View all weekly reports

Reproducible Builds: Weekly report #200

Published: Feb 26, 2019.

Here’s what happened in the Reproducible Builds effort between Sunday February 17 and Saturday February 23 2019:

diffoscope development

diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages.

This week, Chris Lamb made a huge a number of changes, including:

  • Add a --exclude-directory-metadata=recursive option to support ignoring timestamp (etc.) differences within nested containers. (Debian:#907600, #36).
  • Compare .asc PGP signatures as text, not as a hexdump. (Debian:#908991, #7).
  • Replace over 8 MB of Android boot ROM test suite fixtures with 14 KB equivalents to reduce the size of the release tarball. (#894334, reproducible-builds/diffoscope#13).
  • Additionally compare pgpdump(1) output when comparing PGP signatures. []
  • --help output improvements:
    • Include links to the diffoscope homepage and bug tracker. []
    • Indent and wrap the list of supported file formats. []
    • Refer to the Debian package names when indicating how to obtain the tlsh and argcomplete Python modules.. []
  • Adopt the Black code formatter:
    • Run against the existing source code. [].
    • Add an initial black setup in a PEP 518 pyproject.toml file [] and update to include it in future release tarballs. []
    • Add a test to ensure future source code satisfies the formatter. []
    • Allow Gitlab CI failures in stable-bpo due to dependency on ‘black’.. []
  • Drop the DOS/MBR source string test. []
  • Rework and comment logic determining the fallback/default value for exclude_directory_metadata. []

Chris also uploaded version 112 to Debian unstable, dropped an errant </ul> from the website [] and also applied the “black” code formatter to the client [].

Packages reviewed and fixed, and bugs filed

Test framework development

We operate a comprehensive Jenkins-based testing framework that powers This week, Holger Levsen made a huge number of improvements including:

This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, heinrich5991, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

View all weekly reports

Follow us on Twitter @ReproBuilds. Projects working on reproducible builds: Arch Linux, Baserock, Bitcoin, coreboot, Debian, ElectroBSD, F-Droid, FreeBSD, Fedora, GNU Guix, Monero, NetBSD, NixOS, OpenEmbedded, openSUSE, OpenWrt, Qubes OS, Symfony, Tails, Tor Browser, Webconverger, Yocto Project. Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. Patches welcome via our Git repository (instructions) or via our mailing list.