Here’s what happened in the Reproducible Builds effort between Sunday January 29 and Saturday February 4 2017:
Dennis Gilmore and Holger Levsen presented “Reproducible Builds and Fedora” (Video, Slides) at Devconf.cz on February 27th 2017.
On February 1st, stretch/armhf reached 90% reproducible packages in our test framework, so that now all four tested architectures are ≥ 90% reproducible in stretch. Yay! For armhf this means 22472 reproducible source packages (in main); for amd64, arm64 and i386 these figures are 23363, 23062 and 22607 respectively.
Chris Lamb appeared on the Changelog podcast to talk about reproducible builds:
Holger Levsen pitched Reproducible Builds and our need for a logo in the “Open Source Design” room at FOSDEM 2017 (Video, 09:36 - 12:00).
The Reproducible Build Zoo will be presented by Vagrant Cascadian at the Embedded Linux Conference in Portland, Oregon, February 22nd.
Introduction to Reproducible Builds will be presented by Vagrant Cascadian at Scale15x in Pasadena, California, March 5th.
Verifying Software Freedom with Reproducible Builds will be presented by Vagrant Cascadian at Libreplanet2017 in Boston, March 25th-26th.
Reproducible work in other projects
We learned that the “slightly more secure” Heads firmware (a Coreboot payload) is now reproducibly built regardless of host system or build directory. A picture says more than a thousand words:
Docker started preliminary work on making image builds reproducible.
Toolchain development and fixes
Ximin Luo continued to write code and test
cases for the
BUILD_PATH_PREFIX_MAP environment variable. He also did extensive research on
cross-platform and cross-language issues with environment variables, filesystem
paths, and character encodings, and started preparing a draft specification
document to describe all of this.
Chris Lamb asked CPython to implement an environment variable
PYTHONREVERSEDICTKEYORDER to add an
an option to reverse iteration order of items in a
dict. However this was
rejected because they are planning to formally fix this order in the next
Bernhard Wiedemann and Florian Festi added
support for our
SOURCE_DATE_EPOCH environment variable, to the RPM Package Manager.
James McCoy uploaded devscripts 2.17.1 with a change from Guillem
dscverify(1), adding support for .buildinfo files. (Closes: #852801)
Piotr Ożarowski uploaded dh-python 2.20170125 with a change from Chris Lamb for a patch to fix #835805.
Chris Lamb added documentation to diffoscope, strip-nondeterminism, disorderfs, reprotest and trydiffoscope about uploading signed tarballs when releasing. He also added a link to these on our website’s tools page.
Packages reviewed and bugs filed
- “Z. Ren”:
- #854293 filed against manpages-tr.
- #854294 filed against regina-rexx.
- Chris Lamb:
- #853039 filed against fontypython.
- #853912 filed against python-testfixtures, merged upstream as PR #56.
- #854111 filed against aprx.
- #854112 filed against pnmixer.
- Reiner Herrmann:
- #854145 filed against daemontools.
- #854146 filed against diploma.
Reviews of unreproducible packages
83 package reviews have been added, 86 have been updated and 276 have been removed in this week, adding to our knowledge about identified issues.
2 issue types have been updated:
Weekly QA work
During our reproducibility testing, the following FTBFS bugs have been detected and reported by:
- Chris Lamb (6)
Work on the next version (71) continued in git this week:
- Mattia Rizzolo:
- Override a lintian warning.
- Chris Lamb:
- Update and consolidate documentation
- Many test additions and improvements
- Various code quality and software architecture improvements
- Update arch package, cdrkit -> cdrtools.
Daniel Shahaf added more notes on our “How to chair a meeting” document.
Holger unblacklisted pspp and tiledarray. If you think further packages should also be unblacklisted (possibly only on some architectures), please tell us.
This week’s edition was written by Ximin Luo, Holger Levsen and Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.