@@ -10,7 +10,7 @@ Here's what happened in the [Reproducible Builds](https://reproducible-builds.or
* Peter Wu [filed a bug report](https://gitlab.kitware.com/cmake/cmake/issues/18413) against the [CMake](https://cmake.org/) build tool to avoid embedding the build directory in an executable's [RPATH](https://en.wikipedia.org/wiki/Rpath).
* Chris Lamb [add support for comparing OCaml files via `ocamlobjinfo`](https://salsa.debian.org/reproducible-builds/diffoscope/commit/bc92ac3) to [diffoscope](https://diffoscope.org/), our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. closing Debian bug #910542. In addition, he added a note on how to [regenerate the `debian/tests/control.in` file](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5574a4e) if it gets out of sync.
* Chris Lamb [add support for comparing OCaml files via `ocamlobjinfo`](https://salsa.debian.org/reproducible-builds/diffoscope/commit/bc92ac3) to [diffoscope](https://diffoscope.org/), our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages closing Debian bug #910542. In addition, he added a note on how to [regenerate the `debian/tests/control.in` file](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5574a4e) if it gets out of sync.
* Bernhard M. Wiedemann added two tests to disorderfs (our [FUSE](https://github.com/libfuse/libfuse)-based filesystem that deliberately introduces non-determinism into filesystems) in order to check for various issues around the [`futimens` and `utimensat`](http://pubs.opengroup.org/onlinepubs/9699919799/functions/futimens.html) syscalls ([1](https://salsa.debian.org/reproducible-builds/disorderfs/commit/326d2cc), [2](https://salsa.debian.org/reproducible-builds/disorderfs/commit/d606f26)). This was also filed as Debian bug [#911281](https://bugs.debian.org/911281)
*[reproducible builds mentioned around 12m00](https://changelog.com/podcast/bonus-sustainoss-2018)
**If you are interested in attending the Reproducible Builds summit in Paris between 11th—13th December please see [our the event page](https://reproducible-builds.org/events/paris2018/).** In the meantime, here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday October 21 and Saturday October 27 2018:
and the discussion initiated by David Wheeler on rb-general.
* Allen "Gunner" Gunn — the facilitator at our summit meetings — discussed the Reproducible Builds [on a recent episode of The Changelog podcast](https://changelog.com/podcast/bonus-sustainoss-2018) at about 12m00s.
* Bernhard M. Wiedemann gave an [update on the openSUSE reproducible builds status](https://lists.opensuse.org/opensuse-factory/2018-10/msg00242.html), including details on remaining issues with 57 important packages.
*[Lisa Neigut](https://basicbitch.software/) wrote a blog post entitled "[Reproducible builds with Bitcoin, Tor and Turtles](https://basicbitch.software/posts/2018-10-25-Reproducible-builds-with-Bitcoin-Tor-and-turtles.html)" referencing the [Turtles](https://github.com/theuni/turtles) project by Cory Fields as well as [Tor](https://www.torproject.org/).
* Bernhard M. Wiedemann posted a status update to the [opensuse-factory mailing list](https://lists.opensuse.org/opensuse-factory/) on the [current state of reproducible builds](https://lists.opensuse.org/opensuse-factory/2018-10/msg00242.html) in [openSUSE](https://www.opensuse.org/).
* Vagrant Cascadian [announced](https://lists.reproducible-builds.org/pipermail/rb-general/2018-October/001227.html) that has bas [begun uploading `.buildinfo` files from the Debian archive](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862073#39) to the experimental [buildinfo.debian.net](https://buildinfo.debian.net/) service.
*David A. Wheeler started a thread on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general) enquiring on the [status of core reproducibility in Debian](https://lists.reproducible-builds.org/pipermail/rb-general/2018-October/001215.html).
*It was [announced](https://twitter.com/SFScon/status/1055071106552475648) that Chris Lamb will be presenting in on Reproducible Builds at the [SFScon](https://www.sfscon.it) conference in Bozen, Italy on [reproducible builds and how they can prevent developers from becoming targets of various attacks](https://www.sfscon.it/talks/you-think-youre-not-a-target-a-tale-of-three-developers/).
* The [CMake](https://cmake.org) build system documented a new [`BUILD_RPATH_USE_ORIGIN`](https://cmake.org/cmake/help/git-master/prop_tgt/BUILD_RPATH_USE_ORIGIN.html) flag that determines whether to use (typically unreproducible) absolute build paths versus relative ones in the [`rpath`](https://en.wikipedia.org/wiki/Rpath) library search path header found in executables on UNIX systems.
