Reproducible Builds: Weekly report #77

Published: Oct 19, 2016.

What happened in the Reproducible Builds effort between Sunday October 9 and Saturday October 15 2016:

Media coverage

despinosa wrote a blog post on Vala and reproducibility
h01ger and lynxis gave a talk called “From Reproducible Debian builds to Reproducible OpenWrt, LEDE” (video, slides) at the OpenWrt Summit 2016 held in Berlin, together with ELCE, held by the Linux Foundation.
A discussion on debian-devel@ resulted in a nice quotable comment from Paul Wise: “(Reproducible) builds from source (with continuous rechecking) is the only way to have enough confidence that a Debian user has the freedoms promised to them by the Debian social contract.”
Chris Lamb will present a talk at Software Freedom Kosovo on reproducible builds on Saturday 22nd October.

Documentation update

After discussions with HW42, Steven Chamberlain, Vagrant Cascadian, Daniel Shahaf, Christopher Berg, Daniel Kahn Gillmor and others, Ximin Luo has started writing up more concrete and detailed design plans for setting SOURCE_ROOT_DIR for reproducible debugging symbols, buildinfo security semantics and buildinfo security infrastructure.

Toolchain development and fixes

Dmitry Shachnev noted that our patch for #831779 has been temporarily rejected by docutils upstream; we are trying to persuade them again.

Tony Mancill uploaded javatools/0.59 to unstable containing #835147 by Chris Lamb. This fixed an issue where documentation Recommends: substvars would not be reproducible.

Ximin Luo filed bug 77985 to GCC as a pre-requisite for future patches to make debugging symbols reproducible.

Packages reviewed and fixed, and bugs filed

The following updated packages have become reproducible - in our current test setup - after being fixed:

cobbler/2.6.6+dfsg1-13 by Thomas Goirand, #831214 by Chris Lamb.
collectd/5.6.1-1 by Marc Fournier.
fonts-tiresias/0.1-3 by Gürkan Myczko, #834896 by Chris Lamb.
fntsample/4.0-2 by Євгеній Мещеряков, #833611 by Chris Lamb.
fpga-icestorm/0~20160913git266e758-2 by Ruben Undheim, #840098 by Chris Lamb.
frog/0.13.5-1 by Maarten van Gompel, #828017 by Chris Lamb.
lambda-align/1.0.0-2 by Sascha Steinbiss, #840156 by Chris Lamb.
pleiades/1.7.0-2 by Hideki Yamane, #835633 by Chris Lamb.
sweethome3d/5.2+dfsg-1 by Markus Koschany, original fix by Gabriele Giacone.
trac-subtickets/0.2.0-2 by W. Martin Borgert.

The following updated packages appear to be reproducible now, for reasons we were not able to figure out. (Relevant changelogs did not mention reproducible builds.)

aodh/3.0.0-2 by Thomas Goirand.
eog-plugins/3.16.5-1 by Michael Biebl.
flam3/3.0.1-5 by Daniele Adriana Goulart Lopes.
hyphy/2.2.7+dfsg-1 by Andreas Tille.
libbson/1.4.1-1 by A. Jesse Jiryu Davis.
libmongoc/1.4.1-1 by A. Jesse Jiryu Davis.
lxc/1:2.0.5-1 by Evgeni Golov.
spice-gtk/0.33-1 by Liang Guo.
spice-vdagent/0.17.0-1 by Liang Guo.
tnef/1.4.12-1 by Kevin Coyner.

Some uploads have addressed some reproducibility issues, but not all of them:

chktex/1.7.6-1 by Thorsten Alteholz, #819885 by Sascha Steinbiss.
dbus/1.10.12-1 by Simon McVittie.
doomsday/1.15.8-3 by Markus Koschany, #839338 by Lucas Nussbaum.
emacs25/25.1+1-1 by Rob Browning.
gpgme1.0/1.7.0-3 by Daniel Kahn Gillmor.
monkeysign/2.2.0 by Antoine Beaupré.
python-attrs/16.2.0-1 by Tristan Seligmann, #833886 by Chris Lamb.
shotwell/0.24.0-1 by Jörg Frings-Fürst, #822948 by Alexis Bienvenüe.
supple/1.0.6-2 by Daniel Silverstone.
why/2.36-1 by Ralf Treinen, #807051 by Valentin Lorentz.

Some uploads have addressed nearly all reproducibility issues, except for build path issues:

palo/1.96 by Helge Deller, #778437 by Chris Lamb.
rbdoom3bfg/1.1.0~preview3+dfsg+git20160807-1 by Tobias Frost.
singular/4.0.3-p3+ds-1 by Jerome Benoit.
varnish/5.0.0-3 by Stig Sandbeck Mathisen, #835061 by Chris Lamb.
yaml-cpp/0.5.2-4 by Paul Novotny, #808714 by Reiner Herrmann.

Patches submitted that have not made their way to the archive yet:

#840741 filed against http-icons by Chris Lamb.
#840177 filed against qconf by Chris Lamb.
#840845 filed against python-pygraphviz by Chris Lamb.
#840346 filed against qjoypad by Chris Lamb.

Reviews of unreproducible packages

101 package reviews have been added, 49 have been updated and 4 have been removed in this week, adding to our knowledge about identified issues.

3 issue types have been updated:

Added max_output_size_reached, ftbfs_due_to_jenkins_semaphore_setup, and build_id_differences_only.

Weekly QA work

During of reproducibility testing, some FTBFS bugs have been detected and reported by:

Anders Kaseorg (1)
Chris Lamb (18)

tests.reproducible-builds.org

Debian:

h01ger has turned off the “Scheduled in testing+unstable+experimental” regular IRC notifications and turned them into emails to those running jenkins.d.n.
Re-add opi2a armhf node and 3 new builder jobs for a total of 60 build jobs for armhf. (h01ger and vagrant)
vagrant suggested to add a variation of init systems effecting the build, and h01ger added it to the TODO list.
Steven Chamberlain submitted a patch so that now all buildinfo files are collected (unsigned yet) at submit@buildinfo.kfreebsd.eu.
Holger enabled CPU type variation (Intel Haswell or AMD Opteron 62xx) for i386. Thanks to Profitbricks.com for their great and continued support!

Openwrt/LEDE/NetBSD/coreboot/Fedora/archlinux:

Increase memory on the 2 build nodes from 12 to 16gb, thanks to profitbricks.com

Misc.

We are running a poll to find a good time for an IRC meeting.

This week’s edition was written by Ximin Luo, Holger Levsen & Chris Lamb and reviewed by a bunch of Reproducible Builds folks on IRC.

← View all weekly reports

Follow us on Twitter @ReproBuilds, Mastodon @reproducible_builds@fosstodon.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info