[Git][reproducible-builds/reproducible-website][master] 2 commits: Also ignore commits that start, for example, "2020 12: foo".
Chris Lamb
gitlab at salsa.debian.org
Sun Jan 3 11:31:23 UTC 2021
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
c95c8032 by Chris Lamb at 2021-01-03T11:30:02+00:00
Also ignore commits that start, for example, "2020 12: foo".
- - - - -
a0c47ff2 by Chris Lamb at 2021-01-03T11:30:26+00:00
2020-12: Initial draft
- - - - -
11 changed files:
- _reports/2020-12.md
- bin/generate-draft
- + images/reports/2020-12/cwa.png
- + images/reports/2020-12/debian.png
- + images/reports/2020-12/diffoscope.svg
- + images/reports/2020-12/kimzetter.jpg
- + images/reports/2020-12/maven.png
- + images/reports/2020-12/opensuse.png
- + images/reports/2020-12/sfconservancy-projects.png
- + images/reports/2020-12/solarwinds.jpg
- + images/reports/2020-12/testframework.png
Changes:
=====================================
_reports/2020-12.md
=====================================
@@ -6,71 +6,243 @@ title: "Reproducible Builds in December 2020"
draft: true
---
- https://github.com/openSUSE/obs-build/pull/634 option to disable ext3/4 dir_index to have reproducible readdir order - now helping dozens of packages in openSUSE Tumbleweed to be verifyable (cargo-c, gcompris, qt6*)
+[![]({{ "/images/reports/2020-12/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
-* Bernhard M. Wiedemann:
- * [`python-veusz`](https://github.com/veusz/veusz/pull/479) (sort readdir)
- * [`cherrytree`](https://github.com/giuspen/cherrytree/pull/1401) (date)
- * [`plymouth`](https://build.opensuse.org/request/show/853457) (unparseable changelog date)
- * [`java-16-openjdk`](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8258190) (nonpublic, date/copyright-year)
- * [`sysdig`](https://github.com/draios/sysdig/pull/1717) (fix FTBFS-i586)
- * [`breezy`](https://github.com/breezy-team/breezy/pull/119) (partial fix for FTBFS-2027)
- * [`rubygem-passenger`](https://github.com/phusion/passenger/pull/2328) (sort ruby glob/readdir)
- * [`mono-core`](https://github.com/mono/mono/pull/20690) (date)
- * [`rabbitmq-c`](https://github.com/alanxz/rabbitmq-c/pull/638) (date in man, use cmake TIMESTAMP instead)
- * [`xmlgraphics-fop`](https://github.com/apache/xmlgraphics-fop/pull/65) (toolchain, date, partial)
- * [`python3-img-proof`](https://bugzilla.opensuse.org/show_bug.cgi?id=1180450) (report FTBFS)
- * [`spack`](https://github.com/spack/spack/pull/20629) (parallelism / core-count)
- * [`diff-pdf`](https://bugzilla.opensuse.org/show_bug.cgi?id=1180471) (fixed, man had error with time)
- * [`monero`](https://github.com/monero-project/monero/pull/7241) (CPU detection)
- * [`flnews`](https://build.opensuse.org/request/show/859515) (date, upstreamable)
- * [`minikube`](https://build.opensuse.org/request/show/856786) (date+time)
- * [`goxel`](https://build.opensuse.org/request/show/858666) (version update for sort readdir ; already upstream)
+**Greetings and welcome to the December 2020 report from the [Reproducible Builds](https://reproducible-builds.org) project.** In these monthly reports, we try to outline most important things that have happened in and around the Reproducible Builds project.
+
+<br>
+
+[![]({{ "/images/reports/2020-12/solarwinds.jpg#right" | relative_url }})](https://www.washingtonpost.com/technology/2020/12/14/russia-hack-us-government/)
+
+In mid-December, it was announced that there was a substantial and wide-reaching supply-chain attack that targeted many departments of the United States government including the [Treasury](https://home.treasury.gov/), [Commerce](https://www.commerce.gov/) and [Homeland Security](https://www.dhs.gov/) (DHS). The attack, informally known as 'SolarWinds' after the manufacturer of the network management software that was central to the compromise, was [described by the Washington Post](https://www.washingtonpost.com/technology/2020/12/14/russia-hack-us-government/) as:
+
+> The far-reaching Russian hack that sent U.S. government and corporate officials scrambling in recent days appears to have been a quietly sophisticated bit of online spying. Investigators at cybersecurity firm FireEye, which itself was victimized in the operation, marveled that the meticulous tactics involved “some of the best operational security” its investigators had seen, using at least one piece of malicious software never previously detected.
