• Abhijith PA did 14.00h (out of 14.00h assigned).
• Andreas R nnquist did 14.50h (out of 14.50h assigned and 10.50h from previous period, thus carrying over 10.50h to the next month).
• Anton Gladky did 16.00h (out of 16.00h assigned).
• Ben Hutchings did 16.00h (out of 0.00h assigned and 16.00h from previous period).
• Chris Lamb did 18.00h (out of 18.00h assigned).
• Dominik George did 1.83h (out of 6.00h assigned and 18.00h from previous period, thus carrying over 22.17h to the next month).
• Emilio Pozuelo Monfort did 30.25h (out of 9.25h assigned and 21.00h from previous period).
• Enrico Zini did 8.00h (out of 9.50h assigned and 6.50h from previous period, thus carrying over 8.00h to the next month).
• Markus Koschany did 30.25h (out of 30.25h assigned).
• Ola Lundqvist did nothing (out of 12.00 available hours, thus carrying them over to the next month).
• Roberto C. S nchez did 27.50h (out of 11.75h assigned and 18.50h from previous period, thus carrying over 2.75h to the next month).
• Stefano Rivera did 8.00h (out of 30.25h assigned, thus carrying over 20.75h to the next month).
• Sylvain Beucler did 30.25h (out of 13.75h assigned and 16.50h from previous period).
• Thorsten Alteholz did 30.25h (out of 30.25h assigned).
• Utkarsh Gupta did not report back about their work so we assume they did nothing (out of 30.25 available hours, thus carrying them over to the next month).

• Platinum sponsors:
  • TOSHIBA (for 82 months)
  • GitHub (for 73 months)
  • Civil Infrastructure Platform (CIP) (for 50 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 93 months)
  • Linode (for 87 months)
  • Babiel GmbH (for 76 months)
  • Plat Home (for 76 months)
  • University of Oxford (for 32 months)
  • Deveryware (for 19 months)
  • VyOS Inc (for 14 months)
  • EDF SA (for 3 months)
• Silver sponsors:
  • Domeneshop AS (for 98 months)
  • The Positive Internet Company (for 98 months)
  • Nantes M tropole (for 92 months)
  • Univention GmbH (for 83 months)
  • Universit Jean Monnet de St Etienne (for 83 months)
  • Ribbon Communications, Inc. (for 77 months)
  • Exonet B.V. (for 67 months)
  • Leibniz Rechenzentrum (for 61 months)
  • CINECA (for 50 months)
  • Minist re de l Europe et des Affaires trang res (for 45 months)
  • Cloudways Ltd (for 34 months)
  • Dinahosting SL (for 32 months)
  • Bauer Xcel Media Deutschland KG (for 26 months)
  • Platform.sh (for 26 months)
  • Moxa Intelligence Co., Ltd. (for 20 months)
  • sipgate GmbH (for 17 months)
  • Tilburg University (for 16 months)
  • OVH US LLC (for 15 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 7 months)
  • Soliton Systems K.K. (for 4 months)
• Bronze sponsors:
  • Evolix (for 98 months)
  • Seznam.cz, a.s. (for 98 months)
  • Intevation GmbH (for 95 months)
  • Linuxhotel GmbH (for 95 months)
  • Daevel SARL (for 94 months)
  • Bitfolk LTD (for 92 months)
  • Megaspace Internet Services GmbH (for 92 months)
  • NUMLOG (for 92 months)
  • Greenbone Networks GmbH (for 91 months)
  • WinGo AG (for 91 months)
  • Ecole Centrale de Nantes LHEEA (for 87 months)
  • Entr ouvert (for 82 months)
  • Adfinis AG (for 80 months)
  • GNI MEDIA (for 74 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 74 months)
  • Tesorion (for 74 months)
  • Bearstech (for 66 months)
  • LiHAS (for 65 months)
  • Catalyst IT Ltd (for 60 months)
  • Supagro (for 55 months)
  • Demarcq SAS (for 54 months)
  • Universit Grenoble Alpes (for 40 months)
  • TouchWeb SAS (for 32 months)
  • SPiN AG (for 29 months)
  • CoreFiling (for 24 months)
  • Institut des sciences cognitives Marc Jeannerod (for 19 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 16 months)
  • Tem Innovations GmbH (for 11 months)
  • WordFinder.pro (for 10 months)
  • CNRS DT INSU R sif (for 9 months)
  • Alter Way

Server setup The first thing I did was to open up my server's rsyslog (Debian's default syslog server) to remote connections since it's going to be the destination host for the router's log messages. I added the following to /etc/rsyslog.d/router.conf:

module(load="imtcp")
input(type="imtcp" port="514")
if $fromhost-ip == '192.168.1.1' then  
    if $syslogseverity <= 5 then  
        action(type="omfile" file="/var/log/router.log")
     
    stop
 

This is using the latest rsyslog configuration method: a handy scripting language called RainerScript. Severity level 5 maps to "notice" which consists of unusual non-error conditions, and 192.168.1.1 is of course the IP address of the router on the LAN side. With this, I'm directing all router log messages to a separate file, filtering out anything less important than severity 5. In order for rsyslog to pick up this new configuration file, I restarted it:

systemctl restart rsyslog.service

and checked that it was running correctly (e.g. no syntax errors in the new config file) using:

systemctl status rsyslog.service

Since I added a new log file, I also setup log rotation for it by putting the following in /etc/logrotate.d/router:

/var/log/router.log
 
    rotate 4
    weekly
    missingok
    notifempty
    compress
    delaycompress
    sharedscripts
    postrotate
        /usr/lib/rsyslog/rsyslog-rotate
    endscript
 

In addition, since I use logcheck to monitor my server logs and email me errors, I had to add /var/log/router.log to /etc/logcheck/logcheck.logfiles. Finally I opened the rsyslog port to the router in my server's firewall by adding the following to /etc/network/iptables.up.rules:

# Allow logs from the router
-A INPUT -s 192.168.1.1 -p tcp --dport 514 -j ACCEPT

and ran iptables-apply. With all of this in place, it was time to get the router to send messages.

Router setup As suggested on the Turris forum, I ssh'ed into my router and added this in /etc/syslog-ng.d/remote.conf:

destination d_loghost  
        network("192.168.1.200" time-zone("America/Vancouver"));
 ;
source dns  
        file("/var/log/resolver");
 ;
log  
        source(src);
        source(net);
        source(kernel);
        source(dns);
        destination(d_loghost);
 ;

Setting the timezone to the same as my server was needed because the router messages were otherwise sent with UTC timestamps. To ensure that the destination host always gets the same IP address (192.168.1.200), I went to the advanced DHCP configuration page and added a static lease for the server's MAC address so that it always gets assigned 192.168.1.200. If that wasn't already the server's IP address, you'll have to restart it for this to take effect. Finally, I restarted the syslog-ng daemon on the router to pick up the new config file:

/etc/init.d/syslog-ng restart

Testing In order to test this configuration, I opened three terminal windows:

1. tail -f /var/log/syslog on the server
2. tail -f /var/log/router.log on the server
3. tail -f /var/log/messages on the router

I immediately started to see messages from the router in the third window and some of these, not all because of my severity-5 filter, were flowing to the second window as well. Also important is that none of the messages make it to the first window, otherwise log messages from the router would be mixed in with the server's own logs. That's the purpose of the stop command in /etc/rsyslog.d/router.conf. To force a log messages to be emitted by the router, simply ssh into it and issue the following command:

logger Test

It should show up in the second and third windows immediately if you've got everything setup correctly

• Abhijith PA did 14.0h (out of 14h assigned).
• Andreas R nnquist did 14.5h (out of 25.0h assigned), thus carrying over 10.5h to June.
• Anton Gladky did 19h (out of 19h assigned).
• Ben Hutchings did 8h (out of 11h assigned and 13h from April), thus carrying over 16h to June.
• Chris Lamb did 18h (out of 18h assigned).
• Dominik George did 2h (out of 20.0h assigned), thus carrying over 18h to June.
• Enrico Zini did 9.5h (out of 16.0h assigned), thus carrying over 6.5h to June.
• Emilio Pozuelo Monfort did 28h (out of 13.75h assigned and 35.25h from April), thus carrying over 21h to June.
• Markus Koschany did 40h (out of 40h assigned).
• Roberto C. S nchez did 13.5h (out of 32h assigned), thus carrying over 18.5h to June.
• Sylvain Beucler did 23.5h (out of 20h assigned and 20h from April), thus carrying over 16.5h to June.
• Stefano Rivera did 5h in April and 14h in May (out of 17.5h assigned), thus anticipating 1.5h for June.
• Thorsten Alteholz did 40h (out of 40h assigned).
• Utkarsh Gupta did 35h (out of 19h assigned and 30h from April), thus carrying over 14h to June.

