[Git][reproducible-builds/reproducible-website][master] 2 commits: 197 += https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643

Chris Lamb gitlab at salsa.debian.org
Sun Feb 3 17:52:15 CET 2019


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
3a6b5e84 by Chris Lamb at 2019-02-02T17:38:16Z
197 += https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643

- - - - -
df252ba9 by Chris Lamb at 2019-02-03T16:52:00Z
197: Initial draft.

- - - - -


1 changed file:

- _blog/posts/197.md


Changes:

=====================================
_blog/posts/197.md
=====================================
@@ -3,26 +3,65 @@ layout: new/blog
 week: 197
 ---
 
-* [#920631 debian-installer: Ensure build is reproducible regardless of the user\'s umask(2)](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920631)
+Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday January 27th and Saturday February 2nd 2019:
 
- [Chris Lamb updated the SSL certificate for try.diffoscope.org to ensure validation after the deprecation of TLS-SNI-01 validation in LetsEncrypt. [[...](https://github.com/lamby/try.diffoscope.org/commit/6e0d9c30f4fc740809ab4c1510b4a5b37b8f8f43)]
+* There was yet more progress towards making the [Debian Installer](https://www.debian.org/devel/debian-installer/) images reproducible. Following-on from last week, [Chris Lamb](https://chris-lamb.co.uk/) performed some further testing of the generated images resulting in two patches to ensure that builds were reproducible regardless of both the user's `umask(2)` (filed as [#920631](https://bugs.debian.org/920631)) and even the underlying ordering of files on disk ([#920676](https://bugs.debian.org/920676)). It is hoped these can be merged for the next Debian Installer alpha/beta after the [recent "Alpha 5" release](https://lists.debian.org/debian-devel-announce/2019/02/msg00000.html).
 
-* [Bug#920593 lintian: check for .sass-cache directories](https://bugs.debian.org/920593)
+* Chris Lamb implemented a check in the [Lintian](https://lintian.debian.org/) static analysis tool that performs automated checks against Debian packages in order to add a check for `.sass-cache` directories. As as they contain non-determinstic subdirectories they immediately contribute towards an unreproducible build ([#920593](https://bugs.debian.org/920593)).
+* `disorderfs` is our [FUSE](https://github.com/libfuse/libfuse)-based filesystem that deliberately introduces non-determinism into filesystems for easy and reliable testing. Chris Lamb fixed an issue this week in the handling of the `fsyncdir` system call to ensure `dpkg(1)` can "flush" `/var/lib/dpkg` correctly [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/bd35aeb)].
 
-* [#920676 debian-installer: Ensure build is reproducible regardless of the underlying filesystem ordering](https://bugs.debian.org/920676)
+* Hervé Boutemy made more updates to the [reproducible-builds.org](https://reproducible-builds.org) project website, including documenting `mvn.build-root` [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f773b20)]. In addition, Chris Smith fixed a typo on the [tools]({{ "/tools/" | prepend: site.baseurl }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5a279ff)] and Holger Levsen added a link to Lukas's report to the [recent Paris Summit](https://reproducible-builds.org/events/paris2018/) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ad57305)].
 
-* [splitpatch merged](https://github.com/benjsc/splitpatch/pull/10)
+* `strip-nondeterminism` is our our tool that post-processes files to remove known non-deterministic output) version. This week, Chris Lamb investigated an issue regarding the tool [not mormalising file ownerships in `.epub` files](https://bugs.debian.org/920732) that was originally identified by Holger Levsen, as well as clarified the negative message in test failures [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3f4ba2f)] and performed some code cleanups (eg. [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/a553d34)]).
 
-* [forwarded ansible #920792 https://github.com/ansible/ansible/pull/51419](https://github.com/ansible/ansible/pull/51419)
+* Chris Lamb updated the SSL certificate for [try.diffoscope.org](https://try.diffoscope.org) to ensure validation after the [deprecation of TLS-SNI-01 validation](https://community.letsencrypt.org/t/upcoming-tls-sni-deprecation-in-certbot/76383) in [LetsEncrypt](https://letsencrypt.org/).
 
-* [FIXME](https://bugs.debian.org/920732)
+* Reproducible Builds were present at [FOSDEM 2019](https://fosdem.org/2019/schedule/) handing out t-shirts to contributors. Thank you!
+
+* On Tuesday February 26th Chris Lamb will speak at [Speck&Tech 31 "Open Security"](https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643) on Reproducible Builds in Trento, Italy.
+
+* 6 Debian package reviews were added, 3 were updated and 5 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb unearthed a new toolchain issue [`randomness_in_documentation_underscore_downloads_generated_by_sphinx`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/73748b20), .
 
