[Git][reproducible-builds/reproducible-website][master] 2 commits: 2020-09: Misc cosmetic changes prior to publishing.
Chris Lamb
gitlab at salsa.debian.org
Mon Oct 5 10:49:07 UTC 2020
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
d6c648ac by Chris Lamb at 2020-10-05T11:48:26+01:00
2020-09: Misc cosmetic changes prior to publishing.
- - - - -
0ef5095f by Chris Lamb at 2020-10-05T11:48:58+01:00
published as https://reproducible-builds.org/reports/2020-09/
- - - - -
1 changed file:
- _reports/2020-09.md
Changes:
=====================================
_reports/2020-09.md
=====================================
@@ -3,35 +3,33 @@ layout: report
year: "2020"
month: "09"
title: "Reproducible Builds in September 2020"
-draft: true
+draft: false
+date: 2020-10-05 10:48:58
---
[![]({{ "/images/reports/2020-09/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
-**Welcome to the September 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project.** The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced from the original free software source code to the pre-compiled binaries we install on our systems. In our monthly reports, we attempt to summarise the things that we have been up to over the past month, but if you are interested in contributing to the project, [please visit our main website]({{ "/" | relative_url }}).
-
-<br>
-<br>
+**Welcome to the September 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project.** In our monthly reports, we attempt to summarise the things that we have been up to over the past month, but if you are interested in contributing to the project, [please visit our main website]({{ "/" | relative_url }}).
[![]({{ "/images/reports/2020-09/ardc.png#right" | relative_url }})]({{ "https://ampr.org/" | relative_url }})
-This month, the Reproducible Builds project is pleased to announce a donation from [Amateur Radio Digital Communications](https://ampr.org/) (ARDC) in support of its goals. ARDC's contribution will propel the Reproducible Builds project's efforts in ensuring the future health, security and sustainability of our increasingly digital society. [Amateur Radio Digital Communications](https://ampr.org/) (ARDC) is a non-profit which was formed to further research and experimentation with digital communications using radio, with a goal of advancing the state of the art of amateur radio and to educate radio operators in these techniques. You can [view the full announcement]({{ "/news/2020/09/25/ardc-sponsors-the-reproducible-builds-project/" | relative_url }}) as well as more information about ARDC [on their website](https://ampr.org/).
+This month, the Reproducible Builds project was pleased to announce a donation from [Amateur Radio Digital Communications](https://ampr.org/) (ARDC) in support of its goals. ARDC's contribution will propel the Reproducible Builds project's efforts in ensuring the future health, security and sustainability of our increasingly digital society. [Amateur Radio Digital Communications](https://ampr.org/) (ARDC) is a non-profit which was formed to further research and experimentation with digital communications using radio, with a goal of advancing the state of the art of amateur radio and to educate radio operators in these techniques. You can [view the full announcement]({{ "/news/2020/09/25/ardc-sponsors-the-reproducible-builds-project/" | relative_url }}) as well as more information about ARDC [on their website](https://ampr.org/).
<br>
-Last month, we announced that [Jennifer Helsby](https://redshiftzero.github.io/) (*redshiftzero*) launched a new [reproduciblewheels.com](https://reproduciblewheels.com/) website to address the lack of reproducibility of [Python 'wheels'](https://pythonwheels.com/). This month, [Kushal Das](https://kushaldas.in/) posted a brief follow-up to provide an [update on reproducible *sources*](https://kushaldas.in/posts/reproducible-wheels-at-securedrop.html) as well.
+In August's report, we announced that [Jennifer Helsby](https://redshiftzero.github.io/) (*redshiftzero*) launched a new [reproduciblewheels.com](https://reproduciblewheels.com/) website to address the lack of reproducibility of [Python 'wheels'](https://pythonwheels.com/). This month, [Kushal Das](https://kushaldas.in/) posted a brief follow-up to provide an [update on reproducible *sources*](https://kushaldas.in/posts/reproducible-wheels-at-securedrop.html) as well.
