186.md 8.47 KB
Newer Older
1
---
2
layout: new/blog
3
week: 186
4
published: 2018-11-20 13:16:40
5 6
---

Chris Lamb's avatar
Chris Lamb committed
7
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday November 11 and Saturday November 17 2018:
8

Chris Lamb's avatar
Chris Lamb committed
9
* Code review for the [LLVM](https://llvm.org/) compiler to [support the `-fmacro-prefix-map` argument](https://reviews.llvm.org/D49466) is currently in progress. Like the `-fdebug-prefix-map` flag, this argument replaces a string prefix for the `FILE` [pre-processor macro](https://en.wikipedia.org/wiki/C_preprocessor).
10

Chris Lamb's avatar
Chris Lamb committed
11
* Kyle Rankin, the Chief Security Officer of [Puri.sm](https://puri.sm/posts/protecting-the-digital-supply-chain/) authored a blog post entitled "[Protecting the Digital Supply Chain](https://puri.sm/posts/protecting-the-digital-supply-chain/)" which describes how with Reproducible Builds you can show that no malicious code was injected in software supply chains:
12

Chris Lamb's avatar
Chris Lamb committed
13
    > *Think of it like the combination of a food safety inspector and an independent lab that verifies the nutrition claims on a box of cereal all rolled into one.*
Holger Levsen's avatar
Holger Levsen committed
14

15 16
* Chris Lamb gave a presentation at the [SFScon](https://www.sfscon.it) conference in Bozen, Italy on [reproducible builds and how they can prevent developers from becoming targets of various attacks](https://www.sfscon.it/talks/you-think-youre-not-a-target-a-tale-of-three-developers/).

Chris Lamb's avatar
Chris Lamb committed
17
* Holger Levsen updated our website to add the [Tor](https://www.torproject.org/) project as a participant at [our upcoming Paris Summit](https://reproducible-builds.org/events/paris2018/). In addition, Bernhard M. Wiedemann applied a sitewide change to use consistent capitalisation for [openSUSE](https://www.opensuse.org/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1bd9083)].
Holger Levsen's avatar
Holger Levsen committed
18

Chris Lamb's avatar
Chris Lamb committed
19
* 38 Debian package reviews were added, 4 were updated and 19 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). The `nondeterminstic_output_in_pkgconfig_files_generated_by_meson` was removed as a fix was applied upstream [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e1cf42dc)], and the note for the `randomness_in_binaries_generated_by_golang` issue was updated. ([1](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/0efa6b16), [2](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/8139ba15))
20

Chris Lamb's avatar
Chris Lamb committed
21 22
* [diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week, [Marius Gedminas](https://gedmin.as/) provided a patch to add a `python_requires` field to diffoscope's `setup.py` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8e5e9b8)] and Mattia Rizzolo sorted the list of recommended Python modules in `debian/tests/control` [[...]](https://salsa.debian.org/reproducible-builds/diffoscope/commit/b618777).

Chris Lamb's avatar
Chris Lamb committed
23 24
* Chris Lamb's previously-authored patches for [GNU mtools](https://www.gnu.org/software/mtools/) to ensure the [Debian Installer](https://www.debian.org/devel/debian-installer/) images could become reproducible which were sent upstream last week ([1](http://lists.gnu.org/archive/html/info-mtools/2018-10/msg00003.html) & [2](http://lists.gnu.org/archive/html/info-mtools/2018-10/msg00004.html)) are now available in upstream's [4.0.20 release](http://lists.gnu.org/archive/html/info-mtools/2018-11/msg00004.html).

Chris Lamb's avatar
Chris Lamb committed
25
* Upstream `chromium-70` now builds reproducibly in [openSUSE](https://opensuse.org) (with a admittedly-normalised build environment) since [it uses the Git commit date](https://chromium-review.googlesource.com/c/chromium/src/+/1167913).
Chris Lamb's avatar
Chris Lamb committed
26 27 28 29

* Chris Lamb uploaded `strip-nondeterminism` (our tool to post-process files to remove known non-deterministic output) version `0.45.0-1` [to Debian unstable](https://tracker.debian.org/news/1002630/accepted-strip-nondeterminism-0450-1-source-all-into-unstable/) in order that [catch invalid ZIP "local" field lengths](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/e5f5008) — we were previously blindly trusting the value supplied in the ZIP file ([#803503](https://bugs.debian.org/803503)). As part of this upload he moved the utility to the [SemVer](https://semver.org) versioning scheme.

