[Git][reproducible-builds/reproducible-website][master] 2 commits: buildinfo.debian.net repository has moved.
Chris Lamb
gitlab at salsa.debian.org
Sun Aug 12 09:59:35 CEST 2018
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
00e2edd2 by Chris Lamb at 2018-08-12T07:44:00Z
buildinfo.debian.net repository has moved.
- - - - -
605ea45c by Chris Lamb at 2018-08-12T07:59:23Z
172: Initial draft.
- - - - -
2 changed files:
- _blog/posts/172.md
- bin/generate-draft
Changes:
=====================================
_blog/posts/172.md
=====================================
--- a/_blog/posts/172.md
+++ b/_blog/posts/172.md
@@ -3,39 +3,78 @@ layout: blog
week: 172
---
- * Holger has renewed and sponsored the reproducible-builds.org domain for the fourth year.
- * New sources of indeterminism about using inode numbers, ctime and certain filesystem-dependent sizes have been documented in [theunreproduciblepackage](https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/filesystem)
+Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday August 5 and Saturday August 11 2018:
-* The briar project wrote about its [effort to make its android app build reproducible](https://blog.grobox.de/2018/building-briar-reproducible-and-why-it-matters/). Apparently, one last issue is around readdir order influencing an .arsc file.
+* Don't forget that a number of Reproducible Builds team were presenting at [DebConf18](https://debconf18.debconf.org/) the annual Debian Developers conference: Benjamin Hof gave a talk titled [Software transparency: package security beyond signatures and reproducible builds](https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/)" and there was also a status update from the team entitled "[Reproducible Buster and beyond](https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/)". These, and many more talks, are available [Resources](https://reproducible-builds.org/resources/) section of our website.
-* The prototype fund [noted in a tweet how two of its supported projects overlap](https://twitter.com/prototypefund/status/1027088342071029761)
+* The [Prototype Fund](https://prototypefund.de/) noted in a Tweet how [two of its newly-supported projects complement each other](https://twitter.com/prototypefund/status/1027088342071029761), one of them being the Reproducible Builds and the other being the [Briar Project](https://briarproject.org/), a secure messaging platform intended to "create safe spaces to debate any topic, plan events, and organise social movements."
-Upstream work
--------------
+* Levente Polyak's proposal to [make rubygems set `SOURCE_DATE_EPOCH` by default to make all gems reproducible](https://github.com/rubygems/rubygems/issues/2290) was re-opened after it was previously closed as "wontfix".
+
+* [Mes](https://gitlab.com/janneke/mes), a Scheme-based compiler for our "sister" [bootstrappable builds](http://bootstrappable.org) effort, [announced their 0.17 release](https://lists.reproducible-builds.org/pipermail/rb-general/2018-August/001106.html).
+
+* The [Briar Project](https://briarproject.org/) wrote about their [effort to make their Android app build reproducibly](https://blog.grobox.de/2018/building-briar-reproducible-and-why-it-matters/); their one remaining issue regards `readdir` order influencing an `.arsc` file.
+
+* Ryan Scott [fixed the `--extra-build` flag](https://salsa.debian.org/reproducible-builds/reprotest/commit/65960de) in `reprotest`, our "end-user" tool to build arbitrary software and check it for reproducibility.
+
+* Vagrant Cascadian [opened a wishlist request](https://github.com/lamby/buildinfo.debian.net/issues/49) against [buildinfo.debian.net](https://buildinfo.debian.net/) (our experiment into how to process, store and distribute `.buildinfo` files after the Debian package management tools have generated them) to try and find a solution to checking matches against the actual Debian archive.
+
+* There were a number of changes to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org/), including Chris Lamb submitting a merge request to [ensure that we print "0" (and not an empty) string when a division denominator is zero](https://salsa.debian.org/qa/jenkins.debian.net/merge_requests/9) and Mattia Rizzolo [modifying Jekyll to run in incremental mode](https://salsa.debian.org/qa/jenkins.debian.net/commit/5b2360df) to improve the caching of [our website](https://reproducible-builds.org/).
+
+* On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general), Arnout Engelen started two discussions around [comparing the Debian and Archlinux approaches to `.buildinfo` files](https://lists.reproducible-builds.org/pipermail/rb-general/2018-August/001105.html) which came from a [previous discussion about filename conventions](https://lists.reproducible-builds.org/pipermail/rb-general/2018-August/001103.html).
+
+* New sources of non-determinism regarding [inode numbers](https://en.wikipedia.org/wiki/Inode), `ctime` and certain filesystem-dependent sizes have been added to Bernhard Wiedemann's [theunreproduciblepackage](https://github.com/bmwiedemann/theunreproduciblepackage).