+
+This revelation is extremely relevant to Reproducible Builds project because, according to the [SANS Institute](https://www.sans.org), it appears that the source code and distribution systems were not compromised — instead, the *build system* was, and is therefore **precisely the kind of attack that reproducible builds is designed to prevent**. The *SolarWinds* attack is further evidence that reproducible builds is important and that it becomes a pervasive software engineering principle.
+
+[![]({{ "/images/reports/2020-12/kimzetter.jpg#right" | relative_url }})](https://twitter.com/KimZetter/status/1338305089597964290)
+
+[Kim Setter](https://twitter.com/KimZetter), author of [*Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon*](https://www.penguinrandomhouse.com/books/219931/countdown-to-zero-day-by-kim-zetter/), [posted on Twitter](https://twitter.com/KimZetter/status/1338305089597964290) that:
+
+<blockquote class="twitter-tweet"><p lang="en" dir="ltr">I have report from Microsoft about SolarWinds hack, including IoCs. Excerpts in this thread: "Microsoft security researchers recently discovered a sophisticated attack where an adversary inserted malicious code into a supply chain development process....</p>— Kim Zetter (@KimZetter) <a href="https://twitter.com/KimZetter/status/1338305089597964290?ref_src=twsrc%5Etfw">December 14, 2020</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
+
+However, more information on the attack may be found on [CNN](https://www.cnn.com/2020/12/16/tech/solarwinds-orion-hack-explained/index.html), [CSO](https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html) [ComputerWeekly](https://www.computerweekly.com/news/252493662/SolarWinds-cyber-attack-How-worried-should-I-be-and-what-do-I-do-now), [BBC News](https://www.bbc.co.uk/news/technology-55368213), etc., and David A. Wheeler [started a discussion on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002109.html).
+
+<br>
+
+[![]({{ "/images/reports/2020-12/cwa.png#right" | relative_url }})](https://github.com/corona-warn-app/cwa-app-android)
+
+[Last month we reported]({{ "/reports/2020-11/" | relative_url }}) on a fork of the official German Corona App called [*Corona Warn App*](https://github.com/corona-warn-app/cwa-app-android). Since then, the application is now available on the [F-Droid free-software app store](https://f-droid.org/) (without integration with Google-operated services). However, the version on *F-Droid* also supports reproducible builds, and instructions on [how to rebuild the package](https://codeberg.org/corona-contact-tracing-germany/cwa-android/src/branch/main/docs/rebuilding.md) are available from the [upstream Git repository](https://codeberg.org/corona-contact-tracing-germany/cwa-android/src/branch/main). ([FSFE's announcement.](https://fsfe.org/news/2020/news-20201208-01.en.html))
+
+[![]({{ "/images/reports/2020-12/maven.png#right" | relative_url }})](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002094.html)
+
+The [Reproducible Central](https://github.com/jvm-repo-rebuild/reproducible-central) project is an attempt to rebuild binaries published by the [Maven Central Repository](https://www.tutorialspoint.com/maven/maven_repositories.htm) in a reproducibility context. This month, [Hervé Boutemy](https://people.apache.org/~hboutemy/) announced that *Reproducible Central* [made their 100th release](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002094.html).
+
+We also first wrote about the [Threema](https://threema.ch/) messaging application in [September 2020]({{ "/reports/2020-09/" | relative_url }}). This month, however, the Threema developers announced that their applications have been released under the [GNU Affero General Public License (AGPL)](https://www.gnu.org/licenses/agpl-3.0.en.html) ([ announcement](https://threema.ch/en/blog/posts/open-source-and-new-partner)) and that [they are now reproducible](https://threema.ch/en/open-source/reproducible-builds) from version `4.5-beta1` onwards. ([Spiegel.de announcement.](https://www.spiegel.de/netzwelt/apps/threema-ist-jetzt-eine-open-source-app-a-fff7eb90-8eba-4761-af55-581ae36bbcdc))
+
+## Community news
+
+Vagrant Cascadian announced that there will be another Reproducible Builds 'office hours' session on **Thursday January 7th**, where members of the Reproducible Builds project will be available to answer any questions. ([More info.](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002100.html))
+
+On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/), Jeremiah Orians sent a [brief status update](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002114.html) on the status of the [*Bootstrappable*](https://bootstrappable.org/) project, noting that it is now possible to build a C compiler requiring "nothing outside of a POSIX kernel". Bernhard M. Wiedemann also [published the minutes of a recent debugging-oriented meeting](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002099.html).
