Commit cb0f529b authored by Chris Lamb's avatar Chris Lamb 💬

Initial draft.

parent ef1fad68
......@@ -3,31 +3,72 @@ layout: new/blog
week: 206
---
* FIXME: h01ger filed Bug#926065: unblock: diffoscope/113
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday March 31 and Saturday April 6 2019:
* On Monday the first we announced a double news item: a crowd-funded audit of Intel's 8086 CPU and an intention to propose a patch to the [Berne Convention](https://en.wikipedia.org/wiki/Berne_Convention) on copyright law. See https://www.reproducible-builds.org/news/2019/04/01/reproducible-builds-twain-Intel-8086-audit-and-Berne-Convention-patches/ and https://lists.reproducible-builds.org/pipermail/rb-general/2019-April/001517.html
* Bernhard M. Wiedemann wrote blog post about his [import of openSUSE Tumbleweed into IPFS](https://lizards.opensuse.org/2019/04/03/experimental-opensuse-mirror-via-ipfs/) to aid verification of older binaries.
* [Chris Lamb](https://chris-lamb.co.uk/) filed a wishlist bug against the Debian [`jenkins.debian.org`](http://bugs.debian.org/jenkins.debian.org) "[psuedo-package](https://www.debian.org/Bugs/pseudo-packages)" to request that we test and ensure the reproducibility status of [Debian Installer](https://www.debian.org/devel/debian-installer/) images.
* [FIXME](#926242)
* [Holger Levsen](http://layer-acht.org/thinking/) requested permission for [Diffoscope](https://diffoscope.org/) version 113 to enter the upcoming Debian *buster* release via bug [#926065](https://bugs.debian.org/926065). This was subsequently processed by Jonathan Wiltshire.
* FIXME: https://sfconservancy.org/blog/2019/apr/04/nosource-nosecurity/
* [diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week Chris Lamb changed the behaviour such that specifying "`-`" (a hyphen) is explicitly required on the command-line to read a single diff from standard input to avoid somewhat non-intuitive behaviour when *diffoscope* is called without any arguments. [[#54](https://salsa.debian.org/reproducible-builds/diffoscope/issues/54)]
* 33 reviews of Debian packages were added, 2 were updated and 8 were removed in this week adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb identifier and triaged a fresh toolchain issue, [`randomness_in_perl6_precompiled_libraries`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/b718ab29).
* There were a number of updates to the [reproducible-builds.org project website](https://reproducible-builds.org), including Chris Lamb adding an explicit link to the "[who]({{ "/who/" | prepend: site.baseurl }})" and "[donate]({{ "/donate/" | prepend: site.baseurl }})" pages in the new footer template [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2d14946)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7a95a81)] as well as tidying thelanguage a little[[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7a222f0)]. In addition, Daniel Shahaf adding an April's Fools joke [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/68f4b00)].
* On our [mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/), David Wheeler started a thread regarding the [definition of reproducibility](https://lists.reproducible-builds.org/pipermail/rb-general/2019-April/001523.html) and how it appears on the [reproducible-builds.org project website](https://reproducible-builds.org).
* Chris Lamb updated the [LetsEncrypt](https://letsencrypt.org/) SSL certificate for [buildinfo.debian.net](https://buildinfo.debian.net).
* On the [Software Freedom Conservancy](https://sfconservancy.org/) blog, [Pamela Chestek](https://chesteklegal.com/) wrote a post titled "[Do You Know Where Your Code Came From?](https://sfconservancy.org/blog/2019/apr/04/nosource-nosecurity/) which references the Reproducible Builds project. In addition,Reproducible Builds (and supply chain security in general) were mentioned on [episode 15 of the LibreLounge podcast](https://librelounge.org/episodes/episode-15-at-libre-planet-with-sean-obrien.html).
* Bernhard M. Wiedemann wrote [a blogpost](https://lizards.opensuse.org/2019/04/03/experimental-opensuse-mirror-via-ipfs/) about his import of openSUSE Tumbleweed into IPFS to aid the verification of older binaries.
