[Git][reproducible-builds/reproducible-website][master] 2 commits: 2021-03: Misc aesthetic changes.

Chris Lamb gitlab at salsa.debian.org
Wed Apr 7 16:26:25 UTC 2021



Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
83a5decc by Chris Lamb at 2021-04-07T17:25:59+01:00
2021-03: Misc aesthetic changes.

- - - - -
9385e780 by Chris Lamb at 2021-04-07T17:26:16+01:00
published as https://reproducible-builds.org/reports/2021-03/

- - - - -


1 changed file:

- _reports/2021-03.md


Changes:

=====================================
_reports/2021-03.md
=====================================
@@ -3,7 +3,8 @@ layout: report
 year: "2021"
 month: "03"
 title: "Reproducible Builds in March 2021"
-draft: true
+draft: false
+date: 2021-04-07 16:26:15
 ---
 
 [![]({{ "/images/reports/2021-03/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
@@ -16,9 +17,9 @@ In our monthly reports, we try to outline the most important things that have ha
 
 [![]({{ "/images/reports/2021-03/fdroid.png#right" | relative_url }})](https://www.f-droid.org)
 
-[F-Droid](https://www.f-droid.org/) is a large repository of open source applications for the Google Android platform. This month, Felix C. Stegerman announced [*apksigcopier*](https://github.com/obfusk/apksigcopier), a new tool for copying signatures for `.apk` files from a signed `.apk` file to an unsigned one which is necessary in order to verify reproducibly of F-Droid components. Felix  filed an [Intent to Package (ITP)](https://wiki.debian.org/ITP) bug in Debian to include it in that distribution, too ([#986179](https://bugs.debian.org/986179)).
+[F-Droid](https://www.f-droid.org/) is a large repository of open source applications for the Google Android platform. This month, Felix C. Stegerman announced [*apksigcopier*](https://github.com/obfusk/apksigcopier), a new tool for copying signatures for `.apk` files from a signed `.apk` file to an unsigned one which is necessary in order to verify reproducibly of F-Droid components. Felix filed an [Intent to Package (ITP)](https://wiki.debian.org/ITP) bug in Debian to include it in that distribution as well ([#986179](https://bugs.debian.org/986179)).
 
-On 9th March, the Linux Foundation [announced](https://linuxfoundation.org/en/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/) the [*sigstore*](https://sigstore.dev/what_is_sigstore/#what-is-sigstore) project, which is a centralized service that allows developers to cryptographically sign and store signatures for release artifacts. It also attempts to help developers who don't wish to manage their own signing keypairs simplify signing their releases.
+On 9th March, the Linux Foundation [announced](https://linuxfoundation.org/en/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/) the [*sigstore*](https://sigstore.dev/what_is_sigstore/#what-is-sigstore) project, which is a centralised service that allows developers to cryptographically sign and store signatures for release artifacts. *sigstore* attempts to help developers who don't wish to manage their own signing keypairs.
 
 [![]({{ "/images/reports/2021-03/openssf.png#right" | relative_url }})](https://openssf.org/)
 
@@ -46,7 +47,7 @@ This month, Alexander "*lynxis*" Couzens worked on improving support for Coreboo
 
 When building Debian packages, `dpkg` currently passes options to the underlying build system to strip out the build path from generated binaries. However, many binaries still end up including the build path because they embed the entire compiler command-line which includes, ironically, the very flags that specify the build path to facilitate stripping it out. Vagrant Cascadian therefore [filed a bug against the Debian `dpkg` package](https://bugs.debian.org/985553) to use [GCC](https://gcc.gnu.org/)'s `.spec` files to specify the `fixfilepath` and `fixdebugpath` options. This supplies the build path to GCC via the `DEB_BUILD_PATH` environment variable, thus avoid passing the path on the command-line itself. Related to this, it was noticed that [Debian unstable reached 85% reproducibility](https://tests.reproducible-builds.org/debian/unstable/index_suite_amd64_stats.html) for the first time since enabling variations in the build path.
 
-Frédéric Pierret has been working on a partial copy of the [`snapshot.debian.org`](https://snapshot.debian.org/) "wayback machine" service limited solely to the packages needed to rebuild Debian *bullseye* on the `amd64` architecture. This is to workaround the bandwidth and other perceived limitations of `snapshot.debian.org`. Whilst the mirror itself is reachable at [`debian.notset.fr`](https://debian.notset.fr/snapshot/), the software for creating that partial mirror [is available in Frédéric's Git repository](https://github.com/fepitre/snapshot-mirror). Currently, Frédéric's service has mirrored 4 months in 2 weeks, but needs approximately 3-5 years of content in order to fully rebuild *bullseye*. To that end, [a request was made to the Debian system administrators](https://rt.debian.org/Ticket/Display.html?id=8547) to obtain better access to `snapshot.debian.org` for this mirror in order to accelerate the initial seeding.
+Frédéric Pierret has been working on a partial copy of the [`snapshot.debian.org`](https://snapshot.debian.org/) "wayback machine" service, limited to the packages needed to rebuild Debian *bullseye* on the `amd64` architecture. This is to workaround some limitations of `snapshot.debian.org`. Whilst the mirror itself is reachable at [`debian.notset.fr`](https://debian.notset.fr/snapshot/), the software to creating it is [available in Frédéric's Git repository](https://github.com/fepitre/snapshot-mirror). Currently, Frédéric's service has mirrored 4 months of the archive over two weeks, but needs approximately 3-5 years of content in order to fully rebuild *bullseye*. To that end, a [request was made to the Debian system administrators](https://rt.debian.org/Ticket/Display.html?id=8547) to obtain better access to `snapshot.debian.org` to accelerate the initial seeding.
 
 53 reviews of Debian packages were added, 25 were updated and 22 were removed this month adding to our [extensive knowledge of identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/82f54676756ea378a17455f1338c166b362512d6...9385e780c4d932b509261569593eb4d1eac248ec

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/82f54676756ea378a17455f1338c166b362512d6...9385e780c4d932b509261569593eb4d1eac248ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210407/717101e1/attachment.htm>


More information about the rb-commits mailing list