[Git][reproducible-builds/reproducible-website][master] 2 commits: 2020-02: Many changes prior to publication.
Chris Lamb
gitlab at salsa.debian.org
Fri Mar 6 18:27:58 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
3c7c2c26 by Chris Lamb at 2020-03-06T10:27:14-08:00
2020-02: Many changes prior to publication.
- - - - -
61504c79 by Chris Lamb at 2020-03-06T10:27:51-08:00
published as https://reproducible-builds.org/reports/2020-02/
- - - - -
4 changed files:
- _reports/2020-02.md
- images/reports/2020-02/TheYoctoJester.png
- − images/reports/2020-02/docker.png
- + images/reports/2020-02/fosdem.jpeg
Changes:
=====================================
_reports/2020-02.md
=====================================
@@ -3,41 +3,46 @@ layout: report
year: "2020"
month: "02"
title: "Reproducible Builds in February 2020"
-draft: true
+draft: false
+published: 2020-03-06 18:27:51
---
-**Welcome to the February 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
+**Welcome to the February 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project.**
{: .lead}
-
[![]({{ "/images/reports/2020-02/reproducible-builds.png#right" | prepend: site.baseurl }})](https://reproducible-builds.org/)
-In these reports we outline the most important things that we have been up to over the past month. As a quick recap, whilst anyone may inspect the source code of free software for malicious flaws, almost all software is distributed to end users as pre-compiled binaries.
+One of the original promises of open source software is that distributed peer review and transparency of process results in enhanced end-user security. However, whilst anyone may inspect the source code of free and open source software for malicious flaws, almost all software today is distributed as pre-compiled binaries. This allows nefarious third-parties to compromise systems by injecting malicious code into ostensibly secure software during the various compilation and distribution processes.
-The motivation behind the reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
+The motivation behind the reproducible builds effort is to provide the ability to demonstrate these binaries originated from a particular, trusted, source release: if identical results are generated from a given source in all circumstances, reproducible builds provides the means for multiple third-parties to reach a consensus on whether a build was compromised via distributed checksum validation or some other scheme.
In this month's report, we cover:
-* **Media coverage & upstream news** — *A new paper on reproducible containers, Ruby updated, etc.*
-* **Distribution work** — *More work in Debian, openSUSE & friends*
-* **Software development** — *Updates and improvements to our tooling*
-* **Getting in touch** — *How to contribute, more venues for discussion*
+* **Media coverage & upstream news** — *A new paper on reproducible containers, Ruby updates, etc.*
+* **Distribution work** — *More work in Debian, openSUSE & friends.*
+* **Software development** — *Updates and improvements to our tooling.*
+* **Getting in touch** — *How to contribute, more venues for discussion.*
If you are interested in contributing to the project, please visit our [*Contribute*]({{ "/contribute/" | prepend: site.baseurl }}) page on our website.
+{: .small}
----
+<br>
## Media coverage & upstream news
[![]({{ "/images/reports/2020-02/dettrace.png#right" | prepend: site.baseurl }})](https://gatowololo.github.io/resources/publications/dettrace.pdf)
-[Omar Navarro Leija](https://gatowololo.github.io/), a PhD student at the [University Of Pennsylvania](https://home.www.upenn.edu/), published a paper entitled "[Reproducible Containers](https://gatowololo.github.io/resources/publications/dettrace.pdf)" that describes the workings of a user-space container tool for Linux called *DetTrace*:
+[Omar Navarro Leija](https://gatowololo.github.io/), a PhD student at the [University Of Pennsylvania](https://home.www.upenn.edu/), published a paper entitled [*Reproducible Containers*](https://gatowololo.github.io/resources/publications/dettrace.pdf) that describes in detail the workings of a new user-space container tool called *DetTrace*:
+
+> All computation that occurs inside a DetTrace container is a pure function of the initial filesystem state of the container. Reproducible containers can be used for a variety of purposes, including replication for fault-tolerance, reproducible software builds and reproducible data analytics. **We use DetTrace to achieve, in an automatic fashion, reproducibility for 12,130 Debian package builds, containing over 800 million lines of code, as well as bioinformatics and machine learning workflows.**
-> All computation that occurs inside a DetTrace container is a pure function of the initial filesystem state of the container. Reproducible containers can be used for a variety of purposes, including replication for fault-tolerance, reproducible software builds and reproducible data analytics. We use DetTrace to achieve, in an automatic fashion, reproducibility for 12,130 Debian package builds, containing over 800 million lines of code, as well as bioinformatics and machine learning workflows.
