200.md 8.96 KB
Newer Older
1 2 3
---
layout: new/blog
week: 200
4
published: 2019-02-26 12:01:35
5 6
---

Chris Lamb's avatar
Chris Lamb committed
7
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday February 17 and Saturday February 23 2019:
8

9
* Holger Levsen submitted the Reproducible Builds project to the May/August 2019 round of [Outreachy](https://www.outreachy.org/). Outreachy provides internships to work free software. Internships are open to applicants around the world, working remotely and are not required to move. Interns are paid a stipend of $5,500 for the three month internship and have an additional $500 travel stipend to attend conferences/events. So far, we received more than ten initial requests from candidates. The closing date for applicants is April 2nd. More information is available [on the application page](https://www.outreachy.org/may-2019-august-2019-outreachy-internships/communities/debian/).
10

11
* On [our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/) this week, Holger Levsen posted about [non theoretical reproducibility in Debian](https://lists.reproducible-builds.org/pipermail/rb-general/2019-February/001453.html), however results for the full archive will only be available next week. Omar Navarro Leija also asked a question about [finding packages with tests](https://lists.reproducible-builds.org/pipermail/rb-general/2019-February/001454.html).
Chris Lamb's avatar
Chris Lamb committed
12 13 14 15 16 17 18

* Chris Lamb increased the diskspace and memory available for [buildinfo.debian.net](http://buildinfo.debian.net/).

* The [Qt programming framework](https://www.qt.io/) made a change to [their `qtbase` component](https://code.qt.io/cgit/qt/qtbase.git/commit/?id=1ffcca4cc208c48ddb06b6a23abf1756f9724351) to also look for [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/specs/source-date-epoch/) to make a number of Qt-related builds reproducible "out of the box".

* On Tuesday 26th February Chris Lamb will speak at [Speck&Tech 31 "Open Security"](https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643) on Reproducible Builds in Trento, Italy.

Chris Lamb's avatar
Chris Lamb committed
19
* Richard Biener and other [openSUSE](https://opensuse.org) developers involved with the [GCC](https://gcc.gnu.org/) compiler [recently discussed about how to make the compiler build itself reproducibly](https://bugzilla.opensuse.org/show_bug.cgi?id=1040589#c28) and also how to make its profiling less sensitive to ordering issues. Richard also reported success in making GCC build reproducibly without [profile guided optimisations](https://en.wikipedia.org/wiki/Profile-guided_optimization) and [discussed patches upstream](https://gcc.gnu.org/ml/gcc/2019-02/msg00120.html).
20

Chris Lamb's avatar
Chris Lamb committed
21
* Arnout Engelen made some changes to the [reproducible-builds.org](https://reproducible-builds.org) project website including clarifying a `source.scm.uri` variable is the Maven `developerConnection` [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/feb0af8)]. In addition, Jelle van der Waa fixed some typos in the [recent Paris Summit](https://reproducible-builds.org/events/paris2018/) report [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/909cd60)] and Peter Wu clarified the use of CMake/Qt instructions [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9c11072)] & added the current status of `rcc` from Qt 5.13 [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b1fa098)].
Chris Lamb's avatar
Chris Lamb committed
22 23 24 25 26

* 8 Debian package reviews were added, 6 were updated and 15 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).

## diffoscope development

27
[![]({{ "/images/blog/200/diffoscope.svg" | prepend: site.baseurl }})](https://diffoscope.org)
Chris Lamb's avatar
Chris Lamb committed
28 29 30 31 32

[diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages.

