View all weekly reports

Reproducible Builds: Weekly report #92

Published: Jan 31, 2017.

Here’s what happened in the Reproducible Builds effort between Sunday January 22 and Saturday January 28 2017:

Media coverage

Upcoming Events

  • Introduction to Reproducible Builds will be presented by Vagrant Cascadian at Scale15x in Pasadena, California, March 5th.

  • “Verifying Software Freedom with Reproducible Builds” will be presented by Vagrant Cascadian at Libreplanet2017 in Boston, March 25th-26th.

Reproducible work in other projects

John Gilmore wrote an interesting mail about how worked on reproducible builds in the early 1990s. It’s eye opening to see how the dealt with basically the very same problems we’re dealing with today, how they solved them and then to realize that most of this has been forgotten and bit-rotted in the last 20 years. How will we prevent history repeating itself here?

Toolchain development and fixes

Christoph Biedl wrote a mail describing an interesting problem in to the way binNMUs are done in Debian.

Guillem Jover made a number of changes to dpkg that affect the Reproducible Builds effort within Debian:

  • Always set SOURCE_DATE_EPOCH in dpkg-buildpackage and dpkg-source. Use the current date if the changelog does not have one. Closes: #849081

  • Add initial support for DEB_BUILD_OPTIONS to dpkg-genbuildinfo. This will make it possible to enable or disable specific features that should be recorded in the .buildinfo file. For now only “all” and “path” are supported. Closes: #848705

  • Include .buildinfo files also for source-only uploads in dpkg-genchanges. Closes: #846164

  • Add support for signed .buildinfo files to dpkg-buildpackage. Add new -ui and --unsigned-buildinfo options. Closes: #843925

  • Make dpkg-buildpackage --unsigned-changes not sign .buildinfo either. This breaks the expectations of users and tools, because there was no way previously to request no signing at all. Closes: #852822

Packages reviewed and fixed, and bugs filed

Chris Lamb:


Reviews of unreproducible packages

17 package reviews have been added, 4 have been updated and 6 have been removed in this week, adding to our knowledge about identified issues.

2 issue types have been added:

1 issue type has been removed:

  • ftbfs_due_to_jenkins_semaphore_setup

Weekly QA work

During our reproducibility testing, the following FTBFS bugs have been detected and reported by:

  • Chris Lamb (6)
  • Holger Levsen (1)

diffoscope development

reprotest development development

  • h01ger experimented with reusing SSH control connections but stopped that experiment when we ran into more network issues than before. To be continued, as we’re having 10k SSH connections per day and saving 2 seconds each time would sum up, especially on the Jenkins host itself.
  • h01ger made the scheduler run 3 times a day, 2.5h after dinstall runs, instead of every 3h as before.
  • h01ger restructured the and improved the corresponding Jenins job.
  • h01ger also unblacklisted xmds2, sofia-sip and ck - if you think other packages should be unblacklisted (maybe only on some architectures), please do tell us.


This week’s edition was written by Chris Lamb and Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

View all weekly reports

Follow us on Twitter @ReproBuilds, Mastodon & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches for this website welcome via our Git repository (instructions) or via our mailing list. • Full contact info