+There was also considerable [discussion on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2020-February/001820.html) regarding this research and a presentation based on the paper will occur at the [ASPLOS 2020](https://asplos-conference.org/) conference between March 16th — 20th in Lausanne, Switzerland.
-There was also considerable [discussion on our mailing list regarding this research](https://lists.reproducible-builds.org/pipermail/rb-general/2020-February/001820.html) and a presentation based on this paper will occur at the [ASPLOS 2020](https://asplos-conference.org/) conference in Lausanne, Switzerland between March 16th — 20th.
+[![]({{ "/images/reports/2020-02/fosdem.jpeg#center" | prepend: site.baseurl }})](https://fosdem.org/2020/schedule/event/debate_license_compliance/)
-Reproducible Builds were touted as a benefit for software compliance in a talk at FOSDEM, debating whether the [Careful Inventory of Licensing Bill of Materials Have Impact of FOSS License Compliance](https://fosdem.org/2020/schedule/event/debate_license_compliance/) which pitted [Jeff McAffer](https://twitter.com/jeffmcaffer) and [Carol Smith](https://www.fossygirl.com/) against [Bradley Kuhn](http://ebb.org/bkuhn/). (~47 minutes in).
+The many virtues of Reproducible Builds were touted as benefits for software compliance in a talk at [FOSDEM 2020](https://fosdem.org/2020/), debating whether the [Careful Inventory of Licensing Bill of Materials Have Impact of FOSS License Compliance](https://fosdem.org/2020/schedule/event/debate_license_compliance/) which pitted [Jeff McAffer](https://twitter.com/jeffmcaffer) and [Carol Smith](https://www.fossygirl.com/) against [Bradley Kuhn](http://ebb.org/bkuhn/) and Max Sills. (~47 minutes in).
+
+Nobuyoshi Nakada updated the canonical implementation of the [Ruby programming language](https://www.ruby-lang.org/) a change such that filesystem [globs](https://en.wikipedia.org/wiki/Glob_(programming)) (ie. calls to list the contents of filesystem directories) will henceforth be [sorted in ascending order](https://bugs.ruby-lang.org/issues/8709#note-19). Without this change, the underlying nondeterministic ordering of the filesystem is exposed to the language which often results in an unreproducible build.
Vagrant Cascadian reported on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) regarding a [quick reproducible test for the GNU Guix distribution](https://lists.reproducible-builds.org/pipermail/rb-general/2020-February/001810.html), which resulted in 81.9% of packages registering as reproducible in his installation:
@@ -47,19 +52,15 @@ Vagrant Cascadian reported on [our mailing list](https://lists.reproducible-buil
- 37 (1.5%) differed
- 410 (16.6%) were inconclusive
-[Jeremiah Orians announced on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2020-February/001798.html) the release of a number of tools related to cross-compilation such as [M2-Planet](https://github.com/oriansj/M2-Planet) and [`mescc-tools-seed`](https://github.com/oriansj/mescc-tools-seed). For those not familiar with the project, it is the full bootstrap of a cross-platform compiler for the C programming language (written in C itself) from hex, the ultimate goal being able to demonstrate fully-bootstrapped compiler from hex to the [GCC GNU Compiler Collection](https://gcc.gnu.org/). This has many implications in and around [Ken Thompson](https://en.wikipedia.org/wiki/Ken_Thompson)'s [*Trusting Trust*](https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf) attack he outlined in his 1983 [Turing Award Lecture](https://amturing.acm.org/lectures.cfm).
