Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday July 8 and Saturday July 14 2018:
* Derek Zimmer wrote a post entitled [Solving an Old Open Source Problem to Improve Security](https://www.privateinternetaccess.com/blog/2018/07/reproducible-builds-solving-an-old-open-source-problem-to-improve-security/) on the [PrivateinternetAccess](https://www.privateinternetaccess.com) blog.
* Mathias Clasen wrote a short text about [reproducing flatpacks from source](https://blogs.gnome.org/mclasen/2018/07/07/flatpak-making-contribution-easy/)
*[FIXME: debian bug on Qt rcc/qrc mtimes](https://bugs.debian.org/894476)
* Ross Vandegrift posted to [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general) asking a [question about the doxygen documentatin generators's `$year` variable and `SOURCE_DATE_EPOCH`](https://lists.reproducible-builds.org/pipermail/rb-general/2018-July/001075.html).
* Chris Lamb added a link to our website's [resources](https://reproducible-builds.org/resources/) page to add a video link for the talk he gave on Wednesday 13th June at [foss-backstage.de](https://foss-backstage.de) in Berlin, Germany on reproducible builds and [how they prevent developers being targets for malicious attacks](https://foss-backstage.de/session/think-youre-not-target-tale-3-developers).
* Vagrant Cascadian [removed various `armhf` systems with only 1GB of RAM](https://salsa.debian.org/qa/jenkins.debian.net/commit/91e179d9) from the [Reproducible Builds testing framework](http://tests.reproducible-builds.org/).
* There was significant progress on Debian bug [#894476](https://bugs.debian.org/894476)("rcc: please honour `SOURCE_DATE_EPOCH`")
* 6 package reviews were been added, 3 were been updated and 6 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). In addition, two issue types ([variations\_from\_march\_native](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/89029ae8) and [randomness\_in\_documentation\_generated\_by\_lua\_ldoc](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/06fc7acd)) were added. Lastly, two new classes of issue were added to [theunreproduciblepackage](https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/compile-time-check/).
*[courier-imap](https://github.com/svarshavchik/courier-libs/pull/10)(merged, date, use `SOURCE_DATE_EPOCH`)
*[dosemu](https://build.opensuse.org/request/show/622368)(merged,[submitted+merged upstream](https://github.com/stsp/dosemu2/pull/640) date, use `SOURCE_DATE_EPOCH`)
*[dapl](https://build.opensuse.org/request/show/622857)(date, use `SOURCE_DATE_EPOCH`)
*[dosemu](https://build.opensuse.org/request/show/622368)(merged,[submitted and merged upstream](https://github.com/stsp/dosemu2/pull/640) date, use `SOURCE_DATE_EPOCH`)
*[fflas-ffpack](https://build.opensuse.org/request/show/622370)(compile time CPU detection)
* [opa-fm](https://build.opensuse.org/request/show/622572) (date, use `SOURCE_DATE_EPOCH`)
*[dapl](https://build.opensuse.org/request/show/622857)(date, use `SOURCE_DATE_EPOCH`)
*[tuxpaint-config](https://build.opensuse.org/request/show/622524)(date, use `SOURCE_DATE_EPOCH`)
*[tuxpaint](https://build.opensuse.org/request/show/622523)(date, use `SOURCE_DATE_EPOCH`, [submitted upstream](https://sourceforge.net/p/tuxpaint/tuxpaint/merge-requests/4/))
* [openSUSE build env](https://github.com/openSUSE/post-build-checks/pull/20) (fix all `pdflatex` timestamps)
* [trigger-rally](https://build.opensuse.org/request/show/621952) (drop `march=native` and `mtune=native`)
* [tuxpaint-config](https://build.opensuse.org/request/show/622524) (date, use `SOURCE_DATE_EPOCH`)
* [tuxpaint](https://build.opensuse.org/request/show/622523) (date, use `SOURCE_DATE_EPOCH`; [submitted upstream](https://sourceforge.net/p/tuxpaint/tuxpaint/merge-requests/4/))
* Chris Lamb:
* [#903442](https://bugs.debian.org/903442) filed against [ogdi-dfsg](https://tracker.debian.org/pkg/ogdi-dfsg).
