69.md 13.6 KB
Newer Older
1
---
2
layout: new/blog
3
week: 69
4
published: 2016-08-23 12:08:15
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
---

What happened in the [Reproducible
Builds](https://wiki.debian.org/ReproducibleBuilds) effort between Sunday August 14 and Saturday August 20 2016:

Fasten your seatbelts
---------------------

_Important note_: we enabled build path variation for *unstable* now, so your package(s) might become unreproducible, while previously it was said to be reproducible… given a specific build path it probably still is reproducible but read on for the details below in the tests.reproducible-builds.org section! As said many times: this is still research and we are working to make it reality.

Media coverage
--------------

Daniel Stender blogged about [python
packaging](http://www.danielstender.com/blog/python-packaging-notes1.html) and
explained some caveats regarding reproducible builds.


Toolchain developments
----------------------

Thomas Schmitt uploaded
[xorriso](https://www.gnu.org/software/xorriso/xorriso-1.4.5.tar.gz) which [now
obeys](http://libburnia-project.org/changeset/5747) `SOURCE_DATE_EPOCH`. As
stated in its man pages:

    ENVIRONMENT
    [...]
    SOURCE_DATE_EPOCH  belongs to the specs of reproducible-builds.org.  It
    is supposed to be either undefined or to contain a decimal number which
    tells the seconds since january 1st 1970. If it contains a number, then
    it is used as time value to set the  default  of  --modification-date=,
    --gpt_disk_guid,  and  --set_all_file_dates.  Startup files and program
    options can override the effect of SOURCE_DATE_EPOCH.


Packages reviewed and fixed, and bugs filed
-------------------------------------------

The following packages have become reproducible after being fixed:

46 47 48 49 50 51 52 53 54 55 56 57 58 59
 * [cadencii](https://tracker.debian.org/pkg/cadencii)/3.3.9+svn20110818.r1732-5 by Ying-Chun Liu, [#826677](https://bugs.debian.org/826677) by Chris Lamb.
 * [cfengine3](https://tracker.debian.org/pkg/cfengine3)/3.7.4-3 by Antonio Radici.
 * [findbugs](https://tracker.debian.org/pkg/findbugs)/3.1.0~preview2-1 by Emmanuel Bourg.
 * [gcpegg](https://tracker.debian.org/pkg/gcpegg)/5.1-14 by Bdale Garbee, [#777416](https://bugs.debian.org/777416) by Chris Lamb.
 * [gnunet-gtk](https://tracker.debian.org/pkg/gnunet-gtk)/0.10.1-4 by Bertrand Marc, [#834111](https://bugs.debian.org/834111) by Chris Lamb.
 * [konwert](https://tracker.debian.org/pkg/konwert)/1.8-12 by Yann Dirson, [#778945](https://bugs.debian.org/778945) by Chris Lamb.
 * [link-grammar](https://tracker.debian.org/pkg/link-grammar)/5.3.8-2 by Jeremy Bicha, [#829011](https://bugs.debian.org/829011) by Chris Lamb.
 * [metastudent-data](https://tracker.debian.org/pkg/metastudent-data)/2.0.1-1 by Sascha Steinbiss.
 * [pixmap](https://tracker.debian.org/pkg/pixmap)/2.6pl4-20 by Paul Slootman, [#793709](https://bugs.debian.org/793709) by ~~Chris Lamb~~ Maria Valentina Marin a.k.a. Akira.
 * [python-afl](https://tracker.debian.org/pkg/python-afl)/0.5.4-2 by Daniel Stender.
 * [tf5](https://tracker.debian.org/pkg/tf5)/5.0beta8-6 by Russ Allbery, [#834276](https://bugs.debian.org/834276) by Chris Lamb.
 * [triplane](https://tracker.debian.org/pkg/triplane)/1.0.8-2 by Markus Koschanyover, [#776603](https://bugs.debian.org/776603) by Chris Lamb.
 * [vips](https://tracker.debian.org/pkg/vips)/8.3.3-1 by Laszlo Boszormenyi, [#834758](https://bugs.debian.org/834758) by Chris Lamb.
 * [xzgv](https://tracker.debian.org/pkg/xzgv)/0.9.1-4 by Theodore Y. Ts'o, [#777274](https://bugs.debian.org/777274) by Chris Lamb.
60 61 62 63 64

The following updated packages appear to be reproducible now, for reasons we
were not able to figure out. (Relevant changelogs did not mention reproducible
builds.)

