* Bernhard M. Wiedemann proposed toolchain patches
* to [rpm](https://github.com/rpm-software-management/rpm/pull/485) to have determinism in the process of stripping debuginfo into separate packages
* to [gzip](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32342) to make `tar -cz` output reproducible on the gzip side. Might also help with compressed man-pages. This was merged by gzip upstream.
---
layout:blog
week:171
---
* h01ger added a logo to https://salsa.debian.org/reproducible-builds
* vagrant prepared a fixed dpkg package based on guillems work
* h01ger uploaded vagrant's dpkg package (but the process changed with the salsa move and some perms are wrong, and docuemntaion is lacking.)
* h01ger reenabled testing sid and experimental again after these changes
* https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_CIP.html is also there now
(Civil Infrastructure Plattform packages and their build depends are there too)
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday July 29 and Saturday August 4 2018:
* Recently the default GCC version in Debian `unstable` moved from GCC 7 to GCC 8. As outlined in our two previous reports ([#168](https://reproducible-builds.org/blog/posts/169) & [#169](https://reproducible-builds.org/blog/posts/169)) as we had not updated our build path patches, it was resulting in a large number of packages becoming unreproducible in our testing framework. Accordingly ,Holger temporarily disabled the scheduling of packages in `unstable` and `experimental`.
However, this week Vagrant Cascadian worked with Guillem Jover on an update to [dpkg](https://wiki.debian.org/dpkg) to pass a different set of build flags to GCC which Holger installed in our testing framework and re-enabled testing.
* Last week, Chris Lamb performed a [Non Maintainer Upload](https://wiki.debian.org/NonMaintainerUpload)(NMU) in Debian of the [GNU mtools](https://www.gnu.org/software/mtools/) package in order to address two reproducibility-related bugs ([#900409](https://bugs.debian.org/900409) & [#900410](https://bugs.debian.org/900410)) that were blocking work on making the installation images bit-for-bit reproducible. This week, the [DELAYED](https://lists.debian.org/debian-devel/2004/02/msg00887.html) upload was finally [accepted into the archive](https://tracker.debian.org/news/977829/accepted-mtools-4018-21-source-amd64-into-unstable/) and the [corresponding merge request](https://salsa.debian.org/installer-team/debian-installer/merge_requests/3) was updated.
* A number of Reproducible Builds team were presenting at [DebConf18](https://debconf18.debconf.org/) the annual Debian Developers conference. Benjamin Hof gave a talk titled [Software transparency: package security beyond signatures and reproducible builds](https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/)" and there was also a status update from the team entitled "[Reproducible Buster and beyond](https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/)". These, and many more talks, are available [Resources](https://reproducible-builds.org/resources/) section of our website.
* Holger added the [Civil Infrastructure Plattform](https://www.cip-project.org/)'s key package list and their build-dependencies [to our testing framework](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_CIP.html)
* Santiago Torres sent a [reminder that there's a reproducible builds IRC meeting](https://lists.reproducible-builds.org/pipermail/rb-general/2018-August/001095.html) on the [21th of August at 16:00 UTC](https://time.is/compare/1600_21_Aug_2018_in_UTC).
* There were a number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](tests.reproducible-builds.org), including work by Holger Levsen cleaning up some disk space ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/a1573216), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/415feb9e) & [333](https://salsa.debian.org/qa/jenkins.debian.net/commit/9f7103b7)) and Mattia Rizollo [tidyingthe node health page](https://salsa.debian.org/qa/jenkins.debian.net/commit/fd6639d1). Holger Levsen also added our new logo to our [group on salsa.debian.org](https://salsa.debian.org/reproducible-builds).
* Finally, 38 package reviews updated and 62 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
Upstream work
-------------
* Bernhard M. Wiedemann:
Bernhard M. Wiedemann proposed toolchain patches to:
*[rpm](https://github.com/rpm-software-management/rpm/pull/485) to have determinism in the process of stripping debuginfo into separate packages
*[gzip](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32342) to make `tar -cz` output reproducible on the gzip side. This might also help with compressed `man-pages` and merged by `gzip` upstream.
This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
Chris Lamb authored