+
+[![]({{ "/images/reports/2020-12/sfconservancy-projects.png#right" | relative_url }})](https://sfconservancy.org/blog/2020/dec/21/RB-CL-interview/)
+
+Chris Lamb recently took part in an interview with an intern at the [Software Freedom Conservancy](https://sfconservancy.org/) to talk about the [Reproducible Builds](https://reproducible-builds.org/) project and the importance of reproducibility in software development:
+
+> **VB**: How would you relate the importance of reproducibility to a user who is non-technical?
+
+> **CL**: I sometimes use the analogy of the food ‘supply chain’ to quickly relate our work to non-technical audiences. The multiple stages of how our food reaches our plates today (such as seeding, harvesting, picking, transportation, packaging, etc.) can loosely translate to how software actually ends up on our computers, particularly in the way that if any of the steps in the multi-stage food supply chain has an issue then it quickly becomes a serious problem.
+
+The full interview can be found [on the Conservancy webpages](https://sfconservancy.org/blog/2020/dec/21/RB-CL-interview/).
+
+## Distribution work
+
+[![]({{ "/images/reports/2020-12/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+[Adrian Schröter](https://www.storch-bleckmar.de/blog/index.php/de/) added an option to the scripts powering the [Open Build Service](https://github.com/openSUSE/obs-build) to enable deterministic filesystem ordering. Whilst this degrades performance slightly, it also enables dozens of packages in [openSUSE Tumbleweed](https://software.opensuse.org/distributions/tumbleweed) to become reproducible. [[...](https://github.com/openSUSE/obs-build/pull/634)]
+
+[![]({{ "/images/reports/2020-12/debian.png#right" | relative_url }})](https://debian.org/)
+
+In Debian, Holger Levsen uploaded 540 packages to the *unstable* distribution that were missing `.buildinfo` files for `Architecture: all` packages. Holger described his rationale and approach in a blog post titled [*On doing 540 no-source-change source-only uploads in two weeks*](http://layer-acht.org/thinking/blog/20201231-no-source-change-source-uploads/), and also he posted the [full list of packages he intends to upload during January 2021](https://lists.debian.org/debian-devel/2020/12/msg00419.html) to the [`debian-devel`](https://lists.debian.org/debian-devel/) mailing list:
+
+> There are many binary (and source) packages in Debian which were uploaded before 2016 (which is when `.buildinfo` files were introduced) or were uploaded with binaries until that change in release policy July 2019.
+>
+> Ivo De Decker scheduled binNMUs for all the affected packages but due to the way binNMUs work, he couldn't do anything about `arch:all` packages as they currently cannot be rebuilt with binNMUs.
+
+In recent months, Debian Developer [Stuart Prescott](https://nanonanonano.net/) has been improving [`python-debian`](https://salsa.debian.org/python-debian-team/python-debian), a Python library that is used to parse Debian-specific files such as changelogs, `.dscs`, etc. In particular, Stuart has been working on [adding support for `.buildinfo` files](https://bugs.debian.org/875306) used for recording reproducibility-related build metadata. This month, however, Stuart uploaded *python-debian* version `0.1.39` with many changes, including adding a type for `.buildinfo` files ([#875306](https://bugs.debian.org/875306)).
