[Git][reproducible-builds/reproducible-website][master] 2021-03: Initial draft
Chris Lamb
gitlab at salsa.debian.org
Mon Apr 5 09:02:11 UTC 2021
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
277af902 by Chris Lamb at 2021-04-05T10:02:00+01:00
2021-03: Initial draft
- - - - -
13 changed files:
- _reports/2021-03.md
- + images/reports/2021-03/coreboot.png
- + images/reports/2021-03/debian.png
- + images/reports/2021-03/diffoscope.svg
- + images/reports/2021-03/fdroid.png
- + images/reports/2021-03/gnu-mes-talk.png
- + images/reports/2021-03/nixos.png
- + images/reports/2021-03/openssf.png
- + images/reports/2021-03/opensuse.png
- + images/reports/2021-03/outreachy.png
- + images/reports/2021-03/qubes.png
- + images/reports/2021-03/reproducible-builds.png
- + images/reports/2021-03/testframework.png
Changes:
=====================================
_reports/2021-03.md
=====================================
@@ -6,50 +6,185 @@ title: "Reproducible Builds in March 2021"
draft: true
---
-* [forwarded 983852](https://github.com/scrapy/scrapy/pull/5019)
+[![]({{ "/images/reports/2021-03/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
-* [Debian unstable reached 85% reproducibility](https://tests.reproducible-builds.org/debian/unstable/index_suite_amd64_stats.html) for the first time since enabling build path variations.
+**Welcome to the March 2021 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
-* [FIXME](https://linuxfoundation.org/en/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/)
+In our monthly reports, we try to outline the most important things that have happened in the reproducible builds community. If you are interested in contributing to the project, though, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on [our website]({{ "/" | relative_url }}).
-* [FIXME](https://sigstore.dev/what_is_sigstore/)
+<br>
-* [FIXME: Alexander 'lynxis' Couzens worked on improved support for coreboot payloads to be reproducible. so far coreboot itself is reproducible, but not all payloads are. The patches pass reproducible builds environment (TZ, SOURCE_DATE_EPOCH, LANG) to the build systems of the payloads](https://review.coreboot.org/q/topic:%22reproducible%22+(status:open%20OR%20status:merged))
+[![]({{ "/images/reports/2021-03/fdroid.png#right" | relative_url }})](https://www.f-droid.org)
+
+[F-Droid](https://www.f-droid.org/) is an large repository of open source applications for the Google Android platform. This month, Felix C. Stegerman announced [*apksigcopier*](https://github.com/obfusk/apksigcopier), a new tool for copying signatures for `.apk` files from a signed `.apk` file to an unsigned one which is necessary in order to verify reproducibly of F-Droid components. Felix filed an [Intent to Package (ITP)](https://wiki.debian.org/ITP) bug in Debian to include it in that distribution too ([#986179](https://bugs.debian.org/986179)).
+
+On 9th March, the Linux Foundation announced announced the [*sigstore*](https://sigstore.dev/what_is_sigstore/) project which is intended to improve the security of the software supply chains through cryptographically signed transparency log techniques. According to the [their announcement](https://linuxfoundation.org/en/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/):
+
+> sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community.
+
+[![]({{ "/images/reports/2021-03/openssf.png#right" | relative_url }})](https://openssf.org/)
+
+A [discussion was started on Hacker News this month](https://news.ycombinator.com/item?id=26602033) regarding [OpenSSF](https://openssf.org/), a broad technical initiative aiming to focus on vulnerability disclosures, security tooling as well other related threats to open source projects. At the time of writing, the HN discussion has over 70 comments, including input from members of OpenSSF itself.
