[Git][reproducible-builds/reproducible-website][master] 3 commits: 2019-08: Add links etc. for gzip paragraph
Chris Lamb
gitlab at salsa.debian.org
Fri Sep 6 11:32:16 UTC 2019
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
95dfb3b9 by Chris Lamb at 2019-09-06T11:23:45Z
2019-08: Add links etc. for gzip paragraph
- - - - -
bbbdbdb1 by Chris Lamb at 2019-09-06T11:24:01Z
2019-08: Add coreboot image.
- - - - -
5be3e227 by Chris Lamb at 2019-09-06T11:31:42Z
2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.2019-08: Misc cosmetic changes.
- - - - -
2 changed files:
- _reports/2019-08.md
- + images/reports/2019-08/coreboot.png
Changes:
=====================================
_reports/2019-08.md
=====================================
@@ -13,14 +13,14 @@ draft: true
In these monthly reports we outline the most important things that have happened in the world of Reproducible Builds and we have been up to.
-As a quick recap of our project, whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed to end users or systems as precompiled binaries. The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during these compilation processes by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
+As a quick recap of our project, whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed to end users or systems as precompiled binaries. The motivation behind the reproducible builds effort is to ensure zero changes have been introduced during these compilation processes. This is achieved by promising identical results are always generated from a given source thus allowing multiple third-parties to come to a consensus on whether a build was changed or even compromised.
-In this month's report, we will cover:
+In August's month's report, we cover:
* **Media coverage & events** — *Webmin, CCCamp, etc.*
* **Distribution work** — *The first fully-reproducible package sets, openSUSE update, etc*
-* **Upstream news** — *libfaketime updates and ensuring good definitions, etc.*
-* **Software development** — *More work on diffoscope and new variations in our testing framework, etc.*
+* **Upstream news** — *libfaketime updates, gzip, ensuring good definitions, etc.*
+* **Software development** — *More work on diffoscope, new variations in our testing framework, etc.*
* **Misc news** — *From our mailing list, etc.*
* **Getting in touch** — *How to contribute, etc*
@@ -32,15 +32,15 @@ If you are interested in contributing to our project, please visit our [*Contrib
[![]({{ "/images/reports/2019-08/webmin.png#right" | prepend: site.baseurl }})](http://www.webmin.com/)
-A backdoor was found in [Webmin](http://www.webmin.com/exploit.html), the web-based application used by sysadmins to remotely manage Unix-based systems. Whilst more details can be found on [upstream's dedicated exploit page](http://www.webmin.com/exploit.html) it appears that the build toolchain was compromised. Note especially that the exploit "did not show up in any Git diffs" and thus would not have been found via an audit of the source code. The backdoor would allow a remote attacker to execute arbitrary commands with superuser privileges on the machine running Webmin. Once a machine is compromised, an attacker could then use it to launch attacks on other systems managed through Webmin or indeed any other connected system. Techniques such as reproducible builds can help detect exactly these kinds of attacks that can lay dormant for years. ([LWN comments](https://lwn.net/Articles/796951/))
+A backdoor was found in [Webmin](http://www.webmin.com/exploit.html) a popular web-based application used by sysadmins to remotely manage Unix-based systems. Whilst more details can be found on [upstream's dedicated exploit page](http://www.webmin.com/exploit.html), it appears that the build toolchain was compromised. Especially of note is that the exploit "did not show up in any Git diffs" and thus would not have been found via an audit of the source code. The backdoor would allow a remote attacker to execute arbitrary commands with superuser privileges on the machine running Webmin. Once a machine is compromised, an attacker could then use it to launch attacks on other systems managed through Webmin or indeed any other connected system. Techniques such as reproducible builds can help detect exactly these kinds of attacks that can lay dormant for years. ([LWN comments](https://lwn.net/Articles/796951/))
-In a talk titled [*There and Back Again, Reproducibly!*](https://cfp.linuxdev-br.net/2019/talk/VH9CCY/), Holger Levsen and Vagrant Cascadian presented at the 2019 edition of the [Linux Developer Conference](https://linuxdev-br.net/) in São Paulo, Brazil on Reproducible Builds.
+In a talk titled [*There and Back Again, Reproducibly!*](https://cfp.linuxdev-br.net/2019/talk/VH9CCY/) Holger Levsen and Vagrant Cascadian presented at the 2019 edition of the [Linux Developer Conference](https://linuxdev-br.net/) in São Paulo, Brazil on Reproducible Builds.