-
-Nobuyoshi Nakada updated the canonical implementation of the [Ruby programming language](https://www.ruby-lang.org/) a change such that filesystem [globs](https://en.wikipedia.org/wiki/Glob_(programming)) (ie. calls to list the contents of filesystem directories) will henceforth be [sorted in ascending order](https://bugs.ruby-lang.org/issues/8709#note-19). Without this change, the underlying nondeterministic ordering of the filesystem is exposed to the language which often result in an unreproducible build.
-
-Reddit user [`tofflos`](https://www.reddit.com/user/tofflos) posted to the [/r/Java subreddit](https://www.reddit.com/r/java) asking about how to achieve [reproduciblebuilds with Maven](https://www.reddit.com/r/java/comments/faqadv/reproducible_builds_with_maven/).
-
-Chris Lamb noticed that the Linux kernel documentation about reproducible builds of it is available on the [kernel.org](https://www.kernel.org) homepages [in an attractive HTML format](https://www.kernel.org/doc/html/latest/kbuild/reproducible-builds.html).
+[Jeremiah Orians announced on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2020-February/001798.html) the release of a number of tools related to cross-compilation such as [`M2-Planet`](https://github.com/oriansj/M2-Planet) and [`mescc-tools-seed`](https://github.com/oriansj/mescc-tools-seed). This project attemps a full bootstrap of a cross-platform compiler for the C programming language (written in C itself) from hex, the ultimate goal being able to demonstrate fully-bootstrapped compiler from hex to the [GCC GNU Compiler Collection](https://gcc.gnu.org/). This has many implications in and around [Ken Thompson](https://en.wikipedia.org/wiki/Ken_Thompson)'s [*Trusting Trust*](https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf) attack outlined in Thompson's 1983 [Turing Award Lecture](https://amturing.acm.org/lectures.cfm).
Twitter user [@TheYoctoJester](https://twitter.com/TheYoctoJester) posted an executive summary of reproducible builds in the [Yocto Project](https://www.yoctoproject.org/):
[![]({{ "/images/reports/2020-02/TheYoctoJester.png#center" | prepend: site.baseurl }})](https://twitter.com/TheYoctoJester/status/1226242232543518720)
----
+Finally, Reddit user [`tofflos`](https://www.reddit.com/user/tofflos) posted to the [/r/Java subreddit](https://www.reddit.com/r/java) asking about how to achieve [reproducible builds with Maven](https://www.reddit.com/r/java/comments/faqadv/reproducible_builds_with_maven/) and [Chris Lamb](http://chris-lamb.co.uk/) noticed that the Linux kernel documentation about reproducible builds of it is available on the [kernel.org](https://www.kernel.org) homepages [in an attractive HTML format](https://www.kernel.org/doc/html/latest/kbuild/reproducible-builds.html).
+
+<br>
## Distribution work
@@ -67,17 +68,17 @@ Twitter user [@TheYoctoJester](https://twitter.com/TheYoctoJester) posted an exe
[![]({{ "/images/reports/2020-02/debian.png#right" | prepend: site.baseurl }})](https://debian.org/)
-Chris Lamb filed a pull request for the core `debian-installer` package to allow all arguments from `sources.list` files (such as `[check-valid-until=no]`) in order that we can test the reproducibility of the installer images on the [Reproducible Builds own testing infrastructure](https://tests.reproducible-builds.org/debian/reproducible.html). ([#13](https://salsa.debian.org/installer-team/debian-installer/-/merge_requests/13))
+Chris Lamb created a merge request for the core `debian-installer` package to allow all arguments and options from `sources.list` files (such as "`[check-valid-until=no]`", etc.) in order that we can test the reproducibility of the installer images on the [Reproducible Builds own testing infrastructure](https://tests.reproducible-builds.org/debian/reproducible.html). ([#13](https://salsa.debian.org/installer-team/debian-installer/-/merge_requests/13))
-Thorsten Glaser [followed up to a bug filed against the `dpkg-source` component](https://bugs.debian.org/796257#29) (originally filed in late 2015) that claims that it does not respect permissions when unpacking tarballs if the [umask](https://en.wikipedia.org/wiki/Umask) is set to `0002`.
