[Git][reproducible-builds/reproducible-website][master] 3 commits: Use "View all our monthly reports" over "View all monthly reports".
Chris Lamb
gitlab at salsa.debian.org
Sat Aug 8 15:52:56 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
1d746ba1 by Chris Lamb at 2020-08-08T16:52:24+01:00
Use "View all our monthly reports" over "View all monthly reports".
- - - - -
bdbad73e by Chris Lamb at 2020-08-08T16:52:36+01:00
2020-07: Misc cosmetic changes
- - - - -
427d1ad6 by Chris Lamb at 2020-08-08T16:52:47+01:00
published as https://reproducible-builds.org/reports/2020-07/
- - - - -
2 changed files:
- _layouts/report.html
- _reports/2020-07.md
Changes:
=====================================
_layouts/report.html
=====================================
@@ -4,7 +4,7 @@ layout: default
<h1><a href="{{ page.url }}">{{ page.title }}</a></h1>
-<p>← <a href="{{ "/news/" | relative_url }}">View all monthly reports</a></p>
+<p>← <a href="{{ "/news/" | relative_url }}">View all our monthly reports</a></p>
{% unless page.published %}
<div class="col-12 alert alert-warning" role="alert">
@@ -21,4 +21,4 @@ layout: default
<hr>
-<p>← <a href="{{ "/reports/" | relative_url }}">View all monthly reports</a></p>
+<p>← <a href="{{ "/reports/" | relative_url }}">View all our monthly reports</a></p>
=====================================
_reports/2020-07.md
=====================================
@@ -3,7 +3,8 @@ layout: report
year: "2020"
month: "07"
title: "Reproducible Builds in July 2020"
-draft: true
+draft: false
+published: 2020-08-08 15:52:47
---
[![]({{ "/images/reports/2020-07/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
@@ -11,37 +12,47 @@ draft: true
**Welcome to the July 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project.**
{: .lead}
-In these monthly reports, we round-up the things that we have been up to over the past month. As a quick recap, the motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced from the original source code to the pre-compiled binaries we install on our systems. If you're interested in contributing to the project, [please visit our main website]({{ "/" | relative_url }}).
+In these monthly reports, we round-up the things that we have been up to over the past month. As a brief refresher, the motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced from the original free software source code to the pre-compiled binaries we install on our systems. (If you're interested in contributing to the project, [please visit our main website]({{ "/" | relative_url }}).)
## General news
[![]({{ "/images/reports/2020-07/debconf20.png#right" | relative_url }})](https://debconf20.debconf.org/talks/49-reproducing-bullseye-in-practice/)
-At the upcoming [DebConf20](https://debconf20.debconf.org/) conference (now [being held online](https://debconf20.debconf.org/news/2020-06-08-debconf20-moves-online/)), Holger Levsen will present a talk on Thursday 27th August about "[*Reproducing Bullseye in practice*](https://debconf20.debconf.org/talks/49-reproducing-bullseye-in-practice/)" focusing on independently verifying that the binaries distributed from `ftp.debian.org` were made from their claimed sources.
+At the upcoming [DebConf20](https://debconf20.debconf.org/) conference (now [being held online](https://debconf20.debconf.org/news/2020-06-08-debconf20-moves-online/)), Holger Levsen will present a talk on Thursday 27th August about "[*Reproducing Bullseye in practice*](https://debconf20.debconf.org/talks/49-reproducing-bullseye-in-practice/)", focusing on independently verifying that the binaries distributed from `ftp.debian.org` were made from their claimed sources.
-Tavis Ormandy published a blog post making the provocative claim that "[*You don't need reproducible builds*](http://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.html)", asserting elsewhere that the many attacks that have been extensively reported in our previous reports are ["fantasy threat models"](https://twitter.com/taviso/status/1288269090075754496). A number of rebuttals were made, including [one from long-time contributor Reproducible Builds contributor Bernhard Wiedemann](https://rb.zq1.de/other/tavis.html).
+Tavis Ormandy published a blog post making the provocative claim that "[*You don't need reproducible builds*](http://blog.cmpxchg8b.com/2020/07/you-dont-need-reproducible-builds.html)", asserting elsewhere that the many attacks that have been extensively reported in our previous reports are ["fantasy threat models"](https://twitter.com/taviso/status/1288269090075754496). A number of rebuttals have been made, including [one from long-time contributor Reproducible Builds contributor Bernhard Wiedemann](https://rb.zq1.de/other/tavis.html).
[![]({{ "/images/reports/2020-07/openorienteering-mapper.png#right" | relative_url }})](https://www.openorienteering.org/apps/mapper/)
-[On our mailing list this month](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/thread.html), Debian Developer Graham Inggs [posted to our list asking for ideas](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001980.html) why the [`openorienteering-mapper`](https://tracker.debian.org/pkg/openorienteering-mapper) Debian package was failing to build on the [Reproducible Builds testing framework](https://tests.reproducible-builds.org). Chris Lamb remarked from the build logs that the package [may be missing a build-dependency](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001984.html), although Graham then used [*diffoscope*](https://diffoscope.org/) to show that the resulting package remains unchanged with or without it. Later, Nico Tyni noticed that the build failure may be due to the relationship between the [`FILE` preprocessor macro and the `-ffile-prefix-map` GCC flag](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001988.html).
+On our mailing list this month, Debian Developer Graham Inggs [posted to our list asking for ideas](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001980.html) why the [`openorienteering-mapper`](https://tracker.debian.org/pkg/openorienteering-mapper) Debian package was failing to build on the [Reproducible Builds testing framework](https://tests.reproducible-builds.org). Chris Lamb remarked from the build logs that the package [may be missing a build dependency](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001984.html), although Graham then used our own [*diffoscope*](https://diffoscope.org/) tool to show that the resulting package remains unchanged with or without it. Later, Nico Tyni noticed that the build failure may be due to the relationship between the [`FILE` C preprocessor macro and the `-ffile-prefix-map` GCC flag](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001988.html).
-An issue in [Zephyr](https://www.zephyrproject.org/), a small-footprint kernel designed for use on resource-constrained systems, around [`.a` library files not being reproducible](https://github.com/zephyrproject-rtos/zephyr/pull/17494) was closed after it was noticed that a key part of their toolchain was updated [that now calls `--enable-deterministic-archives` by default](https://github.com/zephyrproject-rtos/sdk-ng/issues/81).
+An issue in [Zephyr](https://www.zephyrproject.org/), a small-footprint kernel designed for use on resource-constrained systems, around [`.a` library files not being reproducible](https://github.com/zephyrproject-rtos/zephyr/pull/17494) was closed after it was noticed that a key part of their toolchain was updated that [now calls `--enable-deterministic-archives` by default](https://github.com/zephyrproject-rtos/sdk-ng/issues/81).
[![]({{ "/images/reports/2020-07/libsodium.png#right" | relative_url }})](https://doc.libsodium.org/)
-Reproducible Builds developer *kpcyrd* commented on a [pull request against the libsodium cryptographic library wrapper for Rust](https://github.com/sodiumoxide/sodiumoxide/pull/418#issuecomment-653692194), arguing against the testing of CPU features at compile-time. He noted that:
+Reproducible Builds developer *kpcyrd* commented on a [pull request against the *libsodium* cryptographic library wrapper for Rust](https://github.com/sodiumoxide/sodiumoxide/pull/418#issuecomment-653692194), arguing against the testing of CPU features at compile-time. He noted that:
> I've accidentally shipped broken updates to users in the past because the build system was feature-tested and the final binary assumed the instructions would be present without further runtime checks
-[David Kleuker](https://davidak.de) also asked a question on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general) about using [`SOURCE_DATE_EPOCH` with the `install(1)` tool](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001991.html) from [GNU coreutils](https://www.gnu.org/software/coreutils/). When comparing two installed packages he noticed that the filesystem 'birth times' differed between them. [Chris Lamb replied](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001995.html) after realising that this was actually a consequence of using an outdated version of [*diffoscope*](https://diffoscope.org/) and that a fix was in [*diffoscope* version 146](https://diffoscope.org/news/diffoscope-146-released/) released in May 2020..
+[David Kleuker](https://davidak.de) also asked a question on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general) about using [`SOURCE_DATE_EPOCH` with the `install(1)` tool](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001991.html) from [GNU coreutils](https://www.gnu.org/software/coreutils/). When comparing two installed packages he noticed that the filesystem 'birth times' differed between them. [Chris Lamb replied](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001995.html), realising that this was actually a consequence of using an outdated version of [*diffoscope*](https://diffoscope.org/) and that a fix was in [*diffoscope* version 146](https://diffoscope.org/news/diffoscope-146-released/) released in May 2020.
-Later in July, John Scott posted asking for [clarification regarding on the Javascript files on our website](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001999.html) to add metadata for [LibreJS](https://www.gnu.org/software/librejs/), a browser extension that blocks non-free Javascript scripts. Chris Lamb investigated the issue and realised that we could drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)].
+Later in July, John Scott posted asking for [clarification regarding on the Javascript files on our website](https://lists.reproducible-builds.org/pipermail/rb-general/2020-July/001999.html) to add metadata for [LibreJS](https://www.gnu.org/software/librejs/), the browser extension that blocks non-free Javascript scripts from executing. Chris Lamb investigated the issue and realised that we could drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)].
<br>
-## Software development
+## Development work
-#### [diffoscope](https://diffoscope.org)
+### [Website](https://reproducible-builds.org/)
+
+[![]({{ "/images/reports/2020-07/website.png#right" | relative_url }})](https://reproducible-builds.org/)
+
+On our website this month, Chris Lamb updated the [main Reproducible Builds website and documentation](https://reproducible-builds.org/) to drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)]. He also fixed a number of broken URLs [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/02be515)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bf9e8ee)].
+
+Gonzalo Bulnes Guilpain made a large number of grammatical improvements [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/81ee324)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3685ff3)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9aa3796)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9cb4ffa)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/dfdde38)] as well as some misspellings, case and whitespace changes too [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b06b9d1)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1b86b33)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/04e943e)].
+
+Lastly, Holger Levsen updated the `README` file [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c097558)], marked the [Alpine Linux](https://alpinelinux.org/) continuous integration tests as currently disabled [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/70b6ac5)] and linked the [Arch Linux Reproducible Status](https://reproducible.archlinux.org/) page from our [projects page]({{ "/who/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3f143dd)].
+
+### [diffoscope](https://diffoscope.org)
[*diffoscope*](https://diffoscope.org) is our in-depth and content-aware diff utility that can not only locate and diagnose reproducibility issues, it provides human-readable diffs of all kinds. In July, Chris Lamb made the following changes to *diffoscope*, including releasing versions `150`, `151`, `152`, `153` & `154`:
@@ -91,25 +102,51 @@ Jean-Romain Garnier also made the following changes:
* Improve the output of side-by-side diffs by detecting added lines better. ([!64](https://salsa.debian.org/reproducible-builds/diffoscope/commit/65696a9))
* Remove offsets before instructions in `objdump` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3e72c1c)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/cbcb41e)] and remove raw instructions from [ELF](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format) tests [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e9e2904)].
-### [Website](https://reproducible-builds.org/)
+### Other tools
-[![]({{ "/images/reports/2020-07/website.png#right" | relative_url }})](https://reproducible-builds.org/)
+[![]({{ "/images/reports/2020-07/strip-nondeterminism.png#right" | relative_url }})](https://tracker.debian.org/pkg/strip-nondeterminism)
-On our website this month, Chris Lamb updated the [main Reproducible Builds website and documentation](https://reproducible-builds.org/) to drop a number of unused Javascript files [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3b71cb0)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/222b306)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/539eb99)] and added unminified versions of [Bootstrap](https://getbootstrap.com/) and [jQuery](https://jquery.com/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fb57181)]. He also fixed a number of broken URLs [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/02be515)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bf9e8ee)].
+[*strip-nondeterminism*](https://tracker.debian.org/pkg/strip-nondeterminism) is our tool to remove specific non-deterministic results from a completed build. It is used automatically in most Debian package builds. In July, Chris Lamb ensured that we did not install the internal handler documentation generated from [Perl POD documents](https://perldoc.perl.org/perlpod.html) [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/b9b8428)] and fixed a trivial typo [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3398261)]. Marc Herbert added a `--verbose`-level warning when the [Archive::Cpio](https://metacpan.org/pod/Archive::Cpio) Perl module is missing. ([!6](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/merge_requests/-/6))
-Gonzalo Bulnes Guilpain made a large number of grammatical improvements [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/81ee324)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3685ff3)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9aa3796)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9cb4ffa)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/dfdde38)] as well as some misspellings, case and whitespace changes too [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b06b9d1)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1b86b33)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/04e943e)].
+[*reprotest*](https://tracker.debian.org/pkg/reprotest) is our end-user tool to build same source code twice in widely differing environments and then checks the binaries produced by each build for any differences. This month, Vagrant Cascadian made a number of changes to support [diffoscope version 153](https://diffoscope.org/news/diffoscope-153-released/) which had removed the (deprecated) `--exclude-directory-metadata` and `--no-exclude-directory-metadata` command-line arguments, and updated the testing configuration to also test under Python version 3.8 [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/49e1701)].
-Lastly, Holger Levsen updated the `README` file [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c097558)], marked the [Alpine Linux](https://alpinelinux.org/) continuous integration tests as currently disabled [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/70b6ac5)] and linked the [Arch Linux Reproducible Status](https://reproducible.archlinux.org/) page from our [projects page]({{ "/who/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3f143dd)].
+<br>
-### Other tools
+## Distributions
-[![]({{ "/images/reports/2020-07/strip-nondeterminism.png#right" | relative_url }})](https://tracker.debian.org/pkg/strip-nondeterminism)
+#### [Debian](https://debian.org/)
-[*strip-nondeterminism*](https://tracker.debian.org/pkg/strip-nondeterminism) is our tool to remove specific non-deterministic results from a completed build. It is used automatically in most Debian package builds. In July, Chris Lamb ensured that we did not install the internal handler documentation generated from [Perl POD documents](https://perldoc.perl.org/perlpod.html) [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/b9b8428)] and fixed a trivial typo [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3398261)]. Marc Herbert added a `--verbose`-level warning when the [Archive::Cpio](https://metacpan.org/pod/Archive::Cpio) Perl module is missing. ([!6](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/merge_requests/-/6))
+[![]({{ "/images/reports/2020-07/debian.png#right" | relative_url }})](https://debian.org/)
-[*reprotest*](https://tracker.debian.org/pkg/reprotest) is our end-user tool to build same source code twice in widely differing environments and then checks the binaries produced by each build for any differences. This month, Vagrant Cascadian made a number of changes to support [diffoscope version 153](https://diffoscope.org/news/diffoscope-153-released/) which had removed the (deprecated) `--exclude-directory-metadata` and `--no-exclude-directory-metadata` command-line arguments, and updated the testing configuration to also test under Python version 3.8 [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/49e1701)].
+In June 2020, Timo Röhling filed a [wishlist bug against the `debhelper` build tool](https://bugs.debian.org/962474) impacting the reproducibility status of hundreds of packages that use the [CMake build system](https://cmake.org/). This month however, Niels Thykier uploaded `debhelper` version 13.2 that passes the `-DCMAKE_SKIP_RPATH=ON` and `-DBUILD_RPATH_USE_ORIGIN=ON` arguments to CMake when using the (currently-experimental) Debhelper compatibility level 14.
+
+According to Niels, this change:
+
+> ... should fix some reproducibility issues, but may cause breakage if packages run binaries directly from the build directory.
+
+34 reviews of Debian packages were added, 14 were updated and 20 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb added and categorised the `nondeterministic_order_of_debhelper_snippets_added_by_dh_fortran_mod` [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e67f706e)] and `gem2deb_install_mkmf_log` [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c5cd0e73)] toolchain issues.
+
+Lastly, Holger Levsen filed two more wishlist bugs against the [`debrebuild`](https://salsa.debian.org/debian/devscripts/-/blob/master/scripts/debrebuild.pl) Debian package rebuilder tool [[...](https://bugs.debian.org/964722)][[...](https://bugs.debian.org/964733)].
+
+#### [openSUSE](https://www.opensuse.org/)
+
+[![]({{ "/images/reports/2020-07/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2020-07/msg00417.html).
+
+Bernhard also published the [results of performing 12,235 verification builds](https://lists.opensuse.org/opensuse-factory/2020-07/msg00388.html) of packages from openSUSE Leap version 15.2 and, as a result, created three pull requests against the openSUSE [Build Result Compare Script](https://build.opensuse.org/package/show/openSUSE:Tools/build-compare) [[...](https://github.com/openSUSE/build-compare/pull/36)][[...](https://github.com/openSUSE/build-compare/pull/37)][[...](https://github.com/openSUSE/build-compare/pull/38)].
-#### Upstream patches
+#### Other distributions
+
+[![]({{ "/images/reports/2020-07/archlinux.png#right" | relative_url }})](https://www.archlinux.org/)
+
+In [Arch Linux](https://www.archlinux.org/), there was a mass rebuild of old packages in an attempt to make them reproducible. This was performed because building with a previous release of the [pacman](https://www.archlinux.org/pacman/) package manager caused file ordering and size calculation issues when using the [btrfs](https://en.wikipedia.org/wiki/Btrfs) filesystem.
+
+A system was also implemented for Arch Linux packagers to receive notifications if/when their package becomes unreproducible, and packagers now have access to a dashboard where they can all see all their unreproducible packages ([more info](https://lists.archlinux.org/pipermail/arch-dev-public/2020-July/030029.html)).
+
+Paul Spooren sent two versions of a patch for the [OpenWrt](https://openwrt.org/) embedded distribution for adding a 'build system' revision to the 'packages' manifest so that all external feeds can be rebuilt and verified. [[...](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030325.html)][[...](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030171.html)]
+
+## Upstream patches
The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of these patches, including:
@@ -165,7 +202,7 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
Vagrant Cascadian also reported two issues, the first regarding a regression in [u-boot](https://www.denx.de/wiki/U-Boot) boot loader reproducibility for a particular target [[...](https://lists.denx.de/pipermail/u-boot/2020-July/420595.html)] and a non-deterministic segmentation fault in the [guile-ssh](https://github.com/artyom-poptsov/guile-ssh) test suite [[...](https://github.com/artyom-poptsov/guile-ssh/issues/22)]. Lastly, Jelle van der Waa filed a bug against the [MeiliSearch](https://www.meilisearch.com/) search API to report that it [embeds the current build date](https://github.com/meilisearch/MeiliSearch/issues/837).
-#### Testing framework
+## Testing framework
[![]({{ "/images/reports/2020-07/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
@@ -176,7 +213,7 @@ This month, Holger Levsen made the following changes:
* [Debian](https://www.debian.org/)-related changes:
* Tweak the rescheduling of various architecture and suite combinations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/afd0f5cb)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0af6eeb4)]
- * Fix links for "404" and "not for us" icons. ([#959363](https://bugs.debian.org/959363))
+ * Fix links for '404' and 'not for us' icons. ([#959363](https://bugs.debian.org/959363))
* Further work on a rebuilder prototype, for example correctly processing the `sbuild` exit code. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cfa2ba45)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/19ce0560)]
* Update the [sudo](https://www.sudo.ws/) configuration file to allow the node health job to work correctly. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/135c33a4)]
* Add `php-horde` packages back to the `pkg-php-pear` package set for the *bullseye* distribution. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e9a7296f)]
@@ -186,8 +223,7 @@ This month, Holger Levsen made the following changes:
* Add checks for broken SSH [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/967342cb)], `logrotate` [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/37ffd60f)], `pbuilder` [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/700d2775)], NetBSD [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/282b8ee3)], 'unkillable' processes [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/45d7925e)], unresponsive nodes [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/be118a1d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6e01c2d7)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f424acb)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7c504518)], proxy connection failures [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/88987726)], too many installed kernels [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/199ea187)], etc.
* Automatically fix some failed [`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) units. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/052153a5)]
- * Add notes explaining all the issues that hosts are experiencing. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9e5ed290)]
- * Handle zipped job log files correctly. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ced06afd)]
+ * Add notes explaining all the issues that hosts are experiencing [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9e5ed290)] and handle zipped job log files correctly [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ced06afd)].
* Separate nodes which have been automatically marked as down [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/283a5697)] and show status icons for jobs with issues [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/612bc046)].
