Reproducible Builds: Weekly report #26

Published: Oct 27, 2015.

What happened in the reproducible builds effort this week:

Toolchain fixes

Stefano Rivera uploaded python-cffi/1.3.0-1 which makes the generated code order deterministic for anonymous unions and anonymous structs. Reported by Tristan Seligmann, and fixed uptream.

Mattia Rizzolo created a bug report to continue the discussion on storing cryptographic checksums of the installed .deb in dpkg database. This follows the discussion that happened in June and is a pre-requisite to add checksums to .buildinfo files.

Niko Tyni identified why the Vala compiler would generate code in varying order. A better patch than his initial attempt still needs to be written.

Packages fixed

The following 15 packages became reproducible due to changes in their build dependencies: alt-ergo, approx, bin- prot, caml2html, coinst, dokujclient, libapreq2, mwparserfromhell, ocsigenserver, python- cryptography, python- watchdog, slurm- llnl, tyxml, unison2.40.102, yojson.

The following packages became reproducible after getting fixed:

389-ds-base/1.3.3.13-1 uploaded by Timo Aaltonen, original patch by Chris Lamb.
apache2/2.4.17-1 by Stefan Fritsch.
ben/0.7.3 by Mehdi Dogguy.
cdo/1.6.9+dfsg.1-3 by Alastair McKinstry.
epubcheck/4.0.0-2 by Eugene Zhukov.
grads/2:2.0.2-8 by Alastair McKinstry.
litl/0.1.7+dfsg-1 uploaded by Samuel Thibault, original patch by Chris Lamb.
mia/2.2.5-1 by Gert Wollny.
powerline/2.2-2 by Jerome Charaoui.
python-oslotest/1:1.11.0-2 by Thomas Goirand.
tth/4.05+ds-2 uploaded by Jerome Benoit, original patch by Reiner Herrmann.
xbae/4.60.4-7 uploaded by Nicholas Breen, original patch by Chris Lamb.
xdmf/2.1.dfsg.1-13 by Alastair McKinstry.

Some uploads fixed some reproducibility issues but not all of them:

foxeye/0.10.2-1 by Andriy Grytsenko.
jaxe/3.5-6 by Samuel Thibault.
ncurses/6.0+20151017-1 by Sven Joachim, original patch by Esa Peuha.
olap4j/1.2.0-1 by Emmanuel Bourg.
tomcat8/8.0.28-1 by Emmanuel Bourg.

reproducible.debian.net

pbuilder has been updated to version 0.219~bpo8+1 on all eight build nodes. (Mattia Rizzolo, h01ger)

Packages that FTBFS but for which no open bugs have been recorded are now tested again after 3 days. Likewise for “depwait” packages. (h01ger)

Out of disk situations will not cause IRC notifications anymore. (h01ger)

Documentation update

Lunar continued to work on writing documentation for the future reproducible- builds.org website.

Package reviews

44 reviews have been removed, 81 added and 48 updated this week.

Chris West and Chris Lamb identified 70 “fail to build from source” issues.

Misc.

h01ger presented the project in Mexico City at the 3er Congreso de Seguridad de la Información where it became clear that we lack academic papers related to reproducible builds.

Bryan has been doing hard work to improve reproducibility for OpenWrt. He wrote a report linking to the patches and test results he published.

← View all weekly reports

Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info