• Platinum sponsors:
  • TOSHIBA (for 81 months)
  • GitHub (for 72 months)
  • Civil Infrastructure Platform (CIP) (for 49 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 92 months)
  • Linode (for 86 months)
  • Babiel GmbH (for 75 months)
  • Plat Home (for 75 months)
  • University of Oxford (for 31 months)
  • Deveryware (for 18 months)
  • VyOS Inc (for 13 months)
  • EDF SA
• Silver sponsors:
  • The Positive Internet Company (for 97 months)
  • Domeneshop AS (for 96 months)
  • Nantes M tropole (for 90 months)
  • Univention GmbH (for 82 months)
  • Universit Jean Monnet de St Etienne (for 82 months)
  • Ribbon Communications, Inc. (for 76 months)
  • Exonet B.V. (for 66 months)
  • Leibniz Rechenzentrum (for 60 months)
  • CINECA (for 49 months)
  • Minist re de l Europe et des Affaires trang res (for 43 months)
  • Cloudways Ltd (for 33 months)
  • Dinahosting SL (for 31 months)
  • Bauer Xcel Media Deutschland KG (for 25 months)
  • Platform.sh (for 25 months)
  • Moxa Intelligence Co., Ltd. (for 19 months)
  • sipgate GmbH (for 16 months)
  • OVH US LLC (for 14 months)
  • Tilburg University (for 14 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 6 months)
  • Telecats BV (for 4 months)
  • Soliton Systems K.K. (for 3 months)
• Bronze sponsors:
  • Evolix (for 97 months)
  • Seznam.cz, a.s. (for 97 months)
  • Intevation GmbH (for 94 months)
  • Linuxhotel GmbH (for 94 months)
  • Daevel SARL (for 92 months)
  • Bitfolk LTD (for 91 months)
  • Megaspace Internet Services GmbH (for 91 months)
  • Greenbone Networks GmbH (for 90 months)
  • NUMLOG (for 90 months)
  • WinGo AG (for 90 months)
  • Ecole Centrale de Nantes LHEEA (for 86 months)
  • Entr ouvert (for 81 months)
  • Adfinis AG (for 78 months)
  • GNI MEDIA (for 73 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 73 months)
  • Tesorion (for 73 months)
  • Bearstech (for 64 months)
  • LiHAS (for 64 months)
  • People Doc (for 61 months)
  • Catalyst IT Ltd (for 59 months)
  • Supagro (for 54 months)
  • Demarcq SAS (for 53 months)
  • Universit Grenoble Alpes (for 39 months)
  • TouchWeb SAS (for 31 months)
  • SPiN AG (for 28 months)
  • CoreFiling (for 23 months)
  • Institut des sciences cognitives Marc Jeannerod (for 18 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 15 months)
  • Tem Innovations GmbH (for 10 months)
  • WordFinder.pro (for 9 months)
  • CNRS DT INSU R sif (for 8 months)
  • Alter Way

I believe, if I understand the bug correctly, it only triggers if you F_SETPIPE_SZ when the writer has put nonzero but not a full unit s worth in yet, which is why the world isn t on fire screaming about this you need to either have a very slow but nonzero or otherwise very strange write pattern to hit it, which is why it doesn t come up in, say, the CI or most of my testbeds, but my poor little SPARC (440 MHz, 1c1t) and Raspberry Pis were not so fortunate.

• ~/.config/QtProject
• ~/.cache/QtProject/
• /usr/share/qtcreator/QtProject which is where configuration is stored if you used sdktool to programmatically configure Qt Creator (see for example this post and see Debian bug #1012561.

-DIST_CODENAME = "stretch"
+DIST_CODENAME = "bullseye"

Test$ qmake-armhf -makefile
Info: creating stash file  /Test/.qmake.stash
Test$ make
[...]
/usr/bin/arm-linux-gnueabihf-g++ -Wl,-O1 -Wl,-rpath-link, /armhf/lib/arm-linux-gnueabihf -Wl,-rpath-link, /armhf/usr/lib/arm-linux-gnueabihf -Wl,-rpath-link, /armhf/usr/lib/ -o Test main.o mainwindow.o moc_mainwindow.o    /armhf/usr/lib/arm-linux-gnueabihf/libQt5Widgets.so  /armhf/usr/lib/arm-linux-gnueabihf/libQt5Gui.so  /armhf/usr/lib/arm-linux-gnueabihf/libQt5Core.so -lGLESv2 -lpthread
/usr/lib/gcc-cross/arm-linux-gnueabihf/10/../../../../arm-linux-gnueabihf/bin/ld: cannot find -lGLESv2
collect2: error: ld returned 1 exit status
make: *** [Makefile:146: Test] Error 1

--- a/cbqt
+++ b/cbqt
@@ -241,18 +241,21 @@ include(../common/linux.conf)
 include(../common/gcc-base-unix.conf)
 include(../common/g++-unix.conf)
+QMAKE_LIBDIR +=  chroot.abspath /lib/arm-linux-gnueabihf
+QMAKE_LIBDIR +=  chroot.abspath /usr/lib/arm-linux-gnueabihf
+QMAKE_LIBDIR +=  chroot.abspath /usr/lib/
 QMAKE_RPATHLINKDIR +=  chroot.abspath /lib/arm-linux-gnueabihf
 QMAKE_RPATHLINKDIR +=  chroot.abspath /usr/lib/arm-linux-gnueabihf
 QMAKE_RPATHLINKDIR +=  chroot.abspath /usr/lib/

Test$ qmake-armhf -makefile
Test$ make
/usr/bin/arm-linux-gnueabihf-g++ -Wl,-O1 -Wl,-rpath-link, /armhf/lib/arm-linux-gnueabihf -Wl,-rpath-link, /armhf/usr/lib/arm-linux-gnueabihf -Wl,-rpath-link, /armhf/usr/lib/ -o Test main.o mainwindow.o moc_mainwindow.o   -L /armhf/lib/arm-linux-gnueabihf -L /armhf/usr/lib/arm-linux-gnueabihf -L /armhf/usr/lib/  /armhf/usr/lib/arm-linux-gnueabihf/libQt5Widgets.so  /armhf/usr/lib/arm-linux-gnueabihf/libQt5Gui.so  /armhf/usr/lib/arm-linux-gnueabihf/libQt5Core.so -lGLESv2 -lpthread

 /armhf/usr/lib/arm-linux-gnueabihf/qt5/mkspecs/features/toolchain.prf:76: Variable QMAKE_CXX.COMPILER_MACROS is not defined.

isEmpty($$ target_prefix .COMPILER_MACROS)  
    msvc  
        #  
      else: gcc ghs  
        vars = $$qtVariablesFromGCC($$QMAKE_CXX)
     
    for (v, vars)  
        #  
        $$ target_prefix .COMPILER_MACROS += $$v
     
    cache($$ target_prefix .COMPILER_MACROS, set stash)
  else  
    #  
 

strace -e trace=execve --string-limit=123456 -o qtcreator.trace -f qtcreator

$ grep qmake- qtcreator.trace
1015841 execve("/usr/local/bin/qmake-armhf", ["/usr/local/bin/qmake-armhf", "-query"], 0x56096e923040 /* 54 vars */) = 0
1015865 execve("/usr/local/bin/qmake-armhf", ["/usr/local/bin/qmake-armhf", " /Test/Test.pro", "-spec", "arm-linux-gnueabihf", "CONFIG+=debug", "CONFIG+=qml_debug"], 0x7f5cb4023e20 /* 55 vars */) = 0

$ /usr/local/bin/qmake-armhf Test.pro -spec arm-linux-gnueabihf CONFIG+=debug CONFIG+=qml_debug
 /armhf/usr/lib/arm-linux-gnueabihf/qt5/mkspecs/features/toolchain.prf:76: Variable QMAKE_CXX.COMPILER_MACROS is not defined.

$ rm .qmake.stash
$ qmake-armhf -makefile
 /armhf/usr/lib/arm-linux-gnueabihf/qt5/mkspecs/features/toolchain.prf:76: Variable QMAKE_CXX.COMPILER_MACROS is not defined.

• The else: gcc ghs test is matching the value(s) of QMAKE_COMPILER
• QMAKE_COMPILER can have multiple values, separated by space
• If in armhf/usr/lib/arm-linux-gnueabihf/qt5/mkspecs/arm-linux-gnueabihf/qmake.conf I set QMAKE_COMPILER = gcc arm-linux-gnueabihf-gcc, then things work again.

--- a/cbqt
+++ b/cbqt
@@ -248,7 +248,7 @@ QMAKE_RPATHLINKDIR +=  chroot.abspath /lib/arm-linux-gnueabihf
 QMAKE_RPATHLINKDIR +=  chroot.abspath /usr/lib/arm-linux-gnueabihf
 QMAKE_RPATHLINKDIR +=  chroot.abspath /usr/lib/
-QMAKE_COMPILER          =  chroot.arch_triplet -gcc
+QMAKE_COMPILER          = gcc  chroot.arch_triplet -gcc
 QMAKE_CC                = /usr/bin/ chroot.arch_triplet -gcc

 QMAKE_COMPILER          =  chroot.arch_triplet -gcc
-QMAKE_CC                =  chroot.arch_triplet -gcc
+QMAKE_CC                = /usr/bin/ chroot.arch_triplet -gcc
 QMAKE_LINK_C            = $$QMAKE_CC
 QMAKE_LINK_C_SHLIB      = $$QMAKE_CC
-QMAKE_CXX               =  chroot.arch_triplet -g++
+QMAKE_CXX               = /usr/bin/ chroot.arch_triplet -g++
 QMAKE_LINK              = $$QMAKE_CXX
 QMAKE_LINK_SHLIB        = $$QMAKE_CXX

sudo cbqt ./armhf --create --verbose

sudo ./cbqt ./armhf --qmake -o /usr/local/bin/qmake-armhf

# Note: :arch is added automatically to package names if no arch is explicitly specified
sudo ./cbqt ./armhf --install libqt5svg5-dev libmosquittopp-dev qtwebengine5-dev

qmake-armhf -makefile
make

1. Tools/Options, then Kits, then Add
2. Name: armhf (or anything you like)
3. In the Qt Versions tab, click Add then set the path of the new Qt to /usr/local/bin/qmake-armhf. Click Apply.
4. Back in the Kits, select the Qt version you just created in the Qt version field
5. In Compilers, select the ARM versions of GCC. If they do not appear, install crossbuild-essential-armhf, then in the Compilers tab click Re-detect and then Apply to make them available for selection
6. Dismiss the dialog with "OK": the new kit is ready

