Bug#1078849: jenkins.debian.org: diffoscope failure results in packages being marked unreproducible
Vagrant Cascadian
vagrant at reproducible-builds.org
Sat Aug 17 03:09:14 BST 2024
Package: jenkins.debian.org
Severity: important
X-Debbugs-Cc: vagrant at reproducible-builds.org
Apparently, diffoscope has issues that both cause it to fail to build,
but more importantly for jenkins, fails to actually execute in a sid
environment... leading to all packages that successfully build to be
marked as unreproducible, even if the .deb files are bit-for-bit
identical.
At least for the moment, diffoscope is still working fine on trixie, so
a possible workaround is to run diffoscope from a trixie (or bookworm?)
environment.
Longer-term, it might be worth comparing the hashes of the various files
directly, so that the reproducible builds jobs in jenkins do not
inappropriately mark something as unreproducible just because diffoscope
unexpectedly failed.
I noticed this when Diziet was asking why vtwm was marked as
unreproducible:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/vtwm.html
... I went and downloaded the vtwm artifacts only to find that they were
bit-for-bit reproducible.
live well,
vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-dev/attachments/20240816/fc3caac3/attachment.sig>
More information about the Qa-jenkins-dev
mailing list