[Git][reproducible-builds/reproducible-website][master] 198: Initial draft.
Chris Lamb
gitlab at salsa.debian.org
Sun Feb 10 12:37:09 CET 2019
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
4af9bbb5 by Chris Lamb at 2019-02-10T11:36:43Z
198: Initial draft.
- - - - -
1 changed file:
- _blog/posts/198.md
Changes:
=====================================
_blog/posts/198.md
=====================================
@@ -3,21 +3,73 @@ layout: new/blog
week: 198
---
-* FSFE raised their voice in the discussion about Huawei and 5G: "To establish trust in critical infrastructure like 5G, it is a crucial precondition that all software code powering those devices is published under a Free and Open Source Software licence" and furthermore points out that in case of binary distribution it is "necessary that there are reproducible builds" - https://fsfe.org/news/2019/news-20190205-01.en.html
+Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday February 3rd and Saturday February 9th 2019:
-* [forwarded 921511 upstream](https://github.com/openstack/python-octaviaclient/pull/1) https://review.openstack.org/635194
+* This year, we intend to participate in [Google Summer of Code](https://summerofcode.withgoogle.com/) 2019. If you are interested in becoming a student or mentor please see [our entry on the wiki page](https://wiki.debian.org/SummerOfCode2019/Projects#SummerOfCode2019.2FProjects.2FReproducibleBuilds.Reproducible_Builds).
-* [921513 forwarded upstream](https://github.com/sphinx-doc/sphinx/pull/6028)
+* In a blog post entitled "[Huawei case demonstrates importance of Free Software for security](https://fsfe.org/news/2019/news-20190205-01.en.html)" the [FSFE](https://fsfe.org) raised their voice in the [recent wider discussions regarding Huawei and 5G](https://www.zdnet.com/article/huawei-will-need-5-years-and-2b-to-resolve-uk-security-concerns-report/):
-* https://wiki.debian.org/SummerOfCode2019/Projects#SummerOfCode2019.2FProjects.2FReproducibleBuilds.Reproducible_Builds
+ > To establish trust in critical infrastructure like 5G, it is a crucial precondition that all software code powering those devices is published under a Free and Open Source Software licence" and furthermore points out that in case of binary distribution it is "necessary that there are reproducible builds.
-* Bernhard M. Wiedemann wrote [a script to export CSV data](https://github.com/bmwiedemann/reproducibleopensuse/blob/master/rbplot.pl) of openSUSE reproducibility stats over time and [graphed it](https://rb.zq1.de/compare.factory/graph.png) using [Debian's graphing tool](https://salsa.debian.org/qa/jenkins.debian.net/blob/master/bin/make_graph.py)
+* Reproducible Builds were present at both [FOSDEM 2019](https://fosdem.org/2019/schedule/) and [CopyLeftConf](https://2019.copyleftconf.org/) handing out t-shirts to contributors. The latter event was run under the auspices of the [Software Freedom Conservnacy](https://sfconservancy.org/) who act as the Reproducible Builds project fiscal sponsor and are a not-for-profit 501(c)(3) charity focused on ethical technology and user freedom. If you like the work of the Conservancy or the Reproducible Builds project, please consider [becoming an official supporter](https://sfconservancy.org/supporter/).
-* [FIXME](https://r13y.com/)
+* [diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week, Chris Lamb adjust the behaviour to not look for adjacent `-dbgsym` Debian package files automatically anymore to align better with users' expectations. The existing behaviour can be re-enabled by specifying the new `--use-dbgsym` flag ([#44](https://salsa.debian.org/reproducible-builds/diffoscope/issues/44) / [#920701](https://bugs.debian.org/920701)).
-* Holger uploaded koji 1.16.1-1 to Debian.
+ Chris then [released and uploaded this as part of version `110`](https://tracker.debian.org/news/1028027/accepted-diffoscope-110-source-all-into-unstable/) but it was then reported that this introduced a regression where we had stopped using the `-dbgsym` packages when comparing `.buildinfo` or `.changes files`. This was subsequently fixed via [issue #46](https://salsa.debian.org/reproducible-builds/diffoscope/issues/46).
+
+* Bernhard M. Wiedemann a wrote [script to export CSV data](https://github.com/bmwiedemann/reproducibleopensuse/blob/master/rbplot.pl) of openSUSE reproducibility stats over time and [graphed it](https://rb.zq1.de/compare.factory/graph.png) using [Debian's graphing tool](https://salsa.debian.org/qa/jenkins.debian.net/blob/master/bin/make_graph.py).
+
+* The [Nix](https://nixos.org/nix) "purely functional package manager" published a new "[r13y.com](https://r13y.com/)" single-page website that documents the current state of reproducibility in that distribution, a possible partner to [isdebianreproducibleyet.com](https://isdebianreproducibleyet.com/).
