[Reproducible-builds] [report] Week 25 in Stretch cycle

Jérémy Bobbio lunar at debian.org
Mon Oct 19 14:16:06 UTC 2015

   What happened in the [1]reproducible builds effort this week:

Toolchain fixes

     * Scott Kitterman uploaded python3-defaults/3.4.3-7 which
       changes py3versions to list versions in a consistent order.
       Issue [2]reported by Santiago Vila with a tentative patch
       by Chris Lamb. Sadly, it appears the problem is not
       entirely solved.
     * Martin Pitt uploaded init-system-helpers/1.24 which makes
       the order of unit files in maintainer scripts stable.
       [3]Original patch by Reiner Herrmann.
     * Niko Tyni uploaded libextutils-xsbuilder-perl/0.28-3 which
       [4]makes the generated XS code reproducible.

   Niko Tyni wrote a new [5]patch adding support for
   [6]SOURCE_DATE_EPOCH in Pod::Man. This would complement or
   replace the previously implemented POD_MAN_DATE environment
   variable in a more generic way.

   Niko Tyni [7]proposed a fix to prevent [8]mtime variation in
   directories due to debhelper usage of cp --parents -p.

Packages fixed

   The following 119 packages became reproducible due to changes
   in their build dependencies: aac-tactics, aafigure, apgdiff,
   bin-prot, boxbackup, calendar, camlmix, cconv, cdist, cl-asdf,
   cli-common, cluster-glue, cppo, cvs, esdl, ess, faucc, fauhdlc,
   fbcat, flex-old, freetennis, ftgl, gap, ghc, git-cola,
   globus-authz-callout-error, globus-authz, globus-callout,
   globus-common, globus-ftp-client, globus-ftp-control,
   globus-gass-cache, globus-gass-copy, globus-gass-transfer,
   globus-gram-client, globus-gram-job-manager-callout-error,
   globus-gram-protocol, globus-gridmap-callout-error,
   globus-gsi-callback, globus-gsi-cert-utils,
   globus-gsi-credential, globus-gsi-openssl-error,
   globus-gsi-proxy-core, globus-gsi-proxy-ssl,
   globus-gsi-sysconfig, globus-gss-assist, globus-gssapi-error,
   globus-gssapi-gsi, globus-net-manager, globus-openssl-module,
   globus-rsl, globus-scheduler-event-generator,
   globus-xio-gridftp-driver, globus-xio-gsi-driver, globus-xio,
   gnome-control-center, grml2usb, grub, guilt, hgview, htmlcxx,
   hwloc, imms, kde-l10n, keystone, kimwitu++, kimwitu-doc, kmod,
   krb5, laby, ledger, libcrypto++, libopendbx, libsyncml, libwps,
   lprng-doc, madwimax, maria, mediawiki-math, menhir, misery,
   monotone-viz, morse, mpfr4, obus, ocaml-csv, ocaml-reins,
   ocamldsort, ocp-indent, openscenegraph, opensp, optcomp, opus,
   otags, pa-bench, pa-ounit, pa-test, parmap, pcaputils,
   perl-cross-debian, prooftree, pyfits, pywavelets, pywbem, rpy,
   signify, siscone, swtchart, tipa, typerep, tyxml,
   unison2.32.52, unison2.40.102, unison, uuidm, variantslib,
   zipios++, zlibc, zope-maildrophost.

   The following packages became reproducible after getting fixed:
     * autoconf2.13/2.13-67 uploaded by Ben Pfaff, [9]original
       patch by Santiago Vila.
     * ding/1.8-3 by Roland Rosenfeld.
     * dropbear/2015.68-1 by Guilhem Moulin. First set of patches
       (#777324, #793006) by Chris Lamb and akira.
     * nvram-wakeup/1.1-3 by Tobias Grimm.
     * original-awk/2012-12-20-5 by Santiago Vila.
     * resiprocate/1:1.10.0-1 uploaded by Daniel Pocock, [10]patch
       by Reiner Herrmann merged upstream.
     * sbuild/0.66.0-5 by Johannes Schauer, [11]reported by Jakub
     * scribus/1.4.5+dfsg1-4 by Mattia Rizzolo.
     * sgmltools-lite/ by Santiago Vila.
     * unicode-data/8.0-2 uploaded by Alastair McKinstry,
       [12]original patch by Esa Peuha.
     * xmoto/0.5.11+dfsg-3 by Stephen Kitt.

