What happened in the reproducible builds effort this week:
Toolchain fixes
- Robert Luberda uploaded ispell/3.4.00-4 which fixes another issue with uninitialized memory in ispell hashes. Original patch by Valentin Lorentz.
- Robert Luberda uploaded man2html/1.6g-8 which adds support for SOURCE_DATE_EPOCH. Original patch by akira.
- gregor herrmann uploaded libdebian-copyright-perl/0.2-3 which sorts copyright files for deterministic ordering. Original patch by Reiner Herrmann.
- Rafael Laboissiere uploaded octave-pkg-dev/1.3.2 which normalizes the name of the temporary build directory. This doesn’t seem to be enough to make Octave packages reproducible just yet, though.
- Nicolas Boulenguez uploaded gprbuild/2015-1 which sets a deterministic date to the generated source.
Packages fixed
The following packages became reproducible due to changes in their build dependencies: maven-plugin-tools, norwegian, ocaml- melt, python-biom- format, rivet.
The following packages became reproducible after getting fixed:
- apache2/2.4.17-1 by Stefan Fritsch.
- autogen/1:5.18.6-3 by Andreas Metzler.
- debian-timeline/37 by Chris Lamb.
- fonty-rg/0.6 uploaded by Radovan Garabík, original patch by Chris Lamb.
- foxeye/0.10.2-2 by Andriy Grytsenko.
- hsqldb/2.3.3+dfsg2-1 by Markus Koschany.
- jasperreports/6.1.1+dfsg-1 uploaded by Markus Koschany, fix by Emmanuel Bourg.
- libmath-base-convert-perl/0.11-2 uploaded by Salvatore Bonaccorso, original patch by Reiner Herrmann.
- libsdl2-gfx/1.0.1+dfsg-2 uploaded by Manuel A. Fernandez Montecelo, original patch by Reiner Herrmann.
- libsdl2/2.0.2+dfsg1-8 uploaded by Gianfranco Costamagna, patch by Reiner Herrmann.
- linux/4.2.5-1 by Ben Hutchings.
- litl/0.1.7+dfsg-1 by Samuel Thibault, original patch by Chris Lamb.
- python-keystoneclient/1:1.7.1-4 by Thomas Goirand.
- sphinxbase/0.8+5prealpha-1 by Samuel Thibault.
- tatan/1.0.dfsg1-6 uploaded by Markus Koschany, original patch by Reiner Herrmann.
- v4l2loopback/0.9.1-4 uploaded by IOhannes m zmölnig, original patch.
- yadifa/2.1.4-2 uploaded by Markus Schade, original patch by Reiner Herrmann.
Some uploads fixed some reproducibility issues but not all of them:
- lcov/1.12-2 by Alastair McKinstry, original patch by Reiner Herrmann.
- libsdl1.2/1.2.15-12 uploaded by Manuel A. Fernandez Montecelo, original patch by Reiner Herrmann.
- metview/4.5.7-1 by Alastair McKinstry.
- mumble/1.2.10-2 by Christopher Knadle.
The following package is currently failing to build from source but should now be reproducible:
- p4vasp/0.3.29+dfsg-2 uploaded by Graham Inggs, original patch by Reiner Herrmann.
Patches submitted which have not made their way to the archive yet:
- #803501 on fdroidserver by Reiner Herrmann: add support for
SOURCE_DATE_EPOCHtodocs/gendocs.shand normalizes tarball permissions. Sent upstream. - #803547 on bbswitch by Reiner Herrmann: tell tar to normalize the permissions.
- #803583 on ndiswrapper by Reiner Herrmann: tell tar to normalize the permissions.
- #803601 on xtables-addons by Reiner Herrmann: tell tar to normalize the permissions.
- #803603 on usb-modeswitch-data by Reiner Herrmann: tell tar to normalize the permissions.
reproducible.debian.net
A quick update on current statistics: testing is at 85% of packages tested
reproducible with our modified
packages,
unstable on armhf caught up with amd64 with 80%.
The schroot name used for running diffoscope when testing OpenWrt, NetBSD, Coreboot, and Arch Linux has been fixed. (h01ger, Mattia Rizzolo)
Documentation update
Paul Gevers documented timestamps in unit files created by the Free Pascal Compiler.
reproducible-builds.org is now live. It contains a comprehensive documentation on all aspects that have been identified so far of what we call “reproducible builds”. It makes room for pointers to projects working on reproducible builds, news, dedicated tools, and community events.
Package reviews
206 reviews have been removed, 171 added and 196 updated this week.
Chris Lamb reported 28 failing to build from source issues.
New issues identified this week: timestamps_in_pdf_content, different_encoding_in_html_by_docbook_xsl, timestamps_in_ppu_generated_by_fpc, method_may_never_be_called_in_documentation_generated_by_javadoc.
Misc.
Andrei Borzenkov has proposed a fix for uninitialized memory in GRUB’s mkimage. Uninitialized memory is one source of hard to track down reproducibility errors.
Holger Levsen presented the efforts on reproduible builds at Festival de Software Libre in Puerto Vallarta, Mexico.
