What happened in the Reproducible Builds effort between May 22nd and May 28th 2016:
Media coverage
- Holger Levsen was invited to RIPE72 to talk about Reproducible Builds and a hope for a more secure future (Video, 25min and slides) in the cooperative workgroup.
- Scarlett Clark blogged about her first week of Outreachy work trying to make packages build reproducible, describing her efforts with kapptemplate, choqok and kdevplatform.
Documentation update
- The wiki page TimestampsProposal has been extended to cover more usage examples and to list more software supporting SOURCE_DATE_EPOCH. (Axel Beckert, Dhole and Ximin Luo)
- h01ger started a reference card for tools and information about reproducible builds but hasn’t progressed much yet. Help with it is much welcome, this is also a good opportunity to learn about this project ;-) The idea is simply to have one coherent place with pointers to all the stuff we have and provide, without repeating nor replacing other documentation.
Toolchain fixes
- Alexis Bienvenüe submitted a patch (#824050) against emacs24 for
SOURCE_DATE_EPOCHsupport in autoloads files, but upstream already disabled timestamps by default some time before. - proj/4.9.2-3 uploaded by Bas Couwenberg (#825088 by Alexis Bienvenü) properly initializes memory with zero to prevent the nad2bin tool from leaking random memory content into output artefacts.
- Reiner Herrmann submitted a patch (#825569, upstream) against Ruby to sort object files in generated Makefiles, which are used to compile C sources that are part of Ruby projects.
Packages fixed
The following 18 packages have become reproducible due to changes in their build dependencies: canl-c configshell dbus-java dune-common frobby frown installation-guide jexcelapi libjsyntaxpane-java malaga octave-ocs paje.app pd-boids pfstools r-cran-rniftilib scscp-imcce snort vim-addon-manager
The following packages have become reproducible after being fixed:
- apngasm/2.7-2 by Manuel A. Fernandez Montecelo, #782200 by Reiner Herrmann.
- apngdis/2.5-2 by Manuel A. Fernandez Montecelo, #782197 by Reiner Herrmann.
- apngopt/1.2-2 by Manuel A. Fernandez Montecelo, #782193 by Reiner Herrmann.
- asio/1:1.10.6-4 by Markus Wanner.
- bowtie/1.1.2-4 by Sascha Steinbiss.
- bowtie2/2.2.9-2 by Sascha Steinbiss.
- breeze/4:5.6.4-1 by Maximiliano Curia, #819512 by Eduard Sanou.
- cain/1.10+dfsg-2 by Sascha Steinbiss.
- cdist/4.0.0-2 by Dmitry Bogatov, #825406 by Chris Lamb.
- crossroads/2.81-1 by Reiner Herrmann.
- elasticsearch/1.7.5-1 by Emmanuel Bourg.
- gdal/2.1.0+dfsg-3 by Bas Couwenberg, #824808 by Alexis Bienvenüe.
- grass/7.0.4-2 by Bas Couwenberg, #825092 by Alexis Bienvenüe.
- jaligner/1.0+dfsg-3 by Michael R. Crusoe.
- khmer/2.0+dfsg-7 by Michael R. Crusoe.
- libhdf4/4.2.11-2 by Bas Couwenberg.
- libjspeex-java/0.9.7-4 by Emmanuel Bourg.
- libmialm/1.0.9-1 by Gert Wollny.
- libtheora/1.1.1+dfsg.1-10 by Petter Reinholdtsen.
- odil/0.6.0-2 by Julien Lamy.
- pacemaker/1.1.15~rc3-1 by Ferenc Wágner.
- pvm/3.4.6-1 by James Clarke.
- rna-star/2.5.2a+dfsg-2 by Sascha Steinbiss.
- smalt/0.7.6-6 by Sascha Steinbiss.
- soapdenovo2/240+dfsg-3 by Sascha Steinbiss.
- svtplay-dl/1.1-1 by Olof Johansson.
- t-coffee/11.00.8cbe486-3 by Sascha Steinbiss.
- toppred/1.10-3 by Sascha Steinbiss.
- transdecoder/3.0.0+dfsg-2 by Michael R. Crusoe.
- vpim/0.695-1.4 by Herbert Parentes Fortes Neto.
- vtk-dicom/0.7.7-2 by Gert Wollny.
- xplc/0.3.13-6 by Reiner Herrmann.
Some uploads have fixed some reproducibility issues, but not all of them:
- codeblocks/16.01+dfsg-1 by Vincent Cheng, #824182 by Fabian Wolff.
- gmt/5.2.1+dfsg-6 by Bas Couwenberg, #824668 by Alexis Bienvenü.
Patches submitted that have not made their way to the archive yet:
- #803547 against bbswitch (reopened) by Reiner Herrmann: sort members of tar archive
- #806945 against bash (follow-up) by Reiner Herrmann: use system man2html instead of embedded copy
- #825122 against kapptemplate by Scarlett Clark: set owner/group of members in tarball to root
- #825138 against console-setup by Reiner Herrmann: fix umask issue; sort entries in shell script; sort fontsets/charmaps locale-independently
- #825285 against kodi by Lukas Rechberger: replace build timestamps with version numbers
- #825322 against choqok by Scarlett Clark: force UTF-8 locale so kconfig_compiler behaves correctly
- #825544 against wavemon by Reiner Herrmann: sort list of object files
- #825545 against dwm by Reiner Herrmann: sort list of header files
- #825547 against tennix by Reiner Herrmann: sort list of data files being archived
- #825584 against ffmpeg2theora by Reiner Herrmann: sort list of source files
- #825588 against kball by Reiner Herrmann: sort list of source files
- #825634 against miceamaze by Reiner Herrmann: sort list of object files
- #825643 against dash by Reiner Herrmann: fix sorting of struct members in generated source file
- #825655 against libselinux by Reiner Herrmann: sort list of source files
- #825656 against libsepol by Reiner Herrmann: sort list of source files
- #825674 against libsemanage by Reiner Herrmann: sort list of source files
Package reviews
123 reviews have been added, 57 have been updated and 135 have been removed in this week.
- 5 new issues have been identified:
21 FTBFS bugs have been reported by Chris Lamb and Santiago Vila.
strip-nondeterminism development
- strip-nondeterminsim development: treat *.htb as Zip files (by Sascha Steinbiss).
- strip-nondeterminism 0.017-1 uploaded by h01ger.
tests.reproducible-builds.org
- The kde pkg set was extended, though the change ain’t visible yet, as there are currently non-installable packages in it (and so the set can’t be computed). (h01ger)
Misc.
- Mattia improved misc.git/reports (=the tools to help writing the weekly statistics for this blog) some more.
This week’s edition was written by Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.
