[Git][reproducible-builds/reproducible-website][master] 6 commits: 184: Add missing "the".

Chris Lamb gitlab at salsa.debian.org
Sun Nov 18 11:20:20 CET 2018


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
e6d79e06 by Chris Lamb at 2018-11-18T10:16:28Z
184: Add missing "the".

- - - - -
d810b323 by Chris Lamb at 2018-11-18T10:16:47Z
185: #913196 is not a reproducible-related bug.

- - - - -
d4cf18bc by Chris Lamb at 2018-11-18T10:17:01Z
185: Tidy this section added in MR.

- - - - -
27bd6f22 by Chris Lamb at 2018-11-18T10:17:09Z
185: Drop extra whitespace.

- - - - -
a469ed8d by Chris Lamb at 2018-11-18T10:18:50Z
185: Correct "braino".

- - - - -
ac9b18a8 by Chris Lamb at 2018-11-18T10:20:11Z
186: Initial draft.

- - - - -


3 changed files:

- _blog/posts/184.md
- _blog/posts/185.md
- _blog/posts/186.md


Changes:

=====================================
_blog/posts/184.md
=====================================
@@ -24,7 +24,7 @@ In the meantime, here's what happened in the [Reproducible Builds](https://repro
 
 * 59 Debian package reviews were added, 7 were updated and 17 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb updated one issue type ([`randomness_in_binaries_generated_by_golang`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/16748a15)) and two were added ([`dc_created_timestamp_in_javadoc`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/4e0e4a81) & [`randomness_in_fonts_created_by_fontcustom`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/f9c5dc1d)).
 
-* Holger Levsen updated our website to add [in-toto](https://in-toto.github.io/) & Google's participation for [upcoming Paris Summit](https://reproducible-builds.org/events/paris2018/). ([1](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9f40e5c) & [2](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a97c843))
+* Holger Levsen updated our website to add [in-toto](https://in-toto.github.io/) & Google's participation for the [upcoming Paris Summit](https://reproducible-builds.org/events/paris2018/). ([1](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9f40e5c) & [2](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a97c843))
 
 * [Molly de Blanc](http://deblanc.net/) forwarded [a call for applications](https://lists.reproducible-builds.org/pipermail/rb-general/2018-November/001247.html) for the [Berkman Klein Center for Internet and Society](https://cyber.harvard.edu/) in Cambridge, Massachusetts class of fellows who do research around the intersection of the internet, society, technology, etc. which may be relevant to anyone speaking, thinking, and writing around the implications of Reproducible Builds.
 


=====================================
_blog/posts/185.md
=====================================
@@ -22,7 +22,7 @@ Here's what happened in the [Reproducible Builds](https://reproducible-builds.or
 
 * [Simon McVittie](http://smcv.pseudorandom.co.uk/) kindly [provided a patch](https://bugs.debian.org/901473#33) to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](tests.reproducible-builds.org) to vary whether we apply the "merged `/usr`" directory scheme between builds. This is where the `/{bin,sbin,lib}/` directories are symbolic links to `/usr/{bin,sbin,lib}/`. It was subsequently merged by Holger Levsen and resulted in some variations in (at least) [quilt](https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/diffoscope-results/quilt.html) and [systemd](https://tests.reproducible-builds.org/debian/rb-pkg/buster/amd64/diffoscope-results/systemd.html).
 
-*  Chris Lamb updated `strip-nondeterminism` (our tool to post-process files to remove known non-deterministic output) to [catch invalid ZIP "local" field lengths](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/e5f5008) β€” we were previously inherently blindly trusting the value supplied in the ZIP file ([#803503](https://bugs.debian.org/803503)). In addition, he applied a patch from Emmanuel Bourg to [update the Javadoc handler to handle OpenJDK 11](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/f745484) ([#913132](https://bugs.debian.org/913132)). He then subsequently uploaded version `0.044-1` [to Debian unstable](https://tracker.debian.org/news/1001570/accepted-strip-nondeterminism-0044-1-source-all-into-unstable/).
+* Chris Lamb updated `strip-nondeterminism` (our tool to post-process files to remove known non-deterministic output) to [catch invalid ZIP "local" field lengths](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/e5f5008) β€” we were previously blindly trusting the value supplied in the ZIP file ([#803503](https://bugs.debian.org/803503)). In addition, he applied a patch from Emmanuel Bourg to [update the Javadoc handler to handle OpenJDK 11](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/f745484) ([#913132](https://bugs.debian.org/913132)). He then subsequently uploaded version `0.044-1` [to Debian unstable](https://tracker.debian.org/news/1001570/accepted-strip-nondeterminism-0044-1-source-all-into-unstable/).
 
