204.md 7.29 KB
Newer Older
1 2 3
layout: new/blog
week: 204
published: 2019-03-27 14:01:35
5 6

Chris Lamb's avatar
Chris Lamb committed
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday March 17 and Saturday March 23 2019:

Chris Lamb's avatar
Chris Lamb committed
* On [our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/) this week, Mike Miller started a discussion around [development toolchains embedding compiler options in binares](https://lists.reproducible-builds.org/pipermail/rb-general/2019-March/001503.html). This can result in unreproducible builds, ironically caused by [GCC flags](https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html) that were intended to remove non-deterministic behaviour in the first place (eg. `-fdebug-prefix-map` and `-ffile-prefix-map`).

Arnout Engelen's avatar
Arnout Engelen committed
* [Arnout Engelen](https://arnout.engelen.eu/) proposed [a pull request](https://github.com/akka/akka/pull/26546) for the [Akka](https://akka.io/) JVM-based library for concurrent and distributed programming to include a reproducible builds plugin which was subsequently merged.
Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed

Chris Lamb's avatar
Chris Lamb committed
13 14 15 16
* [Izaak "Zaak" Beekman](https://izaakbeekman.com/) announced that the 2.6.1 [OpenCorrays](http://www.opencoarrays.org/) parallelism library for Fortran 2018 compilers now [supports reproducible builds](https://github.com/sourceryinstitute/opencoarrays/releases/tag/2.6.1).

* David Prévot updated the [reproducible-builds.org project website](https://reproducible-builds.org) to specify that the PHP example for `SOURCE_DATE_EPOCH` uses an integer type as expected in strict mode. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9db5438)]

* [Holger Levsen](http://layer-acht.org/thinking/) gave a talk titled *My life with free software* at [Cheikh Anta Diop University](https://en.wikipedia.org/wiki/Cheikh_Anta_Diop_University) in Dakar, Senegal in which he also explained Reproducible Builds to the students and invited them to participate in [Outreachy](https://www.outreachy.org/) and [Google Summer of Code](https://summerofcode.withgoogle.com/). Another purpose was location scouting for the next [Reproducible Builds summit](https://reproducible-builds.org/events/) which is tentatively planned to take place in late 2019. The event was [well received](https://twitter.com/linuxsenegal/status/1109473424605351941) by the local Linux Senegal community.

Chris Lamb's avatar
Chris Lamb committed
19 20
* 17 Debian package reviews were added, 2 were updated and 9 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb identified and categorised four new issues,[`build_path_in_typelib_files_generated_by_gir_compiler`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/a1697857), [`build_path_in_qdoc`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/3d6b96da), [`bundle_name_in_java_manifest_mf`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/0a6bebbb) and [`randomness_in_prolog_saved_stage`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/23bc637f).

21 22 23 24
* Mattia Rizzolo [started to set up a new mail server](https://salsa.debian.org/reproducible-builds/rb-mailx-ansible) that will also serve our [mailing lists](https://lists.reproducible-builds.org), to migrate from of our current host, [potager.org](https://potager.org/).

**Don't forget that Reproducible Builds is part of May/August 2019 round of [Outreachy](https://www.outreachy.org/) which offers paid internships to work on free software.** Internships are open to applicants around the world and are paid a stipend for the three month internship with an additional travel stipend to attend conferences. So far, we received more than ten initial requests from candidates and the closing date for applicants is April 2nd. More information is available [on the application page](https://www.outreachy.org/may-2019-august-2019-outreachy-internships/communities/debian/).

Chris Lamb's avatar
Chris Lamb committed
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
## diffoscope development

[![]({{ "/images/blog/202/diffoscope.svg" | prepend: site.baseurl }})](https://diffoscope.org)

[diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week:

* Chris Lamb:
    * Always warn if the `tlsh` module is not available (not just if a specific fuzziness threshold is specified) to match the epilog of the `--help` output. This prevents missing support for file rename detection. ([#29](https://salsa.debian.org/reproducible-builds/diffoscope/issues/29))
    * Fix a number of tests when using GhostScript `9.20` vs `9.26` for Debian `stable` vs. the same distribution with the security/point release applied. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8c7b085)]

* Mattia Rizzolo:
    * Ignore the version mismatch detection when building backport. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f23e04d)]
    * Make test\_ps.test\_text\_diff pass with ghostscript 9.26. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a5426f7)]

* Milena Boselli Rosa:
    * Remove the `type` HTML attribute from `style` elements. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fc082d2)]
    * Prevent empty values for the `name` attribute name on HTML anchor tags and add an `id` to its parent `div` container. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/41968b8)]
    * Fix a *Text run is not in Unicode Normalization Form C* HTML validation warning. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/92385ce)]
    * Fix a *Table column x established by element 'col' has no cells beginning in it* HTML validation error. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/951bcaf)]
Bernhard M. Wiedemann's avatar
Bernhard M. Wiedemann committed
45 46 47 48

## Packages reviewed and fixed, and bugs filed

* Bernhard M. Wiedemann:
Chris Lamb's avatar
Chris Lamb committed
49 50 51 52 53 54 55 56 57 58
    * [libqt5-qtdeclarative](https://bugreports.qt.io/browse/QTBUG-74532) ([ASLR](https://en.wikipedia.org/wiki/Address_space_layout_randomization) / uninitialised memory written to output file)

* [Chris Lamb](https://chris-lamb.co.uk/):
    * [#925191](https://bugs.debian.org/925191) filed against [toil](https://tracker.debian.org/pkg/toil) ([filed and merged upstream](https://github.com/DataBiosphere/toil/pull/2563))
    * [#925192](https://bugs.debian.org/925192) filed against [libappindicator](https://tracker.debian.org/pkg/libappindicator).

## Test framework development

We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Mattia Rizzolo:

* Fixed the `dsa-check-running-kernel` script after [Ubuntu](https://ubuntu.com) updated their packages. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f94d787c)]
Chris Lamb's avatar
Chris Lamb committed
60 61 62 63 64 65
* Do not blindly forward the `jenkins@` emails, otherwise [procmail](http://www.procmail.org/) cannot filter them (breaking our `email2irc` script). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/12fa047e)]
* Gave Vagrant Cascadian root everywhere. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a170f7ee)]


This week's edition was written by Bernhard M. Wiedemann, [Chris Lamb](https://chris-lamb.co.uk/), Holger Levsen, Mattia Rizzolo and Vagrant Cascadian & was reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.