Here’s what happened in the Reproducible Builds effort between Sunday February 17 and Saturday February 23 2019:
-
Holger Levsen submitted the Reproducible Builds project to the May/August 2019 round of Outreachy. Outreachy provides internships to work free software. Internships are open to applicants around the world, working remotely and are not required to move. Interns are paid a stipend of $5,500 for the three month internship and have an additional $500 travel stipend to attend conferences/events. So far, we received more than ten initial requests from candidates. The closing date for applicants is April 2nd. More information is available on the application page.
-
On our mailing list this week, Holger Levsen posted about non theoretical reproducibility in Debian, however results for the full archive will only be available next week. Omar Navarro Leija also asked a question about finding packages with tests.
-
Chris Lamb increased the diskspace and memory available for buildinfo.debian.net.
-
The Qt programming framework made a change to their
qtbase
component to also look forSOURCE_DATE_EPOCH
to make a number of Qt-related builds reproducible “out of the box”. -
On Tuesday 26th February Chris Lamb will speak at Speck&Tech 31 “Open Security” on Reproducible Builds in Trento, Italy.
-
Richard Biener and other openSUSE developers involved with the GCC compiler recently discussed about how to make the compiler build itself reproducibly and also how to make its profiling less sensitive to ordering issues. Richard also reported success in making GCC build reproducibly without profile guided optimisations and discussed patches upstream.
-
Arnout Engelen made some changes to the reproducible-builds.org project website including clarifying a
source.scm.uri
variable is the MavendeveloperConnection
[…]. In addition, Jelle van der Waa fixed some typos in the recent Paris Summit report […] and Peter Wu clarified the use of CMake/Qt instructions […] & added the current status ofrcc
from Qt 5.13 […]. -
8 Debian package reviews were added, 6 were updated and 15 were removed in this week, adding to our knowledge about identified issues.
diffoscope development
diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages.
This week, Chris Lamb made a huge a number of changes, including:
- Add a
--exclude-directory-metadata=recursive
option to support ignoring timestamp (etc.) differences within nested containers. (Debian:#907600, #36). - Compare
.asc
PGP signatures as text, not as a hexdump. (Debian:#908991, #7). - Replace over 8 MB of Android boot ROM test suite fixtures with 14 KB equivalents to reduce the size of the release tarball. (#894334, reproducible-builds/diffoscope#13).
- Additionally compare
pgpdump(1)
output when comparing PGP signatures. […] --help
output improvements:- Include links to the diffoscope homepage and bug tracker. […]
- Indent and wrap the list of supported file formats. […]
- Refer to the Debian package names when indicating how to obtain the
tlsh
andargcomplete
Python modules.. […]
- Adopt the Black code formatter:
- Run against the existing source code. […].
- Add an initial black setup in a PEP 518
pyproject.toml
file […] and updateMANIFEST.in
to include it in future release tarballs. […] - Add a test to ensure future source code satisfies the formatter. […]
- Allow GitLab CI failures in
stable-bpo
due to dependency on ‘black’.. […]
- Drop the
DOS/MBR
source string test. […] - Rework and comment logic determining the fallback/default value for
exclude_directory_metadata
. […]
Chris also uploaded version 112
to Debian unstable, dropped an errant </ul>
from the diffoscope.org website […] and also applied the “black” code formatter to the try.diffoscope.org client […].
Packages reviewed and fixed, and bugs filed
- Bernhard M. Wiedemann:
- unknown-horizons (sort python glob)
- Chris Lamb:
Test framework development
We operate a comprehensive Jenkins-based testing framework that powers tests.reproducible-builds.org. This week, Holger Levsen made a huge number of improvements including:
- Debian-specific changes:
- Import a script as posted by Vagrant on our mailing list, massively reworking and improving it. The resulting reproducibility statistics of packages on
ftp.debian.org
were posted to our mailing list. ([…], […], etc.) - Drop a reminder from
rb_service.sh
and move to top-level wishlist tracker. […]
- Import a script as posted by Vagrant on our mailing list, massively reworking and improving it. The resulting reproducibility statistics of packages on
- OpenWrt-specific changes:
This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, heinrich5991, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.