+
+94 reviews of Debian packages were added, 84 were updated and 34 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). In addition, Chris Lamb identified two new issues ([`timestamps_in_3d_files_created_by_survex`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/e7d73123) & [`build_path_in_direct_url_json_file_generated_by_flit`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/86903835)) and Vagrant Cascadian discovered four [ecbuild](https://github.com/ecmwf/ecbuild)-related issues ([`records_build_flags_from_ecbuild`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/f8436336), [`captures_kernel_version_via_ecbuild`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/990c7af7), [`captures_build_arch_via_ecbuild`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/351273b8) & [`timestamps_in_h_generated_by_ecbuild`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/4c84467f))
+Vagrant Cascadian made a large number of uploads to Debian fix a number of reproducible issues in packages that do not have an owner: [`a2ps`](https://tracker.debian.org/pkg/a2ps) (`4.14-6`), [`autoconf`](https://tracker.debian.org/pkg/autoconf) (`2.69-13` & `2.69-14`), [`calife`](https://tracker.debian.org/pkg/calife) (`3.0.1-6`), [`coinor-symphony`](https://tracker.debian.org/pkg/coinor-symphony) (`5.6.16+repack1-3`), [`epm`](https://tracker.debian.org/pkg/epm) (`4.2-9` & `4.2-10`), [`grap`](https://tracker.debian.org/pkg/grap) (`1.45-4`), [`hpanel`](https://tracker.debian.org/pkg/hpanel) (`0.3.2-7`), [`libcommoncpp2`](https://tracker.debian.org/pkg/libcommoncpp2) (`1.8.1-9` & `1.8.1-10`), [`libdigidoc`](https://tracker.debian.org/pkg/libdigidoc) (`3.10.5-2`), [`libnss-ldap`](https://tracker.debian.org/pkg/libnss-ldap) (`265-6`), [`lprng`](https://tracker.debian.org/pkg/lprng) (`3.8.B-5`), [`magicfilter`](https://tracker.debian.org/pkg/magicfilter) (`1.2-66`), [`massif-visualizer`](https://tracker.debian.org/pkg/massif-visualizer) (`0.7.0-2`), [`milter-greylist`](https://tracker.debian.org/pkg/milter-greylist) (`4.6.2-2`), [`minlog`](https://tracker.debian.org/pkg/minlog) (`4.0.99.20100221-7`), [`mp3blaster`](https://tracker.debian.org/pkg/mp3blaster) (`3.2.6-2`), [`nis`](https://tracker.debian.org/pkg/nis) (`3.17.1-6` & `3.17.1-8`), [`spamassassin-heatu`](https://tracker.debian.org/pkg/spamassassin-heatu) (`3.02+20101108-4`), [`webauth`](https://tracker.debian.org/pkg/webauth) (`4.7.0-8`) & [`wily`](https://tracker.debian.org/pkg/wily) (`0.13.41-9` & `0.13.41-10`).
-* FIXME: https://fsfe.org/news/2020/news-20201208-01.en.html - German Corona tracing app available on F-Drdoid without Google services and with reproducible builds, https://codeberg.org/corona-contact-tracing-germany/cwa-android/src/branch/main/docs/rebuilding.md describes how to rebuild it reproducibly.
+Similarly, Chris Lamb made two uploads of the [`sendfile`](https://tracker.debian.org/pkg/sendfile) package.
-* [FIXME](https://twitter.com/KimZetter/status/1338305089597964290)
+## Tools
-* FIXME: Holger Levsen uploaded 540 packages to Debian unstable which had missing .buildinfo files for arch:all packages. He described what he did in detail here: http://layer-acht.org/thinking/blog/20201231-no-source-change-source-uploads/ and his list of 3000 more NMU is at https://lists.debian.org/debian-devel/2020/12/msg00419.html
+[![]({{ "/images/reports/2020-12/diffoscope.svg#right" | relative_url }})](https://diffoscope.org)
-* Stuart Prescott uploaded <em>python-debian</em> 0.1.39 with many changes including:
- * Add a type for .buildinfo files (deb822.BuildInfo) (Closes: #875306).
+[*diffoscope*](https://diffoscope.org) is our project in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it provides human-readable diffs from many kinds of binary format. This month, Chris Lamb made the following changes, including releasing [version 163](https://diffoscope.org/news/diffoscope-163-released/) on multiple platforms:
-* Threema is open source (actually, AGPL3) and blog post mentions and links to reproducible-builds.org:
- * https://threema.ch/en/blog/posts/open-source-discount - "As of today (20201221), the Threema apps are open source!"
