133.md 8.69 KB
Newer Older
1
---
2
layout: new/blog
3
week: 133
4
published: 2017-11-20 15:11:35
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
---

Here's what happened in the [Reproducible
Builds](https://reproducible-builds.org) effort between Sunday November 5 and
Saturday November 11 2017:


Upcoming events
---------------

On November 17th Chris Lamb will present at [Open Compliance
Summit](http://events.linuxfoundation.org/events/open-compliance-summit/),
Yokohama, Japan on how reproducible builds ensures the long-term sustainability
of technology infrastructure.

We plan to hold [an assembly at
34C3](https://events.ccc.de/congress/2017/wiki/index.php/Assembly:Reproducible-Builds)
- hope to see you there!


LEDE CI tests
-------------

Thanks to the work of lynxis, Mattia and h01ger, we're now testing all LEDE
packages in our setup. This is our [first result for the ar71xx
target](https://tests.reproducible-builds.org/lede/lede_ar71xx.html): "502
(100.0%) out of 502 built images and 4932 (94.8%) out of 5200 built packages
were reproducible in our test setup." - see below for details how this was
achieved.


Bootstrapping and Diverse Double Compilation
--------------------------------------------

As a follow-up of a [discussion on bootstrapping compilers we had on the Berlin
summit](https://pad.riseup.net/p/reproduciblebuildsIII-crossdistro), Bernhard
and Ximin worked on a Proof of Concept for Diverse Double Compilation of tinycc
(aka tcc).

Ximin Luo did a successful [diverse-double compilation of
tinycc](https://github.com/bmwiedemann/ddcpoc/) git HEAD using gcc-7.2.0,
clang-4.0.1, icc-18.0.0 and pgcc-17.10-0 (pgcc needs to triple-compile it).
More variations are planned for the future, with the eventual aim to reproduce
the same binaries cross-distro, and extend it to test GCC itself.


Packages reviewed and fixed, and bugs filed
-------------------------------------------

Patches filed upstream:

* Bernhard M. Wiedemann:
  * [clang](https://bugs.llvm.org/show_bug.cgi?id=35277) - ASLR affects
    objective-C binaries.
* Chris Lamb:
  * [nbsphinx](https://github.com/spatialaudio/nbsphinx/pull/145) (merged) -
    Random UUIDs used as element selectors.
  * [stardicter](https://github.com/nijel/stardicter/pull/2) (merged) -
    `SOURCE_DATE_EPOCH` support.
  * [stetl](https://github.com/geopython/stetl/pull/64) - Build path in
    documentation.

Patches filed in Debian:

* Bernhard M. Wiedemann:
70
  * [#881231](https://bugs.debian.org/881231) filed against [chasen](https://tracker.debian.org/pkg/chasen) - Uninitialized memory from
71 72
    struct padding written into data files.
* Adrian Bunk:
73
  * [#881453](https://bugs.debian.org/881453) filed against [primesieve](https://tracker.debian.org/pkg/primesieve) - FTBFS.
74
* Chris Lamb:
75 76 77 78 79 80 81 82
  * [#881089](https://bugs.debian.org/881089) filed against [stardicter](https://tracker.debian.org/pkg/stardicter) - (merged) `SOURCE_DATE_EPOCH`.
  * [#881094](https://bugs.debian.org/881094) filed against [nbsphinx](https://tracker.debian.org/pkg/nbsphinx) - random UUIDs.
  * [#881157](https://bugs.debian.org/881157) filed against [designate](https://tracker.debian.org/pkg/designate) - build path.
  * [#881217](https://bugs.debian.org/881217) filed against [python-stetl](https://tracker.debian.org/pkg/python-stetl) - build path.
  * [#881258](https://bugs.debian.org/881258) filed against [sphinx-intl](https://tracker.debian.org/pkg/sphinx-intl) - drop date.
  * [#881259](https://bugs.debian.org/881259) filed against [soundmodem](https://tracker.debian.org/pkg/soundmodem) - build path.
  * [#881262](https://bugs.debian.org/881262) filed against [node-module-deps](https://tracker.debian.org/pkg/node-module-deps) - build path.
  * [#881474](https://bugs.debian.org/881474) filed against [phatch](https://tracker.debian.org/pkg/phatch) - random memory address.
83
* Daniel Kahn Gillmor:
84
  * [#881152](https://bugs.debian.org/881152) filed against [npth](https://tracker.debian.org/pkg/npth) - build path.
85

86
Patches filed in openSUSE:
87 88 89 90 91 92 93 94 95 96 97 98 99 100

* Bernhard M. Wiedemann:
  * [i4l-base](https://build.opensuse.org/request/show/539442) (merged) -
    Uninitialized memory written to output.


