[Git][reproducible-builds/reproducible-website][master] 2 commits: 200: Fix reference to diffoscope image.
Chris Lamb
gitlab at salsa.debian.org
Sun Mar 3 11:07:02 CET 2019
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
5ed67480 by Chris Lamb at 2019-03-03T09:40:08Z
200: Fix reference to diffoscope image.
- - - - -
2303cab5 by Chris Lamb at 2019-03-03T10:06:16Z
201: Initial draft.
- - - - -
3 changed files:
- _blog/posts/200.md
- _blog/posts/201.md
- + images/blog/201/diffoscope.svg
Changes:
=====================================
_blog/posts/200.md
=====================================
@@ -24,7 +24,7 @@ Here's what happened in the [Reproducible Builds](https://reproducible-builds.or
## diffoscope development
-[![]({{ "/images/blog/199/diffoscope.svg" | prepend: site.baseurl }})](https://diffoscope.org)
+[![]({{ "/images/blog/200/diffoscope.svg" | prepend: site.baseurl }})](https://diffoscope.org)
[diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages.
=====================================
_blog/posts/201.md
=====================================
@@ -3,28 +3,62 @@ layout: new/blog
week: 201
---
-* [FIXME](https://bugs.debian.org/911356#46)
+Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday February 24 and Saturday March 2 2019:
-* Holger uploaded koji 1.16.2-1, fixing CVE-2018-1002161. Closes: #922922.
+* On Tuesday 26th Chris Lamb spoke at [Speck&Tech 31 "Open Security"](https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643) on Reproducible Builds.
-* Eric Myhre reported about the developer of Dwarf Fortress reporting some "butterfly-effect style" bugs in
-deterministic world generation this week: http://www.bay12games.com/dwarves/#2019-02-21 - Reproducible builds: it's not just for compilers, it's for dwarfs too. And their entire universe...!
+* On [our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/) this week:
+ * Eric Myhre [posted about the developer of Dwarf Fortress reporting](https://lists.reproducible-builds.org/pipermail/rb-general/2019-February/001473.html) some "butterfly-effect style" bugs in deterministic world generation in a post titled [*Reproducible builds: it's not just for compilers, it's for dwarfs too. And their entire universe...!*](http://www.bay12games.com/dwarves/#2019-02-21).
+ * Holger Levsen posted an update after he calculated that [Debian is 54% reproducible in practice](https://lists.reproducible-builds.org/pipermail/rb-general/2019-March/001479.html).
-* Bernhard M. Wiedemann posted his monthly [*Reproducible Builds status update*](https://lists.opensuse.org/opensuse-factory/2019-02/msg00599.html) for the [openSUSE](https://opensuse.org/) distribution. This includes some verification of official builds, where for 81.2% similar (but not bit-identical) build results were produced.
+* Alexander "*lynxis*" Couzens [announced the first release](https://bugs.debian.org/918480#42) of [`squashfskit`](https://github.com/squashfskit/squashfskit), a set of utilities that create and manipulate read-only compressed file systems that was forked from `squashfs-tools`.
-* Vagrant Cascadian updated diffoscope in [GNU Guix](https://www.gnu.org/software/guix/) [[...](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=6dacaa70a0874662cbdabfc6df987cd5a09a518c)].
+* Bernhard M. Wiedemann [posted his monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2019-02/msg00599.html) for the [openSUSE](https://opensuse.org/) distribution. This includes some verification of official builds, where 81.2%-similar (NB. not yet bit-identical build results were achieved.
-* [squashfskit released](https://bugs.debian.org/918480#42)
+* Graham Christensen corrected some broken links on the [reproducible-builds.org](https://reproducible-builds.org) project website. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/43ba1a1)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a691971)]
-* [FIXME](https://github.com/sphinx-doc/sphinx/pull/6028#issuecomment-467885608)
+* Holger uploaded version `1.16.2-1` of [koji](https://pagure.io/koji) — the RPM building and tracking system — to Debian, fixing [CVE-2018-1002161](https://security-tracker.debian.org/tracker/CVE-2018-1002161) to address a SQL injection attack. ([#922922](https://bugs.debian.irg/922922))
-* [FIXME](https://diff.intrinsic.com/)
+* A tool to [compare the differences between between two versions of the same Node "npm" package](https://diff.intrinsic.com/) was released, speaking to the same concerns for code provenance that the Reproducible Builds project has.