• Abhijith PA did 14h out of 14h assigned
• Anton Gladky did 20h out of 20h assigned
• Ben Hutchings did 11h out of 16h assigned and 8h from March, thus carrying over 13h to May
• Chris Lamb did 18h out of 18h assigned
• Emilio Pozuelo Monfort did 18h (out of 53.25h assigned), thus carrying over 35.25h to May
• Jeremiah Foster did 9.5h out of 13.5h assigned, thus carrying over 4h to May
• Markus Koschany did 40 out of 40h assigned
• Roberto C. S nchez did 18h carried out from March
• Sylvain Beucler did 20h out of 14.5h assigned and 25.5h from March, thus carrying over 20h to May
• Thorsten Alteholz did 40h out of 40h assigned
• Utkarsh Gupta did 23.25h out of 51.5h assigned and 1.75h from March, thus carrying over 30h to May

• Platinum sponsors:
  • TOSHIBA (for 80 months)
  • GitHub (for 71 months)
  • Civil Infrastructure Platform (CIP) (for 48 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 91 months)
  • Linode (for 85 months)
  • Babiel GmbH (for 75 months)
  • Plat Home (for 74 months)
  • University of Oxford (for 30 months)
  • Deveryware (for 17 months)
  • VyOS Inc (for 12 months)
  • EDF SA
• Silver sponsors:
  • The Positive Internet Company (for 97 months)
  • Domeneshop AS (for 96 months)
  • Nantes M tropole (for 90 months)
  • Universit Jean Monnet de St Etienne (for 82 months)
  • Univention GmbH (for 81 months)
  • Ribbon Communications, Inc. (for 75 months)
  • Exonet B.V. (for 65 months)
  • Leibniz Rechenzentrum (for 59 months)
  • CINECA (for 49 months)
  • Minist re de l Europe et des Affaires trang res (for 43 months)
  • Cloudways Ltd (for 32 months)
  • Dinahosting SL (for 30 months)
  • Bauer Xcel Media Deutschland KG (for 24 months)
  • Platform.sh (for 24 months)
  • Moxa Intelligence Co., Ltd. (for 18 months)
  • sipgate GmbH (for 15 months)
  • Tilburg University (for 14 months)
  • OVH US LLC (for 13 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 5 months)
  • Telecats BV (for 3 months)
  • Soliton Systems K.K.
• Bronze sponsors:
  • Evolix (for 96 months)
  • Seznam.cz, a.s. (for 96 months)
  • Intevation GmbH (for 93 months)
  • Linuxhotel GmbH (for 93 months)
  • Daevel SARL (for 92 months)
  • Bitfolk LTD (for 91 months)
  • Megaspace Internet Services GmbH (for 91 months)
  • Greenbone Networks GmbH (for 90 months)
  • NUMLOG (for 90 months)
  • WinGo AG (for 89 months)
  • Ecole Centrale de Nantes LHEEA (for 85 months)
  • Entr ouvert (for 80 months)
  • Adfinis AG (for 78 months)
  • GNI MEDIA (for 72 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 72 months)
  • Tesorion (for 72 months)
  • Bearstech (for 64 months)
  • LiHAS (for 64 months)
  • People Doc (for 60 months)
  • Catalyst IT Ltd (for 58 months)
  • Supagro (for 54 months)
  • Demarcq SAS (for 52 months)
  • Universit Grenoble Alpes (for 38 months)
  • TouchWeb SAS (for 30 months)
  • SPiN AG (for 27 months)
  • CoreFiling (for 23 months)
  • Institut des sciences cognitives Marc Jeannerod (for 17 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 14 months)
  • Tem Innovations GmbH (for 9 months)
  • WordFinder.pro (for 8 months)
  • CNRS DT INSU R sif (for 7 months)
  • Alter Way

• There was no new activity in Debian project funding in the two existing projects. However, there was a survey run with hundreds of Debian Developers and Debian contributors. The survey results are being collated and we will use the anonymized data to further develop the Freexian project funding initiative.
• We are preparing to more broadly announce additional support for Debian 8 Jessie and Debian 9 Stretch. Now, Debian 8 can be supported until June 2025 and Debian 9 until June 2027. More information on ELTS support is available.
• In March 2250 was put aside to fund Debian projects.

• Abhijith PA did 12.0h out of 12h assigned.
• Anton Gladky did 20h out of 20h assigned.
• Ben Hutchings did 16h out of 24h assigned.
• Chris Lamb did 18h out of 18h assigned.
• Emilio Pozuelo Monfort did 59.5h out of 59.5h assigned.
• Jeremiah Foster did 13.5 out of 20h assigned.
• Markus Koschany did 40h out of 40h assigned.
• Roberto C. S nchez did 14h out of 32h assigned, carrying over 18h
• Sylvain Beucler did 14.5h out of 40h assigned, carrying over 25.5h
• Thorsten Alteholz did 40h out of 40h assigned.
• Utkarsh Gupta did 57.75h out of 59.5h assigned, carrying over 1.75 hours.

• Platinum sponsors:
  • TOSHIBA (for 79 months)
  • GitHub (for 70 months)
  • Civil Infrastructure Platform (CIP) (for 47 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 90 months)
  • Linode (for 84 months)
  • Babiel GmbH (for 73 months)
  • Plat Home (for 73 months)
  • University of Oxford (for 29 months)
  • Deveryware (for 16 months)
  • VyOS Inc (for 11 months)
  • EDF SA
• Silver sponsors:
  • Domeneshop AS (for 95 months)
  • The Positive Internet Company (for 95 months)
  • Nantes M tropole (for 89 months)
  • Univention GmbH (for 80 months)
  • Universit Jean Monnet de St Etienne (for 80 months)
  • Ribbon Communications, Inc. (for 74 months)
  • Exonet B.V. (for 64 months)
  • Leibniz Rechenzentrum (for 58 months)
  • CINECA (for 47 months)
  • Minist re de l Europe et des Affaires trang res (for 42 months)
  • Cloudways Ltd (for 31 months)
  • Dinahosting SL (for 29 months)
  • Bauer Xcel Media Deutschland KG (for 23 months)
  • Platform.sh (for 23 months)
  • Moxa Intelligence Co., Ltd. (for 17 months)
  • sipgate GmbH (for 14 months)
  • Tilburg University (for 13 months)
  • OVH US LLC (for 12 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 4 months)
  • Telecats BV
  • Soliton Systems K.K.
• Bronze sponsors:
  • Evolix (for 95 months)
  • Seznam.cz, a.s. (for 95 months)
  • Intevation GmbH (for 92 months)
  • Linuxhotel GmbH (for 92 months)
  • Daevel SARL (for 91 months)
  • Bitfolk LTD (for 89 months)
  • Megaspace Internet Services GmbH (for 89 months)
  • NUMLOG (for 89 months)
  • Greenbone Networks GmbH (for 88 months)
  • WinGo AG (for 88 months)
  • Ecole Centrale de Nantes LHEEA (for 84 months)
  • Entr ouvert (for 79 months)
  • Adfinis AG (for 77 months)
  • GNI MEDIA (for 71 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 71 months)
  • Tesorion (for 71 months)
  • Bearstech (for 63 months)
  • LiHAS (for 62 months)
  • People Doc (for 59 months)
  • Catalyst IT Ltd (for 57 months)
  • Supagro (for 52 months)
  • Demarcq SAS (for 51 months)
  • Universit Grenoble Alpes (for 37 months)
  • TouchWeb SAS (for 29 months)
  • SPiN AG (for 26 months)
  • CoreFiling (for 22 months)
  • Institut des sciences cognitives Marc Jeannerod (for 16 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 13 months)
  • Tem Innovations GmbH (for 8 months)
  • WordFinder.pro (for 7 months)
  • CNRS DT INSU R sif (for 6 months)

Frequency So the first thing I looked at was WifiAnalyzer to see if I had any optimisation I could do there. Normally, I try to avoid having nearby APs on the same frequency to avoid collisions, but who knows, maybe I had messed that up. And turns out I did! Both APs were on "auto" for 5GHz, which typically means "do nothing or worse". 5GHz is really interesting, because, in theory, there are LOTS of channels to pick from, it goes up to 196!! And both my APs were on 36, what gives? So the first thing I did was to set it to channel 100, as there was that long gap in WifiAnalyzer where no other AP was. But that just broke 5GHz on the AP. The OpenWRT GUI (luci) would just say "wireless not associated" and the ESSID wouldn't show up in a scan anymore. At first, I thought this was a problem with OpenWRT or my hardware, but I could reproduce the problem with both my APs: a TP-Link Archer A7 v5 and a Turris Omnia (see also my review). As it turns out, that's because that range of the WiFi band interferes with trivial things like satellites and radar, which make the actually very useful radar maps look like useless christmas trees. So those channels require DFS to operate. DFS works by first listening on the frequency for a certain amount of time (1-2 minute, but could be as high as 10) to see if there's something else transmitting at all. So typically, that means they just don't operate at all in those bands, especially if you're near any major city which generally means you are near a weather radar that will transmit on that band. In the system logs, if you have such a problem, you might see this:

Apr  9 22:17:39 octavia hostapd: wlan0: DFS-CAC-START freq=5500 chan=100 sec_chan=1, width=0, seg0=102, seg1=0, cac_time=60s
Apr  9 22:17:39 octavia hostapd: DFS start_dfs_cac() failed, -1

... and/or this:

Sat Apr  9 18:05:03 2022 daemon.notice hostapd: Channel 100 (primary) not allowed for AP mode, flags: 0x10095b NO-IR RADAR
Sat Apr  9 18:05:03 2022 daemon.warn hostapd: wlan0: IEEE 802.11 Configured channel (100) not found from the channel list of current mode (2) IEEE 802.11a
Sat Apr  9 18:05:03 2022 daemon.warn hostapd: wlan0: IEEE 802.11 Hardware does not support configured channel

Here, it clearly says RADAR (in all caps too, which means it's really important). NO-IR is also important, I'm not sure what it means but it could be that you're not allowed to transmit in that band because of other local regulations. There might be a way to workaround those by changing the "region" in the Luci GUI, but I didn't mess with that, because I figured that other devices will have that already configured. So using a forbidden channel might make it more difficult for clients to connect (although it's possible this is enforced only on the AP side). In any case, 5GHz is promising, but in reality, you only get from channel 36 (5.170GHz) to 48 (5.250GHz), inclusively. Fast counters will notice that is exactly 80MHz, which means that if an AP is configured for that hungry, all-powerful 80MHz, it will effectively take up all 5GHz channels at once. This, in other words, is as bad as 2.4GHz, where you also have only two 40MHz channels. (Really, what did you expect: this is an unregulated frequency controlled by commercial interests...) So the first thing I did was to switch to 40MHz. This gives me two distinct channels in 5GHz at no noticeable bandwidth cost. (In fact, I couldn't find hard data on what the bandwidth ends up being on those frequencies, but I could still get 400Mbps which is fine for my use case.)

