Reproducible builds folks: Reproducible Builds: Weekly report #133
Here's what happened in the Reproducible
Builds effort between Sunday November 5 and
Saturday November 11 2017:
Upcoming events
On November 17th Chris Lamb will present at Open Compliance
Summit,
Yokohama, Japan on how reproducible builds ensures the long-term sustainability
of technology infrastructure.
We plan to hold an assembly at
34C3
- hope to see you there!
LEDE CI tests
Thanks to the work of lynxis, Mattia and h01ger, we're now testing all LEDE
packages in our setup. This is our first result for the ar71xx
target: "502
(100.0%) out of 502 built images and 4932 (94.8%) out of 5200 built packages
were reproducible in our test setup." - see below for details how this was
achieved.
Bootstrapping and Diverse Double Compilation
As a follow-up of a discussion on bootstrapping compilers we had on the Berlin
summit, Bernhard
and Ximin worked on a Proof of Concept for Diverse Double Compilation of tinycc
(aka tcc).
Ximin Luo did a successful diverse-double compilation of
tinycc git HEAD using gcc-7.2.0,
clang-4.0.1, icc-18.0.0 and pgcc-17.10-0 (pgcc needs to triple-compile it).
More variations are planned for the future, with the eventual aim to reproduce
the same binaries cross-distro, and extend it to test GCC itself.
Packages reviewed and fixed, and bugs filed
Patches filed upstream:
- Bernhard M. Wiedemann:
- clang - ASLR affects objective-C binaries.
- Chris Lamb:
- nbsphinx (merged) - Random UUIDs used as element selectors.
- stardicter (merged) -
SOURCE_DATE_EPOCH
support. - stetl - Build path in documentation.
- Bernhard M. Wiedemann:
- Adrian Bunk:
- #881453 filed against primesieve - FTBFS.
- Chris Lamb:
- #881089 filed against stardicter - (merged)
SOURCE_DATE_EPOCH
. - #881094 filed against nbsphinx - random UUIDs.
- #881157 filed against designate - build path.
- #881217 filed against python-stetl - build path.
- #881258 filed against sphinx-intl - drop date.
- #881259 filed against soundmodem - build path.
- #881262 filed against node-module-deps - build path.
- #881474 filed against phatch - random memory address.
- #881089 filed against stardicter - (merged)
- Daniel Kahn Gillmor:
- Bernhard M. Wiedemann:
- i4l-base (merged) - Uninitialized memory written to output.
- Add randomness_in_files_generated_by_pinyin_gen_binary_files.
- Add build_path_captured_in_assembly_objects.
- Add timestamps_in_ifo_files_generated_by_python_stardicter.
- Update timestamps_in_source_generated_by_rcc.
- Adrian Bunk (69)
- Andreas Beckmann (3)
- Dmitry Shachnev (1)
- Graham Inggs (1)
88~bpo9+1
to stretch-backports.
reprotest development
- Ximin Luo:
- build: add comment that
util-linux
confirmed bug in nsenter, awaiting fix. - Make
--print-sudoers
work for--env-build
as well.
- build: add comment that
- Holger Levsen:
- rws3: add OTF as sponsor
- rws3: add F-Droid, riot-os.org
- Chris Lamb:
- Move the "contribute" page from the Debian wiki to
/contribute/
on our main website.
- Move the "contribute" page from the Debian wiki to
- Eitan Adler:
- Fix typo in FreeBSD mailing list.
- Bernhard M. Wiedemann:
- Mattia Rizzolo:
- reproducible archlinux: enable debugging mode
- reproducible archlinux: don't use hidden files for the package lists
- reproducible fedora: don't use hidden files for the package lists
- udd-query: move from public-udd-mirror.xvm.mit.edu to udd-mirror.debian.net
- udd-query: remove the temporary file with a trap in case this script is called with the wrong argument, and in case of failures, etc, the temporary file would be left around otherwise
- reproducible debian: schroot-create: drop the reproducible gpg keyring into /etc/apt/trusted.gpg.d/ instead of using
apt-key add
- reproducible debian: setup_pbuilder: drop the reproducible gpg keyring into /etc/apt/trusted.gpg.d/ instead of using
apt-key add
- reprodocible debian: setup_pbuilder: stop installing gnupg2 in our chroot, not needed anymore now
- Mattia also merged and deployed some commits from others this week.
- Alexander 'lynxis' Couzens
- reproducible_lede: use correct place/variable to save results: Results on remote nodes are expected to be under $TMPDIR, which defined by openwrt_build. RESULTSDIR is undefined on the remote node
- reproducible_lede: enable building all packages again, after it was disabled to improve the debug speed.
- reproducible_lede: correct given path for node_cleanup_tmpdirs & node_save_logs- reproducible_lede: enable CONFIG_BUILDBOT to reduce inodes while building.
- kpcyrd:
- reproducible-archlinux: try porting abs to asp
- reproducible-archlinux: explicitly sync packages
- reproducible-archlinux: use sudo for pacman
- Hans-Christoph Steiner:
- reproducible fdroid: point jenkins to canonical URL
- reproducible_fdroid: separate testsuite into its own job
- reproducible fdroid: sync upstream script names with jenkins.debian.net, make things self-documenting by reusing the same names everywhere.
- reproducible_fdroid_test: make script executable
- Chris Lamb:
- Move some IRC announcements to #debian-reproducible-changes.
- Holger Levsen:
- reproducible LEDE: try to deal gracefully with problems and report
- as usual, Holger merged many of the above commits and deployed them.