* Chris Lamb added a [Salsa ribbon](https://lamby.pages.debian.net/salsa-ribbons/) to the [diffoscope.org](https://diffoscope.org/) website. [[...](https://salsa.debian.org/reproducible-builds/diffoscope-website/commit/114e8ef)]
* Bernhard M. Wiedemann gave an [update on the openSUSE reproducible builds status](https://lists.opensuse.org/opensuse-factory/2018-10/msg00242.html), including details on remaining issues with 57 important packages.
* Jelle van der Waa [held an IRC meeting](https://lists.reproducible-builds.org/pipermail/rb-general/2018-October/001213.html) on 23th of October.
* 44 Debian package reviews were added, 6 were updated and 15 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
* Vagrant Cascadian began [uploading .buildinfo files from the Debian archive](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862073#39) to buildinfo.debian.net to make them publicly available.
*[open-iscsi](https://build.opensuse.org/request/show/644084)(fix date in man-pages)
*[xen](https://build.opensuse.org/request/show/644624)(date+time, random, [tried to upstream](https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg01850.html) the patch to drop .efi PE timestamps, and then try to address it in [binutils](https://sourceware.org/ml/binutils/2018-10/msg00279.html)(use`SOURCE_DATE_EPOCH` for PE timestamp))
* [qt5-qtbase](https://codereview.qt-project.org/243636) — use [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/specs/source-date-epoch/) as the file modification time
* [xen](https://build.opensuse.org/request/show/644624) — date, time, random, [tried to upstream](https://lists.xenproject.org/archives/html/xen-devel/2018-10/msg01850.html) the patch to drop the `.efi` [Portable Executable](https://en.wikipedia.org/wiki/Portable_Executable) (PE) timestamps, and then try to address it in [binutils](https://sourceware.org/ml/binutils/2018-10/msg00279.html) (use `SOURCE_DATE_EPOCH` for PE timestamp)
* Chris Lamb:
*[#911804](https://bugs.debian.org/911804) filed against [wit](https://tracker.debian.org/pkg/wit).
*[#911757](https://bugs.debian.org/911757) filed against [zsh-antigen](https://tracker.debian.org/pkg/zsh-antigen).
diffoscope development
----------------------
[diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week, version `104` was [uploaded to Debian unstable](https://tracker.debian.org/news/998089/accepted-diffoscope-104-source-into-unstable/) by Mattia Rizzolo. It [included contributions already covered in previous weeks](https://salsa.debian.org/reproducible-builds/diffoscope/commits/104) as well as new ones from:
* Chris Lamb:
*[Prevent test failures when running under `stretch-backports` by checking the OCaml version number.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/554c9a2). ( [#911846](https://bugs.debian.org/911846))
*[Add support for comparing PDF metadata using PyPDF2](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4e7ba71). ([#911446](https://bugs.debian.org/911446))
*[Correct "didnt" typo in test utilities](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f5b3a7a).
*[Regenerate `debian/tests/control` with no material changes to "add" a regeneration comment](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f8fc0ba).
* Mattia Rizzolo:
*[Compute the test coverage on GitLab](https://salsa.debian.org/reproducible-builds/diffoscope/commit/65a2cba).
*[Reinstate Build-Depends and Test-Depends for `apktool` as it is now back in Debian "buster"](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f4a93c1).
*[Declare compatibility with Python 3.7 for PyPI metadata](https://salsa.debian.org/reproducible-builds/diffoscope/commit/11ed843).
*[Clean up `.pytest_cache`](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a56a234).
*[Ensure the correct fallback from `procyon` to `javap` also when procyon exists but doesn't return any output](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c8f1ccc)
disorderfs development
----------------------
diffoscope (our [FUSE](https://github.com/libfuse/libfuse)-based filesystem that deliberately introduces non-determinism into filesystems) version `0.5.5-1` was [uploaded to Debian unstable](https://tracker.debian.org/news/997902/accepted-disorderfs-055-1-source-amd64-into-unstable/) by Chris Lamb. It [included contributions already covered in previous weeks](https://salsa.debian.org/reproducible-builds/disorderfs/commits/debian/0.5.5-1) as well as new ones from:
* Bernhard M. Wiedemann:
*[Include and use a `run-parts.sh` for tests](https://salsa.debian.org/reproducible-builds/disorderfs/commit/1e163ac) as this a Debian-specific utility.
