in German are available, and so are the slides in
- Joachim Breitner uploaded ghc/7.8.4-9 which uses a hash of the command line instead of the pid when calculating a random directory name.
- Lunar uploaded mozilla-devscripts/0.42 which now properly sets the timezone. Patch by Reiner Herrmann.
- Dmitry Shachnev uploaded python-qt4/4.11.4+dfsg-1 which now outputs the list of imported module in a stable order. The issue has been fixed upstream. Original patch by Reiner Herrmann.
- Norbert Preining uploaded tex-common/6.00 which tries to ensure reproducible builds in files generated by
- Barry Warsaw uploaded wheel/0.24.0-2 which makes the output deterministic. Barry has submitted the fixes upstream based on patches by Reiner Herrman.
Daniel Kahn Gillmor's report
started a discussion with Brendan O'Dea and Ximin Luo about standardizing a common environment variable that would provide a replacement for an embedded build date. After various proposals and research by Ximin about date handling in several programming languages
, the best solution seems to define
with a value suitable for gmtime(3)
- Martin Borgert wondered if Sphinx could be changed in a way that would avoid having to tweak
debian/rules in packages using it to produce HTML documentation.
Daniel Kahn Gillmor opened a new report about icont producing unreproducible binaries
The following 32 packages became reproducible due to changes in their
The following packages became reproducible after getting fixed:
- acorn/0.12.0-1 by Bas Couwenberg, original patch by Reiner Herrmann.
- cabal-debian/4.17.4-3 by Joachim Breitner.
- coin3/3.1.4~abc9f50-9 by Anton Gladky.
- deets/0.2.1-4 by Clint Adams.
- elinks/0.12~pre6-8 by Moritz Muehlenhoff.
- fiona/1.5.1-1 uploaded by Johan Van de Wauw, original patch by Juan Picca.
- gcc-mingw-w64/15.2 by Stephen Kitt.
- glance/2015.1.0-2 uploaded by Thomas Goirand, original patch by Juan Picca.
- hamlib/126.96.36.199-3 uploaded by Colin Tuckley, original patch by akira.
- ikiwiki/3.20150610 by Simon McVittie, Joey Hess and Daniel Kahn Gillmor. Cheers!
- lava-dispatcher/2015.06-1 by Neil Williams.
- libur-perl/0.430-3 by gregor herrmann, fix suggested by Niko Tyni.
- lrzsz/0.12.21-8 uploaded by Martin A. Godisch, original patch by Dhole.
- makehuman/1.0.2-9 uploaded by Muammar El Khatib, original patch by Juan Picca.
- murano/2015.1.0-4 uploaded by Thomas Goirand, original patch by Juan Picca.
- ocl-icd/2.2.7-2 by Vincent Danjean.
- oslo-config/1:1.9.3-2 uploaded by Thomas Goirand, original patch by Juan Picca.
- piuparts/0.64 by Holger Levsen.
- posh/0.12.5 by Clint Adams.
- python-glance-store/0.4.0-3 uploaded by Thomas Goirand, original patch by Juan Picca.
- python-osprofiler/0.3.0-2 uploaded by Thomas Goirand, original patch by Juan Picca.
- wheel/0.24.0-2 uploaded by Barry Warsaw, original patch by Reiner Herrman.
- xfonts-nexus/0.0.2-17 uploaded by Simon Horman, original patch by Chris Lamb.
- zec/0.12-4 by Clint Adams.
- zomg/0.8-2 by Clint Adams.
Some uploads fixed some reproducibility issues but not all of them:
Patches submitted which did not make their way to the archive yet:
A new variation to better notice when a package captures the environment has been introduced. (h01ger)
The test on Debian packages works by building the package twice in a short time frame. But sometimes, a mirror push can happen between the first and the second build, resulting in a package built in a different build environment. This situation is now properly detected and will run a third build automatically. (h01ger)
, the distribution specialized in embedded devices like small routers, is now being tested for reproducibility
. The situation looks very good for their packages which seems mostly affected by timestamps in the tarball. System images will require more work on
to be better understood. (h01ger)
Reiner Herrmann added support for decompling Java
package files (used by OpenWrt). This is now available in version 22 released on 2015-06-14.
available to insert a ready-made date in PE binaries built with
been removed, 65 added and 126 updated this week.
New identified issues:
Holger Levsen reported an issue
with the locales-all
but is actually missing some of the files provided by locales
upstream has been quick to react after the
of the tests
set up the week
before. Patrick Georgi has fixed all issues in a couple of days and all
Coreboot images are now reproducible (without a payload).
is one of the most frequently used payload
on PC hardware and can now be made
Paul Kocialkowski wrote to the mailing
asking for help on getting U-Boot
Lunar had a chat with maintainers of Open Build
understand the difference between their system and what we are doing for