[Reproducible-builds] [report] Week 26 in Stretch cycle

Jérémy Bobbio lunar at debian.org
Mon Oct 26 17:46:19 UTC 2015 

   What happened in the [1]reproducible builds effort this past week:

Toolchain fixes

     * Stefano Rivera uploaded python-cffi/1.3.0-1 which makes the
       generated code order deterministic for anonymous unions and
       anonymous structs. [2]Reported by Tristan Seligmann, and
       [3]fixed uptream.

   Mattia Rizzolo created a [4]bug report to continue the
   discussion on storing cryptographic checksums of the installed
   .deb in dpkg database. This follows the [5]discussion that
   happened in June and is a pre-requisite to add checksums to
   [6].buildinfo files.

   Niko Tyni [7]identified why the Vala compiler would generate
   code in varying order. A better patch than his initial attempt
   still needs to be written.

Packages fixed

   The following 15 packages became reproducible due to changes in
   their build dependencies: alt-ergo, approx, bin-prot,
   caml2html, coinst, dokujclient, libapreq2, mwparserfromhell,
   ocsigenserver, python-cryptography, python-watchdog,
   slurm-llnl, tyxml, unison2.40.102, yojson.

   The following packages became reproducible after getting fixed:
     * 389-ds-base/1.3.3.13-1 uploaded by Timo Aaltonen,
       [8]original patch by Chris Lamb.
     * apache2/2.4.17-1 by Stefan Fritsch.
     * ben/0.7.3 by Mehdi Dogguy.
     * cdo/1.6.9+dfsg.1-3 by Alastair McKinstry.
     * epubcheck/4.0.0-2 by Eugene Zhukov.
     * grads/2:2.0.2-8 by Alastair McKinstry.
     * litl/0.1.7+dfsg-1 uploaded by Samuel Thibault, [9]original
       patch by Chris Lamb.
     * mia/2.2.5-1 by Gert Wollny.
     * powerline/2.2-2 by Jerome Charaoui.
     * python-oslotest/1:1.11.0-2 by Thomas Goirand.
     * tth/4.05+ds-2 uploaded by Jerome Benoit, [10]original patch
       by Reiner Herrmann.
     * xbae/4.60.4-7 uploaded by Nicholas Breen, [11]original
       patch by Chris Lamb.
     * xdmf/2.1.dfsg.1-13 by Alastair McKinstry.

   Some uploads fixed some reproducibility issues but not all of
   them:
     * foxeye/0.10.2-1 by Andriy Grytsenko.
     * jaxe/3.5-6 by Samuel Thibault.
     * ncurses/6.0+20151017-1 by Sven Joachim, [12]original patch
       by Esa Peuha.
     * olap4j/1.2.0-1 by Emmanuel Bourg.
     * tomcat8/8.0.28-1 by Emmanuel Bourg.

reproducible.debian.net

   pbuilder has been updated to version 0.219~bpo8+1 on all eight
   build nodes. (Mattia Rizzolo, h01ger)

   Packages that FTBFS but for which no open bugs have been
   recorded are now tested again after 3 days. Likewise for
   “depwait” packages. (h01ger)

   Out of disk situations will not cause IRC notifications
   anymore. (h01ger)

Documentation update

   Lunar continued to work on writing documentation for the future
   reproducible-builds.org website.

Package reviews

   44 [13]reviews have been removed, 81 added and 48 updated this
   week.

   Chris West and Chris Lamb identified 70 “fail to build from
   source” issues.

Misc.

   h01ger presented the project in Mexico City at the [14]3er
   Congreso de Seguridad de la Información. It seems there is an
   interest for academic papers related to reproducible builds.

   Bryan has been doing hard work to improve reproducibility for
   [15]OpenWrt. He wrote a [16]report linking to the [17]patches
   and [18]test results he published.

References

   1. https://wiki.debian.org/ReproducibleBuilds
   2. https://bugs.debian.org/799278
   3. https://bitbucket.org/cffi/cffi/commits/1cfe8c7a59e88186f1a07a9dde28e1787fd900d0
   4. https://bugs.debian.org/802241
   5. https://lists.debian.org/debian-dpkg/2015/06/msg00011.html
   6. https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification
   7. https://bugs.debian.org/802528
   8. https://bugs.debian.org/799010
   9. https://bugs.debian.org/797508
  10. https://bugs.debian.org/792181
  11. https://bugs.debian.org/797871
  12. https://bugs.debian.org/801864
  13. https://reproducible.debian.net/unstable/amd64/index_notes.html
  14. http://congresoseguridad.org/index.php?page=programa
  15. https://www.openwrt.org/
  16. https://lists.openwrt.org/pipermail/openwrt-devel/2015-October/036688.html
  17. https://github.com/bnewbold/openwrt-repro/compare/master...repro
  18. http://repro.bnewbold.the-nsa.org/openwrt-results/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20151026/72a29dc6/attachment.sig>

More information about the Reproducible-builds mailing list