- * https://threema.ch/en/open-source/reproducible-builds - so far only for 4.5-beta1
- * https://www.spiegel.de/netzwelt/apps/threema-ist-jetzt-eine-open-source-app-a-fff7eb90-8eba-4761-af55-581ae36bbcdc - reproducible builds have arrived in mainstream press
+* New features & bug fixes:
-* Vagrant Cascadian made several QA uploads to Debian fixing reproducible builds issues:
- * lprng 3.8.B-5
- * webauth 4.7.0-8
- * grap 1.45-4
- * nis 3.17.1-6 and 3.17.1-8
- * magicfilter 1.2-66
- * hpanel 0.3.2-7
- * autoconf 2.69-13 and 2.69-14
- * nis 3.17.1-6
- * spamassassin-heatu 3.02+20101108-4
- * libnss-ldap 265-6
- * massif-visualizer 0.7.0-2
- * calife 3.0.1-6
- * wily 0.13.41-9 and 0.13.41-10
- * epm 4.2-9 and 4.2-10
- * libcommoncpp2 1.8.1-9 and 1.8.1-10
- * coinor-symphony 5.6.16+repack1-3
- * a2ps 4.14-6
- * mp3blaster 3.2.6-2
- * libdigidoc 3.10.5-2
- * milter-greylist 4.6.2-2
- * minlog 4.0.99.20100221-7
+ * Normalise `ret` to `retq` in [`objdump`](https://sourceware.org/binutils/docs/binutils/objdump.html) output in order to support multiple versions of [GNU *binutils*](https://sourceware.org/binutils/docs/binutils/). ([#976760](https://bugs.debian.org/976760))
+ * Don't show any progress indicators when running [`zstd`](https://github.com/facebook/zstd). ([#226](https://salsa.debian.org/reproducible-builds/diffoscope/issues/226))
+ * Correct the grammatical tense in the `--debug` log output. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/456f6c3)]
+
+* Codebase improvements:
+
+ * Update the `debian/copyright` file to match the copyright notices in the source tree. ([#224](https://salsa.debian.org/reproducible-builds/diffoscope/issues/224))
+ * Update various years across the codebase in `.py` copyright headers. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/95f0ba8)]
+ * Rewrite the filter routine that post-processes the output from `readelf(1)`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7902107)]
+ * Remove unnecessary [PEP 263](https://www.python.org/dev/peps/pep-0263/) encoding header lines; unnecessary after [PEP 3120](https://www.python.org/dev/peps/pep-0263/). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ee2b245)]
+ * Use `minimal` instead of `basic` as a variable name to match the underlying package name. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2280450)]
+ * Use [`pprint.pformat`](https://docs.python.org/3/library/pprint.html#pprint.pformat) in the JSON comparator to serialise the differences from [`jsondiff`](http://www.jsondiff.com/). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/41360e5)]
+
+In addition, Jean-Romain Garnier added tests for OpenJDK 14. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/06cb774)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/77bc7d5)]
+
+In [disorderfs](https://tracker.debian.org/pkg/disorderfs) (our [FUSE](https://en.wikipedia.org/wiki/Filesystem_in_Userspace)-based filesystem that deliberately introduces non-determinism into directory system calls in order to flush out reproducibility issues), Chris Lamb added support for testing on [Salsa](https://salsa.debian.org)'s CI system [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/869ec00)][[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/1e29fbf)][[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/488ebb7)] and added a quick benchmark [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/a4503fe)].
+
+## Homepage/documentation updates
+
+There were a number of updates to the [main Reproducible Builds website and documentation](https://reproducible-builds.org/) this month, including:
+
+* Calum McConnell fixed a broken link. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/727c06e)]
+
+* Chris Lamb applied a typo fix from Roland Clobus [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/77db29a)], fixed the draft detection logic ([#28](https://salsa.debian.org/reproducible-builds/reproducible-website/issues/28)), added more academic articles to our list [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/cade061)] and corrected a number of grammar issues [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0f34654)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/690fec9)].