+Thorsten Glaser [followed-up to a bug filed against the `dpkg-source` component](https://bugs.debian.org/796257#29) that was originally filed in late 2015 that claims that the build tool does not respect permissions when unpacking tarballs if the [umask](https://en.wikipedia.org/wiki/Umask) is set to `0002`.
-Matthew Garrett posted to the [`debian-devel` mailing list](https://lists.debian.org/debian-devel/) on the topic of "[Producing verifiable initramfs images](https://lists.debian.org/debian-devel/2020/02/msg00121.html)", part of a wider conversation on being able to trust the entire software stack on our computers.
+Matthew Garrett posted to the [`debian-devel` mailing list](https://lists.debian.org/debian-devel/) on the topic of "[Producing verifiable initramfs images](https://lists.debian.org/debian-devel/2020/02/msg00121.html)" as part of a wider conversation on being able to trust the entire software stack on our computers.
59 reviews of Debian packages were added, 30 were updated and 42 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Many issue types were noticed and categorised by Chris Lamb, including:
* [`openstack_pkg_tools_python_shebang_and_dependencies`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/bebb8e68)
-* [`random_argument_handling_in_javatools_jh_build`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/55dcb305)
* [`build_path_in_code_generated_by_dgbus_codegen`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/2757cc3a)
+* [`random_argument_handling_in_javatools_jh_build`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/55dcb305)
* [`fortran_captures_build_path`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/feef3e6f)
* *etc.*
@@ -92,8 +93,7 @@ In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [m
* [`DVDStyler`](https://build.opensuse.org/request/show/775706) (zip timestamps, [submitted upstream](https://sourceforge.net/p/dvdstyler/DVDStyler/merge-requests/1/))
* [`python-pikepdf`](https://build.opensuse.org/request/show/778615) (recreate unreproducible `.pyc` files)
-
----
+<br>
## Software development
@@ -105,8 +105,8 @@ In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [m
Chris Lamb made the following changes this month, including uploading version `137` to Debian:
-* The `sng` image utility appears to return with an exit code of 1 if there are even minor errors in the file, so allow for that. ([#950806](https://bugs.debian.org/950806))
-* Also extract `classes2.dex`, `classes3.dex` from `.apk` files. ([#88](https://salsa.debian.org/reproducible-builds/diffoscope/issues/88))
+* The `sng` image utility appears to return with an exit code of 1 if there are even minor errors in the file. ([#950806](https://bugs.debian.org/950806))
+* Also extract `classes2.dex`, `classes3.dex` from `.apk` files extracted by `apktool`. ([#88](https://salsa.debian.org/reproducible-builds/diffoscope/issues/88))
* No need to use `str.format` if we are just returning the string. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/adbd7f7)]
* Add generalised support for "ignoring" returncodes [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/dd23327)] and move special-casing of returncodes in zip to use `Command.VALID_RETURNCODES`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ad9100f)]
@@ -120,20 +120,11 @@ Chris Lamb made the following changes this month, including uploading version `1
[![]({{ "/images/reports/2020-02/website.png#right" | prepend: site.baseurl }})](https://reproducible-builds.org/)
-There was more work performed on [our documentation and website](https://reproducible-builds.org/) this month, including:
-
-* Bernhard M. Wiedemann:
-
- * Add Java [Gradle Build Tool](https://gradle.org/) snippet to the [`SOURCE_DATE_EPOCH`]({{ "/docs/SOURCE_DATE_EPOCH/" | prepend: site.baseurl }}) documentation. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/93dd5d5)]
- * Normalise various terms to "unreproducible". [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3998506)]
-
-* Chris Lamb:
+There was more work performed on [our documentation and website](https://reproducible-builds.org/) this month. Bernhard M. Wiedemann added a Java [Gradle Build Tool](https://gradle.org/) snippet to the [`SOURCE_DATE_EPOCH`]({{ "/docs/SOURCE_DATE_EPOCH/" | prepend: site.baseurl }}) documentation [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/93dd5d5)] and normalised various terms to "unreproducible" [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3998506)].
