Happy new year from the Reproducible Builds project! Here’s what happened in the Reproducible Builds effort between Sunday December 30th and Saturday January 5th:
Chris Lamb created a pull request against the shadow tool that manages, inter alia, the
/etc/shadowfile. This is was after Johannes Schauer noticed that the
sp_lastchgfield in the latter was no longer reproducible in Debian bug #917773.
Arnout Engelen started an interesting thread on our mailing list regarding how to share rebuilder “attestations” in the Java ecosystem.
Chris Lamb posted a historical summary and a request for action to Fontconfig’s mailing list in order that a solution may be found and included in Debian buster.
Igor Dvorzhak submitted an interesting merge request against
strip-nondeterminism(our tool that post-processes files to remove known non-deterministic output) in order to parallelise the execution of the
.ziphandler. Thanks to Niels Thykier for his review so far.
On January 9th 2019, Chris Lamb will speak at Université de Rennes, France on reproducible builds.
Patches for GNU mtools to ensure the Tails USB and Debian Installer images can be reproducible were uploaded (via the
DELAYEDqueue) to Debian unstable by Chris Lamb after following the new packaging salvaging process via Debian bug #916127. This additionally generated two upstream patches (1, 2).
Chris Lamb updated diffoscope, our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages, expanding the padding/spacing for “N calls” in the profiling output as having 99,999+ calls to (for example)
cmp(1)is not uncommon for Tails ISOs. […]
There were a number of updates to our reproducible-builds.org project website this week, including:
Chris Lamb reviewed 4 packages, but 14 were automatically updated & removed this week, adding to our knowledge about identified issues.
Packages reviewed and fixed, and bugs filed
- Bernhard M. Wiedemann:
- courier-imap (date)
- d-feet (noarch)
- hamcrest+junit (random order in generated code)
- Eli Schwartz:
- hub (respect
SOURCE_DATE_EPOCHin embedded manual package timestamps)
- hub (strip build path from binaries)
- hub (respect
- Rebecca N. Palmer:
- node-browserify-lite (via Debian bug #918361).
Test framework development
There were a number of updates to our Jenkins-based testing framework that powers tests.reproducible-builds.org this week, including:
- Holger Levsen:
- Update links to the Tango Icon Theme guidelines and copyright years. […]
- Node maintenance. ([…], etc.)
- Mattia Rizzolo:
This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb and Eli Schwartz & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.