[Reproducible-builds] [report] Week 25 in Stretch cycle
Jérémy Bobbio
lunar at debian.org
Mon Oct 19 14:16:06 UTC 2015
What happened in the [1]reproducible builds effort this week:
Toolchain fixes
* Scott Kitterman uploaded python3-defaults/3.4.3-7 which
changes py3versions to list versions in a consistent order.
Issue [2]reported by Santiago Vila with a tentative patch
by Chris Lamb. Sadly, it appears the problem is not
entirely solved.
* Martin Pitt uploaded init-system-helpers/1.24 which makes
the order of unit files in maintainer scripts stable.
[3]Original patch by Reiner Herrmann.
* Niko Tyni uploaded libextutils-xsbuilder-perl/0.28-3 which
[4]makes the generated XS code reproducible.
Niko Tyni wrote a new [5]patch adding support for
[6]SOURCE_DATE_EPOCH in Pod::Man. This would complement or
replace the previously implemented POD_MAN_DATE environment
variable in a more generic way.
Niko Tyni [7]proposed a fix to prevent [8]mtime variation in
directories due to debhelper usage of cp --parents -p.
Packages fixed
The following 119 packages became reproducible due to changes
in their build dependencies: aac-tactics, aafigure, apgdiff,
bin-prot, boxbackup, calendar, camlmix, cconv, cdist, cl-asdf,
cli-common, cluster-glue, cppo, cvs, esdl, ess, faucc, fauhdlc,
fbcat, flex-old, freetennis, ftgl, gap, ghc, git-cola,
globus-authz-callout-error, globus-authz, globus-callout,
globus-common, globus-ftp-client, globus-ftp-control,
globus-gass-cache, globus-gass-copy, globus-gass-transfer,
globus-gram-client, globus-gram-job-manager-callout-error,
globus-gram-protocol, globus-gridmap-callout-error,
globus-gsi-callback, globus-gsi-cert-utils,
globus-gsi-credential, globus-gsi-openssl-error,
globus-gsi-proxy-core, globus-gsi-proxy-ssl,
globus-gsi-sysconfig, globus-gss-assist, globus-gssapi-error,
globus-gssapi-gsi, globus-net-manager, globus-openssl-module,
globus-rsl, globus-scheduler-event-generator,
globus-xio-gridftp-driver, globus-xio-gsi-driver, globus-xio,
gnome-control-center, grml2usb, grub, guilt, hgview, htmlcxx,
hwloc, imms, kde-l10n, keystone, kimwitu++, kimwitu-doc, kmod,
krb5, laby, ledger, libcrypto++, libopendbx, libsyncml, libwps,
lprng-doc, madwimax, maria, mediawiki-math, menhir, misery,
monotone-viz, morse, mpfr4, obus, ocaml-csv, ocaml-reins,
ocamldsort, ocp-indent, openscenegraph, opensp, optcomp, opus,
otags, pa-bench, pa-ounit, pa-test, parmap, pcaputils,
perl-cross-debian, prooftree, pyfits, pywavelets, pywbem, rpy,
signify, siscone, swtchart, tipa, typerep, tyxml,
unison2.32.52, unison2.40.102, unison, uuidm, variantslib,
zipios++, zlibc, zope-maildrophost.
The following packages became reproducible after getting fixed:
* autoconf2.13/2.13-67 uploaded by Ben Pfaff, [9]original
patch by Santiago Vila.
* ding/1.8-3 by Roland Rosenfeld.
* dropbear/2015.68-1 by Guilhem Moulin. First set of patches
(#777324, #793006) by Chris Lamb and akira.
* nvram-wakeup/1.1-3 by Tobias Grimm.
* original-awk/2012-12-20-5 by Santiago Vila.
* resiprocate/1:1.10.0-1 uploaded by Daniel Pocock, [10]patch
by Reiner Herrmann merged upstream.
* sbuild/0.66.0-5 by Johannes Schauer, [11]reported by Jakub
Wilk.
* scribus/1.4.5+dfsg1-4 by Mattia Rizzolo.
* sgmltools-lite/3.0.3.0.cvs.20010909-19 by Santiago Vila.
* unicode-data/8.0-2 uploaded by Alastair McKinstry,
[12]original patch by Esa Peuha.
* xmoto/0.5.11+dfsg-3 by Stephen Kitt.