- * Add a [Meson.build](https://mesonbuild.com/) example [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/433f91f)] and improve the documentation for [CMake](https://cmake.org/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6c0c999)] to the [`SOURCE_DATE_EPOCH`]({{ "/docs/SOURCE_DATE_EPOCH/" | prepend: site.baseurl }}) documentation.
- * Replace "anyone can" with "anyone may" as, well, not everyone has the resources, skills, time or funding to actually do this. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0ddf47d)]
- * Improve the pre-processing for our report generation. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bd6bbe1)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/964052a)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/40b354d)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6b727d0)] etc.
+[Chris Lamb](http://chris-lamb.co.uk/) added a [Meson.build](https://mesonbuild.com/) example [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/433f91f)] and improved the documentation for the [CMake](https://cmake.org/) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6c0c999)] to the [`SOURCE_DATE_EPOCH`]({{ "/docs/SOURCE_DATE_EPOCH/" | prepend: site.baseurl }}) documentation, replaced "anyone can" with "anyone may" as, well, not everyone has the resources, skills, time or funding to actually do what it refers to [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0ddf47d)] and improved the pre-processing for our report generation [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bd6bbe1)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/964052a)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/40b354d)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6b727d0)] etc.
-In addition, Holger Levsen updated our [news page]({{ "/docs/news/" | prepend: site.baseurl }}) to improve the list of reports [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/35f17c3)], added an explicit mention of the weekly news time span [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9922a08)] and revert sorting of entries to have latest on top to match the rest of this page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2187cee)] and Mattia Rizzolo added [Codethink](https://www.codethink.co.uk/) as a non-fiscal sponsor [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/11406ea)] and Tianon Gravi added a [Docker Images](https://debuerreotype.github.io/) link underneath the "Debian" project on our "[Projects]({{ "/who/" | prepend: site.baseurl }})" page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/691f971)].
+In addition, Holger Levsen updated our [news page]({{ "/docs/news/" | prepend: site.baseurl }}) to improve the list of reports [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/35f17c3)], added an explicit mention of the weekly news time span [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9922a08)] and reverted sorting of news entries to have latest on top [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2187cee)] and Mattia Rizzolo added [Codethink](https://www.codethink.co.uk/) as a non-fiscal sponsor [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/11406ea)] and lastly Tianon Gravi added a [Docker Images](https://debuerreotype.github.io/) link underneath the "Debian" project on our "[Projects]({{ "/who/" | prepend: site.baseurl }})" page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/691f971)].
#### Upstream patches
@@ -141,12 +132,12 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
* Bernhard M. Wiedemann (for the [openSUSE](https://www.opensuse.org/) distribution):
- * [`rdiff-backup`](https://github.com/rdiff-backup/rdiff-backup/pull/258) (fixed, build date in Python manpage)
- * [`click-man`](https://github.com/click-contrib/click-man/pull/37) (fixed, toolchain, build date in Python manpage)
- * [`rpm`](https://github.com/rpm-software-management/rpm/issues/1056) (report filesystem-order related nondeterminism)
- * [`python-enaml`](https://github.com/nucleic/enaml/issues/397) (report nondeterministic `.enamlc` compiler output)
- * [`k9s`](https://github.com/derailed/k9s/pull/572) (date)
- * [`python-xcffib`](https://github.com/tych0/xcffib/pull/100) (fix test with a race condition)
+ * [`rdiff-backup`](https://github.com/rdiff-backup/rdiff-backup/pull/258) — fixed, build date in Python manpage
+ * [`click-man`](https://github.com/click-contrib/click-man/pull/37) — fixed, toolchain, build date in Python manpage
+ * [`rpm`](https://github.com/rpm-software-management/rpm/issues/1056) — report filesystem-order related nondeterminism
+ * [`python-enaml`](https://github.com/nucleic/enaml/issues/397) — report nondeterministic `.enamlc` compiler output
+ * [`k9s`](https://github.com/derailed/k9s/pull/572) — date
+ * [`python-xcffib`](https://github.com/tych0/xcffib/pull/100) — fix a test with a race condition
* Chris Lamb:
@@ -159,56 +150,52 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
* [#952493](https://bugs.debian.org/952493) filed against [`xavs2`](https://tracker.debian.org/pkg/xavs2).
