Reproducible Builds: Weekly report #45

Published: Mar 10, 2016.

What happened in the reproducible builds effort between February 28th and March 5th:

Toolchain fixes

Antonio Terceiro uploaded gem2deb/0.27 that forces generated gemspecs to use the date from debian/changelog.
Antonio Terceiro uploaded gem2deb/0.28 that forces generated gemspecs to have their contains file lists sorted.
Robert Luberda uploaded ispell/3.4.00-5 which make builds of hashes reproducible.
Cédric Boutillier uploaded ruby-ronn/0.7.3-4 which will make the output locale agnostic. Original patch by Chris Lamb.
Markus Koschany uploaded spring/101.0+dfsg-1. Fixed by Alexandre Detiste.

Ximin Luo resubmitted the patch adding the --clamp-mtime option to Tar on Savannah’s bug tracker.

Lunar rebased our experimental dpkg on top of the current master branch. Changes in the test infrastructure are required before uploading a new version to our experimental repository.

Reiner Herrmann rebased our custom texlive- bin against the latest uploaded version.

Packages fixed

The following 77 packages have become reproducible due to changes in their build dependencies: asciidoctor, atig, fuel- astute, jekyll, libphone-ui- shr, linkchecker, maven-plugin- testing, node- iscroll, origami- pdf, plexus- digest, pry, python- avro, python- odf, rails, ruby-actionpack-xml- parser, ruby-active- model-serializers, ruby-activerecord-session-store, ruby-api- pagination, ruby- babosa, ruby- carrierwave, ruby-classifier- reborn, ruby- compass, ruby- concurrent, ruby- configurate, ruby- crack, ruby-css- parser, ruby-cucumber- rails, ruby- delorean, ruby- encryptor, ruby- fakeweb, ruby- flexmock, ruby-fog- vsphere, ruby- gemojione, ruby- git, ruby- grack, ruby- htmlentities, ruby-jekyll- feed, ruby-json- schema, ruby- listen, ruby- markerb, ruby- mathml, ruby-mini- magick, ruby-net- telnet, ruby-omniauth-azure- oauth2, ruby- omniauth-saml, ruby- org, ruby- origin, ruby- prawn, ruby- pygments.rb, ruby- raemon, ruby-rails-deprecated- sanitizer, ruby- raindrops, ruby- rbpdf, ruby- rbvmomi, ruby- recaptcha, ruby- ref, ruby- responders, ruby- rjb, ruby-rspec- rails, ruby- rspec, ruby-rufus- scheduler, ruby-sass- rails, ruby- sass, ruby-sentry- raven, ruby-sequel- pg, ruby- sequel, ruby- settingslogic, ruby-shoulda- matchers, ruby-slack- notifier, ruby- symboltable, ruby- timers, ruby- zip, ticgit, tmuxinator, vagrant, wagon, yard.

The following packages became reproducible after getting fixed:

air-quality-sensor/0.1.4-1 uploaded by Benedikt Wildenhain, fixed upstream, original patch by Chris Lamb.
device3dfx/2013.08.08-4 by Guillem Jover.
fldigi/3.23.08-1 by Kamal Mostafa.
fltk1.1/1.1.10-22 by Aaron M. Ucko.
freeimage/3.17.0+ds1-2 by Ghislain Antony Vaillant.
gimagereader/3.1.2+git368fa8f-2 by Philip Rinn.
ginkgocadx/3.7.5-1 by Gert Wollny, fixed upstream.
jadetex/3.13-17 by Norbert Preining.
opensips/2.1.2-1 by Razvan Crainea.
ruby-sqlite3/1.3.11-2 uploaded by Cédric Boutillier, original patch by Lunar.
runawk/1.6.0-2 uploaded by Andrew Shadura, patch by Reiner Herrmann.
systraq/20160303-1 by Joost van Baal-Ilić.

Some uploads fixed some reproducibility issues, but not all of them:

auto-multiple-choice/1.2.1-4 by Georges Khaznadar.
avfs/1.0.3-1 uploaded by Michael Meskes, original patch by Chris Lamb.
console-setup/1.138 uploaded by Anton Zinoviev, original patch by Reiner Herrmann.
gromacs/5.1.2-1 by Nicholas Breen.
mrrescue/1.02c-2 by Alexandre Detiste.
usb-modeswitch-data/20160112-2 by Didier Raboud.

Patches submitted which have not made their way to the archive yet:

#816209 on elog by Reiner Herrmann: use printf instead of echo which is shell-independent.
#816214 on python-pip by Reiner Herrmann: removes timestamp from generated Python scripts.
#816230 on rows by Reiner Herrmann: tell grep to always treat the input as text.
#816232 on eficas by Reiner Herrmann: use printf instead of echo which is shell-independent.

Florent Daigniere and bancfc reported that linux- grsec was currently built with GRKERNSEC_RANDSTRUCT which will prevent reproducible builds with the current packaging.

tests.reproducible-builds.org

pbuilder has been updated to the last version to be able to support Build-Depends-Arch and Build-Conflicts-Arch. (Mattia Rizzolo, h01ger)

New package sets have been added for Subgraph OS, which is based on Debian Stretch: packages and build dependencies. (h01ger)

Two new armhf build nodes have been added (thanks Vagrant Cascadian) and integrated in our Jenkins setup with 8 new armhf builder jobs. (h01ger)

strip-nondeterminism development

strip-nondeterminism version 0.016-1 was released on Sunday 28th. It will now normalize the POT-Creation-Date field in GNU Gettext .mo files. (Reiner Herrmann) Several improvements to the packages metadata have also been made. (h01ger, Ben Finney)

Package reviews

185 reviews have been removed, 91 added and 33 updated in the previous week.

New issue: fileorder_in_gemspec_files_list.

43 FTBFS bugs were reported by Chris Lamb, Martin Michlmayr, and gregor herrmann.

Misc.

After merging the patch from Dhiru Kholia adding support for SOURCE_DATE_EPOCH in rpm, Florian Festi opened a discussion on the rpm-ecosystem mailing list about reproducible builds.

On March 4th, Lunar gave an overview of the general reproducible builds effort at the Internet Freedom Festival in Valencia.

← View all weekly reports

Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info