Power The next thing I did was to fiddle with power. By default, both radios were configured to transmit as much power as they needed to reach clients, which means that if a client gets farther away, it would boost its transmit power which, in turns, would mean the client would still connect to instead of failing and properly roaming to the other AP. The higher power also means more interference with neighbors and other APs, although that matters less if they are on different channels. On 5GHz, power was about 20dBm (100 mW) -- and more on the Turris! -- when I first looked, so I tried to lower it drastically to 5dBm (3mW) just for kicks. That didn't work so well, so I bumped it back up to 14 dBm (25 mW) and that seems to work well: clients hit about -80dBm when they get far enough from the AP, which gets close to the noise floor (and where the neighbor APs are), which is exactly what I want. On 2.4GHz, I lowered it down even further, to 10 dBm (10mW) since it's better at going through wells, I figured it would need less power. And anyways, I rather people use the 5GHz APs, so maybe that will act as an encouragement to switch. I was still able to connect correctly to the APs at that power as well.

Other tweaks I disabled the "Allow legacy 802.11b rates" setting in the 5GHz configuration. According to this discussion:

Checking the "Allow b rates" affects what the AP will transmit. In particular it will send most overhead packets including beacons, probe responses, and authentication / authorization as the slow, noisy, 1 Mb DSSS signal. That is bad for you and your neighbors. Do not check that box. The default really should be unchecked.

This, in particular, "will make the AP unusable to distant clients, which again is a good thing for public wifi in general". So I just unchecked that box and I feel happier now. I didn't make tests to see the effect separately however, so this is mostly just a guess.

# Download a binary device tree file and matching kernel a good soul uploaded to github
wget https://github.com/vfdev-5/qemu-rpi2-vexpress/raw/master/kernel-qemu-4.4.1-vexpress
wget https://github.com/vfdev-5/qemu-rpi2-vexpress/raw/master/vexpress-v2p-ca15-tc1.dtb
# Download the official Rasbian image without X
wget https://downloads.raspberrypi.org/raspios_lite_armhf/images/raspios_lite_armhf-2022-04-07/2022-04-04-raspios-bullseye-armhf-lite.img.xz
unxz 2022-04-04-raspios-bullseye-armhf-lite.img.xz
# Convert it from the raw image to a qcow2 image and add some space
qemu-img convert -f raw -O qcow2 2022-04-04-raspios-bullseye-armhf-lite.img rasbian.qcow2
qemu-img resize rasbian.qcow2 4G
# make sure we get a user account setup
echo "me:$(echo 'test123' openssl passwd -6 -stdin)" > userconf
sudo guestmount -a rasbian.qcow2 -m /dev/sda1 /mnt
sudo mv userconf /mnt
sudo guestunmount /mnt
# start qemu
qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 \
 -kernel kernel-qemu-4.4.1-vexpress -no-reboot \
 -smp 2 -serial stdio \
 -dtb vexpress-v2p-ca15-tc1.dtb -sd rasbian.qcow2 \
 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,15200 loglevel=8" \
 -nic user,hostfwd=tcp::5555-:22
# login at the serial console as user me with password test123
sudo -i
# enable ssh
systemctl enable ssh
systemctl start ssh
# resize partition and filesystem
parted /dev/mmcblk0 resizepart 2 100%
resize2fs /dev/mmcblk0p2

ssh me@localhost -p 5555

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

• fuelwatch: cleanup
• circuitbreaker: fix dev requires
• playerctl: error on no player
• mpv-mpris: allow install layout override, test MPRIS Quit, add test fixes for re-adding dropped check, ensuring clean logs, waiting for mpv, old playerctl compat, socat UNIX-CONNECT, D-Bus dir perms
• iotop-py: fix date
• dnsgraph: dep missing error message usability
• flower: relax dep
• apt: document interval suffixes and "always" option
• duck: indicator phrases
• Debian usertags: fix debci tags
• Debian QA service: automate debci fixing
• Debian screenshots: delete qrencode (manual page)
• Debian package uploads: memlockd, mpv-mpris (1 2), python-plac
• Debian wiki pages: Exploits, Firmware/Open, Hardware/Wanted, Librem5, LocalGroups/Debian-id, LoongArch, MemberBenefits, Mobile, PkgAdduserWishlist, Ports/loongarch64, Postfix, PrivacyIssues, Russell Coker, SuitesAndReposExtension
• FOSSjobs wiki pages: Resources

Issues

• Rebuild needed for memlockd
• Crashes in packagekit, gvfs
• Moving elsewhere needed for List-Of-Open-Source-Internships-Programs
• Obsolete conffiles in gnome-software
• Usability issues in NetworkManager
• Code copies in oci-python-sdk
• Syntax issue in wmforecast
• Package split needed for python3-jsondiff
• Behaviour change in socat with GOPEN (sent privately)
• Broken symlink in libgmime-3.0-doc
• Features in lintian
• Warnings in memlockd

Review

• Spam: reported 3 Debian bug reports and 53 Debian mailing list posts
• Debian wiki: RecentChanges for the month
• Debian BTS usertags: changes for the month
• Debian screenshots:
  • approved chroma dolphin dragonplayer fonts-fantasma gnuradio gwenview kiwix kookbook libreoffice-impress mypaint nixnote2 photoqt plasma-desktop sayonara
  • rejected chroma (wrong package), chroma (accidental reject), intel-media-va-driver-non-free (screenshot of screenshots site), qrencode/vcmi (Windows), g3data (no UI), ttf-mscorefonts-installer (QR code), refind (YouTube), dnstop/refind (random photo), gparted/qrencode (random mobile app), lighttpd (photo of a QR code)
  • FOSSjobs: posts for the month

Administration

• Debian servers: investigate wiki mail delivery issue, restart backup director
• Debian wiki: unblock IP addresses, approve accounts

Communication

• Forward python-plac test failure issue upstream
• Participate in Debian Project Leader election discussions
• Respond to queries from Debian users and contributors on the mailing lists and IRC

Sponsors The oci-python-sdk and plac work was sponsored. All other work was done on a volunteer basis.

I am old... The only formal timestamp I can put is that my rebuilt .emacs.d git repository has its first commit in 2002. Some people reading this may be born after that time. This means I'm at least significantly older than those people, to put things gently. Clever history nerds will notice that the commit is obviously fake: Git itself did not exist until 2005. But ah-ah! I was already managing my home directory with CVS in 2001! I converted that repository into git some time in 2009, and therefore you can see all my embarrassing history, including changes from two decades ago. That includes my first known .emacs file which is just bizarre to read right now: 200 lines, most of which are "customize" stuff. Compare with the current, 1000+ lines init.el which is also still kind of a mess, but actually shares very little with the original, thankfully. All this to say that in those years (decades, really) of using Emacs, I have had a very different experience than credmp who wrote packages, sent patches, and got name dropping from other developers. My experience is just struggling to keep up with everything, in general, but also in Emacs.

... and Emacs is too fast for me It might sound odd to say, but Emacs is actually moving pretty fast right now. A lot of new packages are coming out, and I can hardly keep up.

• I am not using org mode, but did use it for time (and task) tracking for a while (and for invoicing too, funky stuff).
• I am not using mu4e, but maybe I'm using something better (notmuch) and yes, I am reading my mail in Emacs, which I find questionable from a security perspective. (Sandboxing untrusted inputs? Anyone?)
• I am using magit, but only when coding, so I do end up using git on the command line quite a bit anyways.
• I do have which-key enabled, and reading about it reminded me I wanted to turn it off because it's kind of noisy and I never remember I can actually use it for anything. Or, in other words, I don't even remember the prefix key or, when I do, there's too many possible commands after for it to be useful.
• I haven't setup lsp-mode, let alone Eglot, which I just learned about reading the article. I thought I would be super shiny and cool by setting up LSP instead of the (dying?) elpy package, but I never got around to it. And now it seems lsp-mode is uncool and I should really do eglot instead, and that doesn't help. UPDATE: I finally got tired and switched to lsp-mode. The main reason for choosing it over eglot is that it's in Debian (and eglot is not). (Apparently, eglot has more chance of being upstreamed, "when it's done", but I guess I'll cross that bridge when I get there.) lsp-mode feels slower than elpy but I haven't done any of the performance tuning and this will improve even more with native compilation (see below). I already had lsp-mode partially setup in Emacs so I only had to do this small tweak to switch and change the prefix key (because s-l or mod is used by my window manager). I also had to pin LSP packages to bookworm here and here.
• I am not using projectile. It's on some of my numerous todo lists somewhere, surely. I suspect it's important to getting my projects organised, but I still live halfway between the terminal and Emacs, so it's not quite clear what I would gain.
• I had to ask what native compilation was or why it mattered the first time I heard of it. And when I saw it again in the article, I had to click through to remember.

Overall, I feel there's a lot of cool stuff in Emacs out there. But I can't quite tell what's the best of which. I can barely remember which completion mechanism I use (company, maybe?) or what makes my mini-buffer completion work the way it does. Everything is lost in piles of customize and .emacs hacks that is constantly changing. Because a lot is in third-party packages, there are often many different options and it's hard to tell which one we should be using.

