What happened in the
Reproducible
Builds effort between Sunday July
31 and Saturday August 6 2016:
Toolchain development and fixes
- dpkg/1.18.10 by Guillem Jover.
- Generate reproducible source tarballs by using the new GNU tar
--clamp-mtime option
- Enable fixdebugpath build flag feature by default, original patch by
Mattia Rizzolo.
- cython/0.24.1-1 by Yaroslav Halchenko.
- Chris Lamb and Thomas Schmidt worked on some patches to make reproducible
ISO images.
- Johannes Schauer continued the discussion on #763822 regarding dak
and buildinfo files.
- Johannes Schauer continued the discussion on #774415 regarding
srebuild and debrebuild.
Packages fixed and bugs filed
The following 24 packages have become reproducible - in our current test
setup - due to changes in their build-dependencies:
alglib
aspcud
boomaga
fcl
flute
haskell-hopenpgp
indigo
italc
kst
ktexteditor
libgroove
libjson-rpc-cpp
libqes
luminance-hdr
openscenegraph
palabos
petri-foo
pgagent
sisl
srm-ifce
vera++
visp
x42-plugins
zbackup
The following packages have become reproducible after being fixed:
- cvs2svn/2.4.0-3 by Laszlo Boszormenyi, original patch by Chris Lamb.
- dapl/2.1.8-2 by 2.1.8-1 by Ana Beatriz Guerrero Lopez, original patch by Chris Lamb.
- fonts-noto/20160116-3 by Vasudev Kamath, original patch by Chris Lamb.
- fortunes-bg/1.3 by Anton Zinoviev, original patch by Chris Lamb.
- fsvs/1.2.7-1 by Reiner Herrmann.
- infernal/1.1.2-1 by Sascha Steinbiss.
- libitpp/4.3.1-7 by Kumar Appaiah, original patch by Eduard Sanou.
- libtar/1.2.20-6 by Magnus Holmgren.
- libterralib/4.3.0+dfsg.2-9 by Alastair McKinstry, original patch by Eduard Sanou.
- mknbi/1.4.4-12 Ralf Treinen, original patch by Chris Lamb.
- node-iscroll/5.2.0+dfsg1-1 by Balint Reczey.
- octave-communications/1.2.1-2 by Rafael Laboissiere.
- python-mkdocs/0.15.3-5 by Brian May, original patch by Chris Lamb.
- remake/4.1+dbg1.1+dfsg-1 by Yaroslav Halchenko, original patch by Reiner Herrmann.
- sa-exim/4.2.1-16 by Magnus Holmgren.
- seqan/1.4.2+dfsg-1 by Andreas Tille, original patch by Chris Lamb.
- sbuild/0.70.0-1 by Johannes Schauer, #825991 from Aurelien Jarno.
- trscripts/1.18 by Anton Zinoviev, original patch by Chris Lamb.
- ui-auto/1.2.9-1 by Stephan S rken.
- ui-utilcpp/1.8.5-1 by Stephan S rken.
- xfonts-cronyx/2.3.8-8 by Anton Zinoviev, original patch by Chris Lamb.
The following newly-uploaded packages appear to be reproducible now, for
reasons we were not able to figure out. (Relevant changelogs did not mention
reproducible builds.)
- libitext-java/2.1.7-1 by Emmanuel Bourg.
- lice/1:4.2.5i-2 by Kurt Roeckx.
- pgbackrest/1.04-1 by Adrian Vondendriesch.
- pxlib/0.6.7-1 by Uwe Steinmann.
- runit/2.1.2-5 by Dmitry Bogatov.
- ssvnc/1.0.29-3 by Magnus Holmgren.
- syncthing/0.14.3+dfsg1-3 by Alexandre Viau.
- tachyon/0.99~b6+dsx-5 by Jerome Benoit.
- tor/0.2.8.6-2 by Peter Palfrader.
Some uploads have addressed some reproducibility issues, but not all of them:
Patches submitted that have not made their way to the archive yet:
Package reviews and QA
These are reviews of
reproduciblity
issues of
Debian packages.
276 package reviews have been added, 172 have been updated and 44 have been
removed in this week.
- New issues:
- Updated issues:
7 FTBFS bugs have been reported by Chris Lamb.
Reproducibility tools
- diffoscope/56~bpo8+1 uploaded to jessie-backports by Mattia Rizzolo
- strip-nondeterminism/0.022-1~bpo8+1 uploaded to jessie-backports by Mattia Rizzolo
Test infrastructure
For testing the impact of allowing variations of the buildpath (which up until
now we required to be identical for reproducible rebuilds), Reiner Herrmann
contribed a patch which enabled build path variations on testing/i386. This is
possible now since dpkg 1.18.10 enables the
--fixdebugpath
build flag feature
by default, which should result in reproducible builds (for C code) even with
varying paths. So far we haven't had many results due to disturbances in our
build network in the last days, but it seems this would mean roughly between
5-15% additional unreproducible packages - compared to what we see now. We'll
keep you updated on the numbers (and problems with compilers and common
frameworks) as we find them.
lynxis continued work to test
LEDE
and
OpenWrt on two different
hosts, to include date variation in the tests.
Mattia and Holger worked on the (mass) deployment scripts, so that the - for space
reasons - only
jenkins.debian.net GIT
clone resides in
~jenkins-adm/
and not anymore in Holger's homedir, so
that soon Mattia (and possibly others!) will be able to fully maintain this setup,
while Holger is doing siesta.
Miscellaneous
Chris, dkg, h01ger and Ximin attended a
Core Infrastricture
Initiative summit meeting in New York
City, to discuss and promote this Reproducible Builds project. The CII was set
up in the wake of the Heartbleed SSL vulnerability to support software projects
that are critical to the functioning of the internet.
This week's edition was written by Ximin Luo and Holger Levsen and reviewed by a bunch of
Reproducible Builds folks on IRC.