Here’s what happened in the Reproducible Builds effort between Sunday October 22 and Saturday October 28 2017:
Past Events
-
On Tuesday 24th October, Chris Lamb presented at All Things Open 2017 in Raleigh, NC, USA.
-
On Wednesday 25th October, Holger Levsen presented at the Open Source Summit Europe in Prague, Czech Republic.
-
On Saturday 28th October, Chris Lamb presented at freenode.live in Bristol, UK.
Upcoming/current events
-
From October 31st — November 2nd we will be holding the 3rd Reproducible Builds summit in Berlin, Germany.
-
On November 8th Jonathan Bustillos Osornio (jathan) will present at CubaConf Havana.
Documentation updates
Bernhard Wiedemann started The Unreproducible Package which “is meant as a practical way to demonstrate the various ways that software can break reproducible builds using just low level primitives without requiring external existing programs that implement these primitives themselves.
It is structured so that one subdirectory demonstrates one class of issues in some variants observed in the wild.”
Reproducible work in other projects
Hush, a fork of ZCash, opened an issue into reproducible builds.
A new tag was added to lintian (lint checker for Debian packages) to ensure that changelog entry timestamps are strictly increasing. This avoids certain real-world issues with identical timestamps, documented in Debian #843773.
Packages reviewed and fixed, and bugs filed
Patches sent upstream:
- Bernhard M. Wiedemann:
- gtranslator, embedded build timestamps
- libgda, embedded build timestamps
- mariadb, embedded build timestamps
- nim, embedded build timestamps
Debian bug reports:
- Chris Lamb:
Reviews of unreproducible packages
14 package reviews have been added, 35 have been updated and 28 have been removed in this week, adding to our knowledge about identified issues.
1 issue type has been updated:
Weekly QA work
During our reproducibility testing, FTBFS bugs have been detected and reported by:
- Adrian Bunk (4)
strip-nondeterminism development
Version 0.040-1 was uploaded to unstable by Mattia Rizzolo. It included contributions already covered by posts of the previous weeks, as well as new ones from:
- Mattia Rizzolo:
- png.pm: Don’t open the original file in write mode
reprotest development
Development continued in git:
- Ximin Luo:
- New features:
- Support a
domain_hostvariation. - Support a
--print-sudoersfeature.
- Support a
- Documentation:
- Note some caveats about the existing git versions as a self-reminder not to release it yet.
- Updates about our assumptions and rearrange sudo into its own section.
- Bug fixes:
- main: When dropping privs, make sure the user can still move in theroot.
- tests: fix, need to preserve env for su
- build: Don’t fail when the build produces a broken symlink
- main, presets: Properly drop privs when running the build. (Closes: #877813)
- Code quality:
- Improve logging to try to get to the bottom of the jenkins failures
- Tweak tests to avoid some build dependencies
- build: Name temporary directories after reprotest not autopkgtest
- New features:
buildinfo.debian.net development
Development continued in git:
- Chris Lamb:
- New features:
- Add API endpoint to fetch specific .buildinfo files for a certain package/version/architecture, and optimise it. (Closes: #25)
- Bug fixes:
- Always show SHA256, regardless of viewport size. (Closes: #27)
- Actually filter by source package (!)
- New features:
reproducible-website development
- Holger Levsen:
- RWS3 Berlin 2017:
- Add CoyIM, Arch Linux, LEDE, LEAP, subuser.org, Bazel, coreboot.
- Make some sponsors visible.
- Add short paragraph explaining that registration is mandatory.
- RWS3 Berlin 2017:
Misc.
This week’s edition was written by Ximin Luo, Chris Lamb, Bernhard M. Wiedemann and Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