... or at least fast enough And really, Emacs feels fast enough for me. When I started, I was running Emacs on a Pentium I, 166MHz, with 8MB of RAM (eventually upgraded to 32MB, whoohoo!). Back in those days, the joke was that EMACS was an acronym for "Eight Megs, Always Scratching" and now that I write this down, I realize it's actually "Eight Megs, and Constantly Swapping", which doesn't sound as nice because you could actually hear Emacs running on those old hard drives back in the days. It would make a "scratching" noise as the hard drive heads would scramble maniacally to swap pages in and out of swap to make room for the memory-hungry editor. Now Emacs is pretty far down the list of processes in top(1) regardless of how you look at it. It's using 97MB of resident memory and close to 400MB of virtual memory, which does sound like an awful lot compared to my first computer... But it's absolutely nothing compared to things like Signal-desktop, which somehow manages to map a whopping 20.5GB virtual memory. (That's twenty Gigabytes of memory for old timers or time travelers from the past, and yes, that is now a thing.) I'm not exactly sure how much resident memory it uses (because it forks multiple processes), probably somewhere around 300MB of resident memory. Firefox also uses gigabytes of that good stuff, also spread around the multiple processes, per tab. Emacs "feels" super fast. Typing latency is noticeably better in Emacs than my web browser, and even beats most terminal emulators. It gets a little worse when font-locking is enabled, unfortunately, but it's still feels much better. And all my old stuff still works in Emacs, amazingly. (Good luck with your old Netscape or ICQ configuration from 2000.) I feel like an oldie, using Emacs, but I'm really happy to see younger people using it, and learning it, and especially improving it. If anything, one direction I would like to see it go is closer to what web browsers are doing (yes, I know how bad that sounds) and get better isolation between tasks. An attack on my email client shouldn't be able to edit my Puppet code, and/or all files on my system, for example. And I know, fundamentally, that's a really hard challenge in Emacs. But if you're going to treat your editor as your operating system (or vice versa, I lost track of where we are now that there's an Emacs Window Manager, which I do not use), at least we should get that kind of security. Otherwise I'll have to find a new mail client, and that's really something I try to limit to once a decade or so.

• In February Rapha l and the LTS worked on a survey of Debian developers meant to solicit ideas for improvements in the Debian project at large. You can see the results of the initial discussion here in the list of ideas of which there are already over 30.
• The full survey is due to be emailed to Debian Developers shortly.
• In February 2250 was put aside to fund Debian projects.

• Abhijith PA did 10h out of 10h available.
• Anton Gladky did 20h out of 20h available.
• Ben Hutchings did 16h out of 16h available.
• Chris Lamb did 18h out of 18h available.
• Emilio Pozuelo Monfort did 42.75h out of 42.75h available.
• Jeremiah Foster worked 20 hours out of 20 available on LTS administration and 2.9 hours on funded projects.
• Markus Koschany did 30h (out of 40h available), thus carrying over 10h to March.
• Roberto C. S nchez did 12h out of 12h available.
• Sylvain Beucler did 13h (out of 40h available), thus carrying over 27h to March.
• Thorsten Alteholz did 40h out of 40h available.
• Utkarsh Gupta did 15.75h (out of 42.75h available), thus carrying over 27h to March.

• Platinum sponsors:
  • TOSHIBA (for 78 months)
  • GitHub (for 68 months)
  • Civil Infrastructure Platform (CIP) (for 46 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 89 months)
  • Linode (for 83 months)
  • Babiel GmbH (for 72 months)
  • Plat Home (for 71 months)
  • University of Oxford (for 28 months)
  • Deveryware (for 15 months)
  • VyOS Inc (for 10 months)
• Silver sponsors:
  • The Positive Internet Company (for 94 months)
  • Domeneshop AS (for 93 months)
  • Nantes M tropole (for 87 months)
  • Univention GmbH (for 79 months)
  • Universit Jean Monnet de St Etienne (for 79 months)
  • Ribbon Communications, Inc. (for 73 months)
  • Exonet B.V. (for 63 months)
  • Leibniz Rechenzentrum (for 57 months)
  • CINECA (for 46 months)
  • Minist re de l Europe et des Affaires trang res (for 40 months)
  • Cloudways Ltd (for 29 months)
  • Dinahosting SL (for 27 months)
  • Platform.sh (for 22 months)
  • Bauer Xcel Media Deutschland KG (for 21 months)
  • Moxa Intelligence Co., Ltd. (for 16 months)
  • sipgate GmbH (for 13 months)
  • OVH US LLC (for 11 months)
  • Tilburg University (for 11 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH
  • Telecats BV
  • Soliton Systems K.K.
• Bronze sponsors:
  • Evolix (for 94 months)
  • Seznam.cz, a.s. (for 94 months)
  • Linuxhotel GmbH (for 91 months)
  • Intevation GmbH (for 90 months)
  • Daevel SARL (for 89 months)
  • Bitfolk LTD (for 88 months)
  • Megaspace Internet Services GmbH (for 88 months)
  • Greenbone Networks GmbH (for 87 months)
  • NUMLOG (for 87 months)
  • WinGo AG (for 86 months)
  • Ecole Centrale de Nantes LHEEA (for 83 months)
  • Entr ouvert (for 78 months)
  • Adfinis AG (for 75 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 70 months)
  • Tesorion (for 70 months)
  • GNI MEDIA (for 69 months)
  • Bearstech (for 61 months)
  • LiHAS (for 61 months)
  • People Doc (for 57 months)
  • Catalyst IT Ltd (for 56 months)
  • Supagro (for 51 months)
  • Demarcq SAS (for 50 months)
  • Universit Grenoble Alpes (for 36 months)
  • TouchWeb SAS (for 28 months)
  • SPiN AG (for 24 months)
  • CoreFiling (for 20 months)
  • Institut des sciences cognitives Marc Jeannerod (for 15 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 11 months)
  • Tem Innovations GmbH (for 6 months)
  • WordFinder.pro (for 6 months)
  • CNRS DT INSU R sif (for 4 months)

#!/usr/bin/python3
import sys
import logging
def warnme():
    # something bad happens
    logging.warning("warning")
    sys.exit(2)
def evil():
    # something evil happens
    logging.error("error")
    sys.exit(1)
def main():
    logging.basicConfig(
        level=logging.DEBUG,
    )   
    [..]

• exit code 0 on success
• exit code 1 on errors
• exit code 2 on warnings
• warnings or errors shall be logged in the function where they actually happen: the logging module will show the function name with a better format option: nice for debugging.
• one function that exits accordingly, preferrably main()

How to do better? As the application is using the logging module, we have a single point to collect warnings and errors that might happen accross all modules. This works by passing a custom handler to the logging module which tracks emitted messages. Heres an small example:

#!/usr/bin/python3
import sys
import logging
class logCount(logging.Handler):
    class LogType:
        def __init__(self):
            self.warnings = 0
            self.errors = 0
    def __init__(self):
        super().__init__()
        self.count = self.LogType()
    def emit(self, record):
        if record.levelname == "WARNING":
            self.count.warnings += 1
        if record.levelname == "ERROR":
            self.count.errors += 1
            
def infome():
    logging.info("hello world")
def warnme():
    logging.warning("help, an warning")
def evil():
    logging.error("yikes")
def main():
    EXIT_WARNING = 2
    EXIT_ERROR = 1
    counter = logCount()
    logging.basicConfig(
        level=logging.DEBUG,
        handlers=[counter, logging.StreamHandler(sys.stderr)],
    )
    infome()
    warnme()
    evil()
    if counter.count.errors != 0:
        raise SystemExit(EXIT_ERROR)
    if counter.count.warnings != 0:
        raise SystemExit(EXIT_WARNING)
if __name__ == "__main__":
    main()

python3 count.py ; echo $?
INFO:root:hello world
WARNING:root:help, an warning
ERROR:root:yikes
1

This also makes easy to define something like:

• hey, got 2 warnings, change exit code to error?
• got 3 warnings, but no strict passed, ingore those, exit with success!
• etc..

Various efforts towards build verifiability have been made to C/C++-based systems, yet the techniques for Java-based systems are not systematic and are often specific to a particular build tool (eg. Maven). In this study, we present a systematic approach towards build verifiability on Java-based systems.

We first define the problem, and then provide insight into the challenges of making real-world software build in a reproducible manner-this is, when every build generates bit-for-bit identical results. Through the experience of the Reproducible Builds project making the Debian Linux distribution reproducible, we also describe the affinity between reproducibility and quality assurance (QA).

diffoscope diffoscope is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats. This month, Chris Lamb prepared and uploaded versions 203, 204, 205 and 206 to Debian unstable, as well as made the following changes to the code itself:

• Bug fixes:
  • Fix a file(1)-related regression where Debian .changes files that contained non-ASCII text were not identified as such, therefore resulting in seemingly arbitrary packages not actually comparing the nested files themselves. The non-ASCII parts were typically in the Maintainer or in the changelog text. [ ][ ]
  • Fix a regression when comparing directories against non-directories. [ ][ ]
  • If we fail to scan using binwalk, return False from BinwalkFile.recognizes. [ ]
  • If we fail to import binwalk, don t report that we are missing the Python rpm module! [ ]
• Testsuite improvements:
  • Add a test for recent file(1) issue regarding .changes files. [ ]
  • Use our assert_diff utility where we can within the test_directory.py set of tests. [ ]
  • Don t run our binwalk-related tests as root or fakeroot. The latest version of binwalk has some new security protection against this. [ ]
• Codebase improvements:
  • Drop the _PATH suffix from module-level globals that are not paths. [ ]
  • Tidy some control flow in Difference._reverse_self. [ ]
  • Don t print a warning to the console regarding NT_GNU_BUILD_ID changes. [ ]