* [#952694](https://bugs.debian.org/952694) filed against [`snapd-glib`](https://tracker.debian.org/pkg/snapd-glib) ([forwarded upstream](https://github.com/snapcore/snapd-glib/pull/82)).
* [#952762](https://bugs.debian.org/952762) filed against [`openstack-pkg-tools`](https://tracker.debian.org/pkg/openstack-pkg-tools).
- * [ccextractor](https://github.com/CCExtractor/ccextractor/issues/1230) (issues with MacOSX BSD date not understanding [GNU date](https://www.gnu.org/software/coreutils/manual/html_node/date-invocation.html) options)
- * [python-django](https://salsa.debian.org/python-team/modules/python-django/commit/e43666ba7bdb8cbc73c6c738a11de44fb66fa9c0) (Always build the documentation in English)
- * [python_example](https://github.com/pybind/python_example/pull/53) (sort `glob` / `readdir`)
-
-* Vagrant Cascadian submitted patches via the Debian bug tracking system targeting the packages [Civil Infrastructure Platform](https://www.cip-project.org/) has identified in the [CIP](https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_CIP.html) and [CIP build depends](https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_CIP_build-depends.html) package sets:
-
- * [#950410](https://bugs.debian.org/950410) filed against [`autogen`](https://tracker.debian.org/autogen).
- * [#950417](https://bugs.debian.org/950417) & [950416](https://bugs.debian.org/950416) & [950415](https://bugs.debian.org/950415) filed against [`autoconf`](https://tracker.debian.org/autoconf).
- * [#950419](https://bugs.debian.org/950419) filed against [`m4`](https://tracker.debian.org/m4).
- * [#950444](https://bugs.debian.org/950444) filed against [`intltool`](https://tracker.debian.org/intltool).
- * [#950585](https://bugs.debian.org/950585) filed against [`binutils-dev`](https://tracker.debian.org/binutils-dev).
- * [#950603](https://bugs.debian.org/950603) filed against [`yodl-doc`](https://tracker.debian.org/yodl-doc).
- * [#950606](https://bugs.debian.org/950606) filed against [`gdb-source`](https://tracker.debian.org/gdb-source).
- * [#950704](https://bugs.debian.org/950704) filed against [`automake-1.15`](https://tracker.debian.org/automake-1.15).
- * [#951031](https://bugs.debian.org/951031) filed against [`libtool`](https://tracker.debian.org/libtool).
+ * [ccextractor](https://github.com/CCExtractor/ccextractor/issues/1230) — issues with MacOSX BSD date not understanding [GNU date](https://www.gnu.org/software/coreutils/manual/html_node/date-invocation.html) options
+ * [`python-django`](https://salsa.debian.org/python-team/modules/python-django/commit/e43666ba7bdb8cbc73c6c738a11de44fb66fa9c0) (Always build the documentation in English)
+ * [`python_example`](https://github.com/pybind/python_example/pull/53) (sort `glob` / `readdir`)
+
+Vagrant Cascadian submitted patches via the Debian bug tracking system targeting the packages the [Civil Infrastructure Platform](https://www.cip-project.org/) has identified via the "[CIP](https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_CIP.html)" and "[CIP build depends](https://tests.reproducible-builds.org/debian/bullseye/amd64/pkg_set_CIP_build-depends.html)" package sets:
+
+* [#950410](https://bugs.debian.org/950410) filed against [`autogen`](https://tracker.debian.org/autogen).