+
+On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/), Felix C. Stegerman followed-up to a thread in January 2021 regarding [reproducible Python `.pyc` files](https://lists.reproducible-builds.org/pipermail/rb-general/2021-March/002207.html). In addition, Jan Nieuwenhuizen [announced the release of GNU Mes version 0.23](https://lists.reproducible-builds.org/pipermail/rb-general/2021-March/002209.html). [Mes](https://www.gnu.org/software/mes/), a Scheme interpreter and C compiler designed for bootstrapping a base GNU system, was ported to the ARM architecture and can now be used in the [GNU Guix "Reduced Binary Seed" bootstrap](https://guix.gnu.org/blog/2020/guix-further-reduces-bootstrap-seed-to-25).
+
+Elsewhere in supply-chain security news, it was discovered that hackers added backdoors to the source code for the PHP programming language after breaching an internal Git server. The malicious code would have made websites vulnerable to a complete takeover including stealing credit card and other sensitive personal information. ([ArsTechnica story](https://arstechnica.com/gadgets/2021/03/hackers-backdoor-php-source-code-after-breaching-internal-git-server/)).
+
+<br>
+
+## Software development
+
+### Distribution work
+
+[![]({{ "/images/reports/2021-03/coreboot.png#right" | relative_url }})](https://www.coreboot.org/)
+
+[Coreboot](https://www.coreboot.org/) is an project that provides a fast, secure and free software alternative boot experience for modern computers and embedded systems.
+
+This month, Alexander "*lynxis*" Couzens worked on improving support for Coreboot's payloads to be reproducible. Whilst Coreboot itself is reproducible, not all of its firmware payloads are. However, *lynxis*'s new patches now pass build environment variables (e.g. `TZ`, [`SOURCE_DATE_EPOCH`]({{ "/specs/source-date-epoch/" | relative_url }}), `LANG`, etc.) to the build systems of the respective payloads. [[...](https://review.coreboot.org/q/topic:%22reproducible%22+(status:open%20OR%20status:merged))]
+
+<br>
+
+[![]({{ "/images/reports/2021-03/debian.png#right" | relative_url }})](https://debian.org/)
+
+When building Debian packages, `dpkg` currently passes options to the underlying build system to,stripping out the build path from generated binaries. However, many binaries still end up including the build path because they embed the entire compiler command-line which includes, ironically, the very flags designed to prevent that occurring. Vagrant Cascadian therefore [filed a bug against the Debian `dpkg` package](https://bugs.debian.org/985553) to use [GCC](https://gcc.gnu.org/)'s `.spec` files to specify the `fixfilepath` and `fixdebugpath` options. This supplies the build path to GCC via the `DEB_BUILD_PATH` environment variable, thus avoid passing the path on the command-line itself. Related to this, it was noticed that [Debian unstable reached 85% reproducibility](https://tests.reproducible-builds.org/debian/unstable/index_suite_amd64_stats.html) for the first time since enabling variations in the build path.
+
+Frédéric Pierret has been working on a partial copy of the [`snapshot.debian.org`](https://snapshot.debian.org/) "wayback machine" service limited solely to the packages needed to rebuild Debian *bullseye* on the `amd64` architecture. This is to workaround the bandwidth and other perceived limitations of `snapshot.debian.org`. Whilst the mirror itself is reachable at [`debian.notset.fr`](https://debian.notset.fr/snapshot/), the software for creating that partial mirror [is available in Frédéric's Git repository](https://github.com/fepitre/snapshot-mirror). Currently, Frédéric's service has mirrored 4 months in 2 weeks, but needs approximately 3-5 years of content in order to fully rebuild *bullseye*. To that end, [a request was made to the Debian system administrators](https://rt.debian.org/Ticket/Display.html?id=8547)) to obtain better access to `snapshot.debian.org` for this mirror in order to accelerate the initial seeding.