In addition, Mattia Rizzolo updated the Debian packaging to ensure that diffoscope and diffoscope-minimal packages have the same version. [ ]

Debian-related updates Vagrant Cascadian wrote to the debian-devel mailing list after noticing that the binutils source package contained unreproducible logs in one of its binary packages. Vagrant expanded the discussion to one about all kinds of build metadata in packages and outlines a number of potential solutions that support reproducible builds and arbitrary metadata. Vagrant also started a discussion on debian-devel after identifying a large number of packages that embed build paths via RPATH when building with CMake, including a list of packages (grouped by Debian maintainer) affected by this issue. Maintainers were requested to check whether their package still builds correctly when passing the -DCMAKE_BUILD_RPATH_USE_ORIGIN=ON directive. On our mailing list this month, kpcyrd announced the release of rebuilderd-debian-buildinfo-crawler a tool to parse the Packages.xz Debian package index file, attempts to discover the right .buildinfo file from buildinfos.debian.net and outputs it in a format that can be understood by rebuilderd. The tool, which is available on GitHub, solves a problem regarding correlating Debian version numbers with their builds. bauen1 provided two patches for debian-cd, the software used to make Debian installer images. This involved passing --invariant and -i deb00001 to mkfs.msdos(8) and avoided embedding timestamps into the gzipped Packages and Translations files. After some discussion, the patches in question were merged and will be included in debian-cd version 3.1.36. Roland Clobus wrote another in-depth status update about status of live Debian images, summarising the current situation that all major desktops build reproducibly with bullseye, bookworm and sid . The python3.10 package was uploaded to Debian by doko, fixing an issue where [.pyc files were not reproducible because the elements in frozenset data structures were not ordered reproducibly. This meant that to creating a bit-for-bit reproducible Debian chroot which included .pyc files was not reproducible. As of writing, the only remaining unreproducible parts of a standard chroot is man-db, but Guillem Jover has a patch for update-alternatives which will likely be part of the next release of dpkg. Elsewhere in Debian, 139 reviews of Debian packages were added, 29 were updated and 17 were removed this month adding to our knowledge about identified issues. A large number of issue types have been updated too, including the addition of captures_kernel_variant, erlang_escript_file, captures_build_path_in_r_rdb_rds_databases, captures_build_path_in_vo_files_generated_by_coq and build_path_in_vo_files_generated_by_coq.

Website updates There were quite a few changes to the Reproducible Builds website and documentation this month as well, including:

• Chris Lamb:
  • Considerably rework the Who is involved? page. [ ][ ]
  • Move the contributors.sh Bash/shell script into a Python script. [ ][ ][ ]
• Daniel Shahaf:
  • Try a different Markdown footnote content syntax to work around a rendering issue. [ ][ ][ ]
• Holger Levsen:
  • Make a huge number of changes to the Who is involved? page, including pre-populating a large number of contributors who cannot be identified from the metadata of the website itself. [ ][ ][ ][ ][ ]
  • Improve linking to sponsors in sidebar navigation. [ ]
  • drop sponsors paragraph as the navigation is clearer now. [ ]
  • Add Mullvad VPN as a bronze-level sponsor . [ ][ ]
• Vagrant Cascadian:
  • Remove a stray parenthesis from the Who is involved? page. [ ]

Upstream patches The Reproducible Builds project attempts to fix as many currently-unreproducible packages as possible. February s patches included the following:

• Bernhard M. Wiedemann:
  • btop (sort-related issue)
  • complexity (date)
  • giac (update the version with upstreamed date patch)
  • htcondor (use CMake timestamp)
  • libint (readdir system call related)
  • libnet (date-related issue)
  • librime-lua (sort filesystem ordering)
  • linux_logo (sort-related issue)
  • micro-editor (date-related issue)
  • openvas-smb (date-related issue)
  • ovmf (sort-related issue)
  • paperjam (date-related issue)
  • python-PyQRCode (date-related issue)
  • quimb (single-CPU build failure)
  • radare2 (Meson date/time-related issue)
  • radare2 (Rework SOURCE_DATE_EPOCH usage to be portable)
  • siproxd (date, with Sebastian Kemper + follow-up
  • xonsh (Address Space Layout Randomisation-related issue)
  • xsnow (date & tar(1)-related issue)
  • zip (toolchain issue related to filesystem ordering)
• Chris Lamb:
  • #1005029 filed against ltsp (forwarded upstream).
  • #1005197 filed against pcmemtest.
  • #1005825 filed against hatchling.
  • #1005826 filed against mpl-sphinx-theme (forwarded upstream)
  • #1005827 filed against gap-hapcryst.
  • #1005901 filed against tree-puzzle.
  • #1005954 filed against jcabi-aspects.
  • #1005955 filed against paper-icon-theme.
• Roland Clobus:
  • #1006358 filed against libxmlb.
• Vagrant Cascadian:
  • #1005408 filed against wcwidth.
  • #1005420 filed against xir.
  • #1005421 filed against xir.
  • #1005726 filed against ruby-github-markup.
  • #1005727 filed against ruby-tioga.
  • #1005792 filed against btop.
  • #1005793 filed against libadwaita-1.
  • #1005794 filed against snibbetracker.
  • #1006252 filed against cctbx.
  • #1006254 filed against mdnsd.
  • #1006256 filed against gmerlin.
  • #1006302 filed against beav.
  • #1006385 filed against krita.
  • #1006407 filed against qt6-base.
  • #1006455 filed against onevpl-intel-gpu.
  • #1006471 filed against ruby3.0.
  • #1006473 filed against nix.
  • #1006474 filed against foma.
  • #1006476 filed against ruby3.0.

Testing framework The Reproducible Builds project runs a significant testing framework at tests.reproducible-builds.org, to check packages and other artifacts for reproducibility. This month, the following changes were made:

• Daniel Golle:
  • Update the OpenWrt configuration to not depend on the host LLVM, adding lines to the .config seed to build LLVM for eBPF from source. [ ]
  • Preserve more OpenWrt-related build artifacts. [ ]
• Holger Levsen:
• Temporary use a different Git tree when building OpenWrt as our tests had been broken since September 2020. This was reverted after the patch in question was accepted by Paul Spooren into the canonical openwrt.git repository the next day.
  • Various improvements to debugging OpenWrt reproducibility. [ ][ ][ ][ ][ ]
  • Ignore useradd warnings when building packages. [ ]
  • Update the script to powercycle armhf architecture nodes to add a hint to where nodes named virt-*. [ ]
  • Update the node health check to also fix failed logrotate and man-db services. [ ]
• Mattia Rizzolo:
  • Update the website job after contributors.sh script was rewritten in Python. [ ]
  • Make sure to set the DIFFOSCOPE environment variable when available. [ ]
• Vagrant Cascadian:
  • Various updates to the diffoscope timeouts. [ ][ ][ ]

Node maintenance was also performed by Holger Levsen [ ] and Vagrant Cascadian [ ].

Finally If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

• IRC: #reproducible-builds on irc.oftc.net.
• Twitter: @ReproBuilds
• Mailing list: rb-general@lists.reproducible-builds.org

• I wanted to upgrade my internet connection, but:
• My router wasn t fast enough, so:
• I bought a new one and:
• Proceeded to help work on mainline Linux support, and:
• Did some tweaking of my Debian setup to allow for a squashfs root, and:
• Upgraded it to Debian 11 (bullseye) in the process, except:
• It turned out my home automation devices weren t happy, so:
• I dug into some memory issues on my ESP8266 firmware, which:
• Led to diagnosing some TLS interaction issues with the firmware, and:
• I had an interlude into some interrupt affinity issues, but:
• I finally got there.

The desire for a faster connection When I migrated my home connection to FTTP I kept the same 80M/20M profile I d had on FTTC. I didn t have a pressing need for faster, and I saved money because I was no longer paying for the phone line portion. I wanted more, but at the time I think the only option was for a 160M/30M profile instead and I didn t need it and it wasn t enough better to convince me. Time passed and BT rolled out their GigE (really 900M) download option. And again, I didn t need it, but I wanted it. My provider, Aquiss, initially didn t offer this (I think they had up to 330M download options available by this point). So I stayed on 80M/20M. And the only time I really wanted it to be faster was when pushing off-site backups to rsync.net. Of course, we ve had the pandemic, and that s involved 2 adults working from home with plenty of video calls throughout the day. The 80M/20M connection has proved rock solid for this, so again, I didn t feel an upgrade was justified. We got a 4K capable TV last year and while the bandwidth usage for 4K streaming is noticeably higher, again the connection can handle it no problem. At some point last year I noticed Aquiss had added speed options all the way to 900M down. At the end of the year I accepted a new role, which is fully remote, so I had a bit of an acceptance about the fact that I wasn t going back into an office any time soon. The combination (and the desire for the increased upload speed) finally allowed me to justify the upgrade to myself.

Testing the current setup for bottlenecks The first thing to do was see whether my internal network could cope with an upgrade. I m mostly running Cat6 GigE so I wasn t worried about that side of things. However I m using an RB3011 as my core router, and while it has some coprocessors for routing acceleration they re not supported under mainline Linux (and unlikely to be any time soon). So I had to benchmark what it was capable of routing. I run a handful of VLANs within my home network, with stateful firewalling between them, so I felt that would be a good approximation of the maximum speed to the outside world I might be able to get if I had the external connection upgraded. I went for the easy approach and fired up iPerf3 on 2 hosts, both connected via ethernet but on separate networks, so routed through the RB3011. That resulted in slightly more than a 300Mb/s throughput. Ok. I confirmed that I could get 900Mb/s+ on 2 hosts both on the same network, just to be sure there wasn t some other issue I was missing. Nope, so unsurprisingly the router was the bottleneck. So. To upgrade my internet speed I need to upgrade my router. I could just buy something off the shelf, but I like being able to run Debian (or OpenWRT) on the router rather than some horrible vendor firmware. Lucky MikroTik launched the RB5009 towards the end of last year. RouterOS is probably more than capable, but what really interested me was the fact it s an ARM64 platform based on an Armada 7040, which is pretty well supported in mainline kernels already. There s a 10G connection from the internal switch to the CPU, as well as a 2.5Gb/s ethernet port and a 10G SFP+ cage. All good stuff. I ordered one just before the New Year. Thankfully the OpenWRT folk had done all of the hard work on getting a mainline kernel booting on the device; Sergey Sergeev and Robert Marko in particular fighting RouterBoot and producing a suitable device tree file to get everything up and running. I ended up soldering a serial console connection up to aid debugging, and lightly patching Rob s u-boot to fix the incorrect RAM size reported by RouterBoot. A few kernel tweaks were necessary to make the networking entirely happy and at that point it was time to think about actually doing a replacement.