[![]({{ "/images/reports/2020-09/threema.jpg#right" | relative_url }})](https://threema.ch/en/blog/posts/open-source-and-new-partner)
The [Threema](https://threema.ch/) privacy and security-oriented messaging application announced that "within the next months", their apps "will become fully open source, supporting reproducible builds":
-> This is to say that anyone will be able to independently review Threema’s security and verify that the published source code corresponds to the downloaded app.
+> This is to say that anyone will be able to independently review Threema’s security and verify that the published source code corresponds to the downloaded app.
-You can view [the full announcement](https://threema.ch/en/blog/posts/open-source-and-new-partner) on their website.
+You can view [the full announcement](https://threema.ch/en/blog/posts/open-source-and-new-partner) on Threema's website.
## Events
-Sadly, due to the unprecedented events in 2020, there will be [no in-person Reproducible Builds event this year](https://lists.reproducible-builds.org/pipermail/rb-general/2020-September/002045.html). However, the Reproducible Builds project intends to resume meeting regularly on IRC, starting on **[Monday, October 12th at 18:00 UTC](https://time.is/compare/1800_12_Oct_2020_in_UTC)** ([full announcement](https://lists.reproducible-builds.org/pipermail/rb-general/2020-September/002049.html)). The cadence of these meetings will probably every two weeks, although this will be discussed and decided on at the first meeting. An [editable agenda is available](https://pad.sfconservancy.org/p/reproducible-builds-meeting-agenda).
+Sadly, due to the unprecedented events in 2020, there will be [no in-person Reproducible Builds event this year](https://lists.reproducible-builds.org/pipermail/rb-general/2020-September/002045.html). However, the Reproducible Builds project intends to resume meeting regularly on IRC, starting on **[Monday, October 12th at 18:00 UTC](https://time.is/compare/1800_12_Oct_2020_in_UTC)** ([full announcement](https://lists.reproducible-builds.org/pipermail/rb-general/2020-September/002049.html)). The cadence of these meetings will probably be every two weeks, although this will be discussed and decided on at the first meeting. (An [editable agenda is available](https://pad.sfconservancy.org/p/reproducible-builds-meeting-agenda).)
[![]({{ "/images/reports/2020-09/isdd2020.png#right" | relative_url }})](https://www.eco.de/events/internet-security-days-2020/isdd-2020-agenda/#best_practises__aus_erfahrungen_lernen)
@@ -47,17 +45,19 @@ During the [Reproducible Builds summit in Marrakesh]({{ "/events/Marrakesh2019/"
## Development work
+In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2020-10/msg00003.html).
+
#### [Debian](https://debian.org/)
[![]({{ "/images/reports/2020-09/debian.png#right" | relative_url }})](https://debian.org/)
-Chris Lamb uploaded a number of Debian packages to address reproducibility issues that he had previously provided patches for, including [`cfingerd`](https://tracker.debian.org/pkg/cfingerd) ([#831021](https://bugs.debian.org/831021)), [`grap`](https://tracker.debian.org/pkg/grap) ([#870573](https://bugs.debian.org/870573)), [`splint`](https://tracker.debian.org/pkg/splint) ([#924003](https://bugs.debian.org/924003)) & [`schroot`](https://tracker.debian.org/pkg/schroot) ([#902804](https://bugs.debian.org/902804))
+[Chris Lamb](https://chris-lamb.co.uk) uploaded a number of Debian packages to address reproducibility issues that he had previously provided patches for, including [`cfingerd`](https://tracker.debian.org/pkg/cfingerd) ([#831021](https://bugs.debian.org/831021)), [`grap`](https://tracker.debian.org/pkg/grap) ([#870573](https://bugs.debian.org/870573)), [`splint`](https://tracker.debian.org/pkg/splint) ([#924003](https://bugs.debian.org/924003)) & [`schroot`](https://tracker.debian.org/pkg/schroot) ([#902804](https://bugs.debian.org/902804))
Last month, an issue was identified where a large number of Debian `.buildinfo` build certificates had been 'tainted' on the official Debian build servers, as [these environments had files underneath the `/usr/local/sbin` directory](https://bugs.debian.org/969084) to prevent the execution of system services during package builds. However, this month, Aurelien Jarno and Wouter Verhelst fixed this issue in varying ways, resulting in a special `policy-rcd-declarative-deny-all` package.
