Here’s what happened in the Reproducible Builds effort between Sunday August 5 and Saturday August 11 2018:
The Prototype Fund noted in a Tweet how two of its newly-supported projects complement each other, one of them being the Reproducible Builds and the other being the Briar Project, a secure messaging platform intended to “create safe spaces to debate any topic, plan events, and organise social movements.”
Levente Polyak’s proposal to make rubygems set
SOURCE_DATE_EPOCHby default to make all gems reproducible was re-opened after it was previously closed as “wontfix”.
The Briar Project wrote about their effort to make their Android app build reproducibly; their one remaining issue regards
readdirorder influencing an
Ryan Scott fixed the
reprotest, our “end-user” tool to build arbitrary software and check it for reproducibility.
Vagrant Cascadian opened a wishlist request against buildinfo.debian.net (our experiment into how to process, store and distribute
.buildinfofiles after the Debian package management tools have generated them) to try and find a solution to checking matches against the actual Debian archive.
There were a number of changes to our Jenkins-based testing framework that powers tests.reproducible-builds.org, including Chris Lamb submitting a merge request to ensure that we print “0” (and not an empty) string when a division denominator is zero and Mattia Rizzolo modifying Jekyll to run in incremental mode to improve the caching of our website.
On our mailing list, Arnout Engelen started two discussions around comparing the Debian and Archlinux approaches to
.buildinfofiles which came from a previous discussion about filename conventions.
14 package reviews were added, 10 were updated and 16 were removed in this week, adding to our knowledge about identified issues.
Don’t forget that a number of Reproducible Builds team were presenting at DebConf18 the annual Debian Developers conference: Benjamin Hof gave a talk titled Software transparency: package security beyond signatures and reproducible builds” and there was also a status update from the team entitled “Reproducible Buster and beyond”. These, and many more talks, are available Resources section of our website. Finally, the conference also featured the performance of a cover which to the best of our knowledge is the first time song lyrics refer to reproducible builds.
Packages reviewed and fixed, and bugs filed
- Toolchain patches:
- In addition, Bernhard M. Wiedemann worked on:
- Simon Schricker:
There were a handful of updates to diffoscope, our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages:
- Chris Lamb:
- Mattia Rizzolo:
- Ricardo Gaviria:
This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.