-[LWN](https://lwn.net) posted and hosted an interesting summary and discussion on [*Hardening the `file` utility for Debian*](https://lwn.net/Articles/796108). In July, Chris Lamb had cross-posted his reply to the "[Re: file(1) now with seccomp support enabled](https://lists.reproducible-builds.org/pipermail/rb-general/2019-July/001612.html) thread that was [originally started on the `debian-devel`](https://lists.debian.org/debian-devel/2019/07/msg00391.html) mailing list - in this post, Chris refers to our `strip-nondeterminism` tool not being able to accommodate the additional security hardening in [`file(1)`](http://darwinsys.com/file/) and the changes made to the tool in order to do fix this issue which was causing a huge number of regressions in [our testing framework](http://tests.reproducible-builds.org/).
+[LWN](https://lwn.net) posted and hosted an interesting summary and discussion on [*Hardening the `file` utility for Debian*](https://lwn.net/Articles/796108). In July, Chris Lamb had cross-posted his reply to the "[Re: file(1) now with seccomp support enabled](https://lists.reproducible-builds.org/pipermail/rb-general/2019-July/001612.html)" thread, [originally started on the `debian-devel`](https://lists.debian.org/debian-devel/2019/07/msg00391.html) mailing list. In this post, Chris refers to our `strip-nondeterminism` tool not being able to accommodate the additional security hardening in [`file(1)`](http://darwinsys.com/file/) and the changes made to the tool in order to do fix this issue which was causing a huge number of regressions in [our testing framework](http://tests.reproducible-builds.org/).
[![]({{ "/images/reports/2019-08/cccamp.png#right" | prepend: site.baseurl }})](https://events.ccc.de/camp/2019/)
-The Chaos Communication Camp — an international, five-day open-air event for hackers that provides a relaxed atmosphere for free exchange of technical, social, and political ideas — [hosted its 2019 edition](https://events.ccc.de/camp/2019/) where there were many discussions and meet-ups at least partly related to Reproducible Builds. This including the titular [Reproducible Builds Meetup](https://events.ccc.de/camp/2019/wiki/Session:Reproducible_Builds_Meetup) session which was attended by around twenty-five people where half of them were new to the project as well as [a session dedicated to all Arch Linux related issues](https://events.ccc.de/camp/2019/wiki/Session:Arch_Linux_Meetup).
+The [Chaos Communication Camp](https://en.wikipedia.org/wiki/Chaos_Communication_Camp) — an international, five-day open-air event for hackers that provides a relaxed atmosphere for free exchange of technical, social, and political ideas — [hosted its 2019 edition](https://events.ccc.de/camp/2019/) where there were many discussions and meet-ups at least partly related to Reproducible Builds. This including the titular [Reproducible Builds Meetup](https://events.ccc.de/camp/2019/wiki/Session:Reproducible_Builds_Meetup) session which was attended by around twenty-five people where half of them were new to the project as well as [a session dedicated to all Arch Linux related issues](https://events.ccc.de/camp/2019/wiki/Session:Arch_Linux_Meetup).
---
@@ -48,15 +48,15 @@ The Chaos Communication Camp — an international, five-day open-air event for h
[![]({{ "/images/reports/2019-08/debian.png#right" | prepend: site.baseurl }})](https://debian.org/)
-In Debian, the first "package sets" — ie. defined subsets of the entire archive — have become 100% reproducible, including as the so-called "essential" set for the [bullseye distribution on the `amd64`](https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_essential.html) and the [`armhf`](https://tests.reproducible-builds.org/debian/bullseye/armhf/pkg_set_essential.html) architectures, thanks to work by Chris Lamb on [`bash`](https://bugs.debian.org/935127), [`readline`](https://bugs.debian.org/935363) and other low-level libraries and tools. Perl still has issues on [`i386`](https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/i386/diffoscope-results/perl.html) and [`arm64`](https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/arm64/diffoscope-results/perl.html), however.
+In Debian, the first "package sets" — ie. defined subsets of the entire archive — have become 100% reproducible including as the so-called "essential" set for the [bullseye distribution on the `amd64`](https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_essential.html) and the [`armhf`](https://tests.reproducible-builds.org/debian/bullseye/armhf/pkg_set_essential.html) architectures. This is thanks to work by Chris Lamb on [`bash`](https://bugs.debian.org/935127), [`readline`](https://bugs.debian.org/935363) and other low-level libraries and tools. Perl still has issues on [`i386`](https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/i386/diffoscope-results/perl.html) and [`arm64`](https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/arm64/diffoscope-results/perl.html), however.
