View all weekly reports

Reproducible Builds: Weekly report #199

Published: Feb 19, 2019.


Here’s what happened in the Reproducible Builds effort between Sunday February 10th and Saturday February 16th 2019:

  • strip-nondeterminism is our tool that post-processes files to remove known non-deterministic output. This week, Chris Lamb adjusted its behaviour to deduplicate hardlinks via stat(2) before processing to avoid issues when handling files in parallel; as the per-filetype handlers are yet currently guaranteed to be atomic, one process could temporarily truncate a file which can cause errors in other processes operating on the “same” file under a different pathname. This was thus causing package build failures in packages that de-duplicate hardlinks in their build process such as the Debian Administrator’s Handbook (#922168).

  • There was a brief update from the Debian Ruby maintainers on whether the language might need to strip -fdebug-prefix-map from the tools used to build extensions.

  • On our mailing list, Holger Levsen re-raised a question regarding uploading the “official” .buildinfo files to buildinfo.debian.net.

  • On Tuesday 26th February Chris Lamb will speak at Speck&Tech 31 “Open Security” on Reproducible Builds in Trento, Italy.

  • Jelle van der Waa fixed some spelling mistakes on the reproducible-builds.org project website. []

  • 6 Debian package reviews were added, 4 were updated and 16 were removed in this week, adding to our knowledge about identified issues.

diffoscope development

diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages. This week:

  • Chris Lamb:
    • Add support for comparing .crx Chrome browser extensions. (#41)
    • Add support for comparing MP3 and files with similar metadata. (#43)
    • Replace the literal xxd(1) output (!)(!) in tests/data/hello.wasm with its binary equivalent (#47) and ensure both WebAssembly test data files are actually unique. (#42)
    • Catch tracebacks when mounting invalid filesystem images under guestfs. []
    • Fix tests when using Ghostscript 9.20 vs 9.26 for Debian stable and for stable with the security repositories enabled. [][]
    • Temporarily drop ubuntu-devel from internal test matrix due to a linux-firmware package installation issue. []
  • Ed Maste:
    • Include relocations in objdump disassembly. (#48)
  • Graham Christensen:
    • Clarify “no file-specific differences” message when we fallback to a binary diff. (!19)
  • Mattia Rizzolo:
    • Make test_ps.test_text_diff pass with Ghostscript version 9.26. []

In addition, Vagrant Cascadian updated diffoscope in GNU Guix [] and went on to upload disorderfs [] and trydiffoscope [] too.

Packages reviewed and fixed, and bugs filed

Test framework development

We operate a comprehensive Jenkins-based testing framework that powers tests.reproducible-builds.org.

  • Hans-Christoph Steiner:
    • Set the LANG and LC_ALL environment variables for F-Droid builds to workaround an unsolved issue in Java/Gradle. [][]
    • Modernise some dependencies. []
    • Node maintenance. []
  • Holger Levsen:
    • Increased the diskspace for the two OSU Open Source Lab Arch Linux build nodes from 50GB to 350GB.
    • Upgraded all 47 nodes running Debian to the newly-released Debian 9.8.
    • Fix the version checking for diffoscope in Arch Linux. []
    • Install kernels as a separate step to ignore failures when installing/upgrading Debian backports’ kernels. []
    • Fix a number of issues with our Munin diskspace plugin. [][]
    • Correct grammar of Arch Linux IRC message. []
  • Mattia Rizzolo:

This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Vagrant Cascadian & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.


View all weekly reports

Follow us on Twitter @ReproBuilds. Projects working on reproducible builds: Arch Linux, Baserock, Bitcoin, coreboot, Debian, ElectroBSD, F-Droid, FreeBSD, Fedora, GNU Guix, Monero, NetBSD, NixOS, OpenEmbedded, openSUSE, OpenWrt, Qubes OS, Symfony, Tails, Tor Browser, Webconverger, Yocto Project. Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. Patches welcome via our Git repository (instructions) or via our mailing list.