65
 * [vulkan](https://tracker.debian.org/pkg/vulkan)/1.0.21.0+dfsg1-1 by Timo Aaltonen.
66 67

The following 2 packages were not changed, but have become reproducible due
68
to changes in their build-dependencies: [tagsoup](https://tracker.debian.org/pkg/tagsoup) [tclx8.4](https://tracker.debian.org/pkg/tclx8.4).
69 70 71

Some uploads have addressed some reproducibility issues, but not all of them:

72 73 74 75 76 77 78 79 80 81
 * [cappuccino](https://tracker.debian.org/pkg/cappuccino)/0.5.1-4 by Breno Leitao, [#799330](https://bugs.debian.org/799330) by Chris Lamb.
 * [darkice](https://tracker.debian.org/pkg/darkice)/1.3-0.1 by Nicolas Bouleng.
 * [flask-restful](https://tracker.debian.org/pkg/flask-restful)/0.3.5-1 by Ondřej Nový, [#809780](https://bugs.debian.org/809780) by Chris Lamb.
 * [kodi](https://tracker.debian.org/pkg/kodi)/16.1+dfsg1-2 by Balint Reczey, [#825285](https://bugs.debian.org/825285) by Lukas Rechberger.
 * [libaws](https://tracker.debian.org/pkg/libaws)/3.3.2-3 by Nicolas Bouleng.
 * [liblog4ada](https://tracker.debian.org/pkg/liblog4ada)/1.3-1 by Nicolas Bouleng.
 * [libxmlezout](https://tracker.debian.org/pkg/libxmlezout)/1.06.1-8 by Nicolas Bouleng.
 * [ruby-rmagick](https://tracker.debian.org/pkg/ruby-rmagick)/2.15.4+dfsg-2 by Antonio Terceir, [#795484](https://bugs.debian.org/795484) from Chris Lamb.
 * [taggrepper](https://tracker.debian.org/pkg/taggrepper)/0.05-2 by Kumar Appaiah, [#777725](https://bugs.debian.org/777725) and [#793726](https://bugs.debian.org/793726) from Maria Valentina Marin.
 * [xotcl](https://tracker.debian.org/pkg/xotcl)/1.6.8-2 by Stefan Sobernig, [#797543](https://bugs.debian.org/797543) by Chris Lamb.
82 83 84

Patches submitted that have not made their way to the archive yet:

85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
 * [#834755](https://bugs.debian.org/834755) against [apt-cacher-ng](https://tracker.debian.org/pkg/apt-cacher-ng) by Chris Lamb.
 * [#834976](https://bugs.debian.org/834976) against [auto-apt-proxy](https://tracker.debian.org/pkg/auto-apt-proxy) by Chris Lamb.
 * [#834549](https://bugs.debian.org/834549) against [botan1.10](https://tracker.debian.org/pkg/botan1.10) by Chris Lamb.
 * [#834861](https://bugs.debian.org/834861) against [cookiecutter](https://tracker.debian.org/pkg/cookiecutter) by Chris Lamb.
 * [#834779](https://bugs.debian.org/834779) against [dicom3tools](https://tracker.debian.org/pkg/dicom3tools) by Chris Lamb.
 * [#834859](https://bugs.debian.org/834859) against [echoping](https://tracker.debian.org/pkg/echoping) by Chris Lamb.
 * [#834983](https://bugs.debian.org/834983) against [eyed3](https://tracker.debian.org/pkg/eyed3) by Chris Lamb.
 * [#834735](https://bugs.debian.org/834735) against [filepp](https://tracker.debian.org/pkg/filepp) by Chris Lamb.
 * [#834957](https://bugs.debian.org/834957) against [flashrom](https://tracker.debian.org/pkg/flashrom) by Chris Lamb.
 * [#834773](https://bugs.debian.org/834773) against [gkrellm](https://tracker.debian.org/pkg/gkrellm) by Chris Lamb.
 * [#834292](https://bugs.debian.org/834292) against [gr-radar](https://tracker.debian.org/pkg/gr-radar) by Chris Lamb.
 * [#834956](https://bugs.debian.org/834956) against [ircd-irc2](https://tracker.debian.org/pkg/ircd-irc2) by Chris Lamb.
 * [#834897](https://bugs.debian.org/834897) against [jpy](https://tracker.debian.org/pkg/jpy) by Chris Lamb.
 * [#834452](https://bugs.debian.org/834452) against [libdc0](https://tracker.debian.org/pkg/libdc0) by Chris Lamb.
 * [#834324](https://bugs.debian.org/834324) against [libnss-ldap](https://tracker.debian.org/pkg/libnss-ldap) by Reiner Herrmann.
 * [#834945](https://bugs.debian.org/834945) against [libquvi](https://tracker.debian.org/pkg/libquvi) by Chris Lamb.
 * [#834534](https://bugs.debian.org/834534) against [librep](https://tracker.debian.org/pkg/librep) by Chris Lamb.
 * [#834537](https://bugs.debian.org/834537) against [mozvoikko](https://tracker.debian.org/pkg/mozvoikko) by Chris Lamb.
 * [#834857](https://bugs.debian.org/834857) against [nagios-nrpe](https://tracker.debian.org/pkg/nagios-nrpe) by Chris Lamb.
 * [#834316](https://bugs.debian.org/834316) against [openocd](https://tracker.debian.org/pkg/openocd) by Reiner Herrmann.
 * [#834993](https://bugs.debian.org/834993) against [oss4](https://tracker.debian.org/pkg/oss4) by Reiner Herrmann.
 * [#834302](https://bugs.debian.org/834302) against [pd-flite](https://tracker.debian.org/pkg/pd-flite) by Reiner Herrmann.
 * [#834754](https://bugs.debian.org/834754) against [phpab](https://tracker.debian.org/pkg/phpab) by Chris Lamb.
 * [#834279](https://bugs.debian.org/834279) against [phpldapadmin](https://tracker.debian.org/pkg/phpldapadmin) by Chris Lamb.
 * [#834277](https://bugs.debian.org/834277) against [pybit](https://tracker.debian.org/pkg/pybit) by Chris Lamb.
 * [#834553](https://bugs.debian.org/834553) against [pyicu](https://tracker.debian.org/pkg/pyicu) by Chris Lamb.
 * [#834541](https://bugs.debian.org/834541) against [ruby-pg](https://tracker.debian.org/pkg/ruby-pg) by Chris Lamb.
 * [#835051](https://bugs.debian.org/835051) against [sheepdog](https://tracker.debian.org/pkg/sheepdog) by Chris Lamb.
 * [#834896](https://bugs.debian.org/834896) against [ttf-tiresias](https://tracker.debian.org/pkg/ttf-tiresias) by Chris Lamb.
 * [#834780](https://bugs.debian.org/834780) against [tuxpaint-config](https://tracker.debian.org/pkg/tuxpaint-config) by Chris Lamb.
 * [#834988](https://bugs.debian.org/834988) against [twitter-bootstrap3](https://tracker.debian.org/pkg/twitter-bootstrap3) by Chris Lamb.
 * [#834776](https://bugs.debian.org/834776) against [uhub](https://tracker.debian.org/pkg/uhub) by Chris Lamb.
 * [#835061](https://bugs.debian.org/835061) against [varnish](https://tracker.debian.org/pkg/varnish) by Chris Lamb.
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132

Bug tracker house keeping:

 * Chris Lamb pinged 164 bugs he filed more than 90 days ago which have a patch and had no maintainer reaction.


Reviews of unreproducible packages
----------------------------------

55 package reviews have been added, 161 have been updated and 136 have been
removed in this week, adding to our knowledge about [identified
issues](https://tests.reproducible-builds.org/debian/index_issues.html).