-* [891194/3dldf forwarded upstream https://savannah.gnu.org/bugs/?55605](https://savannah.gnu.org/bugs/?55605)
 
 ## Packages reviewed and fixed, and bugs filed
 
 * Bernhard M. Wiedemann:
-    * [javapackages-tools](https://github.com/fedora-java/javapackages/pull/66): sort / ASLR
-    * [libfaketime](https://github.com/wolfcw/libfaketime/issues/183): bug, incorrectly faked stat results
-    * [glfw](https://build.opensuse.org/request/show/670533): use `find|sort`, required [a patch to upstream geany](https://github.com/geany/geany/pull/1991)
-    * fix build with new python3.7: [flashfocus](https://build.opensuse.org/request/show/670190), [policycoreutils](https://build.opensuse.org/request/show/670302), [tensorflow](https://build.opensuse.org/request/show/670481)
+    * [flashfocus](https://build.opensuse.org/request/show/670190), [policycoreutils](https://build.opensuse.org/request/show/670302), [tensorflow](https://build.opensuse.org/request/show/670481): Fix build with new Python 3.7.
+    * [glfw](https://build.opensuse.org/request/show/670533): Use `find|sort` [requiring a patch to `geany`](https://github.com/geany/geany/pull/1991).
+    * [javapackages-tools](https://github.com/fedora-java/javapackages/pull/66): sort / [Address space layout randomization (ASLR)](https://en.wikipedia.org/wiki/Address_space_layout_randomization).
+    * [libfaketime](https://github.com/wolfcw/libfaketime/issues/183): Correct bug relating to incorrectly faked stat results.
+
+* Chris Lamb:
+    * [#891194](https://bugs.debian.org/891194) filed against [3dldf](https://tracker.debian.org/3dldf) (now [forwarded upstream](https://savannah.gnu.org/bugs/?55605)).
+    * [#920591](https://bugs.debian.org/920591) filed against [lambda-align2](https://tracker.debian.org/pkg/lambda-align2).
+    * [#920592](https://bugs.debian.org/920592) filed against [roaraudio](https://tracker.debian.org/pkg/roaraudio).
+    * [#920594](https://bugs.debian.org/920594) filed against [papi](https://tracker.debian.org/pkg/papi).
+    * [#920595](https://bugs.debian.org/920595) filed against [ukui-themes](https://tracker.debian.org/pkg/ukui-themes).
+    * [#920792](https://bugs.debian.org/920792) filed against [ansible](https://tracker.debian.org/pkg/ansible) ([forwarded upstream](https://github.com/ansible/ansible/pull/51419)).
+
+## Test framework development
+
+We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Holger Levsen made a large number of improvements including:
+
+* [Arch Linux](https://www.archlinux.org/)-specific changes:
+    * The scheduler is now run every 4h so present stats for this time period. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/50ae9c1e)]
+    * Fix detection of bad builds. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/34e71830)]
+
+* [LEDE](https://en.wikipedia.org/wiki/LEDE)/OpenWrt-specific changes:
+    * Make [OpenSSH](https://www.openssh.com/) usable with a TCP port other than `22`. This is needed for our [OSUOSL](https://osuosl.org/) nodes. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2c70a07f)]
+    * Perform a minor refactoring of the build script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1344438f)]
+
+* [NetBSD](https://www.netbsd.org/)-specific changes:
+    * Add a `~jenkins/.ssh/config` to fix jobs regarding OpenSSH running on non-standard ports. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1399fd01)]
+    * Add a note that `osuosl171` is constantly online. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/288ea56c)]
+
+* Misc/generic changes:
+    * Use same configuration for `df_inode` as for `df` to reduce noise. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/47bb2f76)]
+    * Remove a now-bogus warning; we have its parallel in Git now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5042bb23)]
+    * Define `ControlMaster` and `ControlPath` in our OpenSSH configurations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/787df673)]
+
+In addition, Mattia Rizzolo and Vagrant Cascadian performed maintenance of the build nodes. ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5326d930)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e807cdb)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e55e6fbf)], etc.)
+
+---
+
+This week's edition was written by Bernhard M. Wiedemann, Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/12d3451c9d811f852dd12d062577261ee5c321a0...df252ba9acf109a01d18a530746bef02205ce773

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/12d3451c9d811f852dd12d062577261ee5c321a0...df252ba9acf109a01d18a530746bef02205ce773
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190203/f5cbfb2b/attachment.html>


More information about the rb-commits mailing list