+
+* Holger Levsen documented the `#reproducible-changes`, `#debian-reproducible-changes` and `#archlinux-reproducible` IRC channels. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b65a701)]
+
+* *kpcyrd* added [`rebuilderd`](https://github.com/kpcyrd/rebuilderd) and [`archlinux-repro`](https://github.com/archlinux/archlinux-repro) to the [list of tools]({{ "/tools" | relative_url }}). [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/57e0e1d)]
+
+## Testing framework
+
+[![]({{ "/images/reports/2020-11/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+
+The Reproducible Builds project operates a large [Jenkins](https://jenkins.io/)-based testing framework that powers [`tests.reproducible-builds.org`](https://tests.reproducible-builds.org). This month, Holger Levsen made the following changes:
+
+* [Debian](https://debian.org/)-related changes:
+
+ * Update code copy of `debrebuild`. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2619b67b)]
+ * Add Debian *sid* `sources.list` entry on a node for test rebuilds. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/deaf90b4)]
+ * Use *focal* instead of the (deprecated) *eoan* release for hosts running Ubuntu. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9c33f609)]
+
+* [Jenkins](https://jenkins.io/) administration:
+
+ * Show update frequency on the Jenkins shell monitor. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5d2c57b2)]
+ * In the Jenkins shutdown monitor, force precedence to find only log files. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ea20af8e)]
+ * Update `/etc/init.d` script from the latest `jenkins` package. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/ac0bedf8)]
+
+* System health checks & notifications:
+
+ * Detect database locks in the [*pacman*](https://wiki.archlinux.org/index.php/pacman) Arch Linux package manager. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2e0415c7)]
+ * Detect hosts running in the 'wrong future'. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6dadb32e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/52bb012e)]
+ * Install the [`apt-utils`](https://tracker.debian.org/pkg/apt-utils) package on all Debian-based hosts. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a136686a)]
+ * Use [`/citests/`]({{ "/citests/" | relative_uri }}) as the landing page. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/35fea5fb)]
+ * Update our `debrebuild` fork. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/8e00fda3)]
+
+In addition, Mattia Rizzolo made some [Debian](https://debian.org/)-related changes, including refreshing the [GnuPG](https://gnupg.org/) key of our repository [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/67989e71)], dropping some unused code [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/d77872ba)] and skipping `pbuilder`/`sdist` updates on nodes that are not performing Debian-related rebuilds [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e8e7d51)]. [Marcus Hoffmann](https://bubu1.eu/) updated his mailing list subscription status too [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/dc439d4d)].
+
+Lastly, build node maintenance was also performed by Holger Levsen [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/79667d49)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/817efb4a)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f77c8a48)], Mattia Rizzolo [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f38d116f)] and Vagrant Cascadian [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/26927d3b)].
+
+## Upstream patches
+
+The following patches were created this month:
+
+* Bernhard M. Wiedemann:
+
+ * [`breezy`](https://github.com/breezy-team/breezy/pull/119) (partial fix for build failing in the future)
+ * [`cherrytree`](https://github.com/giuspen/cherrytree/pull/1401) (embeds date)
+ * [`diff-pdf`](https://bugzilla.opensuse.org/show_bug.cgi?id=1180471) (manual package had error with time)
+ * [`flnews`](https://build.opensuse.org/request/show/859515) (date)
+ * [`goxel`](https://build.opensuse.org/request/show/858666) (filesystem ordering issue)
+ * [`java-16-openjdk`](http://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8258190) (date/copyright year issue)
+ * [`minikube`](https://build.opensuse.org/request/show/856786) (embeds date and time)
+ * [`monero`](https://github.com/monero-project/monero/pull/7241) (CPU detection)
+ * [`mono-core`](https://github.com/mono/mono/pull/20690) (embeds date)
+ * [`plymouth`](https://build.opensuse.org/request/show/853457) (changelog date is not parsable)
+ * [`python-veusz`](https://github.com/veusz/veusz/pull/479) (filesystem ordering issue)
+ * [`rabbitmq-c`](https://github.com/alanxz/rabbitmq-c/pull/638) (does not use CMake `TIMESTAMP` for date in manpage)
+ * [`rubygem-passenger`](https://github.com/phusion/passenger/pull/2328) (filesystem ordering issue)
+ * [`spack`](https://github.com/spack/spack/pull/20629) (parallelism-related issue)
+ * [`sysdig`](https://github.com/draios/sysdig/pull/1717) (fix build failure on `i586`)
+ * [`xmlgraphics-fop`](https://github.com/apache/xmlgraphics-fop/pull/65) (embeds date issue)
+
+* Chris Lamb:
+
+ * [#976445](https://bugs.debian.org/976445) filed against [`libjs-qunit`](https://tracker.debian.org/pkg/libjs-qunit).
+ * [#976447](https://bugs.debian.org/976447) filed against [`circlator`](https://tracker.debian.org/pkg/circlator).
+ * [#976449](https://bugs.debian.org/976449) filed against [`python-pyramid`](https://tracker.debian.org/pkg/python-pyramid).
+ * [#976715](https://bugs.debian.org/976715) filed against [`eric`](https://tracker.debian.org/pkg/eric).