2 issue types have been updated:

133 134
- Added [user_in_documentation_generated_by_gsdoc](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/a42d8fa)
- Added [locale_differences_in_pom](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/d698414)
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209


Weekly QA work
--------------

FTBFS bugs have been reported by:

 - Chris Lamb (16)
 - Santiago Vila (2)


diffoscope development
----------------------

Chris Lamb, Holger Levsen and Mattia Rizzolo worked on diffoscope this week.

Improvements were made to SquashFS and JSON comparison, the
[https://try.diffoscope.org/](trydiffoscope) web service, documentation,
packaging, and general code quality.

diffoscope 57, 58, and 59 were uploaded to unstable by Chris Lamb. Versions 57
and 58 were both broken, so Holger set up a job on jenkins.debian.net to test
diffoscope on each git commit. He also wrote a CONTRIBUTING document to help
prevent this from happening in future.

From these efforts, we were also able to learn that diffoscope is now reproducible
even when built across multiple architectures:

    < h01ger> | https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope.html shows these packages were built on amd64:
    < h01ger> |  bd21db708fe91c01ba1c9cb35b9d41a7c9b0db2b 62288 diffoscope_59_all.deb
    < h01ger> |  366200bf2841136a4c8f8c30bdc87057d59a4cdd 20146 trydiffoscope_59_all.deb
    < h01ger> | and on i386:
    < h01ger> |  bd21db708fe91c01ba1c9cb35b9d41a7c9b0db2b 62288 diffoscope_59_all.deb
    < h01ger> |  366200bf2841136a4c8f8c30bdc87057d59a4cdd 20146 trydiffoscope_59_all.deb
    < h01ger> | and on armhf:
    < h01ger> |  bd21db708fe91c01ba1c9cb35b9d41a7c9b0db2b 62288 diffoscope_59_all.deb
    < h01ger> |  366200bf2841136a4c8f8c30bdc87057d59a4cdd 20146 trydiffoscope_59_all.deb

And those *also* match the binaries uploaded by Chris in his diffoscope 59 binary upload to ftp.debian.org, yay! Eating our own dogfood and enjoying it!


tests.reproducible-builds.org
-----------------------

Debian related:

 - show percentage of results in the last 24/48h (h01ger)
 - switch python database backend to SQLAlchemy (Valerie)
 - vary build path varitation for *unstable* and *experimental* for all architectures. (h01ger)

The last change probably will have an impact you will see: your package might become unreproducible in *unstable* and this will be shown on [tracker.debian.org](https://tracker.debian.org), while it will still be reproducible in *testing*.

We've done this, because we think reproducible builds are possible with arbitrary build paths. But: we don't think those are a realistic goal for *stretch*, where we still recommend to use ´.buildinfo´ to record the build patch and then do rebuilds using that path.

We are doing this, because besides doing theoretical groundwork we also have a practical goal: enable users to independently verify builds. And if they only can do this with a fixed path, so be it. For now :)

To be clear: for Stretch we recommend that reproducible builds are done in the same build path as the "original" build.

Finally, and just for our future references, when we enabled build path variation on Saturday, August 20th 2016, the numbers for *unstable* were:

| suite          | all   | reproducible  | unreproducible | ftbfs       | depwait    | not for this arch | blacklisted |
|:---------------|------:|--------------:|---------------:|------------:|-----------:|------------------:|------------:|
| unstable/amd64 | 24693 | 21794 (88.2%) | 1753 (7.1%)    | 972 (3.9%)  | 65 (0.2%)  | 95 (0.3%)         | 10 (0.0%)   |
| unstable/i386  | 24693 | 21182 (85.7%) | 2349 (9.5%)    | 972 (3.9%)  | 76 (0.3%)  | 103 (0.4%)        | 10 (0.0%)   |
| unstable/armhf | 24693 | 20889 (84.6%) | 2050 (8.3%)    | 1126 (4.5%) | 199 (0.8%) | 296 (1.1%)        | 129 (0.5%)  |


Misc.
-----

Ximin Luo updated our git setup scripts to make it easier for people to write
proper descriptions for our repositories.

This week's edition was written by Ximin Luo and Holger Levsen and reviewed by
a bunch of Reproducible Builds folks on IRC.