+
+* On Tuesday February 26th Chris Lamb will speak at [Speck&Tech 31 "Open Security"](https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643) on Reproducible Builds in Trento, Italy.
+
+* Holger uploaded [koji version `1.16.1-1` to Debian](https://tracker.debian.org/news/1028398/accepted-koji-1161-1-source-into-unstable/) in order to package a new upstream version.
+
+* Ten Debian package reviews were added, eleven were updated and nineteen were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Two issue types were updated by Chris Lamb, adding a fix for the [`randomness_in_documentation_underscore_downloads_generated_by_sphinx`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/9e2153f8) toolchain issue and also categorising a new [`randomness_in_documentation_graphviz_generated_by_sphinx`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/41675a8d) toolchain issue.
+
+* Hervé Boutemy made more updates to the [reproducible-builds.org](https://reproducible-builds.org) project website, including specifying the implications of using `-Dline.separator` with respect to UNIX line endings [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3fdaa2f)]. In addition, Holger Levsen added a link to the "[who]({{ "/who/" | prepend: site.baseurl }})" page for the tests page for [NixOS](https://nixos.org/nix/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9093f6c)] and Mykola Nikishov fixed a dead link to [how-to contribute]({{ "/contribute/" | prepend: site.baseurl }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b7ac922)].
## Packages reviewed and fixed, and bugs filed
* Bernhard M. Wiedemann:
- * [gnome-weather](https://build.opensuse.org/request/show/671146) (libdir made a noarch package vary between architectures)
+ * [gnome-weather](https://build.opensuse.org/request/show/671146) (`libdir` made a `noarch` package vary between architectures)
+
+* Chris Lamb:
+ * [#921511](https://bugs.debian.org/921511) filed against [python-octaviaclient](https://tracker.debian.org/pkg/python-octaviaclient) (forwarded upstream [on Github](https://github.com/openstack/python-octaviaclient/pull/1) and [Gerrit](https://review.openstack.org/635194)).
+ * [#921513](https://bugs.debian.org/921513) filed against [sphinx](https://tracker.debian.org/pkg/sphinx) ([forwarded upstream](https://github.com/sphinx-doc/sphinx/pull/6028)).
+
+## Test framework development
+
+We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Holger Levsen made a large number of improvements including:
+
+* [Arch Linux](https://www.archlinux.org/)-specific changes:
+ * Correct information about the hostnames used. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/83eaf481)]
+ * Document that the kernel is not currently varied on rebuilds. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/8d6d94d6)]
+ * Improve IRC messages. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f9791397)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f7019d9a)]
+
+* [Debian](https://www.debian.org/)-specific changes:
+ * Perform a large number of cleanups, updating `FIXME`-documentation to match. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9c099966)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3975ac64)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/25c9960b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ae0b90e5)]
+ * Avoid unnecessary `apt install` calls on every deployment run. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6de8b742)]
+
+* [Fedora](https://getfedora.org/)-specific changes:
+ * Abstract some behaviour to make future testing of other distributions easier. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ebbb8dce)]
+ * Only update `mock` on build nodes. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cd3a475d)]
+ * Correctly note that testing Fedora is disabled currently by turning a `FIXME` into a `TODO`. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/025a59ad)]
+
+* [LEDE](https://en.wikipedia.org/wiki/LEDE)/OpenWrt-specific changes:
+ * Attempt to build all the packages again. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/13e62b27)]
+ * Mark a workaround for an `iw` issue in a better way. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/328dc131)]
+
+* Misc/generic changes:
+ * Clarify where [NetBSD](https://www.netbsd.org/) is actually built. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3cb41677)]
+ * Add jobs to check the version of [diffoscope](https://diffoscope.org/) relative to upstream in many distributions. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2a00fdfd)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/68d43d67)]
+ * Render the artificial date correctly in the [build variation](https://tests.reproducible-builds.org/debian/index_variations.html) tables. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7ea459db)]
+ * Work around a rare and temporary problem when restarting [Munin](http://munin-monitoring.org/). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/8efeaf25)]
+ * Drop code relating to [OpenSSH](https://openssh.org) client ports as this is handled via `~/ssh/config` now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/874a6e23)]
+ * Fix various bits of documentation. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b6b2b020)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/56d78d7a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1193a073)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/052e30fe)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/707c70eb)]
+
+In addition, Mattia Rizzolo updated the configuration for `df_inode` [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6cfb5db5)] and reverted a change to our [pbuilder](https://wiki.debian.org/PbuilderTricks) setup [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/676d63a8)] whilst Bernhard M. Wiedemann ported `make_graph` to using Python 3 [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1ce73fcb)].
+
+---
+
+This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4af9bbb5215e8ba9c5cdc356724bacad91addc7c
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4af9bbb5215e8ba9c5cdc356724bacad91addc7c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190210/eb045a7d/attachment.html>
More information about the rb-commits
mailing list