+
+53 reviews of Debian packages were added, 25 were updated and 22 were removed this month adding to our [extensive knowledge of identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+<br>
+
+[![]({{ "/images/reports/2021-03/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+Bernhard M. Wiedemann posted his [monthly reproducible builds status report](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/6H4AO7BGHXTGUUGWKLDB5VXAZEEIV6SG/) for the [openSUSE](https://www.opensuse.org/) distribution which had FIXME
+
+<br>
+
+### [*diffoscope*](https://diffoscope.org)
+
+[![]({{ "/images/reports/2021-03/diffoscope.svg#right" | relative_url }})](https://diffoscope.org)
+
+[*diffoscope*](https://diffoscope.org) is the Reproducible Build's project in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it provides human-readable diffs from many kinds of binary format. This month, [Chris Lamb](https://chris-lamb.co.uk) made a large number of changes (including releasing [version 169](https://diffoscope.org/news/diffoscope-169-released/) [version 170](https://diffoscope.org/news/diffoscope-170-released/) and [version 171](https://diffoscope.org/news/diffoscope-171-released/):
+
+* New features:
+
+ * If `zipinfo(1)` shows a difference but we cannot uncover a difference within the underlying `.zip` or `.apk` file, add a comment to the output and actually show the binary comparison. ([#246](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/246))
+ * Ensure all our temporary directories have useful names. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e5fc1c4)]
+ * Ignore `--debug` and similar arguments when creating a (hopefully-useful) temporary directory suffix. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fc310cf)]
+
+* Optimisations:
+
+ * Avoid frequent long lines in RPM header outputs that cause extremely slow HTML output generation. ([#245](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/245))
+ * Use larger read buffer block sizes when extracting files from archives. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f25c0f6)]
+ * Use a much-shorter HTML class name instead of `diffponct` to optimise HTML output. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9d9520b)]
+
+* Output improvements:
+
+ * Make `error extracting X, falling back to binary comparison 'Y'` error message in *diffoscope*'s output nicer. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8bdc89a)]
+ * Don't emit "Unable to stat file" debug messages at all. We have entirely-artificial directory "entries" such as ELF sections which, of course, will never exist as files. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/0d5f7cb)]
+
+* Logging improvements:
+
+ * Add the target directory when logging which directory we are extracting containers to. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/73cf490)]
+ * Format report size messages when generating HTML reports. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ee963ce)]
+ * Don't emit a `Returning a FooContainer` logging message too, as we already emit `Instantiating a FooContainer` log message. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/25634e3)]
+ * Reduce "Unable to stat file" warnings to debug messages as these are sometimes by design. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fa16873)]
+
+* Misc improvements:
+
+ * Clarify a comment regarding not extracting excluded files. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7e31600)]
+ * Remove trailing newline from updated test file (re: [#243](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/243)). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/27e2743)]
+ * Fix `test_libmix_differences` failure on openSUSE *Tumbleweed*. ([#244](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/244))
+ * Move `test_rpm` to use the `assert_diff` utility helper.
+
+In addition Hans-Christoph Steiner added a `diffoscope.tools.get_tools` method to support programmatically fetch *diffoscope*'s internal config [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/248b06a)], Mattia Rizzolo updated the tests to not require a tool when it *wasn't* required as well as to correct a misleading reason for skipping, Roland Clobus made *diffoscope* more tolerant of malformed Debian `.changes`. files [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/acd8c55)] and Vagrant Cascadian updated a test so that it would not be run if a required too was not available [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/64d91ab)].
+
+### Website and documentation
+
+Several changes were made to the [main Reproducible Builds website and documentation](https://reproducible-builds.org/) this month. Arnout Engelen, for example, updated the configuration to avoid a conflict between `jekyll-polyglot` and `sass` [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/18b19a7)] as well as replacing an outdated [NixOS](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7313f07)-related link to a pull request [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7313f07)].
+
+In addition, Chris Lamb fixed some links in old reports [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/35bd350)], Frédéric Pierre updated the entry for [QubesOS](https://www.qubes-os.org/) on our [list of partner projects]({{ "/who/" | relative_url }}), adding an external tests page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1481bfb)], and Vagrant Cascadian added a 'light' variant of the Reproducible Builds logo [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ada2429)].