Building on Chris Lamb's [previous work on reproducible builds for Debian .ISO images](https://lists.reproducible-builds.org/pipermail/rb-general/2020-August/002018.html), Roland Clobus announced his work in progress on making the [Debian Live](https://wiki.debian.org/DebianLive/) images reproducible. [[...](https://lists.reproducible-builds.org/pipermail/rb-general/2020-September/002044.html)]
-Lucas Nussbaum performed an archive-wide rebuild of packages to [test enabling dpkg-buildflags reproducible=+fixfilepath by default](https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20200921/012586.html). This revealed only 33 packages (out of 30k) in the archive that [fail to build with fixfilepath](https://tests.reproducible-builds.org/debian/issues/unstable/ftbfs_due_to_f-file-prefix-map_issue.html), and [many of those will be fixed when the default LLVM/Clang version](https://tests.reproducible-builds.org/debian/issues/unstable/ffile_prefix_map_passed_to_clang_issue.html) [is upgraded](https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20200928/012594.html). Enabling the fixfilepath feature will likely fix reproducibility issues in an estimated 500-700 packages.
+[Lucas Nussbaum](https://members.loria.fr/LNussbaum/) performed an archive-wide rebuild of packages to [test enabling the `reproducible=+fixfilepath` Debian build flag by default](https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20200921/012586.html). Enabling the `fixfilepath` feature will likely fix reproducibility issues in an estimated 500-700 packages. The test revealed only 33 packages (out of 30,000 in the archive) that [fail to build with `fixfilepath`](https://tests.reproducible-builds.org/debian/issues/unstable/ftbfs_due_to_f-file-prefix-map_issue.html). Many of those will be [fixed when the default LLVM/Clang](https://tests.reproducible-builds.org/debian/issues/unstable/ffile_prefix_map_passed_to_clang_issue.html) version [is upgraded](https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20200928/012594.html).
79 reviews of Debian packages were added, 23 were updated and 17 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb added and categorised a number of new issue types, including packages that [captures their build path via `quicktest.h`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/18a02c14) and [absolute build directories in documentation generated by Doxygen`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/2354fa49), etc.
@@ -65,9 +65,6 @@ Lucas Nussbaum performed an archive-wide rebuild of packages to [test enabling d
Lastly, Lukas Puehringer's uploaded a new version of the [*in-toto*](https://in-toto.io/) to Debian which was sponsored by Holger Levsen. [[...](https://tracker.debian.org/news/1173455/accepted-in-toto-050-1-source-into-unstable/)]
-### openSUSE
-
-In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [monthly Reproducible Builds status update](https://lists.opensuse.org/opensuse-factory/2020-10/msg00003.html).
### [diffoscope](https://diffoscope.org)
@@ -75,7 +72,7 @@ In [openSUSE](https://www.opensuse.org/), Bernhard M. Wiedemann published his [m
[*diffoscope*](https://diffoscope.org) is our in-depth and content-aware diff utility that can not only locate and diagnose reproducibility issues, it provides human-readable diffs of all kinds too.
-In September, Chris Lamb made the following changes to [diffoscope](https://diffoscope.org), including preparing and uploading versions `159` and `160` to Debian:
+In September, [Chris Lamb](https://chris-lamb.co.uk) made the following changes to [diffoscope](https://diffoscope.org), including preparing and uploading versions `159` and `160` to Debian:
* New features:
@@ -98,11 +95,11 @@ In September, Chris Lamb made the following changes to [diffoscope](https://diff
In addition, Paul Spooren added support for automatically deploying Docker images. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/53d1aad)]
-### [Website / documentation](https://reproducible-builds.org/)
+### [Website and documentation](https://reproducible-builds.org/)
[![]({{ "/images/reports/2020-09/website.png#right" | relative_url }})]({{ "/" | relative_url }})
-This month, Chris Lamb made a large number of updates to the [main Reproducible Builds website]({{ "/" | relative_url }}) and related documentation:
+This month, a number of updates to the [main Reproducible Builds website]({{ "/" | relative_url }}) and related documentation. [Chris Lamb](https://chris-lamb.co.uk) made the following changes:
* Update a few titles and the ordering of some top-level navigation elements. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9423f45)]
* Drafted, published and publicised [August's monthly report]({{ "/reports/2020-08/" | relative_url }}).