Upgrading to Debian 11 (bullseye) My RB3011 is currently running Debian 10 (buster); an upgrade has been on my todo list, but with the impending replacement I decided I d hold off and create a new Debian 11 (bullseye) image for the RB5009. Additionally, I don t actually run off the internal NAND in the RB3011; I have a USB flash drive for the rootfs and just the kernel booting off internal NAND. Originally this was for ease of testing, then a combination of needing to figure out a good read-only root solution and a small enough image to fit in the 120M available. For the upgrade I decided to finally look at these pieces. I ve ended up with a script that will build me a squashfs image, and the initial rootfs takes care of mounting this and then a tmpfs as an overlay fs. That means I can easily see what pieces are being written to. The RB5009 has a total of 1G NAND so I m not as space constrained, but the squashfs ends up under 50M. I ve added some additional pieces to allow me to pre-populate the overlay fs with updates rather than always needing to rebuild the squashfs image. With that done I decided to try it out on the RB3011; I tweaked the build script to be able to build for armhf (the RB3011) or arm64 (the RB5009) and to deal with some slight differences in configuration between the two (e.g. interface naming). The idea here was to ensure I d got all the appropriate configuration sorted for the RB5009, in the known-good existing environment. Everything is still on a USB stick at this stage and the new device has an armhf busybox root meaning it can be used on either device, and the init script detects the architecture to select the appropriate squashfs to mount.

A problem with ESP8266 home automation devices Everything seemed to work fine - a few niggles with the watchdog, which is overly sensitive on the RB3011, but I got those sorted (and the build script updated) and the device came up and successfully did the PPPoE dance to bring up external connectivity. And then I noticed that my home automation devices were having problems connecting to the mosquitto MQTT server. It turned out it was only the ESP8266 based devices that were failing, and examining the serial debug output on one of my test devices revealed it was hitting an out of memory issue (displaying E:M 280) when establishing the TLS MQTT connection. I rolled back to the Debian 10 image and set about creating a test environment to look at the ESP8266 issues. My first action was to try and reduce my RAM footprint to try and ensure there was enough spare to establish the connection. I moved a few functions that were still sitting in IRAM into flash. I cleaned up a couple of buffers that are on the stack to be more correctly sized. I tried my new image, and I didn t get the memory issue. Instead I progressed a bit further and got a watchdog reset. Doh! It was obviously something related to the TLS connection, but I couldn t easily see what the difference was; the same x509 cert was in use, it looked like the initial handshake was the same (and trying with openssl s_client looked pretty similar too). I set about instrumenting the ancient Mbed TLS used in the Espressif SDK and discovered that whatever had changed between buster + bullseye meant the EPS8266 was now trying a TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 handshake instead of a TLS-RSA-WITH-AES-256-CBC-SHA256 handshake and that was causing enough extra CPU usage that it couldn t complete in time and the watchdog kicked in. So I commented out MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED in the config_esp.h for mbedtls and rebuilt things. Hacky, but I ll go back to trying to improve this generally at some point.

A detour into interrupt load Now, my testing of the RB3011 image is generally done at weekends, when I have enough time to tear down and rebuild the connection rather than doing it in the evening and having limited time to get things working again in time for work in the morning. So at the point I had an image ready to go I pulled the trigger on the line upgrade. I went with the 500M/75M option rather than the full 900M - I suspect I d have difficulty actually getting that most of the time and 75M of upload bandwidth seems fairly substantial for now. It only took a couple of days from the order to the point the line was regraded (which involved no real downtime - just a reconnection in the night). Of course this happened just after the weekend I d discovered the ESP8266 issue. This provided an opportunity to see just what the RB3011 could actually manage. In the configuration I had it turned out to be not much more than the 80Mb/s speeds I had previously seen. The upload jumped from a solid 20Mb/s to 75Mb/s, so I knew the regrade had actually happened. Looking at CPU utilisation clearly showed the problem; softirqs were using almost 100% of a CPU core. Now, the way the hardware is setup on the RB3011 is that there are two separate 5 port switches, each connected back to the CPU via a separate GigE interface. For various reasons I had everything on a single switch, which meant that all traffic was boomeranging in and out of the same CPU interface. The IPQ8064 has dual cores, so I thought I d try moving the external connection to the other switch. That puts it on its own GigE CPU interface, which then allows binding the interrupts to a different CPU core. That helps; throughput to the outside world hits 140Mb/s+. Still a long way from the expected max, but proof we just need more grunt.

Success Which brings us to this past weekend, when, having worked out all the other bits, I tried the squashfs root image again on the RB3011. Success! The home automation bits connected to it, the link to the outside world came up, everything seemed happy. So I double checked my bootloader bits on the RB5009, brought it down to the comms room and plugged it in instead. And, modulo my failing to update the nftables config to allow it to do forwarding, it all came up ok. Some testing with iperf3 internally got a nice 912Mb/s sustained between subnets, and some less scientific testing with wget + speedtest-cli saw speeds of over 460Mb/s to the outside world. Time from ordering the router until it was in service? Just under 8 weeks

• In January we saw a new funded project proposed. The project is meant to bring in a number of changes to the Tryton modules and packages in Debian. Tryton, a full featured, entirely open source business software platform, is supported by its own foundation. You can track the current status of all our funded projects at its dedicated web page.
• Folks continue to add to the Grow Your Ideas project page, that s great.
• In January 2550 was put aside to fund Debian projects.

• Abhijith Pa worked 5 hours out of 5 available.
• Anton Gladky worked 12 hours out of 12 available.
• Ben Hutchings worked 16 hours out of 24 available and carried over 8 for February.
• Chris Lamb worked 18 hours out of 18 available.
• Emilio Pozuelo Monfort worked 55 hours out of 58.25 available and carried over 3.25 for February
• Jeremiah Foster worked 20 hours out of 20 available on LTS administration and 8.3 hours on funded projects.
• Lee Garrett didn t spend any hours in January and carries over 39.25 hours to February
• Markus Koschany worked 34 hours out of 40 available and carried over 6 for February.
• Ola Lundqvist reported via email that they didn t spend any hours in January and carries over 11 from December for a total of 12 hours for February.
• Roberto C. Sanchez worked 9 hours out of 32 available and carried over 23 for February
• Sylvain Beucler worked 22 hours out of 40 available and carried over 14 for February
• Thorsten Alteholz worked 40 hours out of 40 available.
• Utkarsh Gupta worked 58.25 hours out of 58.25 available.

• Platinum sponsors:
  • TOSHIBA (for 77 months)
  • GitHub (for 68 months)
  • Civil Infrastructure Platform (CIP) (for 45 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 88 months)
  • Linode (for 82 months)
  • Babiel GmbH (for 71 months)
  • Plat Home (for 71 months)
  • University of Oxford (for 27 months)
  • Deveryware (for 14 months)
  • VyOS Inc (for 9 months)
• Silver sponsors:
  • The Positive Internet Company (for 93 months)
  • Domeneshop AS (for 92 months)
  • Nantes M tropole (for 86 months)
  • Univention GmbH (for 78 months)
  • Universit Jean Monnet de St Etienne (for 78 months)
  • Ribbon Communications, Inc. (for 72 months)
  • Exonet B.V. (for 62 months)
  • Leibniz Rechenzentrum (for 56 months)
  • CINECA (for 45 months)
  • Minist re de l Europe et des Affaires trang res (for 39 months)
  • Cloudways Ltd (for 29 months)
  • Dinahosting SL (for 27 months)
  • Bauer Xcel Media Deutschland KG (for 21 months)
  • Platform.sh (for 21 months)
  • Moxa Intelligence Co., Ltd. (for 15 months)
  • sipgate GmbH (for 12 months)
  • OVH US LLC (for 10 months)
  • Tilburg University (for 10 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH
  • Telecats BV
• Bronze sponsors:
  • Evolix (for 93 months)
  • Seznam.cz, a.s. (for 93 months)
  • Intevation GmbH (for 90 months)
  • Linuxhotel GmbH (for 90 months)
  • Daevel SARL (for 88 months)
  • Bitfolk LTD (for 87 months)
  • Megaspace Internet Services GmbH (for 87 months)
  • Greenbone Networks GmbH (for 86 months)
  • NUMLOG (for 86 months)
  • WinGo AG (for 86 months)
  • Ecole Centrale de Nantes LHEEA (for 82 months)
  • Entr ouvert (for 77 months)
  • Adfinis AG (for 74 months)
  • GNI MEDIA (for 69 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 69 months)
  • Tesorion (for 69 months)
  • Bearstech (for 60 months)
  • LiHAS (for 60 months)
  • People Doc (for 57 months)
  • Catalyst IT Ltd (for 55 months)
  • Supagro (for 50 months)
  • Demarcq SAS (for 49 months)
  • Universit Grenoble Alpes (for 35 months)
  • TouchWeb SAS (for 27 months)
  • SPiN AG (for 24 months)
  • CoreFiling (for 19 months)
  • Institut des sciences cognitives Marc Jeannerod (for 14 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 11 months)
  • Tem Innovations GmbH (for 6 months)
  • WordFinder.pro (for 5 months)
  • CNRS DT INSU R sif (for 4 months)