-Dmitry Shachnev [filed a bug report](https://bugs.debian.org/934405) against the `debhelper` utility that speaks to issues around using the date from the `debian/changelog` file as the source for the [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch/) environment variable as this can lead to non-intuitive results when package is automatically rebuilt via so-called binary NMUs (NB. not ["source" NMUs](https://wiki.debian.org/NonMaintainerUpload)). A related issue was [later filed against qtbase5-dev](https://bugs.debian.org/934511) by Helmut Grohne as this exact issue led to an issue with co-installability across architectures.
+Dmitry Shachnev [filed a bug report](https://bugs.debian.org/934405) against the `debhelper` utility that speaks to issues around using the date from the `debian/changelog` file as the source for the [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch/) environment variable as this can lead to non-intuitive results when package is automatically rebuilt via so-called binary (NB. not ["source"](https://wiki.debian.org/NonMaintainerUpload)) NMUs. A related issue was [later filed against `qtbase5-dev`](https://bugs.debian.org/934511) by Helmut Grohne as this exact issue led to an issue with co-installability across architectures.
-Lastly, 115 reviews of Debian packages were added, 45 were updated and 244 were removed this month, appreciably adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Many issue types were updated by Chris Lamb, including [`embeds_build_data_via_node_preamble`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/5d91c741), [`embeds_build_data_via_node_rollup`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e6b686f3), [`captures_build_path_in_beam_cma_cmt_files`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/850df406), [`captures_varying_number_of_build_path_directory_components`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c0c72250), [`timezone_specific_files_due_to_haskell_devscripts`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/a1a65bba), etc.
+Lastly, 115 reviews of Debian packages were added, 45 were updated and 244 were removed this month, appreciably adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Many issue types were updated by Chris Lamb, including [`embeds_build_data_via_node_preamble`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/5d91c741), [`embeds_build_data_via_node_rollup`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e6b686f3), [`captures_build_path_in_beam_cma_cmt_files`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/850df406), [`captures_varying_number_of_build_path_directory_components`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c0c72250) (discussed later), [`timezone_specific_files_due_to_haskell_devscripts`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/a1a65bba), etc.
[![]({{ "/images/reports/2019-08/opensuse.png#right" | prepend: site.baseurl }})](https://www.opensuse.org/)
-Bernhard M. Wiedemann posted his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2019-08/msg00186.html) for the [openSUSE](https://opensuse.org/) distribution. New issues were found from enabling [Link Time Optimization](https://gcc.gnu.org/wiki/LinkTimeOptimization) (LTO) in this distribution's "[Tumbleweed](https://software.opensuse.org/distributions/tumbleweed)" branch. This affected, for example, [nvme-cli](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91307) as well as [`perl-XML-Parser` and `pcc`](https://bugzilla.opensuse.org/show_bug.cgi?id=1146634) with packaging issues.
+Bernhard M. Wiedemann posted his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2019-08/msg00186.html) for the [openSUSE](https://opensuse.org/) distribution. New issues were found from enabling [Link Time Optimization](https://gcc.gnu.org/wiki/LinkTimeOptimization) (LTO) in this distribution's [*Tumbleweed*](https://software.opensuse.org/distributions/tumbleweed) branch. This affected, for example, [`nvme-cli`](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91307) as well as [`perl-XML-Parser` and `pcc`](https://bugzilla.opensuse.org/show_bug.cgi?id=1146634) with packaging issues.
---
@@ -64,7 +64,9 @@ Bernhard M. Wiedemann posted his [monthly Reproducible Builds status update](htt
* [`libfaketime`](https://github.com/wolfcw/libfaketime) is a tool to trick programs into believing that the current system time is actually one specified by the user. This month, Bernhard M. Wiedemann requested [the ability to track and intercept calls that change file timestamps](https://github.com/wolfcw/libfaketime/issues/183) which can help better debug or fix reproducibility issues in software.
-* Chris Lamb requested that the [molior build tool](https://github.com/molior-dbs/molior) prefers to [use the term "repeatable build"](https://github.com/molior-dbs/molior/issues/3) in order to avoid confusion over the term "reproducible."
+* Chris Lamb requested that the ["molior" build tool](https://github.com/molior-dbs/molior) prefers to [use the term "repeatable build"](https://github.com/molior-dbs/molior/issues/3) in order to avoid confusion over the term "reproducible."
+
+* The "[gzip](https://www.gzip.org/)" program is commonly used to compress artifacts such as the [the source code archives generated by Sourcehut](https://todo.sr.ht/~sircmpwn/git.sr.ht/232) hosting platform, but depending on the specific program used, the output may be different. Daniel Edgecumbe [has submitted patches](http://lists.busybox.net/pipermail/busybox/2019-September/087438.html) to the [BusyBox](https://busybox.net/) suite of tools to ensure the output of its version of `gzip` matches the output of [GNU gzip](https://www.gnu.org/software/gzip/) when using the same options regardless of the configuration of BusyBox. In the process, an [off-by-one error](https://en.wikipedia.org/wiki/Off-by-one_error) in the default settings was also fixed.
* There was more progress on ensuring that the [`gem` tool in rubygems respects](https://github.com/rubygems/rubygems/issues/2290#issuecomment-522206365) the [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch/) environment variable.
@@ -72,31 +74,29 @@ Bernhard M. Wiedemann posted his [monthly Reproducible Builds status update](htt
* A [request to include `.buildinfo` files](https://github.com/openwrt/openwrt/pull/2121) in the [OpenWRT](https://openwrt.org/) operating system that targets embedded devices such as routes, etc. was accepted and merged upstream.
-* The gzip program is commonly used to compress artifacts [including source code archives](https://todo.sr.ht/~sircmpwn/git.sr.ht/232), but depending on the gzip program used the output might be different. Daniel Edgecumbe [submitted patches](http://lists.busybox.net/pipermail/busybox/2019-September/087438.html) to the busybox suite to ensure the output of busybox gzip matches the output of GNU gzip when using the same options, regardless of the busybox configuration. In the process, an off-by-one error in the default settings was fixed.
-
---
## Software development
#### Upstream patches
-The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. In August we wrote a large number of such patches, including:
* Bernhard M. Wiedemann:
- * [buildad](https://github.com/containers/buildah/pull/1805) (date)
- * [dracut](https://github.com/dracutdevs/dracut/issues/617) (CPU influences build result)
- * [fwupd](https://bugzilla.opensuse.org/show_bug.cgi?id=1143905) (unreproducible [LTO](https://gcc.gnu.org/wiki/LinkTimeOptimization) data)
- * [gnutls](https://gitlab.com/gnutls/gnutls/merge_requests/1058) (date / copyright year)
- * [katacontainers-image-initrd/osbuilder](https://github.com/kata-containers/osbuilder/pull/340) (shell date; new variant with nanoseconds)
- * [kernel-obs-build](https://lists.opensuse.org/opensuse-kernel/2019-08/msg00001.html) (date from `/etc/shadow`)
- * [kernel-vanilla](https://lists.opensuse.org/opensuse-kernel/2019-08/msg00000.html) (drop number of CPUs)
- * [libfaketime](https://github.com/wolfcw/libfaketime/issues/183) (toolchain: fix various builds under [`libfaketime`](https://github.com/wolfcw/libfaketime))
- * [nethack](https://build.opensuse.org/request/show/722212) (date and [`tar(1)`](https://en.wikipedia.org/wiki/Tar_(computing)))
- * [pcc](https://bugzilla.opensuse.org/show_bug.cgi?id=1146634) (unreproducible when building with [LTO](https://gcc.gnu.org/wiki/LinkTimeOptimization))
- * [python-ipyparallel](https://github.com/ipython/ipyparallel/issues/380) (Fails to build with a single CPU / `-j1`)
- * [python-pytest-httpserver](https://github.com/csernazs/pytest-httpserver/pull/22) (renew SSL certs to fix FTBFS after September 2019)
- * [python-python3-saml](https://github.com/onelogin/python3-saml/pull/156) (Fails to build in 2020)
- * [sblim-cmpi-base](https://build.opensuse.org/request/show/726294) (Disable parallel [`make`](https://en.wikipedia.org/wiki/Make_(software)) due to broken build dependencies)
+ * [`buildad`](https://github.com/containers/buildah/pull/1805) (date)
+ * [`dracut`](https://github.com/dracutdevs/dracut/issues/617) (CPU influences build result)
+ * [`fwupd`](https://bugzilla.opensuse.org/show_bug.cgi?id=1143905) (unreproducible [LTO](https://gcc.gnu.org/wiki/LinkTimeOptimization) data)
+ * [`gnutls`](https://gitlab.com/gnutls/gnutls/merge_requests/1058) (date / copyright year)
+ * [`katacontainers-image-initrd/osbuilder`](https://github.com/kata-containers/osbuilder/pull/340) (shell date; new variant with nanoseconds)
+ * [`kernel-obs-build`](https://lists.opensuse.org/opensuse-kernel/2019-08/msg00001.html) (date from `/etc/shadow`)
+ * [`kernel-vanilla`](https://lists.opensuse.org/opensuse-kernel/2019-08/msg00000.html) (drop number of CPUs)
+ * [`libfaketime`](https://github.com/wolfcw/libfaketime/issues/183) (toolchain: fix various builds under [`libfaketime`](https://github.com/wolfcw/libfaketime))
+ * [`nethack`](https://build.opensuse.org/request/show/722212) (date and [`tar(1)`](https://en.wikipedia.org/wiki/Tar_(computing)))
+ * [`pcc`](https://bugzilla.opensuse.org/show_bug.cgi?id=1146634) (unreproducible when building with [LTO](https://gcc.gnu.org/wiki/LinkTimeOptimization))
+ * [`python-ipyparallel`](https://github.com/ipython/ipyparallel/issues/380) (Fails to build with a single CPU / `-j1`)
+ * [`python-pytest-httpserver`](https://github.com/csernazs/pytest-httpserver/pull/22) (renew SSL certs to fix FTBFS after September 2019)
+ * [`python-python3-saml`](https://github.com/onelogin/python3-saml/pull/156) (Fails to build in 2020)
+ * [`sblim-cmpi-base`](https://build.opensuse.org/request/show/726294) (Disable parallel [`make`](https://en.wikipedia.org/wiki/Make_(software)) due to broken build dependencies)
* Chris Lamb:
* [#872728](https://bugs.debian.org/872728) filed against [`desktop-file-utils`](https://tracker.debian.org/pkg/desktop-file-utils) (closed)
* [#933783](https://bugs.debian.org/933783) filed against [`virulencefinder`](https://tracker.debian.org/pkg/virulencefinder).
@@ -119,13 +119,13 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
* [#936452](https://bugs.debian.org/936452) filed against [`ust-fs-extra`](https://tracker.debian.org/pkg/rust-fs-extra).
* [#936453](https://bugs.debian.org/936453) filed against [`litl`](https://tracker.debian.org/pkg/litl).
* Mathieu Parent:
- * [php-pear](https://github.com/pear/pear-core/pull/96) — Fixes over 150 packages with date issues.
+ * [`php-pear`](https://github.com/pear/pear-core/pull/96) — Fixes over 150 packages with date issues.
#### diffoscope
[![]({{ "/images/reports/2019-08/diffoscope.svg#right" | prepend: site.baseurl }})](https://diffoscope.org)
-[diffoscope](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. It is run countless times a day on [our testing infrastructure](https://tests.reproducible-builds.org/debian/reproducible.html) and is essential for identifying fixes and causes of non-deterministic behaviour.
+[`diffoscope`](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. It is run countless times a day on [our testing infrastructure](https://tests.reproducible-builds.org/debian/reproducible.html) and is essential for identifying fixes and causes of non-deterministic behaviour.
This month, Chris Lamb made the following changes:
@@ -143,7 +143,7 @@ This month, Chris Lamb made the following changes:
* Apply a patch from László Böszörményi to update the `squashfs` test output and additionally bump the required version for the test itself. ([#62](https://salsa.debian.org/reproducible-builds/diffoscope/issues/62) & [#935684](https://bugs.debian.org/935684))
* Add the `wabt` Debian package to the test-dependencies so that we run the [WebAssembly](https://webassembly.org/) tests on our continuous integration platform, etc. [[...](https://salsa.debian.org/reproducible-builds/diffoscope.git/commit/84ad96d)]
* Improve debugging:
- * Add the containing module name to the (eg.) `Using StaticLibFile for ...` debugging messages. [[...](https://salsa.debian.org/reproducible-builds/diffoscope.git/commit/2f101b8)]
+ * Add the containing module name to the (eg.) "`Using StaticLibFile for ...`" debugging messages. [[...](https://salsa.debian.org/reproducible-builds/diffoscope.git/commit/2f101b8)]
* Strip off trailing "`original size modulo 2^32 671`" (etc.) from `gzip` compressed data as this is just a symptom of the contents itself changing that will be reflected elsewhere. ([#61](https://salsa.debian.org/reproducible-builds/diffoscope/issues/61))
* Avoid a lack of space between "`... with return code 1`" and "`Standard output`". [[...](https://salsa.debian.org/reproducible-builds/diffoscope.git/commit/ffa22f8)]
* Improve debugging output when instantantiating our `Comparator` object types. [[...](https://salsa.debian.org/reproducible-builds/diffoscope.git/commit/1647da8)]
@@ -179,7 +179,7 @@ In addition, there was some movement on an issue in the [`Archive::Zip` Perl mod
We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org).
-This month Vagrant Cascadian [suggested and subsequently implemented](https://salsa.debian.org/qa/jenkins.debian.net/commit/94469490) that we additionally test a varying build directory of different string lengths (eg. `/path/to/123` vs `/path/to/123456` but we also vary the number of directory *components* within this, eg. `/path/to/dir` vs. `/path/to/parent/subdir`. Curiously, whilst it was *a prior* believed that was rather unlikely to yield differences, Chris Lamb [has managed to identify approximately twenty packages](https://tests.reproducible-builds.org/debian/issues/unstable/captures_varying_number_of_build_path_directory_components_issue.html) that are affected by this issue.
+This month Vagrant Cascadian [suggested and subsequently implemented](https://salsa.debian.org/qa/jenkins.debian.net/commit/94469490) that we additionally test a varying build directory of different string lengths (eg. `/path/to/123` vs `/path/to/123456` but we also vary the number of directory *components* within this, eg. `/path/to/dir` vs. `/path/to/parent/subdir`. Curiously, whilst it was *a priori* believed that was rather unlikely to yield differences, Chris Lamb [has managed to identify approximately twenty packages](https://tests.reproducible-builds.org/debian/issues/unstable/captures_varying_number_of_build_path_directory_components_issue.html) that are affected by this issue.
[![]({{ "/images/reports/2019-08/coreboot.png#right" | prepend: site.baseurl }})](https://www.coreboot.org/)
@@ -200,8 +200,7 @@ In addition, the following code changes were performed in the last month:
* Vary the choice of kernel on the `amd64` again by using the kernel from [Debian "backports"](https://backports.debian.org/). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b2870778)]
* Drop some ancient Debian `jessie`-related configuration. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/96cbb81e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7e37c5a4)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/87840dae)]
-* Mathieu Parent:
- * Update the contact details for the [Debian PHP Group](https://wiki.debian.org/Teams/DebianPHPGroup). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/03510cdf)]
+* Mathieu Parent: Update the contact details for the [Debian PHP Group](https://wiki.debian.org/Teams/DebianPHPGroup). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/03510cdf)]
* Mattia Rizzolo:
* Update our [Postfix](http://www.postfix.org/) email server configuration. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/61ceaf5d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/8780a849)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3b964081)]
@@ -237,4 +236,4 @@ If you are interested in contributing the Reproducible Builds project, please vi
---
-This month's report was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Mathieu Parent and Vagrant Cascadian. It was subsequently reviewed by a bunch of Reproducible Builds folks on IRC and the mailing list.
+This month's report was written by Bernhard M. Wiedemann, Chris Lamb, Eli Schwartz, Holger Levsen, Jelle van der Waa, Mathieu Parent and Vagrant Cascadian. Wiedemann, Chris Lamb, Holger Levsen, Mathieu Parent and Vagrant Cascadian. It was subsequently reviewed by a bunch of Reproducible Builds folks on IRC and the mailing list.
=====================================
images/reports/2019-08/coreboot.png
=====================================
Binary files /dev/null and b/images/reports/2019-08/coreboot.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/b2ef6e05fb174c685d26e7c25967a6f3a5b48c05...5be3e22758ca86d5e815e2fd64be62d21d727495
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/compare/b2ef6e05fb174c685d26e7c25967a6f3a5b48c05...5be3e22758ca86d5e815e2fd64be62d21d727495
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20190906/cf59a28d/attachment.html>
More information about the rb-commits
mailing list