 * Agustin Henze announced in a mail to the [`debian-devel` mailing list](https://lists.debian.org/debian-devel/) that [the new Debian CI pipeline](https://lists.debian.org/debian-devel/2018/11/msg00183.html) includes support testing for reproducibility using `reprotest`. These tests are currently available on-demand and need to be set up individually.
 
@@ -51,9 +51,8 @@ Packages reviewed and fixed, and bugs filed
     * [easyconf](https://salsa.debian.org/java-team/easyconf/merge_requests/1) (Ended up being a bug in [strip-nondeterminism](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913132))
     * [commons-daemon](https://salsa.debian.org/java-team/commons-daemon/merge_requests/1) (Ended up being a bug in [strip-nondeterminism](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913132))
 
-* Snahil Singh
-    * [Netmrg bug 913196](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913196) 
-    * [Netmrg bug 913195]( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913195)
+* Snahil Singh:
+    * [#913195](https://bugs.debian.org/913195): Please make netmrg reproducible.
 
 diffoscope development
 ----------------------


=====================================
_blog/posts/186.md
=====================================
@@ -3,25 +3,62 @@ layout: blog
 week: 186
 ---
 
-* [FIXME](http://lists.gnu.org/archive/html/info-mtools/2018-11/msg00004.html)
+Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday November 11 and Saturday November 17 2018:
 
-* [FIXME](https://gitlab.freedesktop.org/xdg/desktop-file-utils/issues/12)
+* Code review for the [LLVM](https://llvm.org/) compiler to [support the `-fmacro-prefix-map` argument](https://reviews.llvm.org/D49466) is underway. Like the `-fdebug-prefix-map` flag, this argument replaces a string prefix for the `FILE` [pre-processor macro](https://en.wikipedia.org/wiki/C_preprocessor).
 
-* Myon mentioned https://reviews.llvm.org/D49466
+* Kyle Rankin, the Chief Security Officer of [Puri.sm](https://puri.sm/posts/protecting-the-digital-supply-chain/) posted a blog post entitled "[Protecting the Digital Supply Chain](https://puri.sm/posts/protecting-the-digital-supply-chain/)" which mentions that with Reproducible Builds you can show that no malicious code was injected somewhere in the software supply chain and it matches the code that can be audited:
 
-* WIP patches for postgresql-hll: [Pass COPT and PROFILE to CXXFLAGS as well](https://www.postgresql.org/message-id/20181113104005.GA32154%40msg.credativ.de)
+    > *Think of it like the combination of a food safety inspector and an independent lab that verifies the nutrition claims on a box of cereal all rolled into one.*
 
-* t.r-b.o:
+* Holger Levsen updated our website to add the [Tor](https://www.torproject.org/) project as participating in our [upcoming Paris Summit](https://reproducible-builds.org/events/paris2018/). In addition, Bernhard M. Wiedemann applied a sitewide change to use consistent capitalisation for [openSUSE](https://www.opensuse.org/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1bd9083)].
 
- * https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_cloud-image.html and https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_cloud-image_build-depends.html are two new package sets we're tracking
- * tests.r-b.o: Holger switched all the profitbricks amd64 and i386 build nodes to only use squid running on pb1 or pb10 now (depending on the pb datacenter they are in). This might have produced some build failures today (which will be automatically retried) but fixed the problems with squid running in the future (or rather, on nodes which sometimes run in the future and sometimes today...), which we have rarely seen. This complements what Holger did a few weeks ago for arm64. (see #909838)
- * Holger noticed and filed #913658: reproducible: broken links on packages pages
+* 38 Debian package reviews were added, 4 were updated and 19 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). The `nondeterminstic_output_in_pkgconfig_files_generated_by_meson` was removed as a fix was applied upstream [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e1cf42dc)], and the note for the `randomness_in_binaries_generated_by_golang` issue was updated. ([1](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/0efa6b16), [2](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/8139ba15))
 