   Packages which could not be tested:
     * mp4h/1.3.1-11 by Axel Beckert (shared memory issue on
     * nvidia-graphics-drivers-legacy-304xx/304.128-5 by Andreas
       Beckmann (non-free).

   Some uploads fixed some reproducibility issues but not all of
     * libvirt/1.2.20-1 by Guido Günther.
     * libgpars-groovy-java/1.2.1-4 by Emmanuel Bourg.

   Patches submitted which have not made their way to the archive
     * 801520 on libapache2-mod-perl2 by Niko Tyni: sort the list
       of files used to build the documentation.
     * 801523 on perl by Niko Tyni: sort the list of input files
       in PPPort_xs.PL. [13]Forwarded upstream.
     * 801864 on ncurses by Esa Peuha: use C locale when sorting
       the list of keys.
     * 802042 on libchado-perl by Niko Tyni: sort keys in
       installed configuration file.

   Lunar reported that [14]test strings depend on default
   character encoding of the build system in ongl.


   The 189 packages composing the Arch Linux “core” repository are
   [15]now being tested. No packages are currently reproducible,
   but most of the time the difference is limited to metadata.
   This has already gained some interest in the Arch Linux

   An explicit log message is now visible when a build has been
   killed due to the 12 hours timeout. (h01ger)

   Remote build setup has been made more robust and self
   maintenance has been further improved. (h01ger)

   The minimum age for rescheduling of already tested amd64
   packages has been lowered from 14 to 7 days, thanks to the
   increase of hardware resources sponsored by [16]ProfitBricks
   last week. (h01ger)

diffoscope development

   [17]diffoscope version 37 has been released on October 15th. It
   adds support for two new file formats (CBFS images and Debian
   .dsc files). After proposing the required changes to [18]TLSH,
   fuzzy hashes are now computed incrementally. This will avoid
   reading entire files in memory which caused problems for large

   New tests have been added for the command-line interface. More
   character encoding issues have been fixed. Malformed md5sums
   will now be compared as binary files instead of making
   diffoscope crash amongst several other minor fixes.

   Version 38 was released two days later to fix the versioned
   dependency on python3-tlsh.

strip-nondeterminism development

   strip-nondeterminism version 0.013-1 has been uploaded to the
   archive. It fixes an [19]issue with nonconformant PNG files
   with trailing garbage reported by Roland Rosenfeld.

disorderfs development

   disorderfs version 0.4.1-1 is a stop-gap release that will
   [20]disable lock propagation, unless --share-locks=yes is
   specified, as it still is affected by unidentified issues.

Documentation update

   Lunar has been busy creating a proper website for
   reproducible-builds.org that would be a common location for
   news, documentation, and tools for all free software projects
   working on reproducible builds. It's not yet ready to be
   published, but it's surely getting there [21][22].

Package reviews

   103 [23]reviews have been removed, 394 added and 29 updated
   this week.

   72 FTBFS issues were reported by Chris West and Niko Tyni.

   New issues: [24]random_order_in_static_libraries,


   1. https://wiki.debian.org/ReproducibleBuilds
   2. https://bugs.debian.org/801376
   3. https://bugs.debian.org/801470
   4. https://bugs.debian.org/802078
   5. https://bugs.debian.org/801621
   6. https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal
   7. http://bugs.debian.org/802005
   8. https://reproducible.debian.net/issues/unstable/timestamps_in_directories_issue.html
   9. https://bugs.debian.org/801885
  10. https://bugs.debian.org/797419
  11. https://bugs.debian.org/801882
  12. https://bugs.debian.org/801212
  13. https://github.com/mhx/Devel-PPPort/pull/28
  14. https://bugs.debian.org/801855
  15. https://reproducible.debian.net/archlinux/
  16. https://www.profitbricks.co.uk/
  17. http://diffoscope.org/
  18. https://github.com/trendmicro/tlsh
  19. https://bugs.debian.org/802057
  20. https://bugs.debian.org/800063
  21. https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_25/rbwww1.png
  22. https://people.debian.org/~lunar/blog/posts/reproducible_builds_stretch_week_25/rbwww2.png
  23. https://reproducible.debian.net/unstable/amd64/index_notes.html
  24. https://reproducible.debian.net/issues/unstable/random_order_in_static_libraries_issue.html
  25. https://reproducible.debian.net/issues/unstable/random_order_in_md5sums_issue.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151019/a0b161c8/attachment.sig>

More information about the Reproducible-builds mailing list