+
+#### Upstream patches
* Bernhard M. Wiedemann:
- * [`kismet`](https://build.opensuse.org/request/show/875888) (fixup compilation with date patch, needs upstreaming)
- * [`libkrunfw`](https://build.opensuse.org/request/show/877718) (user+host+date)
- * [`kio/extra-cmake-modules`](https://invent.kde.org/frameworks/extra-cmake-modules/-/merge_requests/101) (toolchain, normalize tar atime)
- * [`yast`](https://github.com/yast/yast-ruby-bindings/issues/269) (report FTBFS-j1)
-
-* [FIXME openSUSE monthly](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/6H4AO7BGHXTGUUGWKLDB5VXAZEEIV6SG/)
-
-* [FIXME](https://bugs.debian.org/985553)
-
-* [FIXME](https://bugs.debian.org/977487)
-
-* [FIXME](https://bugs.debian.org/885326)
-
-* [FIXME](https://arstechnica.com/gadgets/2021/03/hackers-backdoor-php-source-code-after-breaching-internal-git-server/)
-
-* FIXME/F-Droid development: Felix C. Stegerman
- [announced <em>apksigcopier</em>](https://lists.reproducible-builds.org/pipermail/rb-general/2021-March/002214.html)
- on our rb-general mailinglist. [apksigcopier](https://github.com/obfusk/apksigcopier) is a tool
- for copying APK signatures from a signed APK to an unsigned one (in order to verify reproducible builds for F-Droid).
- Felix also filed [#986179: ITP: apksigcopier -- copy/extract/patch apk signatures](https://bugs.debian.org/986179)
- to get in included into Debian and Holger Levsen offered to sponsors those uploads.
-
-* FIXME: Frédéric Pierret worked on a partial snapshot.debian.org mirror which only has the packages needed to
- rebuild Debian bullseye arch:amd64 and arch:all, to workaround the bandwidth and other access limitations of
- snapshot.d.o.
- The software for creating that partial mirror is available at https://github.com/fepitre/snapshot-mirror
- and the mirror itself is reachable at https://debian.notset.fr/snapshot/
- There's also an RT ticket ([#8547](https://rt.debian.org/Ticket/Display.html?id=8547)) for getting better
- access to snapshot for this mirror, to accellerate the initial mirroring efforts.
- So far we mirrored 4 months in 2 weeks and we probably need 3-5 years of snapshot content to be able to fully
- rebuild bullseye.
-
-* Jan Nieuwenhuizen [announced the release of GNU Mes 0.23](https://lists.reproducible-builds.org/pipermail/rb-general/2021-March/002209.html). Mes was ported to ARM and can now be used in the [GNU Guix Reduced Binary
-Seed bootstrap](https://guix.gnu.org/blog/2020/guix-further-reduces-bootstrap-seed-to-25).
-
-* https://news.ycombinator.com/item?id=26602033
+
+ * [`kio/extra-cmake-modules`](https://invent.kde.org/frameworks/extra-cmake-modules/-/merge_requests/101) (toolchain, normalise `.tar` access times)
+ * [`kismet`](https://build.opensuse.org/request/show/875888) (fix compilation with date patch, needs upstreaming)
+ * [`libkrunfw`](https://build.opensuse.org/request/show/877718) (user, host and date variations)
+
+* Chris Lamb:
+
+ * [#885326](https://bugs.debian.org/885326) filed against [`flask-peewee`](https://tracker.debian.org/pkg/flask-peewee).
+ * [#977487](https://bugs.debian.org/977487) filed against [`pyvows`](https://tracker.debian.org/pkg/pyvows).
+ * [#983852](https://bugs.debian.org/983852) filed against [`python-scrapy`](https://tracker.debian.org/pkg/python-scrapy) ([forwarded upstream](https://github.com/scrapy/scrapy/pull/5019)).
+ * [#984809](https://bugs.debian.org/984809) filed against [`php8.0`](https://tracker.debian.org/pkg/php8.0).
