What happened about the reproducible builds effort for this week:
Toolchain fixes
Uploads that should help other packages:
- Stephen Kitt uploaded mingw-w64/4.0.2-2 which avoids inserting timestamps in PE binaries, and specify
dlltool’s temp prefix so it generates reproducible files. - Stephen Kitt uploaded binutils-mingw-w64/6.1 which fixed
dlltoolto initialize its output’s.idata$6section, avoiding random data ending up there.
Patch submitted for toolchain issues:
- #787159 on openjdk-7 by Emmanuel Bourg: sort the annotations and enums in
package-tree.htmlproduced byjavadoc. - #787250 on python-qt4 by Reiner Herrmann: sort imported modules to get reproducible output.
- #787251 on pyqt5 by Reiner Herrmann: sort imported modules to get reproducible output.
Some discussions have been started in Debian and with upstream:
- ocaml using random intermediate filenames (Daniel Kahn Gillmor)
- Timestamps embedded in docbook called by pkg-kde-tools or kdoctools5 (Daniel Kahn Gillmor)
- Should
--no-insert-timestampsbe the default in binutils-mingw-w64? (Stephen Kitt) - Make PDF ID field deterministic in PDFTeX (Nicolas Boulenguez)
- Add
--deterministicoption to Tar? (Lunar) - Undeterministic output from GCC with
-flto -ffat-lto-objects(Lunar)
Packages fixed
The following 8 packages became reproducible due to changes in their build dependencies: access-modifier-checker, apache-log4j2, jenkins-xstream, libsdl- perl, maven-shared- incremental, ruby- pygments.rb, ruby- wikicloth, uimaj.
The following packages became reproducible after getting fixed:
- debianutils/4.5.1 uploaded by Clint Adams, original patch by Lunar.
- exifprobe/2.0.1-5 by Joao Eriberto Mota Filho.
- gdb-mingw-w64/10 by Stephen Kitt.
- iceweasel/38.0.1-5 by Mike Hommey.
- liblingua-en-tagger-perl/0.25-1 uploaded by Axel Beckert, original patch by Reiner Herrmann.
- liboro-java/2.0.8a-10 by Emmanuel Bourg.
- mingw-w64/4.0.2-3 by Stephen Kitt.
- minidlna/1.1.4+dfsg-4 by Alexander GQ Gerasiov.
- miredo/1.2.6-3 by Tomasz Buchert.
- mpv/0.9.2-1 uploaded by Alessandro Ghedini, original patch by Lunar.
- nspr/2:4.10.8-2 by Mike Hommey.
- openstack-doc-tools/0.24-2 uploaded by Thomas Goirand, original patch by Reiner Herrmann.
- osgearth/2.5.0+dfsg-3 uploaded by Bas Couwenberg, original patch by Reiner Herrmann.
- pyexiv2/0.3.2-8 by Michal Čihař.
- python-netaddr/0.7.14-1 by Vincent Bernat.
- ruby-extlib/0.9.16-1 by Cédric Boutillier.
- sane-backends/1.0.24-12 by Jörg Frings-Fürst.
- sed/4.2.2-6 uploaded by Clint Adams, original patch.
- sextractor/2.19.5+dfsg-3 by Ole Streicher.
- swarp/2.38.0+dfsg-2 by Ole Streicher.
- tiptop/2.2-3 by Tomasz Buchert.
- tomcat7/7.0.62-1 by Emmanuel Bourg.
- tomcat8/8.0.23-1 by Emmanuel Bourg.
- xapian-omega/1.2.21-1 by Olly Betts, also fixed upstream.
- y-u-no-validate/2013052401-3 by Jakub Wilk.
Some uploads fixed some reproducibility issues but not all of them:
- 389-admin/1.1.38-1 uploaded by Timo Aaltonen, original patch by Chris Lamb.
- alt-ergo/0.99.1+dfsg1-3 uploaded by Ralf Treinen, original patch by Juan Picca and Jakub Wilk.
- deets/0.2.1-2 uploaded by Clint Adams, original patch by Chris Lamb.
- fpc/2.6.4+dfsg-5 by Paul Gevers.
- inspircd/2.0.20-1 by Guillaume Delacour.
- libparse-debianchangelog-perl/1.2.0-3 by intrigeri.
- luakit/2012.09.13-r1-4 uploaded by Clint Adams, original patch by Chris Lamb.
- mod-authn-webid/0~20110301-3 uploaded by Clint Adams, original patch by Chris Lamb.
- powerline/2.1.4-1 uploaded by Jerome Charaoui, reported by akira, fixed upstream.
- svtplay-dl/0.10.2015.05.24-1 by Olof Johansson.
Patches submitted which did not make their way to the archive yet:
- #777308 on dhcp-helper by Dhole: fix mtimes of packaged files.
- #786927 on flowscan by Dhole: remove timestamps from gzip files and fix mtimes of packaged files.
- #786959 on python3.5 by Lunar: set build date of binary and documentation to the time of latest
debian/changelogentry, prevent gzip from storing a timestamp. - #786965 on python3.4 by Lunar: same as python3.5.
- #786978 on python2.7 by Lunar: same as python3.5.
- #787122 on xtrlock by Dhole: fix mtimes of packaged files.
- #787123 on rsync by Dhole: remove timestamps from gzip files and fix mtimes of packaged files.
- #787125 on pachi by Dhole: fix mtimes of packaged files.
- #787126 on nis by Dhole: remove timestamps from gzip files and fix mtimes of packaged files.
- #787206 on librpc-xml-perl by Reiner Herrmann: remove timestamps from generated code.
- #787265 on libwx-perl by Reiner Herrmann: produce sorted output.
- #787303 on dos2unix by Juan Picca: set manpage date to the time of latest entry in
debian/changelog. - #787327 on vim by Reiner Herrmann: remove usage of
__DATE__and__TIME__macros.
Discussions that have been started:
- gst-plugins-base1.0 embeds current timestamp in .rodata of all objects (Daniel Kahn Gillmor)
reproducible.debian.net
Holger Levsen added two new package sets: pkg-javascript- devel and pkg-php- pear. The list of packages with and without notes are now sorted by age of the latest build.
Mattia Rizzolo added support for email notifications so that maintainers can
be warned when a package becomes unreproducible. Please ask Mattia or Holger
or in the #debian-reproducible IRC channel if you want to be notified for
your packages!
strip-nondeterminism development
Andrew Ayer fixed the gzip handler so that it skip adding a predetermined timestamp when there was none.
Documentation update
Lunar added documentation about mtimes of file extracted using unzip being timezone dependent. He also wrote a short example on how to test reproducibility.
Stephen Kitt updated the documentation about timestamps in PE binaries.
Documentation and scripts to perform weekly reports were published by Lunar.
Package reviews
50 obsolete reviews have been removed, 51 added and 29 updated this week. Thanks Chris West and Mathieu Bridon amongst others.
New identified issues:
- timestamps in .dat files from the Allegro framework,
- random identifier when using gcc -flto -ffat-lto-objects,
- random import order in .ui generated by pyuic,
- random order in C files generated by ExtUtils::ParseXS,
- timestamps in files generated by eingenbase resource generator.
Misc.
Lunar will be talking (in French) about reproducible builds at Pas Sage en Seine on June 19th, at 15:00 in Paris.
[Meeting](meeting will happen this Wednesday, 19:00 UTC.
