What happened in the reproducible builds effort this week:
Toolchain fixes
- Scott Kitterman uploaded python3-defaults/3.4.3-7 which changes
py3versions to list versions in a consistent order. Issue reported by Santiago Vila with a tentative patch by Chris Lamb. Sadly, it appears the problem is not entirely solved. - Martin Pitt uploaded init-system-helpers/1.24 which makes the order of unit files in maintainer scripts stable. Original patch by Reiner Herrmann.
- Niko Tyni uploaded libextutils-xsbuilder-perl/0.28-3 which makes the generated XS code reproducible.
Niko Tyni wrote a new patch adding support
for
SOURCE_DATE_EPOCH
in Pod::Man. This would complement or replace the previously implemented
POD_MAN_DATE environment variable in a more generic way.
Niko Tyni proposed a fix to prevent mtime
variation in
directories
due to debhelper usage of cp
--parents -p.
Packages fixed
The following 119 packages became reproducible due to changes in their build dependencies: aac-tactics, aafigure, apgdiff, bin- prot, boxbackup, calendar, camlmix, cconv, cdist, cl- asdf, cli- common, cluster- glue, cppo, cvs, esdl, ess, faucc, fauhdlc, fbcat, flex- old, freetennis, ftgl, gap, ghc, git-cola, globus-authz-callout- error, globus- authz, globus- callout, globus- common, globus-ftp- client, globus-ftp- control, globus-gass- cache, globus-gass- copy, globus-gass- transfer, globus-gram- client, globus-gram-job- manager-callout-error, globus-gram-protocol, globus-gridmap-callout-error, globus-gsi- callback, globus-gsi-cert- utils, globus-gsi- credential, globus-gsi- openssl-error, globus- gsi-proxy-core, globus- gsi-proxy-ssl, globus-gsi- sysconfig, globus-gss- assist, globus-gssapi- error, globus-gssapi- gsi, globus-net- manager, globus-openssl- module, globus- rsl, globus-scheduler-event- generator, globus-xio-gridftp-driver, globus-xio-gsi-driver, globus-xio, gnome-control- center, grml2usb, grub, guilt, hgview, htmlcxx, hwloc, imms, kde-l10n, keystone, kimwitu++, kimwitu- doc, kmod, krb5, laby, ledger, libcrypto++, libopendbx, libsyncml, libwps, lprng- doc, madwimax, maria, mediawiki- math, menhir, misery, monotone- viz, morse, mpfr4, obus, ocaml- csv, ocaml- reins, ocamldsort, ocp- indent, openscenegraph, opensp, optcomp, opus, otags, pa- bench, pa- ounit, pa- test, parmap, pcaputils, perl-cross- debian, prooftree, pyfits, pywavelets, pywbem, rpy, signify, siscone, swtchart, tipa, typerep, tyxml, unison2.32.52, unison2.40.102, unison, uuidm, variantslib, zipios++, zlibc, zope- maildrophost.
The following packages became reproducible after getting fixed:
- autoconf2.13/2.13-67 uploaded by Ben Pfaff, original patch by Santiago Vila.
- ding/1.8-3 by Roland Rosenfeld.
- dropbear/2015.68-1 by Guilhem Moulin. First set of patches (#777324, #793006) by Chris Lamb and akira.
- nvram-wakeup/1.1-3 by Tobias Grimm.
- original-awk/2012-12-20-5 by Santiago Vila.
- resiprocate/1:1.10.0-1 uploaded by Daniel Pocock, patch by Reiner Herrmann merged upstream.
- sbuild/0.66.0-5 by Johannes Schauer, reported by Jakub Wilk.
- scribus/1.4.5+dfsg1-4 by Mattia Rizzolo.
- sgmltools-lite/3.0.3.0.cvs.20010909-19 by Santiago Vila.
- unicode-data/8.0-2 uploaded by Alastair McKinstry, original patch by Esa Peuha.
- xmoto/0.5.11+dfsg-3 by Stephen Kitt.
Packages which could not be tested:
- mp4h/1.3.1-11 by Axel Beckert (shared memory issue on
reproducible.debian.net). - nvidia-graphics-drivers-legacy-304xx/304.128-5 by Andreas Beckmann (non-free).
Some uploads fixed some reproducibility issues but not all of them:
- libvirt/1.2.20-1 by Guido Günther.
- libgpars-groovy-java/1.2.1-4 by Emmanuel Bourg.
Patches submitted which have not made their way to the archive yet:
- #801520 on libapache2-mod-perl2 by Niko Tyni: sort the list of files used to build the documentation.
- #801523 on perl by Niko Tyni: sort the list of input files in
PPPort_xs.PL. Forwarded upstream. - #801864 on ncurses by Esa Peuha: use C locale when sorting the list of keys.
- #802042 on libchado-perl by Niko Tyni: sort keys in installed configuration file.
Lunar reported that test strings depend on default character encoding of the build system in ongl.
reproducible.debian.net
The 189 packages composing the Arch Linux “core” repository are now being tested. No packages are currently reproducible, but most of the time the difference is limited to metadata. This has already gained some interest in the Arch Linux community.
An explicit log message is now visible when a build has been killed due to the 12 hours timeout. (h01ger)
Remote build setup has been made more robust and self maintenance has been further improved. (h01ger)
The minimum age for rescheduling of already tested amd64 packages has been
lowered from 14 to 7 days, thanks to the increase of hardware resources
sponsored by ProfitBricks last week.
(h01ger)
diffoscope development
diffoscope version 37 has been released on October
15th. It adds support for two new file formats (CBFS images and Debian .dsc
files). After proposing the required changes to
TLSH, fuzzy hashes are now computed
incrementally. This will avoid reading entire files in memory which caused
problems for large packages.
New tests have been added for the command-line interface. More character
encoding issues have been fixed. Malformed md5sums will now be compared as
binary files instead of making diffoscope crash amongst several other minor
fixes.
Version 38 was released two days later to fix the versioned dependency on python3-tlsh.
strip-nondeterminism development
strip-nondeterminism version 0.013-1 has been uploaded to the archive. It fixes an issue with nonconformant PNG files with trailing garbage reported by Roland Rosenfeld.
disorderfs development
disorderfs version 0.4.1-1 is a stop-
gap release that will disable lock
propagation, unless --share-locks=yes is
specified, as it still is affected by unidentified issues.
Documentation update
Lunar has been busy creating a proper website for reproducible-builds.org
that would be a common location for news, documentation, and tools for all
free software projects working on reproducible builds. It’s not yet ready to
be published, but it’s surely getting there.
Package reviews
103 reviews have been removed, 394 added and 29 updated this week.
72 FTBFS issues were reported by Chris West and Niko Tyni.
New issues: random_order_in_static_libraries, random_order_in_md5sums.