@@ -113,7 +110,7 @@ This month, Chris Lamb made a large number of updates to the [main Reproducible
* Kept [isdebianreproducibleyet.com](https://isdebianreproducibleyet.com) up to date. [[...](https://github.com/lamby/isdebianreproducibleyet.com/commits?author=lamby&since=2020-09-01T00:00:00Z&until=2020-10-01T00:00:00Z)]
* Worked with [Amateur Radio Digital Communications](https://ampr.org/) in order to announce their [generous sponsorship of the Reproducible Builds project]({{ "/news/2020/09/25/ardc-sponsors-the-reproducible-builds-project/" | relative_url }}).
-In addition, Holger Levsen re-added the [documentation]({{ "/docs/" | relative_url }}) link to the top-level navigation [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/83e2a60)] and documented that the `jekyll-polyglot` package is needed to build the site [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b8c3b09)]. Lastly, `diffoscope.org` and `reproducible-builds.org` were transferred to [Software Freedom Conservancy](https://sfconservancy.org/). Many thanks to Brett Smith from Conservancy, Jérémy Bobbio (*lunar*) and Holger Levsen for their help with transferring and to Mattia Rizzolo for initiating this.
+In addition, Holger Levsen re-added the [documentation]({{ "/docs/" | relative_url }}) link to the top-level navigation [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/83e2a60)] and documented that the `jekyll-polyglot` package is required [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b8c3b09)]. Lastly, `diffoscope.org` and `reproducible-builds.org` were transferred to [Software Freedom Conservancy](https://sfconservancy.org/). Many thanks to Brett Smith from Conservancy, Jérémy Bobbio (*lunar*) and Holger Levsen for their help with transferring and to Mattia Rizzolo for initiating this.
#### Upstream patches
@@ -141,7 +138,7 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
* [#970908](https://bugs.debian.org/970908) filed against [`smartdns`](https://tracker.debian.org/pkg/smartdns).
* [#971420](https://bugs.debian.org/971420) filed against [`jhbuild`](https://tracker.debian.org/pkg/jhbuild).
-* kpcyrd:
+* *kpcyrd*:
* [`git2-rs`](https://github.com/rust-lang/git2-rs/pull/619) (sort return ordering of `readdir(3)`)
* Vagrant Cascadian:
@@ -199,7 +196,6 @@ The Reproducible Builds project operates a [Jenkins](https://jenkins.io/)-based
In addition, *stefan0xC* fixed a query for unknown results in the handling of Arch Linux packages [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6fcde1d8)] and Mattia Rizzolo updated the template that notifies maintainers by email of their newly-unreproducible packages to ensure that it did not get caught in junk/spam folders [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5b07571c)]. Finally, build node maintenance was performed by Holger Levsen [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/910e526c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2ef5b44c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/eb28c92d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e2e968fe)], Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ccbdc814)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0c6c256d)] and Vagrant Cascadian [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7e1fdbfd)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0da623cf)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/542f1f80)].
-<br>
<br>
If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/361f2fa0aa7dee454e9f4ea3a0b94bf739e06c9e...0ef5095fa04d10bb45df2ed54e0628c10374d8ba
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/361f2fa0aa7dee454e9f4ea3a0b94bf739e06c9e...0ef5095fa04d10bb45df2ed54e0628c10374d8ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20201005/2a6aa7f9/attachment.htm>
More information about the rb-commits
mailing list