Reproducible Builds: Weekly report #99

Here’s what happened in the Reproducible Builds effort between Sunday March 12 and Saturday March 18 2017:

Upcoming events

• On March 23rd Holger Levsen will give a talk at the German Unix User Group’s “Frühjahrsfachgespräch” called Reproducible Builds everywhere.

• Verifying Software Freedom with Reproducible Builds will be presented by Vagrant Cascadian at Libreplanet2017 in Boston, March 25th.

• You, too, can write reproducible software! workshop by Ximin Luo, Vagrant Cascadian and Valerie Young at Libreplanet2017 in Boston, March 25th.

Reproducible Builds Hackathon Hamburg 2017

The Reproducible Builds Hamburg Hackathon 2017, or RB-HH-2017 for short is a 3 day hacking event taking place May 5th-7th in the CCC Hamburg Hackerspace located inside Frappant, as collective art space located in a historical monument in Hamburg, Germany.

The aim of the hackathon is to spent some days working on Reproducible Builds in every distribution and project. The event is open to anybody interested on working on Reproducible Builds issues, with or without prior experience!

Accommodation is available and travel sponsorship may be available by agreement. Please register your interest as soon as possible.

Reproducible Builds Summit Berlin 2016

This is just a quick note, that all the pads we’ve written during the Berlin summit in December 2016 are now online (thanks to Holger), nicely complementing the report by Aspiration Tech.

Request For Comments for new specification: BUILD_PATH_PREFIX_MAP

Ximin Luo posted a draft version of our BUILD_PATH_PREFIX_MAP specification for passing build-time paths between high-level and low-level build tools. This is meant to help eliminate unreproducibility caused by different paths being used at build time. At the time of writing, this affects an estimated 15-20% of 25000 Debian packages.

This is a continuation of an older proposal SOURCE_PREFIX_MAP, which has been updated based on feedback on our patches from GCC upstream, attendees of our Berlin 2016 summit, and participants on our mailing list. Thanks to everyone that contributed!

The specification also contains runnable source code examples and test cases; see our git repo.

Please comment on this draft ASAP - we plan to release version 1.0 of this in a few weeks.

Toolchain changes

• #857632 apt: ignore the currently running kernel if attempting a reproducible build (Chris Lamb)
• #857803 shadow: Make the sp_lstchg shadow field reproducible. (Chris Lamb)
• #857892 fontconfig: please make the cache files reproducible (Chris Lamb)

Packages reviewed and fixed, and bugs filed

Chris Lamb:

• #857771 filed against golang-github-go-macaron-toolbox.
• #857772 filed against sushi.
• #857803 filed against shadow.
• #857889 filed against calendar-exchange-provider.
• #857892 filed against fontconfig.
• #858150 filed against eric, forwarded upstream.
• #858152 filed against fritzing.
• #858220 filed against ns2.

Reviews of unreproducible packages

5 package reviews have been added, 274 have been updated and 800 have been removed in this week, adding to our knowledge about identified issues.

1 issue type has been added:

• filesystem_ordering_in_pak_files_generated_by_simutrans_makeobj

Weekly QA work

During our reproducibility testing, FTBFS bugs have been detected and reported by:

• Chris Lamb (5)
• Mattia Rizzolo (1)

diffoscope development

diffoscope 79 and 80 were uploaded to experimental by Chris Lamb. It included contributions from:

Chris Lamb:

• Ensure that we really are using ImageMagick. (Closes: #857940)
• Extract SquashFS images in one go rather than per-file, speeding up (eg.) Tails ISO comparison by ~10x.
• Support newer versions of cbfstool to avoid test failures. (Closes: #856446)
• Skip icc test that varies on endian if the Debian-specific patch is not present. (Closes: #856447)
• Compare GIF images using gifbuild. (Closes: #857610)
• Various other code quality, build and UI improvements.

Maria Glukhova:

• Improve AndroidManifest.xml comparison for APK files. (Closes: #850758)

strip-nondeterminism development

strip-nondeterminism 0.032-1 was uploaded to unstable by Chris Lamb. It included contributions from:

Chris Lamb:

• Fix a possible endless loop while stripping ar files due to trusting the file’s file size data. Thanks to Tobias Stoeckmann for the report, patch and testcase. (Closes: #857975)
• Add support for testing files we should reject.

tests.reproducible-builds.org

• The challenge for 100% reproducible BSD continues: currently it’s 99.6% for FreeBSD and 98.1% for NetBSD. In both cases this is just for their base system, without any ports built yet.

• Holger setup a jenkins job to build build-path-prefix-map-spec.git on every commit, producing nice a HTML version of the BUILD_PATH_PREFIX_MAP specification

• Some more tuning was done on IRC notifications by Holger.

• For testing Debian, diffoscope from experimental is now used, if available. (Holger too)

• Updated PyPI version check for diffoscope (Chris Lamb)

Misc.

This week’s edition was written by Ximin Luo, Holger Levsen and Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.