+ * [#985335](https://bugs.debian.org/985335) filed against [`cdebootstrap`](https://tracker.debian.org/pkg/cdebootstrap).
+ * [#985448](https://bugs.debian.org/985448) filed against [`jalview`](https://tracker.debian.org/pkg/jalview).
+
+* Nilesh Patra:
+
+ * [#985143](https://bugs.debian.org/985143) filed against [`bmtk`](https://tracker.debian.org/pkg/bmtk).
+ * [#985144](https://bugs.debian.org/985144) filed against [`pigx-rnaseq`](https://tracker.debian.org/pkg/pigx-rnaseq).
+ * [#985160](https://bugs.debian.org/985160) filed against [`simrisc`](https://tracker.debian.org/pkg/simrisc).
+ * [#985210](https://bugs.debian.org/985210) filed against [`wordnet`](https://tracker.debian.org/pkg/wordnet).
+ * [#985219](https://bugs.debian.org/985219) filed against [`xbs`](https://tracker.debian.org/pkg/xbs).
+
+* Vagrant Cascadian:
+
+ * [#983832](https://bugs.debian.org/983832) filed against [`d-itg`](https://tracker.debian.org/pkg/d-itg).
+ * [#983836](https://bugs.debian.org/983836) filed against [`crystal-facet-uml`](https://tracker.debian.org/pkg/crystal-facet-uml).
+ * [#983902](https://bugs.debian.org/983902) filed against [`sendmail`](https://tracker.debian.org/pkg/sendmail).
+ * [#984845](https://bugs.debian.org/984845) filed against [`sofia-sip`](https://tracker.debian.org/pkg/sofia-sip).
+ * [#985187](https://bugs.debian.org/985187) filed against [`ffmpeg`](https://tracker.debian.org/pkg/ffmpeg).
+ * [#985553](https://bugs.debian.org/985553) filed against [`dpkg`](https://tracker.debian.org/pkg/dpkg).
+
+### Testing framework
+
+[![]({{ "/images/reports/2021-03/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+
+The Reproducible Builds project operates a [Jenkins](https://jenkins.io/)-based testing framework that powers [`tests.reproducible-builds.org`](https://tests.reproducible-builds.org). This month, the following changes were made:
+
+<br>
+
+[![]({{ "/images/reports/2021-03/qubes.png#right" | relative_url }})](https://www.qubes-os.org/)
+
+* Frédéric Pierret ([Qubes-OS](https://www.qubes-os.org/)):
+
+ * Improve the scripts to host `.buildinfo` files in a Debian-style "pool" directory structure. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/845b2b9d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/abfbb8b5)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ff2462cb)]
+ * Improve handling of temporary files. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5935769c)]
+ * Create package sets in a public folder. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2b7b9017)]
+ the
+ * Merge a suite-specific script into the main one. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7e9f02e8)]
+ * Fix an `awk` script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a4c5bd77)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/49344dab)]
+
+* Holger Levsen:
+
+ * Fix regular expression in host "health check" to correctly detect [Lintian](https://lintian.debian.org/) issues in [*diffoscope*](https://diffoscope.org/) builds [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fda0dd53)] as well as APT failures caused by broken dependencies [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/c934c816)].
+ * Schedule `armhf` architecture *bullseye* packages in Debian more often than *unstable* as the release is near. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0d86554c)]
+ * Further work on prototype Debian rebuilder tool to correct a typo in a *debrebuild* option [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/486bf74a)], to fail correctly even during when using "pipes" [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/779b14cf)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/84389356)] and make the debug output more readable in general [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5cab9517)].