* Use [lazy unmount](https://salsa.debian.org/reproducible-builds/disorderfs/commit/6c21d49) and [`-q` for `fusermount`](https://salsa.debian.org/reproducible-builds/disorderfs/commit/863487e) when running the testsuite.
* Chris Lamb:
*[Inform FUSE that we wrap and thus accept the `UTIME_OMIT` (and `UTIME_NOW`) magic values to ensure that `touch -m …` and `touch -a …` work as expected](https://salsa.debian.org/reproducible-builds/disorderfs/commit/e58c31a). ([#911281](https://bugs.debian.org/911281))
*[Failing an "XFail" test should be a failure](https://salsa.debian.org/reproducible-builds/disorderfs/commit/80402ea).
* Add [step-by-step instructions and screenshots](https://reproducible-builds.org/contribute/salsa) on how to signup to our project on [Salsa](https://salsa.debian.org/). [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/56681cf)]
* Migrate the [TimestampsProposal](https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal) page on the Debian Wiki [to our website](https://reproducible-builds.org/specs/source-date-epoch/). [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c2a6e6a)]
*[Update logo to "real" white background, not a colour very close to white](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/802bedf).
* Holger Levsen:
* Update the [Paris 2018 summit page](https://reproducible-builds.org/events/paris2018/) to [improve some language](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/79aba5a) and to add a [add a remark about the schedule](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a82716a).
* Vagrant Cascadian:
* Fix broken `DebianPts` links to use [tracker.debian.org](https://tracker.debian.org/) after an import from the Debian Wiki on the "[Contribute](https://reproducible-builds.org/contribute/) page. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/646f14b).]
* [Note that we longer need a logo; we have one](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/24bb690).
Test framework development
--------------------------
There were a number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](tests.reproducible-builds.org) by Holger Levsen this month, including:
* Notify the `#reprodudicible-builds` IRC channel on "notes" job failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cfe1a303)]
* Fix the [F-Droid](https://f-droid.org/) development package set. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2d0aafcd)]
* Send IRC "notifications" to the `#reproducible-builds` channel. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/34494763)]
* Attempt to fix the `disorderfs` and `reprotests` jobs. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/94c170f1)]
* Ignore [diffoscope](https://diffoscope.org/) jobs in health view as they are already covered in the node health view. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/35681ad2)]
* Correctly calculate the percentage of reproducible packages and images in [OpenWrt](https://openwrt.org/). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f67e6260)]
Chris Lamb also [suppressed some warnings from the cryptsetup initramfs hook](https://salsa.debian.org/qa/jenkins.debian.net/commit/b22a4ea7) which were causing some builds to be marked as "unstable".
---
This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Vagrant Cascadian & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
* {{ packages_stats['added'] }} Debian package reviews were added, {{ packages_stats['updated'] }} were updated and {{ packages_stats['removed'] }} were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). FIXME issue types have been updated: {% for _, xs in issues_yml.items()|sort %}{% for x in xs %}[{{ x['title'] }}](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/{{ x['sha'] }}){% endfor %}{% endfor %}
Packages reviewed and fixed, and bugs filed
-------------------------------------------
...
...
@@ -32,22 +29,11 @@ In addition, build failure bugs were reported by:
{{ project }} version `{{ x['version'] }}` was [uploaded to Debian {{ x['distribution'] }}](https://tracker.debian.org/pkg/{{ project }}?FIXME) by {{ x['signed_by_name'] }}. It [included contributions already covered in previous weeks](https://salsa.debian.org/reproducible-builds/{{ project }}/commits/{% if project != 'diffoscope' %}debian/{% endif %}{{ x['version'] }}) as well as new ones from:
{% endfor %}
{% for x, ys in commits[project].items() %}* {{ x }}:{% for y in ys %}
{% for x, ys in commits[project].items()|sort %}* {{ x }}:{% for y in ys %}
{{ packages_stats['added'] }} Debian package reviews were added, {{ packages_stats['updated'] }} were updated and {{ packages_stats['removed'] }} were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
FIXME issue types have been updated:
{% for _, xs in issues_yml.items()|sort %}{% for x in xs %}
Chris Lamb authoredd08c3d08