+* Chris Lamb's previously-authored patches for [GNU mtools](https://www.gnu.org/software/mtools/) to ensure the [Debian Installer](https://www.debian.org/devel/debian-installer/) images could become reproducible which were sent upstream last week ([1](http://lists.gnu.org/archive/html/info-mtools/2018-10/msg00003.html) & [2](http://lists.gnu.org/archive/html/info-mtools/2018-10/msg00004.html)) are now available in upstream's [4.0.20 release](http://lists.gnu.org/archive/html/info-mtools/2018-11/msg00004.html).
+
+* [diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week, [Marius Gedminas](https://gedmin.as/) provided a patch to add a `python_requires` field to diffoscope's `setup.py` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8e5e9b8)] and Mattia Rizzolo sorted the list of recommended Python modules in `debian/tests/control` [[...]](https://salsa.debian.org/reproducible-builds/diffoscope/commit/b618777).
+
+* Chris Lamb uploaded `strip-nondeterminism` (our tool to post-process files to remove known non-deterministic output) version `0.45.0-1` [to Debian unstable](https://tracker.debian.org/news/1002630/accepted-strip-nondeterminism-0450-1-source-all-into-unstable/) in order that [catch invalid ZIP "local" field lengths](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/e5f5008) β€” we were previously blindly trusting the value supplied in the ZIP file ([#803503](https://bugs.debian.org/803503)). As part of this upload he moved the utility to the [SemVer](https://semver.org) versioning scheme.
+
+* We have received more than 45 registrations for the upcoming [Reproducible Builds summit in Paris](https://reproducible-builds.org/events/paris2018/) between 11thβ€”13th December 2018 and have now closed registrations. Very much looking forward to seeing you there!
 
-* [FIXME](https://puri.sm/posts/protecting-the-digital-supply-chain/)
 
 Packages reviewed and fixed, and bugs filed
 -------------------------------------------
 
 * Bernhard M. Wiedemann:
-    * [kvirc](https://github.com/kvirc/KVIrc/pull/2411) (uname -r, [also submitted to openSUSE](https://build.opensuse.org/request/show/649892))
+    * [kvirc](https://github.com/kvirc/KVIrc/pull/2411) (`uname -r`), Also submitted to openSUSE ([...](https://build.opensuse.org/request/show/649892))
+
+* Christoph Berg posted some work-in-progress patches for [postgresql-hll](https://github.com/citusdata/postgresql-hll), a [PostgreSQL](https://www.postgresql.org/) extension adding [HyperLogLog data structures](https://en.wikipedia.org/wiki/HyperLogLog) as a native data type to make their build reproducible [to the upstream mailng list](https://www.postgresql.org/message-id/20181113104005.GA32154%40msg.credativ.de).
+
+Test framework development
+--------------------------
+
+There were a large number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](tests.reproducible-builds.org) by Holger Levsen this week, including:
+
+* [Arch Linux](https://www.archlinux.org/)-specific changes:
+
+    * Perform some administration on the package blacklists. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/dbe42fac), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/02f5df90))
+    * Improve the documentation of a multi-line [sed(1)](https://www.gnu.org/software/sed/manual/sed.html) statement. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/243d7312)]
+    * Move to using [sudo(8)](https://www.sudo.ws/) for cleanup tasks. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9a931cf7)]
+
+* [Debian](https://www.debian.org/)-specific changes:
+
+    * Add two new [cloud-image](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_cloud-image.html) and [cloud-iamge_build-depends](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_cloud-image_build-depends.html) package sets.
+    * Perform some node maintenance. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/39ddce21), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/81815405), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/adf8ae17))
+    * Install [munin](http://munin-monitoring.org/) from the "[Backports](https://backports.debian.org/) repositories. ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/093ff284), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/0c013bbf))
+    * Strip archicecture from packages in the [grml](https://grml.org/) package sets. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/bea13e74)]
+
+* Misc/generic changes:
+
+    * Ensure all ProfitBricks (`amd64` and `i386`) nodes in Karlsruhe use `pb1` as a proxy and all nodes in Frankfurt use `pb10`. This might have produced some build failures but fixed issues with [Squid](http://www.squid-cache.org/) running in the future. This complements [previous work for the `arm64` architecture](https://bugs.debian.org/909838).
+    * Filed [#913658](https://bugs.debian.org/913658): ("*Broken links on packages pages*")
+    * Document that the proxy setting for chroot installs are actually correct. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4fa6f14f)]
+
+In addition, Alexander Couzens provided workaround for an OpenWrt build system bug [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4a97c4c0)], Eli Schwartz refactored our [Arch Linux](https://www.archlinux.org/) support [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/539f38b8)] and Mattia Rizzolo performed some node maintenance.
+
+
+---
+
+This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Mattia Rizzolo & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/4f588d07d904c6dd1210a35e8050b9cc2f6114e5...ac9b18a8f55523b2495f3ef7c991943782d6d1e4

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/4f588d07d904c6dd1210a35e8050b9cc2f6114e5...ac9b18a8f55523b2495f3ef7c991943782d6d1e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20181118/7e048c38/attachment.html>


More information about the rb-commits mailing list