Packages which could not be tested:
* mp4h/1.3.1-11 by Axel Beckert (shared memory issue on
reproducible.debian.net).
* nvidia-graphics-drivers-legacy-304xx/304.128-5 by Andreas
Beckmann (non-free).
Some uploads fixed some reproducibility issues but not all of
them:
* libvirt/1.2.20-1 by Guido Günther.
* libgpars-groovy-java/1.2.1-4 by Emmanuel Bourg.
Patches submitted which have not made their way to the archive
yet:
* 801520 on libapache2-mod-perl2 by Niko Tyni: sort the list
of files used to build the documentation.
* 801523 on perl by Niko Tyni: sort the list of input files
in PPPort_xs.PL. [13]Forwarded upstream.
* 801864 on ncurses by Esa Peuha: use C locale when sorting
the list of keys.
* 802042 on libchado-perl by Niko Tyni: sort keys in
installed configuration file.
Lunar reported that [14]test strings depend on default
character encoding of the build system in ongl.
reproducible.debian.net
The 189 packages composing the Arch Linux “core” repository are
[15]now being tested. No packages are currently reproducible,
but most of the time the difference is limited to metadata.
This has already gained some interest in the Arch Linux
community.
An explicit log message is now visible when a build has been
killed due to the 12 hours timeout. (h01ger)
Remote build setup has been made more robust and self
maintenance has been further improved. (h01ger)
The minimum age for rescheduling of already tested amd64
packages has been lowered from 14 to 7 days, thanks to the
increase of hardware resources sponsored by [16]ProfitBricks
last week. (h01ger)
diffoscope development
[17]diffoscope version 37 has been released on October 15th. It
adds support for two new file formats (CBFS images and Debian
.dsc files). After proposing the required changes to [18]TLSH,
fuzzy hashes are now computed incrementally. This will avoid
reading entire files in memory which caused problems for large
packages.
New tests have been added for the command-line interface. More
character encoding issues have been fixed. Malformed md5sums
will now be compared as binary files instead of making
diffoscope crash amongst several other minor fixes.
Version 38 was released two days later to fix the versioned
dependency on python3-tlsh.
strip-nondeterminism development
strip-nondeterminism version 0.013-1 has been uploaded to the
archive. It fixes an [19]issue with nonconformant PNG files
with trailing garbage reported by Roland Rosenfeld.
disorderfs development
disorderfs version 0.4.1-1 is a stop-gap release that will
[20]disable lock propagation, unless --share-locks=yes is
specified, as it still is affected by unidentified issues.
Documentation update
Lunar has been busy creating a proper website for
reproducible-builds.org that would be a common location for
news, documentation, and tools for all free software projects
working on reproducible builds. It's not yet ready to be
published, but it's surely getting there [21][22].
Package reviews
103 [23]reviews have been removed, 394 added and 29 updated
this week.
72 FTBFS issues were reported by Chris West and Niko Tyni.
New issues: [24]random_order_in_static_libraries,
[25]random_order_in_md5sums.
References
1. https://wiki.debian.org/ReproducibleBuilds
2. https://bugs.debian.org/801376
3. https://bugs.debian.org/801470
4. https://bugs.debian.org/802078
5. https://bugs.debian.org/801621
6. https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal
7. http://bugs.debian.org/802005
8. https://reproducible.debian.net/issues/unstable/timestamps_in_directories_issue.html
9. https://bugs.debian.org/801885
10. https://bugs.debian.org/797419
11. https://bugs.debian.org/801882
12. https://bugs.debian.org/801212
13. https://github.com/mhx/Devel-PPPort/pull/28
14. https://bugs.debian.org/801855
15. https://reproducible.debian.net/archlinux/
16. https://www.profitbricks.co.uk/
17. http://diffoscope.org/
18. https://github.com/trendmicro/tlsh
19. https://bugs.debian.org/802057
20. https://bugs.debian.org/800063
21. https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_25/rbwww1.png
22. https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_25/rbwww2.png
23. https://reproducible.debian.net/unstable/amd64/index_notes.html
24. https://reproducible.debian.net/issues/unstable/random_order_in_static_libraries_issue.html
25. https://reproducible.debian.net/issues/unstable/random_order_in_md5sums_issue.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151019/a0b161c8/attachment.sig>
More information about the Reproducible-builds
mailing list