This week, Chris Lamb made a huge a number of changes, including:

33 34 35
* Add a `--exclude-directory-metadata=recursive` option to support ignoring timestamp (etc.) differences within nested containers. ([Debian:#907600](https://bugs.debian.org/907600), [#36](https://salsa.debian.org/reproducible-builds/diffoscope/issues/36)).
* Compare `.asc` PGP signatures as text, not as a hexdump. ([Debian:#908991](https://bugs.debian.org/908991), [#7](https://salsa.debian.org/reproducible-builds/diffoscope/issues/7)).
* Replace over 8 MB of Android boot ROM test suite fixtures with 14 KB equivalents to reduce the size of the release tarball. ([#894334](https://bugs.debian.org/894334), [reproducible-builds/diffoscope#13](https://salsa.debian.org/reproducible-builds/diffoscope/issues/13)).
Chris Lamb's avatar
Chris Lamb committed
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
* Additionally compare `pgpdump(1)` output when comparing PGP signatures. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2693ad6)]
* `--help` output improvements:
    * Include links to the [diffoscope homepage](https://diffosope.org) and [bug tracker](https://salsa.debian.org/reproducible-builds/diffoscope/issues). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c4eea5a)]
    * Indent and wrap the list of supported file formats. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d8113a8)]
    * Refer to the Debian package names when indicating how to obtain the `tlsh` and `argcomplete` Python modules.. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/cb6da07)]
* Adopt the [Black](https://black.readthedocs.io/) code formatter:
    * Run against the existing source code. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/21d7546)].
    * Add an initial black setup in a [PEP 518](https://www.python.org/dev/peps/pep-0518/) `pyproject.toml` file [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6050893)] and update `MANIFEST.in` to include it in future release tarballs. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/18687ca)]
    * Add a test to ensure future source code satisfies the formatter. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3c9a98b)]
    * Allow Gitlab CI failures in `stable-bpo` due to dependency on 'black'.. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/32199ce)]
* Drop the `DOS/MBR` source string test. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/40e5a5f)]
* Rework and comment logic determining the fallback/default value for `exclude_directory_metadata`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/12e2540)]

Chris also uploaded version `112` [to Debian unstable](https://tracker.debian.org/news/1031058/accepted-diffoscope-112-source-all-into-unstable/), dropped an errant `</ul>` from the [diffoscope.org](https://diffoscope.org) website [[...](https://salsa.debian.org/reproducible-builds/diffoscope-website/commit/0466c33)] and also applied the "black" code formatter to the [try.diffoscope.org](https://try.diffoscope.org) client [[...](https://salsa.debian.org/reproducible-builds/trydiffoscope/commit/122c5f2)].


## Packages reviewed and fixed, and bugs filed

Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed
54 55
* Bernhard M. Wiedemann:
    * [unknown-horizons](https://github.com/unknown-horizons/unknown-horizons/pull/2903) (sort python glob)
Chris Lamb's avatar
Chris Lamb committed
56 57 58 59 60 61
* Chris Lamb:
    * [#922520](https://bugs.debian.org/922520) filed against [libiio](https://tracker.debian.org/pkg/libiio).


## Test framework development

62
We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Holger Levsen made a huge number of improvements including:
Chris Lamb's avatar
Chris Lamb committed
63 64

* [Debian](https://www.debian.org/)-specific changes:
65
    * Import a script as [posted by Vagrant on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2018-October/001239.html), massively reworking and improving it. The resulting [reproducibility statistics of packages on `ftp.debian.org`](https://lists.reproducible-builds.org/pipermail/rb-general/2019-February/001453.html) were posted to our mailing list. ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/47156c7d)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/99940ded)], etc.)
heinrich5991's avatar
heinrich5991 committed
66
    * Drop a reminder from `rb_service.sh` and move to top-level wishlist tracker. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f398afcb)]
Chris Lamb's avatar
Chris Lamb committed
67 68 69

* Node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0aab2ac0)] [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/541a8f20)] [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fe0fd165)]

70
* [OpenWrt](https://en.wikipedia.org/wiki/OpenWrt)-specific changes:
71 72 73
    * An OpenWrt bug is not a to-do item for us. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/bf60e03c)]
    * Also mark another OpenWrt bug as not a to-do. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e8185c91)]

Chris Lamb's avatar
Chris Lamb committed
74 75 76

---

Chris Lamb's avatar
Chris Lamb committed
77
This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, *heinrich5991*, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.