* We have received more than 45 registrations for the upcoming [Reproducible Builds summit in Paris](https://reproducible-builds.org/events/paris2018/) between 11th—13th December 2018 and have now closed registrations. Very much looking forward to seeing you there!
30

Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed
31 32 33 34 35

Packages reviewed and fixed, and bugs filed
-------------------------------------------

* Bernhard M. Wiedemann:
Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed
36 37
    * [kvirc](https://github.com/kvirc/KVIrc/pull/2411) (drop `uname -r`), Also submitted to openSUSE ([...](https://build.opensuse.org/request/show/649892))
    * [libpt2](https://build.opensuse.org/request/show/649968) (drop `uname -r`)
Chris Lamb's avatar
Chris Lamb committed
38

Chris Lamb's avatar
Chris Lamb committed
39
* Christoph Berg posted some work-in-progress patches for [postgresql-hll](https://github.com/citusdata/postgresql-hll) (a [PostgreSQL](https://www.postgresql.org/) extension adding [HyperLogLog data structures](https://en.wikipedia.org/wiki/HyperLogLog) as a native data type) to make their build reproducible [to the upstream mailing list](https://www.postgresql.org/message-id/20181113104005.GA32154%40msg.credativ.de).
Chris Lamb's avatar
Chris Lamb committed
40 41 42 43

Test framework development
--------------------------

44
There were a large number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org/) by Holger Levsen this week, including:
Chris Lamb's avatar
Chris Lamb committed
45 46 47

* [Arch Linux](https://www.archlinux.org/)-specific changes:

Chris Lamb's avatar
Chris Lamb committed
48
    * Make `sed(1)` calls for modifying `pacman.conf` more robust, fixing building in the future as well as using proxies for downloading package dependencies. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/be8fc3f5)
Chris Lamb's avatar
Chris Lamb committed
49
    * Improve the documentation of a multi-line [sed(1)](https://www.gnu.org/software/sed/manual/sed.html) statement. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/243d7312)]
50
    * Perform some administration on the package blacklists. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/dbe42fac), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/02f5df90))
Chris Lamb's avatar
Chris Lamb committed
51
    * Move to using [sudo(8)](https://www.sudo.ws/) for cleaning old `/tmp` files left by package builds. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9a931cf7)]
Chris Lamb's avatar
Chris Lamb committed
52 53 54

* [Debian](https://www.debian.org/)-specific changes:

Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed
55
    * Add two new [cloud-image](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_cloud-image.html) and [cloud-image_build-depends](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_cloud-image_build-depends.html) package sets.
Chris Lamb's avatar
Chris Lamb committed
56 57
    * Perform some node maintenance. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/39ddce21), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/81815405), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/adf8ae17))
    * Install [munin](http://munin-monitoring.org/) from the "[Backports](https://backports.debian.org/) repositories. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/093ff284), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/0c013bbf))
Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed
58
    * Strip architecture from packages in the [grml](https://grml.org/) package sets. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/bea13e74)]
Chris Lamb's avatar
Chris Lamb committed
59 60 61 62 63 64 65 66 67 68 69 70 71

* Misc/generic changes:

    * Ensure all ProfitBricks (`amd64` and `i386`) nodes in Karlsruhe use `pb1` as a proxy and all nodes in Frankfurt use `pb10`. This might have produced some build failures but fixed issues with [Squid](http://www.squid-cache.org/) running in the future. This complements [previous work for the `arm64` architecture](https://bugs.debian.org/909838).
    * Filed [#913658](https://bugs.debian.org/913658): ("*Broken links on packages pages*")
    * Document that the proxy setting for chroot installs are actually correct. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4fa6f14f)]

In addition, Alexander Couzens provided workaround for an OpenWrt build system bug [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4a97c4c0)], Eli Schwartz refactored our [Arch Linux](https://www.archlinux.org/) support [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/539f38b8)] and Mattia Rizzolo performed some node maintenance.


---

This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Mattia Rizzolo & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.