## Packages reviewed and fixed, and bugs filed
* Bernhard M. Wiedemann:
* [mstflint](https://github.com/Mellanox/mstflint/pull/57) (date+time)
* [mstflint](https://github.com/Mellanox/mstflint/pull/57) (date/time)
* [mhvtl](https://github.com/markh794/mhvtl/pull/39) (time)
* A number of fixes for the [pesign-obs-integration](https://github.com/openSUSE/pesign-obs-integration) to [pass through rpm %licence filetype tag](https://github.com/openSUSE/pesign-obs-integration/pull/13) and [better keep rpm bits](https://github.com/openSUSE/pesign-obs-integration/pull/14) and a related [fix of a rpm bug](https://github.com/rpm-software-management/rpm/pull/656)
* [oyranos](https://github.com/oyranos-cms/oyranos/pull/52) (uname -r)
* [linphone](https://github.com/BelledonneCommunications/linphone/pull/112) (sort python readdir)
* [mvapich2](http://mailman.cse.ohio-state.edu/pipermail/mvapich-discuss/2019-April/006837.html) (sort readdir)
* A number of fixes for the [pesign-obs-integration](https://github.com/openSUSE/pesign-obs-integration) to [pass through RPM `%licence` filetype tag](https://github.com/openSUSE/pesign-obs-integration/pull/13) and [better keep RPM bits](https://github.com/openSUSE/pesign-obs-integration/pull/14) and a related [fix of an RPM bug](https://github.com/rpm-software-management/rpm/pull/656)
* [oyranos](https://github.com/oyranos-cms/oyranos/pull/52) (`uname -r`)
* [linphone](https://github.com/BelledonneCommunications/linphone/pull/112) (sort Python `readdir`)
* [mvapich2](http://mailman.cse.ohio-state.edu/pipermail/mvapich-discuss/2019-April/006837.html) (sort `readdir`)
* [miredo](http://git.remlab.net/gitweb/?p=miredo.git;a=commitdiff;h=a31ef243d0038bf22bfe5f03b9f377a8819c5da0) (hostname)
* [python-Django1](https://build.opensuse.org/request/show/690652) (FTBFS-2028)
* [python-Django1](https://build.opensuse.org/request/show/690652) ("FTBFS-2028")
* [inotify-tools](https://build.opensuse.org/request/show/691329) (date [orphaned upstream](https://github.com/rvoicilas/inotify-tools/pull/97))
* [warzone2100](https://build.opensuse.org/request/show/691438) (sort zip -X [already upstream](https://github.com/Warzone2100/warzone2100/pull/98))
* [warzone2100](https://build.opensuse.org/request/show/691438) (`sort zip -X` [already upstream](https://github.com/Warzone2100/warzone2100/pull/98))
* [diffoscope](https://build.opensuse.org/request/show/691762) (update to version 113)
* [Chris Lamb updated the SSL certificate for buildinfo.debian.net](https://buildinfo.debian.net)
* Chris Lamb:
* [#926298](https://bugs.debian.org/926298) filed against [adms](https://tracker.debian.org/pkg/adms).
* [#926300](https://bugs.debian.org/926300) filed against [qpid-proton](https://tracker.debian.org/pkg/qpid-proton).
* [#926301](https://bugs.debian.org/926301) filed against [coda](https://tracker.debian.org/pkg/coda).
* [#926421](https://bugs.debian.org/926421) filed against [netcdf-parallel](https://tracker.debian.org/pkg/netcdf-parallel).
## Test framework development
* We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). The following changes were done this week:
* Chris Lamb:
* Avoid double spaces in IRC output, eg. "`Failed http://example.com/`". [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f4b80011)]
* Holger Levsen:
* Don't turn nodes offline too quickly. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0e33802d)]
* Add new experimental [buildinfos.debian.net](https://buildinfos.debian.net) service. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4bcef9ec)]
* Allow "long-running" `.buildinfo` download runners. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3cf2f09d)]
* Node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/84e2ca8e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/993c6772)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fc38984b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0b0ec92b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/81c9cc0b)]
* Mattia Rizzolo:
* Apply [`flake8`](http://flake8.pycqa.org/en/latest/) to the `email2irc.py` script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/31f0e955)]
* Use "`[check-valid-until=no]`" over "`Acquire::Check-Valid-Until`" in our [APT](https://en.wikipedia.org/wiki/APT_(Debian)) serup. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/bbe0f1b2)]
* Install the `python3-yaml` library everywhere as it is needed by the deploy script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/46d33b21)]
* Special-case the `src:debian-installer` package as it has "special" download requirements. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e3117ca2)] (see [#926242](https://bugs.debian.org/926242))
* Add the new `reproducible-builds.org` [MX records](https://en.wikipedia.org/wiki/MX_record) to our [Munin](http://munin-monitoring.org/) confurations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9ddd1042)]
* Drop the old [Alioth](https://en.wikipedia.org/wiki/Alioth_(Debian)) OpenSSH key from Jenkins' `authorized_keys`. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/116e7a39)]
* Node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a780e10f)]
---
* [Reproducible Builds and supply chain security in general mentioned on episode 15 of the LibreLounge podcast approx 9m in.](https://librelounge.org/episodes/episode-15-at-libre-planet-with-sean-obrien.html)
This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Daniel Shahaf, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment