[Git][reproducible-builds/reproducible-website][master] 2020-07: Actual initial draft.
Chris Lamb
gitlab at salsa.debian.org
Thu Aug 6 14:51:43 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
e42cbafc by Chris Lamb at 2020-08-06T15:51:05+01:00
2020-07: Actual initial draft.
- - - - -
12 changed files:
- _reports/2020-07.md
- + images/reports/2020-07/archlinux.png
- + images/reports/2020-07/debconf20.png
- + images/reports/2020-07/debian.png
- + images/reports/2020-07/diffoscope.svg
- + images/reports/2020-07/libsodium.png
- + images/reports/2020-07/openorienteering-mapper.png
- + images/reports/2020-07/opensuse.png
- + images/reports/2020-07/reproducible-builds.png
- + images/reports/2020-07/strip-nondeterminism.png
- + images/reports/2020-07/testframework.png
- + images/reports/2020-07/website.png
Changes:
=====================================
_reports/2020-07.md
=====================================
@@ -6,364 +6,231 @@ title: "Reproducible Builds in July 2020"
draft: true
---
-**Welcome to the July 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
-{: .lead}
-
[![]({{ "/images/reports/2020-07/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
+**Welcome to the July 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project.**
+{: .lead}
-In these reports we outline the most important things that we have been up to over the past month. As a quick recap, whilst anyone may inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries.
-
-The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
-
-In this month's report, we cover:
-
-* **Media coverage** — *FIXME, etc.*
-* **Upstream news** — *FIXME, etc.*
-* **Distribution work** — *FIXME, etc.*
-* **Software development** — *FIXME, etc.*
-* **Misc news** — *From our mailing list, etc.*
-* **Getting in touch** — *How to contribute, etc*
-
-If you are interested in contributing to the project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
-{: .small}
+In these monthly reports, we round-up the things that we have been up to over the past month. As a quick recap, the motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced from the original source code to he pre-compiled binaries we install on our systems. If you're interested in contributing to the project, [please visit our main website]({{ "/" | relative_url }}).
+## General news
----
+[![]({{ "/images/reports/2020-07/debconf20.png#right" | relative_url }})](https://debconf20.debconf.org/talks/49-reproducing-bullseye-in-practice/)
-# fixme
+At the upcoming [DebConf20](https://debconf20.debconf.org/) conference (now [being held online](https://debconf20.debconf.org/news/2020-06-08-debconf20-moves-online/)), Holger Levsen will present a talk on Thursday 27th August about "[*Reproducing Bullseye in practice*](https://debconf20.debconf.org/talks/49-reproducing-bullseye-in-practice/)" focusing on independently verifying that the binaries distributed from `ftp.debian.org` were made from their claimed sources.
-upstream work:
+Tavis Ormandy published a blog post making the provocative claim that "[*You don't need reproducible builds*](http://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.html)", asserting elsewhere that the many attacks that have been extensively reported in our previous reports are ["fantasy threat models"](https://twitter.com/taviso/status/1288269090075754496). A number of rebuttals were made, including [one from long-time contributor Reproducible Builds contributor Bernhard Wiedemann](https://rb.zq1.de/other/tavis.html).
-* [FIXME](https://github.com/sodiumoxide/sodiumoxide/pull/418#issuecomment-653692194)
+[![]({{ "/images/reports/2020-07/openorienteering-mapper.png#right" | relative_url }})](https://www.openorienteering.org/apps/mapper/)
-* [FIXME](https://github.com/meilisearch/MeiliSearch/issues/837)
+[On our mailing list this month](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/thread.html), Debian Developer Graham Inggs [posted to our list asking for ideas](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001980.html) why the [`openorienteering-mapper`](https://tracker.debian.org/pkg/openorienteering-mapper) Debian package was failing to build on the [Reproducible Builds testing framework](https://tests.reproducible-builds.org). Chris Lamb remarked from the build logs that the package [may be missing a build-dependency](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001984.html), although Graham then used [*diffoscope*](https://diffoscope.org/) to show that the resulting package remains unchanged with or without it. Later, Nico Tyni noticed that the build failure may be due to the relationship between the [`FILE` preprocessor macro and the `-ffile-prefix-map` GCC flag](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001988.html).
-* Vagrant Cascadian:
- * [Regression in u-boot reproducibility for the mx6cuboxi target](https://lists.denx.de/pipermail/u-boot/2020-July/420595.html).
- * [guile-ssh: non-deterministic segfaults in test suite](https://github.com/artyom-poptsov/guile-ssh/issues/22)
+An issue in [Zephyr](https://www.zephyrproject.org/), a small-footprint kernel designed for use on resource-constrained systems, around [`.a` library files not being reproducible](https://github.com/zephyrproject-rtos/zephyr/pull/17494) was closed after it was noticed that a key part of their toolchain was updated [that now calls `--enable-deterministic-archives` by default](https://github.com/zephyrproject-rtos/sdk-ng/issues/81).
-* [FIXME: Paul Spooren sent two versions of a patch for OpenWrt for adding the buildsystem revision to the packages manifest, so that al external feeds can be rebuild and verified.](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030325.html) and [patch 1](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030171.html)
+[![]({{ "/images/reports/2020-07/libsodium.png#right" | relative_url }})](https://doc.libsodium.org/)
-##
-openSUSE work:
+Reproducible Builds developer *kpcryd* commented on an [pull request against the libsodium cryptographic library wrapper for Rust](https://github.com/sodiumoxide/sodiumoxide/pull/418#issuecomment-653692194), arguing against the testing of CPU features at compile-time. He noted that:
-https://lists.opensuse.org/opensuse-factory/2020-07/msg00417.html monthly report
-https://lists.opensuse.org/opensuse-factory/2020-07/msg00388.html 15.2 verification results
+> I've accidentally shipped broken updates to users in the past because the build system was feature-tested and the final binary assumed the instructions would be present without further runtime checks
-https://github.com/openSUSE/build-compare/pull/36 build-compare bug made it report different packages as identical - third such bug demonstrates once again why bit-identical results are the best.
-https://github.com/openSUSE/build-compare/pull/37 fix unit tests
-https://github.com/openSUSE/build-compare/pull/38 reproducible output
+[David Kleuker](davidak.de) also asked a question on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general) about using [`SOURCE_DATE_EPOCH` with the `install(1)` tool](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001991.html) from [GNU coreutils](https://www.gnu.org/software/coreutils/). When comparing two installed packages he noticed that the filesystem 'birth times' differed between them. [Chris Lamb replied](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001995.html) after realising that this was actually an consequence of using an outdated of [*diffoscope*](https://diffoscope.org/) and that a fix has was released in [*diffoscope* version 146](https://diffoscope.org/news/diffoscope-146-released/) released in May 2020.
-## archlinux work:
+Later in July, John Scott posted asking for [clarification regarding on the Javascript files on our website](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001999.html) to add metadata for [LibreJS](https://www.gnu.org/software/librejs/), a browser extension that blocks non-free Javascript scripts. Chris Lamb investigated the issue and realised that we could drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)].
-* Mass rebuild of old [community] packages in an attempt to make them reproducible as building with a previous pacman release could cause file ordering and size calculation issues on btrfs.
-* Implemented a system for packagers to get notifications when their package becomes unreproducible and packagers now have access to a dashboard where they can see their unreproducible packages. [Update mail](https://lists.archlinux.org/pipermail/arch-dev-public/2020-July/030029.html)
+<br>
+## Software development
-## fixme
+#### [diffoscope](https://diffoscope.org)
-* [FIXME](https://github.com/zephyrproject-rtos/zephyr/pull/17494#issuecomment-656780205)
+[*diffoscope*](https://diffoscope.org) is our in-depth and content-aware diff utility that can not only locate and diagnose reproducibility issues, it provides human-readable diffs of all kinds. In July, Chris Lamb made the following changes to *diffoscope*, including releasing versions `150`, `151`, `152`, `153` & `154`:
+* New features:
-* [FIXME](https://bugs.debian.org/962474#60)
+ * Add support for flash-optimised [F2FS](https://en.wikipedia.org/wiki/F2FS) filesystems. ([#207](https://salsa.debian.org/reproducible-builds/diffoscope/issues/207))
+ * Don't require `zipnote(1)` to determine differences in a `.zip` file as we can use `libarchive`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a8c9d69)]
+ * Allow `--profile` as a synonym for `--profile=-`, ie. write profiling data to standard output. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ea8d111)]
+ * Increase the minimum length of the output of `strings(1)` to eight characters to avoid unnecessary diff noise. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/572fc28)]
+ * Drop some legacy argument styles: `--exclude-directory-metadata` and `--no-exclude-directory-metadata` have been replaced with `--exclude-directory-metadata={yes,no}`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/aa4a109)]
-* [FIXME](http://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.html) + [reply](https://twitter.com/bmwiedemann/status/1289193729387974656)
+* Bug fixes:
+ * Pass the absolute path when extracting members from [SquashFS](https://en.wikipedia.org/wiki/SquashFS) images as we run the command with working directory in a temporary directory. ([#189](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d226cf8))
+ * Correct adding a comment when we cannot extract a filesystem due to missing [libguestfs](http://libguestfs.org/) module. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0dada5a)]
+ * Don't crash when listing entries in archives if they don't have a listed size such as hardlinks in ISO images. ([#188](https://salsa.debian.org/reproducible-builds/diffoscope/issues/188))
+* Output improvements:
-## Media coverage
+ * Strip off the file offset prefix from `xxd(1)` and show bytes in groups of 4. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/795f7ca)]
+ * Don't emit `javap not found in path` if it is available in the path but it did not result in an actual difference. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d9ff65b)]
+ * Fix `... not available in path` messages when looking for Java decompilers that used the Python class name instead of the command. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/eb79175)]
-* FIXME
+* Logging improvements:
----
+ * Add a bit more debugging info when launching [libguestfs](http://libguestfs.org/). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/69c0d4b)]
+ * Reduce the `--debug` log noise by truncating the `has_some_content` messages. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a45f01c)]
+ * Fix the `compare_files` log message when the file does not have a literal name. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9dee945)]
-## Upstream news
+* Codebase improvements:
-* FIXME
+ * Rewrite and rename `exit_if_paths_do_not_exist` to not check files multiple times. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4d89836)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d43d580)]
+ * Add an `add_comment` helper method; don't mess with our internal list directly. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d5ed790)]
+ * Replace some simple usages of `str.format` with Python 'f-strings' [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5f41afe)] and make it easier to navigate to the `main.py` entry point [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/aee4f73)].
+ * In the [RData](https://www.r-project.org/) comparator, always explicitly return `None` in the failure case as we return a non-`None` value in the success one. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/cd9e526)]
+ * Tidy some imports [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/065a7e4)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e01f3df)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3641688)] and don't alias a variable when we do not use it. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e349860)]
+ * Clarify the use of a separate `NullChanges` quasi-file to represent missing data in the Debian package comparator [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a76b0f1)] and clarify use of a 'null' diff in order to remember an exit code. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1dbc0d6)]
----
+* Other changes:
-### Distribution work
+ * Profile the launch of [libguestfs](http://libguestfs.org/) filesystems. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7e3bc6d)]
+ * Clarify and correct our contributing info. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4caa2f0)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c359bc8)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c66a7f6)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6437888)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/42afe44)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7b3a34f)]
+Jean-Romain Garnier also made the following changes:
-[![]({{ "/images/reports/2020-07/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+* Allow passing a file with a list of arguments via `diffoscope @args.txt`. ([!62](https://salsa.debian.org/reproducible-builds/diffoscope/merge_requests/-/62))
+* Improve the output of side-by-side diffs by detecting added lines better. ([!64](https://salsa.debian.org/reproducible-builds/diffoscope/commit/65696a9))
+* Remove offsets before instructions in `objdump` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3e72c1c)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/cbcb41e)] and remove raw instructions from [ELF](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) tests [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e9e2904)].
-[![]({{ "/images/reports/2020-07/debian.png#center" | relative_url }})](https://debian.org/)
+### [Website]((https://reproducible-builds.org/))
+[![]({{ "/images/reports/2020-07/website.png#right" | relative_url }})](https://reproducible-builds.org/)
-In Debian:
+On our website this month, Chris Lamb updated the [main Reproducible Builds website and documentation](https://reproducible-builds.org/) to drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)]. He also fixed a number of broken URLs [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/02be515)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bf9e8ee)].
-* 34 reviews of Debian packages were added, 14 were updated and 20 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). FIXME issue types have been updated: [Add patch for nondeterministic\_order\_of\_debhelper\_snippets\_added\_by\_dh\_fortran\_mod toolchain issue](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/b2be46c8), [Add new nondeterministic\_order\_of\_debhelper\_snippets\_added\_by\_dh\_fortran\_mod toolchain issue](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e67f706e), [Add patch for gem2deb\_install\_mkmf\_log toolchain issue](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/008b3d55), [Add new gem2deb\_install\_mkmf\_log toolchain issue](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c5cd0e73),
+Gonzalo Bulnes Guilpain made a large number of grammatical improvements [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/81ee324)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3685ff3)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9aa3796)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9cb4ffa)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/dfdde38)] as well as some misspellings, case and whitespace changes too [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b06b9d1)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1b86b33)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/04e943e)].
-* debrebuild bugs filed:
- * [FIXME: #964722](https://bugs.debian.org/964722)
- * [FIXME: #964733](https://bugs.debian.org/964733)
+Lastly, Holger Levsen updated the `README` file [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c097558)], marked the [Alpine Linux](https://alpinelinux.org/) continuous integration tests as currently disabled [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/70b6ac5)] and linked the [Arch Linux Reproducible Status](https://reproducible.archlinux.org/) page from our [projects page]({{ "/who/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3f143dd)].
-* [FIXME](https://bugs.debian.org/964772)
-* [FIXME](https://bugs.debian.org/857454)
+### Other tools
+[![]({{ "/images/reports/2020-07/strip-nondeterminism.png#right" | relative_url }})](https://tracker.debian.org/pkg/strip-nondeterminism)
----
+[*strip-nondeterminism*](https://tracker.debian.org/pkg/strip-nondeterminism) is our tool to remove specific non-deterministic results from a completed build. It is used automatically in most Debian package builds. In July, Chris Lamb ensured that we did not install the internal handler documentation generated from [Perl POD documents](https://perldoc.perl.org/perlpod.html) [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/b9b8428)] and fixed a trivial typo [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3398261)]. Marc Herbert added a `--verbose`-level warning when the [Archive::Cpio](https://metacpan.org/pod/Archive::Cpio) Perl module is missing. ([!6](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/merge_requests/-/6))
-## Software development
+[*reprotest*](https://tracker.debian.org/pkg/reprotest) is our end-user tool to build same source code twice in widely differing environments and then checks the binaries produced by each build for any differences. This month, Vagrant Cascadian made a number of changes to support [diffoscope version 153](https://diffoscope.org/news/diffoscope-153-released/) which had removed the (deprecated) `--exclude-directory-metadata` and `--no-exclude-directory-metadata` command-line arguments, and updated the testing configuration to also test under Python version 3.8 [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/49e1701)].
#### Upstream patches
-The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of these patches, including:
* Bernhard M. Wiedemann:
- * [`yast2-sound`](https://github.com/yast/yast-sound/pull/50) (uname -r)
+
+ * [`afl`](https://github.com/AFLplusplus/AFLplusplus/pull/441) (fix an incorrectly built manual page varied from kernel boot options)
+ * [`brp-check-suse`](https://github.com/openSUSE/brp-check-suse/pull/32) (sorting issue)
+ * [`dnscrypt-proxy`](https://build.opensuse.org/request/show/822151) (sort the output of `find(1)`)
+ * [`graphviz`](https://gitlab.com/graphviz/graphviz/-/merge_requests/1454) (timezone issue, forwarded from Debian)
+ * [`guile-gcrypt`](https://build.opensuse.org/request/show/818886) (parallelism)
+ * [`insighttoolkit`](https://build.opensuse.org/request/show/823615) (prevent CPU detection, [forwarded upstream](https://github.com/InsightSoftwareConsortium/ITK/issues/1939)
+ * [`ipopt`](https://build.opensuse.org/request/show/821088) (parallelism issue and use https://tracker.debian.org/pkg/strip-nondeterminism)
+ * [`jboss-logging-tools`](https://build.opensuse.org/request/show/819312) (date, forwarded upstream)
* [`kismet`](https://github.com/kismetwireless/kismet/pull/282) (date)
- * [`python-PyNaCl`](https://github.com/pyca/pynacl/pull/609) (sort python glob/readdir)
- * [`xfce4-panel-profiles`](https://git.xfce.org/apps/xfce4-panel-profiles/about/) (tar paxheaders, patch sent via email)
- * [`paperjam`](https://mj.ucw.cz/sw/paperjam/) (date patch emailed to author)
- * [`unknown-horizons`](https://github.com/unknown-horizons/unknown-horizons/pull/2943) (filesystem: sort readdir)
- * [`ugrep`](https://github.com/Genivia/ugrep/pull/50) (bug, CPU)
- * [`graphviz`](https://gitlab.com/graphviz/graphviz/-/merge_requests/1454) (timezone, forwarded from Debian)
- * [`afl`](https://github.com/AFLplusplus/AFLplusplus/pull/441) (bug, misbuilt man page varied from kernel boot options)
+ * [`lcov`](https://build.opensuse.org/request/show/822800) (date issue, already upstream)
+ * [`multus`](https://build.opensuse.org/request/show/819311) (date issue, already upstream)
* [`multus`](https://github.com/intel/multus-cni/pull/534) (date)
- report
- * [`apache-sshd`](https://issues.apache.org/jira/browse/SSHD-1026) (report copyright year/date)
- * [`mono`](https://github.com/mono/mono/issues/20172) (report unknown nondeterminism)
-
-* Bernhard M. Wiedemann (opensuse?)
- * [`brp-check-suse`](https://github.com/openSUSE/brp-check-suse/pull/32) (toolchain, sort)
- * [`insighttoolkit`](https://build.opensuse.org/request/show/823615) (CPU-detection ; also [filed upstream](https://github.com/InsightSoftwareConsortium/ITK/issues/1939)
- * [`sac`](https://build.opensuse.org/request/show/822681) (omit ctime from zip)
- * [`lcov`](https://build.opensuse.org/request/show/822800) (date, already upstream)
- * [`ugrep`](https://build.opensuse.org/request/show/818786) (bug, CPU, already upstream)
- * [`guile-gcrypt`](https://build.opensuse.org/request/show/818886) (parallelism)
- * [`unknown-horizons`](https://build.opensuse.org/request/show/818930) (filesystem, already upstream)
+ * [`paperjam`](https://mj.ucw.cz/sw/paperjam/) (date issue, forwarded upstream)
+ * [`pspp`](https://build.opensuse.org/request/show/821090) (scrub `testsuite.log`)
+ * [`python-PyNaCl`](https://github.com/pyca/pynacl/pull/609) (sort Python glob/readdir)
+ * [`python-enaml`](https://build.opensuse.org/request/show/820537) (workaround an open upstream Python issue)
+ * [`sac`](https://build.opensuse.org/request/show/822681) (omit creation time from `.zip` files)
* [`sql-parser`](https://build.opensuse.org/request/show/818989) (sort, already upstream)
- * [`multus`](https://build.opensuse.org/request/show/819311) (date, already upstream)
- * [`jboss-logging-tools`](https://build.opensuse.org/request/show/819312) (date, submitted upstream)
- * [`python-enaml`](https://build.opensuse.org/request/show/820537) (workaround open upstream python issue)
- * [`Ipopt`](https://build.opensuse.org/request/show/821088) (parallelism and use strip-nondeterminism)
- * [`pspp`](https://build.opensuse.org/request/show/821090) (scrub unreproducible testsuite.log)
- * [`dnscrypt-proxy`](https://build.opensuse.org/request/show/822151) (sort find output)
+ * [`ugrep`](https://build.opensuse.org/request/show/818786) (CPU-related issue, already upstream)
+ * [`ugrep`](https://github.com/Genivia/ugrep/pull/50) (CPU-related issue)
+ * [`unknown-horizons`](https://build.opensuse.org/request/show/818930) (filesystem ordering issue, already upstream)
+ * [`unknown-horizons`](https://github.com/unknown-horizons/unknown-horizons/pull/2943) (filesystem ordering issue)
+ * [`xfce4-panel-profiles`](https://git.xfce.org/apps/xfce4-panel-profiles/about/) ([POSIX.1-2001/pax](https://en.wikipedia.org/wiki/Tar_(computing)#POSIX.1-2001/pax) headers)
+ * [`yast2-sound`](https://github.com/yast/yast-sound/pull/50) (uses `uname -r`)
* Chris Lamb:
- * [#964186](https://bugs.debian.org/964186) filed against [`python-peachpy`](https://tracker.debian.org/pkg/python-peachpy) ([forwarded upstream](https://github.com/Maratyszcza/PeachPy/pull/108)).
- * [#964369](https://bugs.debian.org/964369) filed against [`nmap`](https://tracker.debian.org/pkg/nmap).
- * [#964440](https://bugs.debian.org/964440) filed against [`flit`](https://tracker.debian.org/pkg/flit).
- * [#964721](https://bugs.debian.org/964721) filed against [`weather-util`](https://tracker.debian.org/pkg/weather-util).
- * [#964768](https://bugs.debian.org/964768) filed against [`libtpms`](https://tracker.debian.org/pkg/libtpms).
- * [#964772](https://bugs.debian.org/964772) filed against [`gem2deb`](https://tracker.debian.org/pkg/gem2deb).
- * [#964958](https://bugs.debian.org/964958) filed against [`pyerfa`](https://tracker.debian.org/pkg/pyerfa) ([forwarded upstream](https://github.com/liberfa/pyerfa/pull/45)).
- * [#964960](https://bugs.debian.org/964960) filed against [`gmap`](https://tracker.debian.org/pkg/gmap).
- * [#965255](https://bugs.debian.org/965255) filed against [`dh-fortran-mod`](https://tracker.debian.org/pkg/dh-fortran-mod).
- * [#965256](https://bugs.debian.org/965256) filed against [`logilab-common`](https://tracker.debian.org/pkg/logilab-common) ([forwarded upstream](https://www.logilab.org/ticket/10251578)).
- * [#965319](https://bugs.debian.org/965319) filed against [`mrbayes`](https://tracker.debian.org/pkg/mrbayes).
- * [#965361](https://bugs.debian.org/965361) filed against [`python-cooler`](https://tracker.debian.org/pkg/python-cooler).
- * [#965362](https://bugs.debian.org/965362) filed against [`numpydoc`](https://tracker.debian.org/pkg/numpydoc).
- * [#966179](https://bugs.debian.org/966179) filed against [`jskeus`](https://tracker.debian.org/pkg/jskeus).
- * [#966495](https://bugs.debian.org/966495) filed against [`python-pyxs`](https://tracker.debian.org/pkg/python-pyxs).
- * [#966531](https://bugs.debian.org/966531) filed against [`sratom`](https://tracker.debian.org/pkg/sratom).
-
-
-### diffoscope
-
-[![]({{ "/images/reports/2020-07/diffoscope.svg#right" | relative_url }})](https://diffoscope.org)
+ * [`dh-fortran-mod`](https://tracker.debugs.debian.org/[#9652)
+ * [`flit`](https://bugs.debian.org/964440)
+ * [`gem2deb`](https://trabugs.debian.org/[#9647)
+ * [`gmap`](https://bugs.debian.org/[#9649)
+ * [`jskeus`](https://trbugs.debian.org/[#9661)
+ * [`libtpms`](https://trabugs.debian.org/[#9647)
+ * [`logilab-common`](https://tracker.debugs.debian.org/[#9652)
+ * [`mrbayes`](https://trabugs.debian.org/[#9653)
+ * [`nmap`](https://bugs.debian.org/964369)
+ * [`numpydoc`](https://tracbugs.debian.org/[#9653)
+ * [`pyerfa`](https://trbugs.debian.org/[#9649)
+ * [`python-cooler`](https://tracker.dbugs.debian.org/[#9653)
+ * [`python-peachpy`](https://bugs.debian.org/964186) ([forwarded upstream](https://github.com/Maratyszcza/PeachPy/pull/108))
+ * [`python-pyxs`](https://trackerbugs.debian.org/[#9664)
+ * [`sratom`](https://trbugs.debian.org/[#9665)
+ * [`weather-util`](https://tracker.bugs.debian.org/964721)
+
+Vagrant Cascadian also reported two issues, the first regarding a regression in [u-boot](https://www.denx.de/wiki/U-Boot) boot loader reproducibility for a particular target [[...](https://lists.denx.de/pipermail/u-boot/2020-July/420595.html)] and a non-deterministic segmentation fault in the [guile-ssh](https://github.com/artyom-poptsov/guile-ssh) test suite [[...](https://github.com/artyom-poptsov/guile-ssh/issues/22)]. Lastly, Jelle van der Waa filed a bug against the [MeiliSearch](https://www.meilisearch.com/) search API to report that it [embeds the current build date](https://github.com/meilisearch/MeiliSearch/issues/837).
-[diffoscope](https://diffoscope.org/) is our in-depth 'diff-on-steroids' utility which helps us diagnose reproducibility issues in packages. It does not define reproducibility, but rather provides a helpful and human-readable guidance for packages that are not reproducible, rather than relying essentially-useless binary diffs.
-
-
-Elsewhere in our tooling, Chris Lamb made the following changes to [diffoscope](https://diffoscope.org), including preparing and uploading versions `150`, `151`, `152`, `153` & `154` to Debian:
-
-* New features:
-
- * Add support for flash-optimised [F2FS](https://en.wikipedia.org/wiki/F2FS) filesystems. ([#207](https://salsa.debian.org/reproducible-builds/diffoscope/issues/207))
- * Don't require `zipnote(1)` to determine differences in a `.zip` file as we can use `libarchive`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a8c9d69)]
- * Allow `--profile` as a synonym for `--profile=-`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ea8d111)]
- * Increase the minimum length of the output of `strings(1)` to eight characters to avoid unnecessary diff noise. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/572fc28)]
- * Drop some legacy argument styles: `--exclude-directory-metadata` and `--no-exclude-directory-metadata` have been replaced with `--exclude-directory-metadata={yes,no}`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/aa4a109)]
-
-* Bug fixes:
+#### Testing framework
- * Pass the absolute path when extracting members from [SquashFS](https://en.wikipedia.org/wiki/SquashFS) images as we run the command with working directory in a temporary directory. ([#189](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d226cf8))
- * Correct adding a comment when we cannot extract a filesystem due to missing [libguestfs](http://libguestfs.org/) module. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0dada5a)]
- * Don't crash when listing entries in archives if they don't have a listed size such as hardlinks in ISO images. ([#188](https://salsa.debian.org/reproducible-builds/diffoscope/issues/188))
+[![]({{ "/images/reports/2020-07/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
-* Output improvements:
+We operate a large and many-featured [Jenkins](https://jenkins.io/)-based testing framework that powers [`tests.reproducible-builds.org`](https://tests.reproducible-builds.org).
- * Strip off the file offset prefix from `xxd(1)` and show bytes in groups of 4. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/795f7ca)]
- * Don't emit `javap not found in path` if it is available in the path but it did not result in an actual difference. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d9ff65b)]
- * Fix `... not available in path` messages when looking for Java decompilers that used the Python class name instead of the command. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/eb79175)]
+This month, Holger Levsen made the following changes:
-* Logging improvements:
+* [Debian](https://www.debian.org/)-related changes:
- * Add a bit more debugging info when launching [libguestfs](http://libguestfs.org/). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/69c0d4b)]
- * Reduce the `--debug` log noise by truncating the `has_some_content` messages. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a45f01c)]
- * Fix the `compare_files` log message when the file does not have a literal name. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9dee945)]
+ * Tweak the rescheduling of various architecture and suite combinations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/afd0f5cb)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0af6eeb4)]
+ * Fix links for "404" and "not for us" icons. ([#959363](https://bugs.debian.org/959363))
+ * Further work ona rebuilder prototype, for example correctly processing the `sbuild` exit code. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cfa2ba45)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/19ce0560)]
+ * Update the [sudo](https://www.sudo.ws/) configuration file to allow the node health job to work correctly. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/135c33a4)]
+ * Add `php-horde` packages back to the `pkg-php-pear` package set for the *bullseye* distribution. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e9a7296f)]
+ * Update the version of [`debrebuild`](https://salsa.debian.org/debian/devscripts/-/blob/master/scripts/debrebuild.pl). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2a2dd31d)]
-* Codebase improvements:
+* System health check development:
- * Rewrite and rename `exit_if_paths_do_not_exist` to not check files multiple times. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4d89836)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d43d580)]
- * Add an `add_comment` helper method; don't mess with our internal list directly. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d5ed790)]
- * Replace some simple usages of `str.format` with Python 'f-strings' [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5f41afe)] and make it easier to navigate to the `main.py` entry point [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/aee4f73)].
- * In the [RData](https://www.r-project.org/) comparator, always explicitly return `None` in the failure case as we return a non-`None` value in the success one. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/cd9e526)]
- * Tidy some imports [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/065a7e4)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e01f3df)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3641688)] and don't alias a variable when don't end up it and use `_` instead. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e349860)]
- * Clarify the use of a separate `NullChanges` quasi-file to represent missing data in the Debian package comparator [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a76b0f1)] and clarify use of a 'null' diff in order to remember an exit code. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1dbc0d6)]
+ * Add checks for broken SSH [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/967342cb)], `logrotate` [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/37ffd60f)], `pbuilder` [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/700d2775)], NetBSD [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/282b8ee3)], 'unkillable' processes [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/45d7925e)], unresponsive nodes [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/be118a1d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6e01c2d7)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f424acb)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7c504518)], proxy connection failures [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/88987726)], too many installed kernels [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/199ea187)], etc.
+ * Automatically fix some failed [`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) units. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/052153a5)]
+ * Add notes explaining all the issues that hosts are experiencing. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9e5ed290)]
+ * Handle zipped job log files correctly. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ced06afd)]
+ * Separate nodes which have been automatically marked as down [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/283a5697)] and show status icons for jobs with issues [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/612bc046)].
* Misc:
- * Profile the launch of [libguestfs](http://libguestfs.org/) filesystems. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7e3bc6d)]
- * Clarify and correct our contributing info. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4caa2f0)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c359bc8)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c66a7f6)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6437888)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/42afe44)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7b3a34f)]
+ * Disable all [Alpine Linux](https://alpinelinux.org/) jobs until they are — or Alpine is — fixed. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ce107fb3)]
+ * Perform some general upkeep of build nodes hosted by [OSUOSL](https://osuosl.org/). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/798efad2)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5bb9c570)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/d022f52c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2051e9d4)]
+In addition, Mattia Rizzolo updated the `init_node` script to suggest using [sudo](https://www.sudo.ws/) instead of explicit logout and logins [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/99bdf68c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cf70ea0a)] and the usual build node maintenance was performed by Holger Levsen [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/25282617)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/00c41e98)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cbf6c3a8)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/493a94c3)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b0823de3)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6cf7a07b)], Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/87cb7391)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/308d3cab)] and Vagrant Cascadian [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89b77776)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e100a5e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f2171a0d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0fd99b71)].
-Also: Jean-Romain Garnier: FIXME
- * Improve output of side-by-side diffs, detecting added lines better. (MR: reproducible-builds/diffoscope!64). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/65696a9)]
- * Rename Difference.from\_command to Difference.from\_operation. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0b278dc)]
- * Make Command subclass of new generic Operation class. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/206ef26)]
- * Allow passing file with list of arguments to ArgumentParser (eg. "diffoscope @args.txt"). (MR: reproducible-builds/diffoscope!62). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/b2799af)]
- * Remove offsets before instructions in objdump. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3e72c1c)]
- * Remove raw instructions from ELF tests. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e9e2904)]
- * Add --no-show-raw-insn to objdump commands. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/cbcb41e)]
+<br>
+### Distribution work
+#### [Debian](https://debian.org/)
-#### diffoscope-website
+[![]({{ "/images/reports/2020-07/debian.png#right" | relative_url }})](https://debian.org/)
-Chris Lamb also updated the [main Reproducible Builds website and documentation](https://reproducible-builds.org/) to drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)] and fixed a number of broken URLs [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/02be515)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bf9e8ee)].
+In June 2020, Timo Röhling filed a [wishlist bug against the `debhelper` build tool](https://bugs.debian.org/962474) impacting the reproducibility status of hundreds of packages that use the [CMake build system](https://cmake.org/). This month however, Niels Thykier uploaded `debhelper` version 13.2 that passes the `-DCMAKE_SKIP_RPATH=ON` and `-DBUILD_RPATH_USE_ORIGIN=ON` arguments to CMake when using the (currently-experimental) Debhelper compatibility level 14.
-also
+According to Niels, this change:
-* Gonzalo Bulnes Guilpain:
- * Fix minor grammar issue, reword sentence. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/81ee324)]
- * Reword example for clarity. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3685ff3)]
- * Reword sentence for clarity. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9aa3796)]
- * Reword sentence for clarity. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9cb4ffa)]
- * Fix dangling pronoun. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/dfdde38)]
- * Fix product name case. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b06b9d1)]
- * Remove trailing whitespaces. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1b86b33)]
- * Fix misspellings. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/04e943e)]
-* Holger Levsen:
- * README: update requirements for running this side on buster. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c097558)]
- * mark Alpine citests as disabled. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/70b6ac5)]
- * link reproducible.archlinux.org from /who#archlinux. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3f143dd)]
+> ... should fix some reproducibility issues, but may cause breakage if packages run binaries directly from the build directory.
-#### Other tools
+34 reviews of Debian packages were added, 14 were updated and 20 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb added and categorised the `nondeterministic_order_of_debhelper_snippets_added_by_dh_fortran_mod` [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e67f706e)] and `gem2deb_install_mkmf_log` [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c5cd0e73)] toolchain issues.
-[*strip-nondeterminism*](https://tracker.debian.org/pkg/strip-nondeterminism) is our tool to remove specific non-deterministic results from a completed build. This month, Marc Herbert added a `--verbose`-level statement when the [`Archive::Cpio`](https://metacpan.org/pod/Archive::Cpio) Perl module was missing [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/-/merge_requests/6)] and Chris Lamb ensured that we did not install the internal handler documentation generated from [Perl POD documents](https://perldoc.perl.org/perlpod.html) [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/b9b8428)] and fixed a trivial typo [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3398261)].
+Lastly, Holger Levsen filed two more wishlist bugs against the [`debrebuild`](https://salsa.debian.org/debian/devscripts/-/blob/master/scripts/debrebuild.pl) Debian package rebuilder tool [[...](https://bugs.debian.org/964722)][[...](https://bugs.debian.org/964733)].
-[*reprotest*](https://tracker.debian.org/pkg/reprotest) is our end-user tool to build same source code twice in widely different environments and then checks the binaries produced by each build for any differences. In July, Vagrant Cascadian updated the default arguments passed to [diffoscope](https://diffoscope.org) to support [*diffoscope* versions greater than 153](https://diffoscope.org/news/diffoscope-153-released/) ([#966256](https://bugs.debian.org/966256)) and updated the versioned dependencies to match [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/c23fc5a)].
+#### [openSUSE](https://www.opensuse.org/)
-#### Testing framework
+[![]({{ "/images/reports/2020-07/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
-[![]({{ "/images/reports/2020-05/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2020-07/msg00417.html).
-We operate a large and many-featured [Jenkins](https://jenkins.io/)-based testing framework that powers [`tests.reproducible-builds.org`](https://tests.reproducible-builds.org). Amongst many other tasks, this tracks the status of our reproducibility efforts across many distributions as well as identifies any regressions that have been introduced. This month, Holger Levsen made the following changes:
+Bernhard also published the [results of performing 12,235 verification builds](https://lists.opensuse.org/opensuse-factory/2020-07/msg00388.html) of packages from openSUSE Leap version 15.2 and, as a result, created three pull requests against the openSUSE [Build Result Compare Script](https://build.opensuse.org/package/show/openSUSE:Tools/build-compare) [[...](https://github.com/openSUSE/build-compare/pull/36)][[...](https://github.com/openSUSE/build-compare/pull/37)][[...](https://github.com/openSUSE/build-compare/pull/38)].
-* Alpine-related changes:
+### Other distributions
- * disable all jobs until they are / alpine is fixed. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ce107fb3)]
+[![]({{ "/images/reports/2020-07/archlinux.png#right" | relative_url }})](https://www.archlinux.org/)
-* [Debian](https://www.debian.org/)-related changes:
+In [Arch Linux](https://www.archlinux.org/), there was a mass rebuild of old packages in an attempt to make them reproducible. This was performed because building with a previous release of the [pacman](https://www.archlinux.org/pacman/) package manager caused file ordering and size calculation issues when using the [btrfs](https://en.wikipedia.org/wiki/Btrfs) filesystem.
- * (amd64): reschedule unstable a bit more. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/afd0f5cb)]
- * (amd64/arm64/armhf): reschedule unstable and bullseye (armhf only) a bit more often, buster a bit less. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0af6eeb4)]
- * rebuilder prototype: correctly process sbuild exit code. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cfa2ba45)]
- * rebuilder prototype: mention #964722. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/19ce0560)]
- * sudoers: allow systemctl reset-failed with arguments for node health job. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/135c33a4)]
- * add php-horde packages back to pkg-php-pear pkg set for bullseye. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e9a7296f)]
- * configure static IP addresses for OSUOSL nodes as their dhcp gets confused when switching dates between today and the future. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2051e9d4)]
- * correct number of armhf boards at vagrant's. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9f52d61a)]
- * fix links for 404- and not\_nor\_us-icons. Closes: #959363. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/669046fc)]
- * update to version from src:devscripts.git/scripts/debrebuild.pl (2.20.5 / fixing #964733). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2a2dd31d)]
-
-* reproducible trbo system health check:
-
- * add generic ssh failure notice. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/967342cb)]
- * add notes explaining the issues hosts are experiencing. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9e5ed290)]
- * also notice logrotate failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/37ffd60f)]
- * also notice pbuilder failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/700d2775)]
- * also notice some kinds of netbsd build failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/282b8ee3)]
- * deal with zipped job logfiles, fix logic. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/55277100)]
- * deal with zipped job logfiles. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ced06afd)]
- * detect another causes for job failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/98a4f0a6)]
- * detect failure to delete schroot( session)s. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/485097f5)]
- * detect two more causes for job failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/607716b8)]
- * detect unkillable unwanted processes. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/45d7925e)]
- * do not use links for dealing with logs. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/d61964ea)]
- * don't tread osuosl167 as special anymore. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/505b973c)]
- * fix grammar. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1cd265d4)]
- * ignore more jobs if certain nodes are down. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/be118a1d)]
- * improve language. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a9e0a53b)]
- * improve naming of one identified cause. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7c504518)]
- * improve notices appearance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2ce70499)]
- * include job status icons for relevant jobs with issues. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/612bc046)]
- * more notices about nodes becoming unresponsive. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b2113fdf)]
- * notice nodes becoming unresponsive. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f424acb)]
- * notice proxy connection failures. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/88987726)]
- * notice too many installed kernels too. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/199ea187)]
- * refactor, make some output conditional. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/eb395650)]
- * refactor, renameing. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/82f6632b)]
- * refactoring. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2edf5937)]
- * relax regex to ignore more jobs if node is down. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6e01c2d7)]
- * seperate nodes which have been automatically marked as down. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/283a5697)]
+A system was also implemented for Arch Linux packagers to receive notifications if/when their package becomes unreproducible, and packagers now have access to a dashboard where they can all see all their unreproducible packages ([more info](https://lists.archlinux.org/pipermail/arch-dev-public/2020-July/030029.html)).
-* Misc:
- * install squid on all OSUOSL nodes. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/798efad2)]
- * janitor: only send mails to jelmer. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/48932bc7)]
- * move deploy\_kgb.py to (/srv/jenkins/)bin/. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e67051de)]
- * part 2: switch OSUOSL nodes to use osuosl168 as proxy. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5bb9c570)]
- * reproducible node health check: automatically fix some failed systemd units. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/052153a5)]
- * reproducible node health: add some debugging output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6dd3dfeb)]
- * reproducible node health: make more robust and drop debugging output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/33b1de94)]
- * reproducible node health: more debugging output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2b8f9424)]
- * reproducible node health: more sophisticated cleanup of failed services and units. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/99c771e6)]
- * reproducible: all OSUOSL nodes now use a local http proxy. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/d022f52c)]
- * reproducible: detect odxu4c and opi2b related jobs as zombies (as the nodes were removed, but the jobs were not). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0e8063fd)]
- * reproducible: drop retired nodes here as the jobs are gone now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5bee8a9b)]
- * reproducible: tidying. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a915b30f)]
- * slightly improve wording. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/27d67051)]
- * switch OSUOSL nodes to use osuosl168 as proxy. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1e2601ac)]
-
-In addition, Mattia Rizzolo updated the `init_node` script to use [sudo](https://www.sudo.ws/) instead of explicit logout and log ins, etc. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/99bdf68c)]
- * init\_node: shellcheck. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cf70ea0a)]
-
-
-### build node maintenance
-
-Lastly, the usual build node maintenance was performed by
-
-Holger Levsen
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/25282617)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a32123c5)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cbf6c3a8)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3549875d)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6cf7a07b)]
-
-Mattia Rizzolo
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/87cb7391)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/308d3cab)]
-
-Vagrant Cascadian
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89b77776)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e100a5e)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f2171a0d)]
-[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0fd99b71)]
-
-.
+Paul Spooren sent two versions of a patch for the [OpenWrt](https://openwrt.org/) embedded distribution for adding a 'build system' revision to the 'packages' manifest so that all external feeds can be rebuilt and verified. [[...](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030325.html)][[...](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030171.html)]
<br>
-
----
-
-## Misc news
-
-On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month:
-
-Debian Developer Graham Inggs asked why the [openorienteering-mapper package was failing to build on the Reproducible Builds
-testing infrastructure](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001980.html). There were a number of replies pointing out some curiosities with the build (eg. Chris Lamb spotting a [potentially missing build-dependency](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001984.html)) Although it has not been confirmed yet, Niko Tyni appeared to have diagnosed it as being [due to the use a combination of `__FILE__` and GCC's `-ffile-prefix-map`](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001988.html).
-
-[David Kleuker](https://davidak.de/) asked a question about using [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch/) with the `install(1)` tool that ships with [GNU coreutils](https://www.gnu.org/software/coreutils/) as he was seeing differing file 'birth' times of files. However, Chris Lamb identified that the issue was that [David was using an older version of diffoscope](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001995.html).
-
-In another thread, John Scott asked for help in adding JavaScript metadata for the [reproducible-builds.org](https://reproducible-builds.org/) website for the [LibreJS](https://www.gnu.org/software/librejs/) browser extension, which blocks non-free nontrivial Javascript while allowing JavaScript that is free and/or trivial. Chris Lamb investigated the issue and found that a number of the Javascript files could be simply removed and replaced the minified versions with their corresponding, unminified, versions instead in the source tree [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)].
-
----
+<hr>
If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
=====================================
images/reports/2020-07/archlinux.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/archlinux.png differ
=====================================
images/reports/2020-07/debconf20.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/debconf20.png differ
=====================================
images/reports/2020-07/debian.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/debian.png differ
=====================================
images/reports/2020-07/diffoscope.svg
=====================================
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ version="1.1"
+ width="128"
+ height="128"
+ id="svg2">
+ <defs
+ id="defs4" />
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ transform="matrix(1.0692573,0,0,1.0692573,-328.34726,-503.5515)"
+ id="layer1">
+ <g
+ id="g5409">
+ <g
+ transform="translate(5.418238,0)"
+ id="g5386">
+ <rect
+ width="90.304001"
+ height="50.999996"
+ x="316.36414"
+ y="472.80621"
+ id="rect4667-3"
+ style="fill:none;stroke:none" />
+ <g
+ id="text4673-8"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 316.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5371"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 348.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5373"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 380.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5375"
+ style="fill:#c00000;fill-opacity:1" />
+ </g>
+ <g
+ id="text5366"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 327.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5378" />
+ <path
+ d="m 359.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5380" />
+ <path
+ d="m 391.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5382" />
+ </g>
+ </g>
+ <use
+ id="use5399"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.8,0,0,0.8,82.417275,133.65028)"
+ id="use5401"
+ style="opacity:0.85"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.6,0,0,0.6,164.83455,260.05454)"
+ id="use5403"
+ style="opacity:0.7"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.4,0,0,0.4,247.25182,379.25208)"
+ id="use5405"
+ style="opacity:0.55"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ </g>
+ </g>
+</svg>
=====================================
images/reports/2020-07/libsodium.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/libsodium.png differ
=====================================
images/reports/2020-07/openorienteering-mapper.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/openorienteering-mapper.png differ
=====================================
images/reports/2020-07/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/opensuse.png differ
=====================================
images/reports/2020-07/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/reproducible-builds.png differ
=====================================
images/reports/2020-07/strip-nondeterminism.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/strip-nondeterminism.png differ
=====================================
images/reports/2020-07/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/testframework.png differ
=====================================
images/reports/2020-07/website.png
=====================================
Binary files /dev/null and b/images/reports/2020-07/website.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/e42cbafcdf1dcc85f3dca1942972f99943c0d6cc
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/e42cbafcdf1dcc85f3dca1942972f99943c0d6cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200806/bd2f7399/attachment.htm>
More information about the rb-commits
mailing list