What happened about the
reproducible
builds effort for this week:
Presentations
On May 26th,Holger Levsen presented reproducible builds in Debian at CCC Berlin for the
Datengarten 52. The presentation was in German and the
slides in English.
Audio and video recordings are available.
Toolchain fixes
- Dmitry Shachnev uploaded pyqt5/5.4.1+dfsg-3 which makes
pyuic output imports in stable order. Original patch by Reiner Herrmann.
- Lunar uploaded mozilla-devscripts/0.41 which uses the UTC timezone when calling
zip or unzip.
Niels Thykier
fixed the experimental support for the automatic creation of debug packages in
debhelper that being tested as part of the reproducible toolchain.
Lunar added to the reproducible build version of
dpkg the normalization of permissions for files in
control.tar. The patch has also been
submitted based on the main branch.
Daniel Kahn Gillmor
proposed a patch to add support for externally-supplying build date to
help2man. This sparkled a discussion about agreeing on a common name for an environment variable to hold the date that should be used. It seems opinions are converging on using
SOURCE_DATE_UTC which would hold a
ISO-8601 formatted date in UTC) (e.g.
2015-06-05T01:08:20Z). Kudos to Daniel, Brendan O'Dea, Ximin Luo for pushing this forward.
Lunar proposed a patch to Tar upstream
adding a --clamp-mtime option as a generic solution for
timestamp variations in tarballs which might also be useful for dpkg. The option changes the behavior of
--mtime to only use the time specified if the file mtime is newer than the given time. So far, upstream is not convinced that it would make a worthwhile addition to Tar, though.
Daniel Kahn Gillmor
reached out to the libburnia project to ask for help on how to make ISO created with
xorriso reproducible. We should reward Thomas Schmitt with a model upstream trophy as he went through a thorough analysis of possible sources of variations and ways to improve the situation. Most of what is missing with the current version in Debian is available in the latest upstream version, but
libisoburn in Debian needs help. Daniel
backported the missing option for version 1.3.2-1.1.
akira
submitted a new issue to Doxygen upstream regarding the
timestamps added to the generated manpages.
Packages fixed
The following 49 packages became reproducible due to changes in their
build dependencies:
activemq-protobuf,
bnfc,
bridge-method-injector,
commons-exec,
console-data,
djinn,
github-backup,
haskell-authenticate-oauth,
haskell-authenticate,
haskell-blaze-builder,
haskell-blaze-textual,
haskell-bloomfilter,
haskell-brainfuck,
haskell-hspec-discover,
haskell-pretty-show,
haskell-unlambda,
haskell-x509-util,
haskelldb-hdbc-odbc,
haskelldb-hdbc-postgresql,
haskelldb-hdbc-sqlite3,
hasktags,
hedgewars,
hscolour,
https-everywhere,
java-comment-preprocessor,
jffi,
jgit,
jnr-ffi,
jnr-netdb,
jsoup,
lhs2tex,
libcolor-calc-perl,
libfile-changenotify-perl,
libpdl-io-hdf5-perl,
libsvn-notify-mirror-perl,
localizer,
maven-enforcer,
pyotherside,
python-xlrd,
python-xstatic-angular-bootstrap,
rt-extension-calendar,
ruby-builder,
ruby-em-hiredis,
ruby-redcloth,
shellcheck,
sisu-plexus,
tomcat-maven-plugin,
v4l2loopback,
vim-latexsuite.
The following packages became reproducible after getting fixed:
Some uploads fixed some reproducibility issues but not all of them:
Patches submitted which did not make their way to the archive yet:
- #787327 on vim by Reiner Herrmann: set a constant user and set
modified-by option.
- #787650 on lush by Daniel Kahn Gillmor: remove
__DATE__ and __TIME__ macros from source.
- #787669 on cloc by Daniel Kahn Gillmor: use time of latest
debian/changelog entry in manpage.
- #787675 on ricochet by Daniel Kahn Gillmor: patch configure to allow an external build date and set it to the time of latest
debian/changelog entry.
- #787804 on clipper by akira: set
HTML_TIMESTAMP to NO in Doxygen configuration.
- #787829 on colobot by akira: set
HTML_TIMESTAMP to NO in Doxygen configuration.
- #787865 on fastjet by akira: call Doxygen with
HTML_TIMESTAMP set to NO.
- #787916 on cal3d by akira: remove
$datetime from the file api_footer.html.
- #787918 on dime by akira: remove
$datetime from the file footer.html.
Daniel Kahn Gilmor also started discussions for
emacs24 and the
unsorted lists in generated .el files, the
recording of a PID number in
lush, and the
reproducibility of ISO images in
grub2.
reproducible.debian.net
Notifications are now sent when the build environment for a package has changed between two builds. This is a first step before automatically building the package once more. (Holger Levsen)
jenkins.debian.net was upgraded to Debian Jessie. (Holger Levsen)
A new
variation is now being tested:
$PATH. The second build will be done with a
/i/capture/the/path added. (Holger Levsen)
Holger Levsen with the help of Alexander Couzens wrote extra job to
test the reproducibility of
coreboot. Thanks James McCoy for helping with certificate issues.
Mattia Rizollo made some more internal improvements.
strip-nondeterminism development
Andrew Ayer released
strip-nondeterminism/0.008-1. This new version fixes the gzip handler so that it now
skip adding a predetermined timestamp when there was none.
Holger Levsen sponsored the upload.
Documentation update
The pages about timestamps in
manpages generated by Doxygen,
GHC .hi files, and
Jar files have been updated to reflect their status in upstream.
Markus Koschany documented an
easy way to prevent Doxygen to write timestamps in HTML output.
Package reviews
83 obsolete
reviews have
been removed, 71 added and 48 updated this week.
Meetings
A meeting was held on 2015-06-03.
Minutes and
full logs are available.
It was agreed to hold such a meeting every two weeks for the time being. The
time of the next meeting should be announced soon.
Well, here are the stats for the final week of the DUCK challenge as well as DebConf15:
Pevious articles are here: Week 1, Week 2, Week 3, Week 4, Week 5,Week 6.
