*[#920631 debian-installer: Ensure build is reproducible regardless of the user\'s umask(2)](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920631)
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday January 27th and Saturday February 2nd 2019:
[Chris Lamb updated the SSL certificate for try.diffoscope.org to ensure validation after the deprecation of TLS-SNI-01 validation in LetsEncrypt. [[...](https://github.com/lamby/try.diffoscope.org/commit/6e0d9c30f4fc740809ab4c1510b4a5b37b8f8f43)]
* There was yet more progress towards making the [Debian Installer](https://www.debian.org/devel/debian-installer/) images reproducible. Following-on from last week, [Chris Lamb](https://chris-lamb.co.uk/) performed some further testing of the generated images resulting in two patches to ensure that builds were reproducible regardless of both the user's `umask(2)` (filed as [#920631](https://bugs.debian.org/920631)) and even the underlying ordering of files on disk ([#920676](https://bugs.debian.org/920676)). It is hoped these can be merged for the next Debian Installer alpha/beta after the [recent "Alpha 5" release](https://lists.debian.org/debian-devel-announce/2019/02/msg00000.html).
*[Bug#920593 lintian: check for .sass-cache directories](https://bugs.debian.org/920593)
* Chris Lamb implemented a check in the [Lintian](https://lintian.debian.org/) static analysis tool that performs automated checks against Debian packages in order to add a check for `.sass-cache` directories. As as they contain non-determinstic subdirectories they immediately contribute towards an unreproducible build ([#920593](https://bugs.debian.org/920593)).
*`disorderfs` is our [FUSE](https://github.com/libfuse/libfuse)-based filesystem that deliberately introduces non-determinism into filesystems for easy and reliable testing. Chris Lamb fixed an issue this week in the handling of the `fsyncdir` system call to ensure `dpkg(1)` can "flush" `/var/lib/dpkg` correctly [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/bd35aeb)].
*[#920676 debian-installer: Ensure build is reproducible regardless of the underlying filesystem ordering](https://bugs.debian.org/920676)
*Hervé Boutemy made more updates to the [reproducible-builds.org](https://reproducible-builds.org) project website, including documenting `mvn.build-root`[[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f773b20)]. In addition, Chris Smith fixed a typo on the [tools]({{"/tools/" | prepend: site.baseurl }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5a279ff)] and Holger Levsen added a link to Lukas's report to the [recent Paris Summit](https://reproducible-builds.org/events/paris2018/) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ad57305)].
*`strip-nondeterminism` is our our tool that post-processes files to remove known non-deterministic output) version. This week, Chris Lamb investigated an issue regarding the tool [not mormalising file ownerships in `.epub` files](https://bugs.debian.org/920732) that was originally identified by Holger Levsen, as well as clarified the negative message in test failures [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3f4ba2f)] and performed some code cleanups (eg. [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/a553d34)]).
*Chris Lamb updated the SSL certificate for [try.diffoscope.org](https://try.diffoscope.org) to ensure validation after the [deprecation of TLS-SNI-01 validation](https://community.letsencrypt.org/t/upcoming-tls-sni-deprecation-in-certbot/76383) in [LetsEncrypt](https://letsencrypt.org/).
*[FIXME](https://bugs.debian.org/920732)
* Reproducible Builds were present at [FOSDEM 2019](https://fosdem.org/2019/schedule/) handing out t-shirts to contributors. Thank you!
* On Tuesday February 26th Chris Lamb will speak at [Speck&Tech 31 "Open Security"](https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643) on Reproducible Builds in Trento, Italy.
* 6 Debian package reviews were added, 3 were updated and 5 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb unearthed a new toolchain issue [`randomness_in_documentation_underscore_downloads_generated_by_sphinx`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/73748b20), .
*[libfaketime](https://github.com/wolfcw/libfaketime/issues/183): bug, incorrectly faked stat results
*[glfw](https://build.opensuse.org/request/show/670533): use `find|sort`, required [a patch to upstream geany](https://github.com/geany/geany/pull/1991)
* fix build with new python3.7: [flashfocus](https://build.opensuse.org/request/show/670190), [policycoreutils](https://build.opensuse.org/request/show/670302), [tensorflow](https://build.opensuse.org/request/show/670481)
*[flashfocus](https://build.opensuse.org/request/show/670190), [policycoreutils](https://build.opensuse.org/request/show/670302), [tensorflow](https://build.opensuse.org/request/show/670481): Fix build with new Python 3.7.
*[glfw](https://build.opensuse.org/request/show/670533): Use `find|sort`[requiring a patch to `geany`](https://github.com/geany/geany/pull/1991).
*[javapackages-tools](https://github.com/fedora-java/javapackages/pull/66): sort / [Address space layout randomization (ASLR)](https://en.wikipedia.org/wiki/Address_space_layout_randomization).
*[libfaketime](https://github.com/wolfcw/libfaketime/issues/183): Correct bug relating to incorrectly faked stat results.
* Chris Lamb:
*[#891194](https://bugs.debian.org/891194) filed against [3dldf](https://tracker.debian.org/3dldf)(now[forwarded upstream](https://savannah.gnu.org/bugs/?55605)).
*[#920591](https://bugs.debian.org/920591) filed against [lambda-align2](https://tracker.debian.org/pkg/lambda-align2).
*[#920592](https://bugs.debian.org/920592) filed against [roaraudio](https://tracker.debian.org/pkg/roaraudio).
*[#920594](https://bugs.debian.org/920594) filed against [papi](https://tracker.debian.org/pkg/papi).
*[#920595](https://bugs.debian.org/920595) filed against [ukui-themes](https://tracker.debian.org/pkg/ukui-themes).
*[#920792](https://bugs.debian.org/920792) filed against [ansible](https://tracker.debian.org/pkg/ansible)([forwarded upstream](https://github.com/ansible/ansible/pull/51419)).
## Test framework development
We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Holger Levsen made a large number of improvements including:
* Make [OpenSSH](https://www.openssh.com/) usable with a TCP port other than `22`. This is needed for our [OSUOSL](https://osuosl.org/) nodes. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2c70a07f)]
* Perform a minor refactoring of the build script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1344438f)]
* Add a `~jenkins/.ssh/config` to fix jobs regarding OpenSSH running on non-standard ports. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1399fd01)]
* Add a note that `osuosl171` is constantly online. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/288ea56c)]
* Misc/generic changes:
* Use same configuration for `df_inode` as for `df` to reduce noise. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/47bb2f76)]
* Remove a now-bogus warning; we have its parallel in Git now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5042bb23)]
* Define `ControlMaster` and `ControlPath` in our OpenSSH configurations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/787df673)]
In addition, Mattia Rizzolo and Vagrant Cascadian performed maintenance of the build nodes. ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5326d930)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e807cdb)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e55e6fbf)], etc.)
---
This week's edition was written by Bernhard M. Wiedemann, Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