+* [#950417](https://bugs.debian.org/950417) & [950416](https://bugs.debian.org/950416) & [950415](https://bugs.debian.org/950415) filed against [`autoconf`](https://tracker.debian.org/autoconf).
+* [#950419](https://bugs.debian.org/950419) filed against [`m4`](https://tracker.debian.org/m4).
+* [#950444](https://bugs.debian.org/950444) filed against [`intltool`](https://tracker.debian.org/intltool).
+* [#950585](https://bugs.debian.org/950585) filed against [`binutils-dev`](https://tracker.debian.org/binutils-dev).
+* [#950603](https://bugs.debian.org/950603) filed against [`yodl-doc`](https://tracker.debian.org/yodl-doc).
+* [#950606](https://bugs.debian.org/950606) filed against [`gdb-source`](https://tracker.debian.org/gdb-source).
+* [#950704](https://bugs.debian.org/950704) filed against [`automake-1.15`](https://tracker.debian.org/automake-1.15).
+* [#951031](https://bugs.debian.org/951031) filed against [`libtool`](https://tracker.debian.org/libtool).
+
#### Testing framework
[![]({{ "/images/reports/2019-10/testframework.png#right" | prepend: site.baseurl }})](https://tests.reproducible-builds.org/)
-We operate a fully-featured and comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This month, the following changes were made:
+We operate a fully-featured and comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This month, the following changes were made by Holger Levsen:
-* Holger Levsen:
+* [Debian](https://debian.org/):
- * [Debian](https://debian.org/):
+ * Configured an instance of David Bremner's [`builtin-pho`](https://salsa.debian.org/bremner/builtin-pho/) database of `.buildinfo` files. This has resulted in so that we now know that [Debian bullseye contains 4,557 source packages for the `amd64` architecture without corresponding `.buildinfo` files](https://tests.reproducible-builds.org/debian/bullseye/amd64/index_no_buildinfos.html) and [25,668 source packages with `.buildinfo` files](https://tests.reproducible-builds.org/debian/bullseye/amd64/index_buildinfos.html). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fd3d4620)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b78a784e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/26db0a3a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/81993e7a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/c733ee1d)]
+ * Forward mails addressed to `buildinfo@` to the `root` user. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b26a4a98)]
+ * Temporarily revert using backports [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/427ca05c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/71c2bf83)] and use `devscripts` from buster-backports [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3d72168d)].
+ * Update URL for [PureOS](https://www.pureos.net/) package set. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a13affc8)]
+ * Deprioritise the scheduling of older old packages in *bullseye* and *unstable*. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89a95738)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89830eca)]
+ * Treat the *bullseye* distribution like *unstable* when scheduling the `i386` architecture, to allow the latter to catch up a bit. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4608f60e)]
- * Configured an instance of David Bremner's [`builtin-pho`](https://salsa.debian.org/bremner/builtin-pho/) database of `.buildinfo` files. This has resulted in so that we now know that [Debian bullseye contains 4,557 source packages for the `amd64` architecture without corresponding `.buildinfo` files](https://tests.reproducible-builds.org/debian/bullseye/amd64/index_no_buildinfos.html) and [25,668 source packages with `.buildinfo` files](https://tests.reproducible-builds.org/debian/bullseye/amd64/index_buildinfos.html). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fd3d4620)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b78a784e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/26db0a3a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/81993e7a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/c733ee1d)]
- * Forward mails addressed to `buildinfo@` to the `root` user. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b26a4a98)]
- * Temporarily revert using backports [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/427ca05c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/71c2bf83)] and use `devscripts` from buster-backports [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3d72168d)].