Reviews of unreproducible packages
----------------------------------

73 package reviews have been added, 88 have been updated and 40 have been removed in this week,
adding to our knowledge about [identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).

4 issue types have been updated:

101 102 103 104
- Add [randomness\_in\_files\_generated\_by\_pinyin\_gen\_binary\_files](https://tests.reproducible-builds.org/issues/unstable/randomness\_in\_files\_generated\_by\_pinyin\_gen\_binary\_files_issue.html).
- Add [build\_path\_captured\_in\_assembly\_objects](https://tests.reproducible-builds.org/issues/unstable/build\_path\_captured\_in\_assembly\_objects_issue.html).
- Add [timestamps\_in\_ifo\_files\_generated\_by\_python\_stardicter](https://tests.reproducible-builds.org/issues/unstable/timestamps\_in\_ifo\_files\_generated\_by\_python\_stardicter_issue.html).
- Update [timestamps\_in\_source\_generated\_by\_rcc](https://tests.reproducible-builds.org/issues/unstable/timestamps\_in\_source\_generated\_by\_rcc_issue.html).
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198


Weekly QA work
--------------

During our reproducibility testing, FTBFS bugs have been detected and reported by:

 - Adrian Bunk (69)
 - Andreas Beckmann (3)
 - Dmitry Shachnev (1)
 - Graham Inggs (1)


diffoscope development
----------------------

Mattia Rizzolo [uploaded](https://tracker.debian.org/news/885342) version
`88~bpo9+1` to stretch-backports.


reprotest development
---------------------

- Ximin Luo:
    - build: add comment that `util-linux` confirmed bug in nsenter, awaiting fix.
    - Make `--print-sudoers` work for `--env-build` as well.


reproducible-website development
--------------------------------

- Holger Levsen:
    - rws3: add OTF as sponsor
    - rws3: add F-Droid, riot-os.org
- Chris Lamb:
    - Move the "contribute" page from the Debian wiki to `/contribute/` on our
      main website.
- Eitan Adler:
    - Fix typo in FreeBSD mailing list.


theunreproduciblepackage development
------------------------------------

- Bernhard M. Wiedemann:
    - [aslr: document per-process workaround](https://github.com/bmwiedemann/theunreproduciblepackage/commit/32c0267d64ec730ace4a0bd710fc701018a50c6c)
    - [aslr: add examples](https://github.com/bmwiedemann/theunreproduciblepackage/commit/0df6c17a738cae30c000c4d4ed3e2bc4636a5939)


tests.reproducible-builds.org in detail
---------------------------------------

- Mattia Rizzolo:
    - reproducible archlinux: enable debugging mode
    - reproducible archlinux: don't use hidden files for the package lists
    - reproducible fedora: don't use hidden files for the package lists
    - udd-query: move from public-udd-mirror.xvm.mit.edu to udd-mirror.debian.net
    - udd-query: remove the temporary file with a trap in case this script is called with the wrong argument, and in case of failures, etc, the temporary file would be left around otherwise
    - reproducible debian: schroot-create: drop the reproducible gpg keyring into /etc/apt/trusted.gpg.d/ instead of using `apt-key add`
    - reproducible debian: setup_pbuilder: drop the reproducible gpg keyring into /etc/apt/trusted.gpg.d/ instead of using `apt-key add`
    - reprodocible debian: setup_pbuilder: stop installing gnupg2 in our chroot, not needed anymore now
    - Mattia also merged and deployed some commits from others this week.

- Alexander 'lynxis' Couzens
    - reproducible_lede: use correct place/variable to save results: Results on remote nodes are expected to be under $TMPDIR, which defined by openwrt_build. RESULTSDIR is undefined on the remote node
    - reproducible_lede: enable building all packages again, after it was disabled to improve the debug speed.
    - reproducible_lede: correct given path for node_cleanup_tmpdirs & node_save_logs-
    reproducible_lede: enable CONFIG_BUILDBOT to reduce inodes while building.

- kpcyrd:
    - reproducible-archlinux: try porting abs to asp
    - reproducible-archlinux: explicitly sync packages
    - reproducible-archlinux: use sudo for pacman

- Hans-Christoph Steiner:
    - reproducible fdroid: point jenkins to canonical URL
    - reproducible_fdroid: separate testsuite into its own job
    - reproducible fdroid: sync upstream script names with jenkins.debian.net, make things self-documenting by reusing the same names everywhere.
    - reproducible_fdroid_test: make script executable

- Chris Lamb:
    - Move some IRC announcements to #debian-reproducible-changes.

- Holger Levsen:
    - reproducible LEDE: try to deal gracefully with problems and report
    - as usual, Holger merged many of the above commits and deployed them.


Misc.
-----

This week's edition was written by Ximin Luo, Bernhard M. Wiedemann, Chris Lamb
and Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC &
the mailing lists.