+
+* 15 Debian package reviews were added, 3 were updated and 14 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+## diffoscope development
+
+[![]({{ "/images/blog/201/diffoscope.svg" | prepend: site.baseurl }})](https://diffoscope.org)
+
+[diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week:
+
+* Chris Lamb:
+ * Improved the displayed comment when falling back to a binary diff to include the file type. [(#49)](https://salsa.debian.org/reproducible-builds/diffoscope/issues/49)
+ * Tided definition of "no file-specific differences were detected" message suffix. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a671bfb)]
+ * Corrected a "recurse" typo. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d41f09b)]
+
+* Vagrant Cascadian updated diffoscope in [GNU Guix](https://www.gnu.org/software/guix/). [[...](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=6dacaa70a0874662cbdabfc6df987cd5a09a518c)]
## Packages reviewed and fixed, and bugs filed
* Bernhard M. Wiedemann:
* [scons](https://github.com/SCons/scons/pull/3312) (hostname)
* [nfs-ganesha](https://build.opensuse.org/request/show/679666) (hostname)
- * [eigen3](https://build.opensuse.org/request/show/679669) (drop latex .log ; [partially submitted upstream](https://bitbucket.org/eigen/eigen/pull-requests/598/do-not-keep-latex-logs/diff))
+ * [eigen3](https://build.opensuse.org/request/show/679669) (drop LaTeX `.log`, [partially submitted upstream](https://bitbucket.org/eigen/eigen/pull-requests/598/do-not-keep-latex-logs/diff))
+
+* Chris Lamb:
+ * [#923169](https://bugs.debian.org/923169) filed against [node-lunr](https://tracker.debian.org/pkg/node-lunr).
+ * [#923170](https://bugs.debian.org/923170) filed against [heudiconv](https://tracker.debian.org/pkg/heudiconv).
+
+In additiom, one of Chris Lamb's previous patches for the [Sphinx](https://sphinx-doc.org) documentation system [was merged upstream](https://github.com/sphinx-doc/sphinx/pull/6028#issuecomment-467885608).and he [updated his branch against](https://github.com/shadow-maint/shadow/pull/146#issuecomment-468750829) the `shadow` password utility.
+
+## Test framework development
+
+We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Holger Levsen made the following improvements:
+
+* Improve the output of the Debian reproducible "SHA1" chcker [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5a50d32f)], also including stats for non-reproducible binNMUs, `arch:all` and `arch:amd64` packages [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/151b4f00)].
+* Deal with zero results in the SHA1 checker. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/38bf9944)]
+* Node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/efbe90df)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2d0205d5)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b700d342)]
+
+In addition, Mattia Rizzolo performed some `armhf` node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/50f250b9)]
+
+---
-* [FIXME](https://github.com/shadow-maint/shadow/pull/146#issuecomment-468750829)
+This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Vagrant Cascadian & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.
=====================================
images/blog/201/diffoscope.svg
=====================================
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ version="1.1"
+ width="128"
+ height="128"
+ id="svg2">
+ <defs
+ id="defs4" />
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ transform="matrix(1.0692573,0,0,1.0692573,-328.34726,-503.5515)"
+ id="layer1">
+ <g
+ id="g5409">
+ <g
+ transform="translate(5.418238,0)"
+ id="g5386">
+ <rect
+ width="90.304001"
+ height="50.999996"
+ x="316.36414"
+ y="472.80621"
+ id="rect4667-3"
+ style="fill:none;stroke:none" />
+ <g
+ id="text4673-8"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 316.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5371"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 348.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5373"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 380.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5375"
+ style="fill:#c00000;fill-opacity:1" />
+ </g>
+ <g
+ id="text5366"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 327.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5378" />
+ <path
+ d="m 359.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5380" />
+ <path
+ d="m 391.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5382" />
+ </g>
+ </g>
+ <use
+ id="use5399"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.8,0,0,0.8,82.417275,133.65028)"
+ id="use5401"
+ style="opacity:0.85"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.6,0,0,0.6,164.83455,260.05454)"
+ id="use5403"
+ style="opacity:0.7"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.4,0,0,0.4,247.25182,379.25208)"
+ id="use5405"
+ style="opacity:0.55"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ </g>
+ </g>
+</svg>
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/fe510fdb5b88e3e83faa82bf53d704988e2beb95...2303cab59ff7c08b81d688a43bd14261ea02ff12
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/fe510fdb5b88e3e83faa82bf53d704988e2beb95...2303cab59ff7c08b81d688a43bd14261ea02ff12
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190303/8a00c781/attachment.html>
More information about the rb-commits
mailing list