What happened in the Reproducible
effort between Sunday October 9 and Saturday October 15 2016:
- despinosa wrote a blog post on Vala and reproducibility
- h01ger and lynxis gave a talk called "From Reproducible Debian builds to
Reproducible OpenWrt, LEDE" (video, slides) at the OpenWrt Summit
2016 held in Berlin, together with ELCE,
held by the Linux Foundation.
- A discussion on debian-devel@ resulted in a
from Paul Wise: "(Reproducible) builds from source (with continuous
rechecking) is the only way to have enough confidence that a Debian user has
the freedoms promised to them by the Debian social contract."
- Chris Lamb will present a talk at Software Freedom Kosovo on reproducible builds on Saturday 22nd October.
After discussions with HW42, Steven Chamberlain, Vagrant Cascadian, Daniel
Shahaf, Christopher Berg, Daniel Kahn Gillmor and others, Ximin Luo has started
writing up more concrete and detailed design plans for
setting SOURCE_ROOT_DIR for reproducible debugging symbols
buildinfo security semantics
and buildinfo security infrastructure
Toolchain development and fixes
Dmitry Shachnev noted that our patch for #831779
has been temporarily
rejected by docutils upstream
are trying to persuade them again.
Tony Mancill uploaded javatools
/0.59 to unstable containing original patch
by Chris Lamb. This fixed an issue where documentation Recommends:
substvars would not be reproducible.
Ximin Luo filed bug 77985
to GCC as a pre-requisite for future patches to make debugging symbols
Packages reviewed and fixed, and bugs filed
The following updated packages have become reproducible - in our current test
setup - after being fixed:
The following updated packages appear to be reproducible now, for reasons we
were not able to figure out. (Relevant changelogs did not mention reproducible
- aodh/3.0.0-2 by Thomas Goirand.
- eog-plugins/3.16.5-1 by Michael Biebl.
- flam3/3.0.1-5 by Daniele Adriana Goulart Lopes.
- hyphy/2.2.7+dfsg-1 by Andreas Tille.
- libbson/1.4.1-1 by A. Jesse Jiryu Davis.
- libmongoc/1.4.1-1 by A. Jesse Jiryu Davis.
- lxc/1:2.0.5-1 by Evgeni Golov.
- spice-gtk/0.33-1 by Liang Guo.
- spice-vdagent/0.17.0-1 by Liang Guo.
- tnef/1.4.12-1 by Kevin Coyner.
Some uploads have addressed some reproducibility issues, but not all of them:
Some uploads have addressed nearly all reproducibility issues, except for build path issues:
Patches submitted that have not made their way to the archive yet:
Reviews of unreproducible packages
101 package reviews have been added, 49 have been updated and 4 have been
removed in this week, adding to our knowledge about identified
3 issue types have been updated:
Weekly QA work
During of reproducibility testing, some FTBFS bugs have been detected and
- Anders Kaseorg (1)
- Chris Lamb (18)
- h01ger has turned off the "Scheduled in testing+unstable+experimental" regular IRC notifications and turned them into emails to those running jenkins.d.n.
- Re-add opi2a armhf node and 3 new builder jobs for a total of 60 build jobs for armhf. (h01ger and vagrant)
- vagrant suggested to add a variation of init systems effecting the build, and h01ger added it to the TODO list.
- Steven Chamberlain submitted a patch so that now all buildinfo files are collected (unsigned yet) at firstname.lastname@example.org.
- Holger enabled CPU type variation (Intel Haswell or AMD Opteron 62xx) for i386. Thanks to Profitbricks.com for their great and continued support!
- Increase memory on the 2 build nodes from 12 to 16gb, thanks to profitbricks.com
We are running a poll to find a good time for an IRC meeting
This week's edition was written by Ximin Luo, Holger Levsen & Chris Lamb and
reviewed by a bunch of Reproducible Builds folks on IRC.