# Creating an image still requires root, unfortunately
$ sudo sbuild-qemu-create --arch ppc64el -o simple.img unstable http://deb.debian.org/debian
$ sudo chown <user>:<group> simple.img

# Building a package doesn't
$ sbuild-qemu --arch ppc64el --image simple.img -d unstable [<other sbuild options>] FOO.dsc

# Neither does updating the image (runs apt-get update && dist-upgrade in the VM)
$ sbuild-qemu-update --arch ppc64el simple.img

$ autopkgtest <test params> -- qemu --dpkg-architecture ppc64el simple.img

$ sbuild-qemu-boot --arch ppc64el --shared-dir /path/to/folder simple.img

$ stty rows M cols N

Debian There was a significant progress made in the Debian Linux distribution this month, including:

• Roland Clobus continued work on reproducible live images in the past month, and some of his work was merged into live-build itself. The ReproducibleInstalls/LiveImages page on the Debian Wiki as well as the existing/custom Jenkins hooks were updated to match.
• Related to this, it is now possible to create a bit-by-bit reproducible chroots using mmdebstrap when SOURCE_DATE_EPOCH is set. As of Debian 11 Bullseye, this works for all variants, except for the variant that includes all so-called Priority: standard packages where fontconfig caches, *.pyc files and man-db index.db are unreproducible. (These issues have been addressed in Tails and live-build by removing *.pyc files, in addition to removing index.db files as well. (Whilst index.db files can be regenerated, there is no straightforward method to re-creating *.pyc files, and the resulting installation will suffer from reduced performance of Python scripts. Ideally, no removal would be necessary as all files would be created reproducibly in the first place.)
• Further to this work, Roland wrote up a comprehensive status update about live-build ISO images to our mailing list as well.
• The PackageRebuilder instance running at beta.tests.reproducible-builds.org is now aware/capable of building packages for Debian bookworm.
• A longstanding issue around fontconfig s cache files being unreproducible saw some progress this month. Debian bug number #864082 (originally filed in June 2017) was NMU d by josch, although this resulted in a small number of minor side-effects which have already been addressed with a follow-up patch.
• 120 reviews of Debian packages were added, 272 were updated and 31 were removed this month, all adding to our index of identified issues. A number of issue types were updated too [ ][ ][ ][ ].
• kpcyrd blogged this month about Debian binary NMUs and .buildinfo files in a post entitled, Reproducible Builds: Debian and the case of the missing version string.

Other distributions kpcyrd reported on Twitter about the release of version 0.2.0 of pacman-bintrans, an experiment with binary transparency for the Arch Linux package manager, pacman. This new version is now able to query rebuilderd to check if a package was independently reproduced.
In the world of openSUSE, however, Bernhard M. Wiedemann posted his monthly reproducible builds status report.

diffoscope diffoscope is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats. This month, Chris Lamb prepared and uploaded versions 199, 200, 201 and 202 to Debian unstable (that were later backported to Debian bullseye-backports by Mattia Rizzolo), as well as made the following changes to the code itself:

• New features:
  • First attempt at incremental output support with a timeout. Now passing, for example, --timeout=60 will mean that diffoscope will not recurse into any sub-archives after 60 seconds total execution time has elapsed. Note that this is not a fixed/strict timeout due to implementation issues. [ ][ ]
  • Support both variants of odt2txt, including the one provided by the unoconv package. [ ]
• Bug fixes:
  • Do not return with a UNIX exit code of 0 if we encounter with a file whose human-readable metadata matches literal file contents. [ ]
  • Don t fail if comparing a nonexistent file with a .pyc file (and add test). [ ][ ]
  • If the debian.deb822 module raises any exception on import, re-raise it as an ImportError. This should fix diffoscope on some Fedora systems. [ ]
  • Even if a Sphinx .inv inventory file is labelled The remainder of this file is compressed using zlib, it might not actually be. In this case, don t traceback and simply return the original content. [ ]
• Documentation:
  • Improve documentation for the new --timeout option due to a few misconceptions. [ ]
  • Drop reference in the manual page claiming the ability to compare non-existent files on the command-line. (This has not been possible since version 32 which was released in September 2015). [ ]
  • Update X has been modified after NT_GNU_BUILD_ID has been applied messages to, for example, not duplicating the full filename in the diffoscope output. [ ]
• Codebase improvements:
  • Tidy some control flow. [ ]
  • Correct a recompile typo. [ ]

In addition, Alyssa Ross fixed the comparison of CBFS names that contain spaces [ ], Sergei Trofimovich fixed whitespace for compatibility with version 21.12 of the Black source code reformatter [ ] and Zbigniew J drzejewski-Szmek fixed JSON detection with a new version of file [ ].

Testing framework The Reproducible Builds project runs a significant testing framework at tests.reproducible-builds.org, to check packages and other artifacts for reproducibility. This month, the following changes were made:

• Fr d ric Pierret (fepitre):
  • Add Debian bookworm to package set creation. [ ]
• Holger Levsen:
  • Install the po4a package where appropriate, as it is needed for the Reproducible Builds website job [ ]. In addition, also run the i18n.sh and contributors.sh scripts [ ].
  • Correct some grammar in Debian live image build output. [ ]
  • Shell monitor improvements:
    • Only show the offline node section if there are offline nodes. [ ]
    • Colorise offline nodes. [ ]
    • Shrink screen usage. [ ][ ][ ]
  • Node health check improvements:
    • Detect if live package builds encounter incomplete snapshots. [ ][ ][ ]
    • Detect if a host is running with today s date (when it should be set artificially in the future). [ ]
  • Use the devscripts package from bullseye-backports on Debian nodes. [ ]
  • Use the Munin monitoring package bullseye-backports on Debian nodes too. [ ]
  • Update New Year handling, needed to be able to detect real and fake dates. [ ][ ]
  • Improve the error message of the script that powercycles the arm64 architecture nodes hosted by Codethink. [ ]
• Mattia Rizzolo:
  • Use the new --timeout option added in diffoscope version 202. [ ]
• Roland Clobus:
  • Update the build scripts now that the hooks for live builds are now maintained upstream in the live-build repository. [ ]
  • Show info lines in Jenkins when reproducible hooks have been active. [ ]
  • Use unique folders for the artifacts from each live Debian version. [ ]
• Vagrant Cascadian:
  • Switch the Debian armhf architecture nodes to use new proxy. [ ]
  • Misc. node maintenance. [ ].

Upstream patches The Reproducible Builds project attempts to fix as many currently-unreproducible packages as possible. In January, we wrote a large number of such patches, including:

• Leonidas Spyropoulos:
  • freeplane (timestamps, file order)
  • opensearch (timestamps, file order)
• Bernhard M. Wiedemann:
  • cosign (date)
  • gnome-todo (discover fix for single-CPU build failure)
  • gstreamer-plugins-good (build fails without debuginfo)
  • jogl2 (parallelism-related issue)
  • libkolabxml (ASLR)
  • monero-gui (CPU)
  • python-pyudev (date)
  • rekor (date)
  • rivet (FTBFS-j1 has unreleased fix upstream)
  • skaffold (date)
• Chris Lamb:
  • #1003159 filed against dh-raku.
  • #1003203 filed against libgtkdatabox.
  • #1003385 filed against qcelemental.
  • #1003646 filed against node-ramda.
  • #1003929 filed against ncurses.
  • #1004391 filed against python-fluids (forwarded upstream).
  • #1004676 filed against node-istanbul.
• Johannes Schauer Marin Rodrigues:
  • MR !9 filed against dash
  • #1004557 filed against dpkg.
  • #1004558 filed against python3.10.
• Roland Clobus:
  • #1003449 filed against texlive-base.
• Vagrant Cascadian:
  • #1003316 filed against python-cooler.
  • #1003319 filed against insighttoolkit5.
  • #1003368 filed against dino-im.
  • #1003370 filed against libxtrxll.
  • #1003371 filed against libavif.
  • #1003373 filed against go-for-it.
  • #1003375 filed against clfft.
  • #1003379 filed against last-align.
  • #1003430 filed against gkrellm-leds.
  • #1003488 and #1003489 filed against last-align.
  • #1003494 filed against binutils-xtensa-lx106.
  • #1003495 filed against gcc-xtensa-lx106.
  • #1003500 and #1003501 filed against gcc-sh-elf.
  • #1003787 filed against pesign.
  • #1003802 filed against upb.
  • #1003803 filed against paho.mqtt.c.
  • #1003804 filed against imath.
  • #1003808 filed against libvcflib.
  • #1003809 filed against pkg-js-tools.
  • #1003912 filed against vdeplug4.
  • #1003914 filed against kget.
  • #1003915 filed against mathgl.
  • #1003919 filed against apulse.
  • #1003920 filed against akonadi.
  • #1003922 filed against recastnavigation.
  • #1003923 filed against soundkonverter.
  • #1003924 filed against indi.
  • #1003978 filed against akonadi-mime.
  • #1003980 filed against akonadi-import-wizard.
  • #1003992 filed against akonadi-contacts.
  • #1003993 filed against cryptominisat.
  • #1003995 filed against hipercontracer.
  • #1003997 filed against libksba.
  • #1003999 filed against leatherman.
  • #1004002 filed against segyio.
  • #1004004 filed against darkradiant.
  • #1004005 filed against openmm.
  • #1004034 filed against bagel.
  • #1004053 filed against kallisto.
  • #1004057 filed against evolution-ews.

And finally If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

• IRC: #reproducible-builds on irc.oftc.net.
• Twitter: @ReproBuilds
• Mailing list: rb-general@lists.reproducible-builds.org