If you’re interested in attending the Reproducible Builds summit in Paris between 11th—13th December please see our event page.
In the meantime, here’s what happened in the Reproducible Builds effort between Sunday October 28 and Saturday November 3 2018:
-
Vagrant Cascadian has probed the Debian package archives and found that in the current Debian
sid
, 88 out of the 154 (57%) Debian binary packages installed in a minimal system can be verifiably reproduced.For a long time, 25,561 out of 27,427 (93%) of the total source packages in the Debian archive have been known to be reproducible in a our testing environment. While 57% is a lower figure it could be considered a more substantial statistic as it is not a measure of packages that behave well under carefully controlled conditions but of “real world” Debian artifacts that are installed on end-user systems.
-
On Tuesday 6th November, Chris Lamb will host a seminar at the William Gates Building at the University of Cambridge on reproducible builds as part of the Computer Laboratory NetOS Group.
-
Félix Sipma submitted a merge request to the Debian “Go” build tools to support the
-trimpath=all=
argument which should fix the reproducibility ofrestic
as well the categorisedrandomness_in_binaries_generated_by_golang_issue
toolchain issue. -
disorderfs (our FUSE-based filesystem that deliberately introduces non-determinism into filesystems) was updated by Bernhard M. Wiedemann to rename test files to
test_
to make them easier to iterate over ([…]) and moving the test execution logic intoMakefile
to not require a separate script ([…]). After this, Chris Lamb tidied theMakefiles
([…]). -
Eelco Dolstra — the BFDL of NixOS — gave a presentation on the future roadmap of NixOS, referencing reproducible builds.
-
Chris Lamb noticed that the webpages for the CLIP OS project which aims to build a “hardened, multi-level operating system based on the Linux kernel” lists bit-for-bit reproducibility in its security roadmap. (via LWN)
-
59 Debian package reviews were added, 7 were updated and 17 were removed in this week, adding to our knowledge about identified issues. Chris Lamb updated one issue type (
randomness_in_binaries_generated_by_golang
) and two were added (dc_created_timestamp_in_javadoc
&randomness_in_fonts_created_by_fontcustom
). -
Holger Levsen updated our website to add in-toto & Google’s participation for the upcoming Paris Summit. (1 & 2)
-
Molly de Blanc forwarded a call for applications for the Berkman Klein Center for Internet and Society in Cambridge, Massachusetts class of fellows who do research around the intersection of the internet, society, technology, etc. which may be relevant to anyone speaking, thinking, and writing around the implications of Reproducible Builds.
-
There were a number of updates to our Jenkins-based testing framework that powers tests.reproducible-builds.org by Holger Levsen this week, mostly fighting the load introduced from a number of bots (eg. […]) but also enhancing the performance of Jenkins via adjusting Java’s garbage collection and heap size settings (eg. […]).
We’ve been experiencing a high load in our test framework in the last week which we experienced some weeks ago as well after a Jenkins plugin update. However, this time Holger has not been able to get this under control yet and, as such, some test results are currently delayed.
Packages reviewed and fixed, and bugs filed
- Alexander Bedrossian:
- equivs (remove current date)
- Amit Biswas:
- Anoop Nadig:
- Bernhard M. Wiedemann:
- evolution (fixed, parallelism-race)
- pocl (fix compile time CPU detection, already upstream)
- beignet (drop
.pch
) - groff (date & mtime, already upstream)
- Chris Lamb:
- #912152 filed against radon.
- #912161 filed against sword.
- “Make the cache filenames deterministic” for fontconfig.
- Mathieu Parent:
- Maliat Manzur:
- biboumi (used
SOURCE_DATE_EPOCH
)
- biboumi (used
- Nick Gregory:
- #912299 filed against blender last week
- #913021 filed against carbon-c-relay
- Snahil Singh:
- firehol (used
SOURCE_DATE_EPOCH
)
- firehol (used
Chris Lamb also sent two previously-authored patches for GNU mtools to ensure the Debian Installer images could become reproducible. (1 & 2)
This week’s edition was written by Alexander Bedrossian, Amit Biswas, Anoop Nadig, Bernhard M. Wiedemann, Chris Lamb, David A. Wheeler, Holger Levsen, Snahil Singh, Nick Gregory & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.