+ * Handle temporary files files in the scripts to host `.buildinfo` files in a Debian-style "pool" directory structure [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f7290c04)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/40d7f445)]
+ * Declare any `pool_buildinfos_suites` jobs as "zombies" jobs. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6b23fd57)]
+
+* Vagrant Cascadian:
+
+ * Add a new `virt32a-armhf-rb.debian.net` and `virt64a-armhf-rb.debian.net` builders. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/dc874a83)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/679374a7)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ba3509ed)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3a975962)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b447f1f7)]
+ * Re-enable `armhf` architecture nodes, now that they have built the *pbuilder* tarballs. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/106d19ed)]
+[[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/08a8c8a0)]
+ * Add a new package set for "[debian-on-mobile-maintainers](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_maint_debian-on-mobile-maintainers.html)". [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/8b093f76)]
+
+Elsewhere in our infrastructure, Mattia Rizzolo updated the [Mailman](https://list.org/) mailing list configuration to move the automated backups to run 10 minutes after midnight [[...](https://salsa.debian.org/reproducible-builds/rb-mailx-ansible/commit/5f300cc)] and to fix an [Ansible](https://www.ansible.com/) warning regarding Python `str` and` `int` types [[...](https://salsa.debian.org/reproducible-builds/rb-mailx-ansible/commit/87e4545)]. Lastly, build node maintenance was performed by Holger Levsen [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b7ff8f8c)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/eb3bec8a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2cd694ce)], Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2515ad8c)] and Vagrant Cascadian [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fad3a9fc)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/b5b62af6)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1f5b5550)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/46ec3c47)].
+
+<br>
+
+[![]({{ "/images/reports/2021-03/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
+
+If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
+
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
+
+ * Twitter ([@ReproBuilds](https://twitter.com/ReproBuilds)) & Mastodon ([@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds))
+
+ * Reddit: [/r/ReproducibleBuilds](https://reddit.com/r/reproduciblebuilds)
+
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
=====================================
images/reports/2021-03/coreboot.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/coreboot.png differ
=====================================
images/reports/2021-03/debian.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/debian.png differ
=====================================
images/reports/2021-03/diffoscope.svg
=====================================
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ version="1.1"
+ width="128"
+ height="128"
+ id="svg2">
+ <defs
+ id="defs4" />
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ transform="matrix(1.0692573,0,0,1.0692573,-328.34726,-503.5515)"
+ id="layer1">
+ <g
+ id="g5409">
+ <g
+ transform="translate(5.418238,0)"
+ id="g5386">
+ <rect
+ width="90.304001"
+ height="50.999996"
+ x="316.36414"
+ y="472.80621"
+ id="rect4667-3"
+ style="fill:none;stroke:none" />
+ <g
+ id="text4673-8"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 316.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5371"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 348.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5373"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 380.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5375"
+ style="fill:#c00000;fill-opacity:1" />
+ </g>
+ <g
+ id="text5366"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 327.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5378" />
+ <path
+ d="m 359.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5380" />
+ <path
+ d="m 391.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5382" />
+ </g>
+ </g>
+ <use
+ id="use5399"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.8,0,0,0.8,82.417275,133.65028)"
+ id="use5401"
+ style="opacity:0.85"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.6,0,0,0.6,164.83455,260.05454)"
+ id="use5403"
+ style="opacity:0.7"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.4,0,0,0.4,247.25182,379.25208)"
+ id="use5405"
+ style="opacity:0.55"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ </g>
+ </g>
+</svg>
=====================================
images/reports/2021-03/fdroid.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/fdroid.png differ
=====================================
images/reports/2021-03/gnu-mes-talk.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/gnu-mes-talk.png differ
=====================================
images/reports/2021-03/nixos.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/nixos.png differ
=====================================
images/reports/2021-03/openssf.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/openssf.png differ
=====================================
images/reports/2021-03/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/opensuse.png differ
=====================================
images/reports/2021-03/outreachy.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/outreachy.png differ
=====================================
images/reports/2021-03/qubes.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/qubes.png differ
=====================================
images/reports/2021-03/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/reproducible-builds.png differ
=====================================
images/reports/2021-03/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2021-03/testframework.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/277af9025f44144b85933c9380062a53d3351332
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/277af9025f44144b85933c9380062a53d3351332
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210405/acbb9253/attachment.htm>
More information about the rb-commits
mailing list