* Misc:
@@ -197,41 +233,6 @@ This month, Holger Levsen made the following changes:
In addition, Mattia Rizzolo updated the `init_node` script to suggest using [sudo](https://www.sudo.ws/) instead of explicit logout and logins [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/99bdf68c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cf70ea0a)] and the usual build node maintenance was performed by Holger Levsen [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/25282617)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/00c41e98)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/cbf6c3a8)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/493a94c3)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b0823de3)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6cf7a07b)], Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/87cb7391)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/308d3cab)] and Vagrant Cascadian [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89b77776)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e100a5e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f2171a0d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0fd99b71)].
-<br>
-
-### Distribution work
-
-#### [Debian](https://debian.org/)
-
-[![]({{ "/images/reports/2020-07/debian.png#right" | relative_url }})](https://debian.org/)
-
-In June 2020, Timo Röhling filed a [wishlist bug against the `debhelper` build tool](https://bugs.debian.org/962474) impacting the reproducibility status of hundreds of packages that use the [CMake build system](https://cmake.org/). This month however, Niels Thykier uploaded `debhelper` version 13.2 that passes the `-DCMAKE_SKIP_RPATH=ON` and `-DBUILD_RPATH_USE_ORIGIN=ON` arguments to CMake when using the (currently-experimental) Debhelper compatibility level 14.
-
-According to Niels, this change:
-
-> ... should fix some reproducibility issues, but may cause breakage if packages run binaries directly from the build directory.
-
-34 reviews of Debian packages were added, 14 were updated and 20 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb added and categorised the `nondeterministic_order_of_debhelper_snippets_added_by_dh_fortran_mod` [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e67f706e)] and `gem2deb_install_mkmf_log` [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c5cd0e73)] toolchain issues.
-
-Lastly, Holger Levsen filed two more wishlist bugs against the [`debrebuild`](https://salsa.debian.org/debian/devscripts/-/blob/master/scripts/debrebuild.pl) Debian package rebuilder tool [[...](https://bugs.debian.org/964722)][[...](https://bugs.debian.org/964733)].
-
-#### [openSUSE](https://www.opensuse.org/)
-
-[![]({{ "/images/reports/2020-07/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
-
-In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2020-07/msg00417.html).
-
-Bernhard also published the [results of performing 12,235 verification builds](https://lists.opensuse.org/opensuse-factory/2020-07/msg00388.html) of packages from openSUSE Leap version 15.2 and, as a result, created three pull requests against the openSUSE [Build Result Compare Script](https://build.opensuse.org/package/show/openSUSE:Tools/build-compare) [[...](https://github.com/openSUSE/build-compare/pull/36)][[...](https://github.com/openSUSE/build-compare/pull/37)][[...](https://github.com/openSUSE/build-compare/pull/38)].
-
-### Other distributions
-
-[![]({{ "/images/reports/2020-07/archlinux.png#right" | relative_url }})](https://www.archlinux.org/)
-
-In [Arch Linux](https://www.archlinux.org/), there was a mass rebuild of old packages in an attempt to make them reproducible. This was performed because building with a previous release of the [pacman](https://www.archlinux.org/pacman/) package manager caused file ordering and size calculation issues when using the [btrfs](https://en.wikipedia.org/wiki/Btrfs) filesystem.
-
-A system was also implemented for Arch Linux packagers to receive notifications if/when their package becomes unreproducible, and packagers now have access to a dashboard where they can all see all their unreproducible packages ([more info](https://lists.archlinux.org/pipermail/arch-dev-public/2020-July/030029.html)).
-
-Paul Spooren sent two versions of a patch for the [OpenWrt](https://openwrt.org/) embedded distribution for adding a 'build system' revision to the 'packages' manifest so that all external feeds can be rebuilt and verified. [[...](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030325.html)][[...](http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030171.html)]
<br>
<hr>
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/8bb8b5727c2ebab5dd9ada78d0472cd8d9e5b532...427d1ad6c998fa0c8109466581a139bc9b0a5424
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/8bb8b5727c2ebab5dd9ada78d0472cd8d9e5b532...427d1ad6c998fa0c8109466581a139bc9b0a5424
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200808/a7d6d7cf/attachment.htm>
More information about the rb-commits
mailing list