+
+* 14 package reviews were added, 10 were updated and 16 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+* Holger renewed the [reproducible-builds.org](https://reproducible-builds.org) domain name for the fourth year and Chris Lamb added the recent [DebConf18](https://debconf18.debconf.org/) presentations with metadata to our website's [Resources](https://reproducible-builds.org/resources/) page [(commit)](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/608b904).
+
+
+Packages reviewed and fixed, and bugs filed
+-------------------------------------------
* Toolchain patches:
- * GNU make merged [a patch to have sorted globs again](https://savannah.gnu.org/bugs/?52076) which helps to make many packages more reproducible
- * util-linux [now makes it easier to disable ASLR](https://github.com/karelzak/util-linux/issues/668) with `setarch -R $PROGRAM`
+ * The [GNU make](https://www.gnu.org/software/make/) project [merged a patch to have sorted globs again](https://savannah.gnu.org/bugs/?52076), helping to make many packages more reproducible.
+ * util-linux [made it easier to disable ASLR](https://github.com/karelzak/util-linux/issues/668) with `setarch -R $PROGRAM`.
* In addition, Bernhard M. Wiedemann worked on:
* [gcompris](https://build.opensuse.org/request/show/627391) (date)
- * [splint](https://build.opensuse.org/request/show/627757) (username+uname -a)
- * [libheimdal](https://build.opensuse.org/request/show/627941) (hostname+date)
+ * [splint](https://build.opensuse.org/request/show/627757) (username, `uname -a`)
+ * [libheimdal](https://build.opensuse.org/request/show/627941) (hostname, date)
* [docker](https://build.opensuse.org/request/show/628476) (date)
- * [syncthing](https://build.opensuse.org/request/show/628525) ([date](https://github.com/syncthing/syncthing/commit/c51365c634c9687009778caf097ba059b88f8805) via version update to 0.14.49)
+ * [syncthing](https://build.opensuse.org/request/show/628525) ([date](https://github.com/syncthing/syncthing/commit/c51365c634c9687009778caf097ba059b88f8805) via a version update to `0.14.49`)
* [gromacs](https://gerrit.gromacs.org/8156) (CPU-detection, host, user)
- * [fwnn](https://osdn.net/projects/freewnn/ticket/38482) (orphaned, fix hostname,date,inode,random)
+ * [fwnn](https://osdn.net/projects/freewnn/ticket/38482) (orphaned, fix hostname,date, inode, random)
* [gtranslator](https://gitlab.gnome.org/GNOME/gtranslator/merge_requests/3) (merged, date)
* Simon Schicker:
* [systemtap](https://build.opensuse.org/request/show/627384) ([drop date](https://sourceware.org/ml/systemtap/2017-q4/msg00166.html) via version update)
* cleaned up [reproducibleopensuse scripts](https://github.com/bmwiedemann/reproducibleopensuse/pull/1)
- * fixed a bashism in [theunreproduciblepackage](https://github.com/bmwiedemann/theunreproduciblepackage/pull/5)
+ * fixed a Bashism in [theunreproduciblepackage](https://github.com/bmwiedemann/theunreproduciblepackage/pull/5)
+
+diffoscope development
+----------------------
+
+There were a handful of updates to [diffoscope](https://diffoscope.org), our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages:
+
+* Chris Lamb:
+ * [Don't include the filename in the `llvm-bcanalyzer` output](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1599b01). ([#905598](https://bugs.debian.org/905598))
+
+* Mattia Rizzolo:
+ * [Explicitly add `file` to the dependencies of the autopkgtests to have the tests triggered whenever the `file` package changes](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fc0ae56).
+
+* Ricardo Gaviria:
+ * [Handle error when encrypted archive file is exctracted.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a6beb04). ([#904685](https://bugs.debian.org/904685))
+
+jenkins.debian.net development
+------------------------------
+
-* [reopened reproducible builds proposal: make gem define SOURCE_DATE_EPOCH itself (#2290)](https://github.com/rubygems/rubygems/issues/2290)
+Misc.
+-----
-* [FIXME](https://github.com/lamby/buildinfo.debian.net/issues/49)
+This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
=====================================
bin/generate-draft
=====================================
--- a/bin/generate-draft
+++ b/bin/generate-draft
@@ -19,7 +19,6 @@ PROJECTS = (
'strip-nondeterminism',
'disorderfs',
'reprotest',
- 'buildinfo.debian.net',
'trydiffoscope',
'reproducible-website',
'reproducible-lfs',
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/42c89c06602cd255d77b4a9fd2e74ece03c3fc15...605ea45cb20883196851c043550dea7adcf5be39
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/42c89c06602cd255d77b4a9fd2e74ece03c3fc15...605ea45cb20883196851c043550dea7adcf5be39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20180812/ab2b908d/attachment.html>
More information about the rb-commits
mailing list