Here’s what happened in the Reproducible Builds effort between Sunday January 22 and Saturday January 28 2017:
The Reproducible Build Zoo was presented by Vagrant Cascadian at the Embedded Linux Conference in Portland, Oregon on February 22nd.
Dennis Gilmore and Holger Levsen presented “Reproducible Builds and Fedora” at Devconf.cz on February 27th.
Introduction to Reproducible Builds will be presented by Vagrant Cascadian at Scale15x in Pasadena, California, March 5th.
“Verifying Software Freedom with Reproducible Builds” will be presented by Vagrant Cascadian at Libreplanet2017 in Boston, March 25th-26th.
Reproducible work in other projects
John Gilmore wrote an interesting mail about how Cygnus.com worked on reproducible builds in the early 1990s. It’s eye opening to see how the dealt with basically the very same problems we’re dealing with today, how they solved them and then to realize that most of this has been forgotten and bit-rotted in the last 20 years. How will we prevent history repeating itself here?
Toolchain development and fixes
Christoph Biedl wrote a mail describing an interesting problem in to the way binNMUs are done in Debian.
Guillem Jover made a number of changes to
dpkg that affect the Reproducible Builds effort within Debian:
dpkg-source. Use the current date if the changelog does not have one. Closes: #849081
Add initial support for
dpkg-genbuildinfo. This will make it possible to enable or disable specific features that should be recorded in the
.buildinfofile. For now only “all” and “path” are supported. Closes: #848705
.buildinfofiles also for source-only uploads in
dpkg-genchanges. Closes: #846164
Add support for signed
dpkg-buildpackage. Add new
--unsigned-buildinfooptions. Closes: #843925
dpkg-buildpackage --unsigned-changesnot sign
.buildinfoeither. This breaks the expectations of users and tools, because there was no way previously to request no signing at all. Closes: #852822
Packages reviewed and fixed, and bugs filed
- #852482 filed against flask-limiter.
- #853039 filed against fontypython.
- #852289 filed against python-passlib.
Reviews of unreproducible packages
17 package reviews have been added, 4 have been updated and 6 have been removed in this week, adding to our knowledge about identified issues.
2 issue types have been added:
1 issue type has been removed:
Weekly QA work
During our reproducibility testing, the following FTBFS bugs have been detected and reported by:
- Chris Lamb (6)
- Holger Levsen (1)
diffoscope 70 was uploaded to unstable by Mattia Rizzolo. It included contributions from:
- tests.presenters: Prevent FTBFS by loading fixtures as UTF-8 in case surrounding terminal is not Unicode-aware. (Closes: #852926)
- comparators: Tidy re_tests with list comprehensions and implicit “x, y” unpacking over indexing; lambda/filter is not idiomatic Python 3.
- tests: Increase coverage by adding “# noqa” in relevant parts.
- tests: Test that no arguments (beyond the filenames) prints the text output.
- tests: Test –text-color output format.
- tests: Add a test comparing two empty directories.
- tests: Don’t warn about coverage lines that raise NotImplementedError.
- Ximin Luo:
reprotest 0.6 was uploaded to unstable by Holger Levsen. It included contributions:
- Test the extra variations we added recently and ensure they don’t get missed in the future
- Better logging messages that actually get controlled by the verbosity flag
- Add a man page using rst2man and help2man
- Add a –config-file option and fix the loading of configs
- Fix the reading of config options
- Fix a bug where the sha256sum of a reproduction won’t be displayed if –store-dir is not given
- Chris Lamb:
- h01ger experimented with reusing SSH control connections but stopped that experiment when we ran into more network issues than before. To be continued, as we’re having 10k SSH connections per day and saving 2 seconds each time would sum up, especially on the Jenkins host itself.
- h01ger made the scheduler run 3 times a day, 2.5h after dinstall runs, instead of every 3h as before.
- h01ger restructured the https://tests.reproducible-builds.org/debian/index_breakages.html and improved the corresponding Jenins job.
- h01ger also unblacklisted xmds2, sofia-sip and ck - if you think other packages should be unblacklisted (maybe only on some architectures), please do tell us.
This week’s edition was written by Chris Lamb and Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.