- * Update URL for [PureOS](https://www.pureos.net/) package set. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a13affc8)]
- * Deprioritise the scheduling of older old packages in *bullseye* and *unstable*. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89a95738)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/89830eca)]
- * Treat the *bullseye* distribution like *unstable* when scheduling i386, to allow the latter to catch up a bit. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4608f60e)]
+* Misc/other:
- * Misc/other:
-
- * Disable the last active [Alpine](https://alpinelinux.org/) builder too for now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ebda0872)]
- * Improve generated HTML output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/561184b2)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0c24ca70)]
- * Ignore [Fedora](https://getfedora.org/) jobs. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/56d1ed08)]
- * Include links to failed and "unstable" jobs in HTML output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/302122e3)]
- * Start weighting job importance and five a lot more weight to nodes acting as a proxy for others. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/19c2338b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/69d0e001)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/23437d83)]
- * Add new job to calculate the overall system health for [tests.reproducible-builds.org](https://tests.reproducible-builds.org/) for usage with [Jelle van der Waa](https://vdwaa.nl/)'s [Reproducible Builds status display](https://github.com/jelly/reproduciblebuilds-display). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/aaca6d46)]
+ * Disable the last active [Alpine](https://alpinelinux.org/) builder too for now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ebda0872)]
+ * Improve generated HTML output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/561184b2)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0c24ca70)]
+ * Ignore [Fedora](https://getfedora.org/) jobs. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/56d1ed08)]
+ * Include links to failed and "unstable" jobs in HTML output. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/302122e3)]
+ * Start weighting job importance and five a lot more weight to nodes acting as a proxy for others. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/19c2338b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/69d0e001)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/23437d83)]
+ * Add new job to calculate the overall system health for [tests.reproducible-builds.org](https://tests.reproducible-builds.org/) for usage with [Jelle van der Waa](https://vdwaa.nl/)'s [Reproducible Builds status display](https://github.com/jelly/reproduciblebuilds-display). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/aaca6d46)]
[![]({{ "/images/reports/2020-02/reprobuilds-display.jpeg#center" | prepend: site.baseurl }})](https://github.com/jelly/reproduciblebuilds-display)
-* Mattia Rizzolo:
-
- * Add an [Apache](https://httpd.apache.org/) web server redirect for [buildinfos.debian.net](https://buildinfos.debian.net/). [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/c4f3448a)]
- * Revert the reshuffling of `arm64` architecture builders. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1e0109c3)]
+In addition, Mattia Rizzolo added an [Apache](https://httpd.apache.org/) web server redirect for [buildinfos.debian.net](https://buildinfos.debian.net/) [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/c4f3448a)] and reverted the reshuffling of `arm64` architecture builders [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1e0109c3)]. The usual build node maintenance was performed by Holger Levsen, Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f42cb5c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/51f0aeca)] and Vagrant Cascadian.
-As usual, various node maintenance (mostly outside git)was performed by Mattia Rizzolonbsp;[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f42cb5c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/51f0aeca)], Vagrant Cascadian and Holger Levsen
+<br>
## Getting in touch
@@ -227,3 +214,4 @@ If you are interested in contributing to the Reproducible Builds project, please
---
This month's report was written by Bernhard M. Wiedemann, Chris Lamb and Holger Levsen. It was subsequently reviewed by a bunch of Reproducible Builds folks on IRC and the mailing list.
+{.small}
=====================================
images/reports/2020-02/TheYoctoJester.png
=====================================
Binary files a/images/reports/2020-02/TheYoctoJester.png and b/images/reports/2020-02/TheYoctoJester.png differ
=====================================
images/reports/2020-02/docker.png deleted
=====================================
Binary files a/images/reports/2020-02/docker.png and /dev/null differ
=====================================
images/reports/2020-02/fosdem.jpeg
=====================================
Binary files /dev/null and b/images/reports/2020-02/fosdem.jpeg differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/3778a831994f8174f0540de4384447b9bb3b1fa4...61504c796f5fa15f83b7dab97dcfb651c36e5624
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/3778a831994f8174f0540de4384447b9bb3b1fa4...61504c796f5fa15f83b7dab97dcfb651c36e5624
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200306/dfbba0d9/attachment.htm>
More information about the rb-commits
mailing list