* Evgeny Kapun:
* [#903580](https://bugs.debian.org/903580) filed against [aegisub](https://tracker.debian.org/pkg/aegisub).
diffoscope development
----------------------
[diffoscope](https://diffoscope.org) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week, diffoscope version `99` was [uploaded to Debian unstable](https://tracker.debian.org/news/971762/accepted-diffoscope-99-source-into-unstable/) by Mattia Rizzolo. It [includes contributions already covered in previous weeks](https://salsa.debian.org/reproducible-builds/diffoscope/commits/99) as well as new ones from:
* `anthraxx`:
* [Add compatibility with `python-libarchive` >= 2.8](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5ed8e48).
* Chris Lamb:
* [Support `.deb` archives that contain an uncompressed `data.tar`](https://salsa.debian.org/reproducible-builds/diffoscope/commit/185077c). ([#903401](https://bugs.debian.org/903401))
* [Support `.deb` archives that contain an uncompressed `control.tar`](https://salsa.debian.org/reproducible-builds/diffoscope/commit/dc9ee98). ([#903391](https://bugs.debian.org/903391))
* Mattia Rizzolo:
* [Do not shadow original import errors when loading comparators](https://salsa.debian.org/reproducible-builds/diffoscope/commit/90028d4).
* [Autogenerate `debian/tests/control` with all the recommends listed as dependencies](https://salsa.debian.org/reproducible-builds/diffoscope/commit/58ec1c7).
* [Add a build-dependency on `procyon-decompiler` to run the tests](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3c05e56).
* [Always clean the line before printing a log message](https://salsa.debian.org/reproducible-builds/diffoscope/commit/615095a).
* [Clean the terminal line before printing a traceback](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fd6eff9).
* [Remove terminal line cleaning; it is handled by the logging module](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e75be7e).
* [Fix a test if `/sbin` contains a directory](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8c2b079).
reprotest development
---------------------
`reprotest` is our "end-user" tool to build arbitrary software and check it for reproducibility. This week, version `0.7.8` was [uploaded to Debian unstable](https://tracker.debian.org/news/972031/accepted-reprotest-078-source-into-unstable/) by Mattia Rizzolo. It [includes contributions already covered in previous weeks](https://salsa.debian.org/reproducible-builds/reprotest/commits/debian/0.7.8) as additional contributions from Mattia, including:
* [Don't `Recommend` `diffutils` as it is an `Essential:yes` package](https://salsa.debian.org/reproducible-builds/reprotest/commit/823d543).
* [Point `debian/watch` towards our new release archive](https://salsa.debian.org/reproducible-builds/reprotest/commit/c614a3c).
* [Fix spelling errors in documentation strings](https://salsa.debian.org/reproducible-builds/reprotest/commit/7173f93).
* [Use `/usr/share/dpkg/pkg-info.m` to avoid shelling out to `dpkg-parsechangelog`](https://salsa.debian.org/reproducible-builds/reprotest/commit/d08174f).
* [Recommend `diffoscope` by itself instead as an alternative to `diffutils`](https://salsa.debian.org/reproducible-builds/reprotest/commit/f32a30c).
2 new classes were added to [theunreproduciblepackage](https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/compile-time-check/)
@@ -35,7 +35,7 @@ In addition, build failure bugs were reported by:
Reviews of unreproducible packages
----------------------------------
{{ packages_stats['added'] }} package reviews have been added, {{ packages_stats['updated'] }} have been updated and {{ packages_stats['removed'] }} have been removed in this week, adding to our [knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
{{ packages_stats['added'] }} package reviews were added, {{ packages_stats['updated'] }} were updated and {{ packages_stats['removed'] }} were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
FIXME issue types have been updated:
{% for _, xs in issues_yml.items()|sort %}{% for x in xs %}
Chris Lamb authored