+ * [#976716](https://bugs.debian.org/976716) filed against [`jbbp`](https://tracker.debian.org/pkg/jbbp).
+ * [#976826](https://bugs.debian.org/976826) filed against [`dvbstreamer`](https://tracker.debian.org/pkg/dvbstreamer).
+ * [#976827](https://bugs.debian.org/976827) filed against [`knot-resolver`](https://tracker.debian.org/pkg/knot-resolver).
+ * [#977486](https://bugs.debian.org/977486) filed against [`sayonara`](https://tracker.debian.org/pkg/sayonara).
+ * [#977487](https://bugs.debian.org/977487) filed against [`pyvows`](https://tracker.debian.org/pkg/pyvows).
+ * [#977488](https://bugs.debian.org/977488) filed against [`osmo-mgw`](https://tracker.debian.org/pkg/osmo-mgw).
+ * [#978010](https://bugs.debian.org/978010) filed against [`mail-expire`](https://tracker.debian.org/pkg/mail-expire).
+
+* Vagrant Cascadian:
+
+ * [#976307](https://bugs.debian.org/976307) filed against [`sudo`](https://tracker.debian.org/pkg/sudo).
+ * [#976348](https://bugs.debian.org/976348) filed against [`debian-faq`](https://tracker.debian.org/pkg/debian-faq).
+ * [#976359](https://bugs.debian.org/976359) filed against [`debian-history`](https://tracker.debian.org/pkg/debian-history).
+ * [#976898](https://bugs.debian.org/976898) filed against [`xorg-server`](https://tracker.debian.org/pkg/xorg-server).
+ * [#977001](https://bugs.debian.org/977001) & [#977003](https://bugs.debian.org/977003) filed against [`blitz++`](https://tracker.debian.org/pkg/blitz++).
+ * [#977018](https://bugs.debian.org/977018) filed against [`deltachat-core`](https://tracker.debian.org/pkg/deltachat-core).
+ * [#977151](https://bugs.debian.org/977151), [#977153](https://bugs.debian.org/977153) & [#977154](https://bugs.debian.org/977154) filed against [`cctools`](https://tracker.debian.org/pkg/cctools).
+ * [#977167](https://bugs.debian.org/977167) & [#977168](https://bugs.debian.org/977168) filed against [`west-chamber`](https://tracker.debian.org/pkg/west-chamber).
+ * [#977171](https://bugs.debian.org/977171) filed against [`seqan3`](https://tracker.debian.org/pkg/seqan3).
+ * [#977177](https://bugs.debian.org/977177) filed against [`mm-common`](https://tracker.debian.org/pkg/mm-common).
+ * [#977179](https://bugs.debian.org/977179) & [#977180](https://bugs.debian.org/977180) filed against [`mlpost`](https://tracker.debian.org/pkg/mlpost).
+ * [#977319](https://bugs.debian.org/977319) filed against [`slurm-wlm`](https://tracker.debian.org/pkg/slurm-wlm).
+ * [#977330](https://bugs.debian.org/977330) filed against [`uhd`](https://tracker.debian.org/pkg/uhd).
+ * [#977412](https://bugs.debian.org/977412) filed against [`xastir`](https://tracker.debian.org/pkg/xastir).
+ * [#977415](https://bugs.debian.org/977415) & [#977416](https://bugs.debian.org/977416) filed against [`klayout`](https://tracker.debian.org/pkg/klayout).
+ * [#977424](https://bugs.debian.org/977424) & [#977425](https://bugs.debian.org/977425) filed against [`gnuradio`](https://tracker.debian.org/pkg/gnuradio).
+ * [#977428](https://bugs.debian.org/977428) filed against [`lprng`](https://tracker.debian.org/pkg/lprng).
+ * [#977431](https://bugs.debian.org/977431) filed against [`tortoize`](https://tracker.debian.org/pkg/tortoize).
+ * [#977432](https://bugs.debian.org/977432) & [#977433](https://bugs.debian.org/977433) filed against [`kyua`](https://tracker.debian.org/pkg/kyua).
+ * [#977435](https://bugs.debian.org/977435) & [#977436](https://bugs.debian.org/977436) filed against [`bowtie2`](https://tracker.debian.org/pkg/bowtie2).
+ * [#977521](https://bugs.debian.org/977521) & [#977522](https://bugs.debian.org/977522) filed against [`vtk9`](https://tracker.debian.org/pkg/vtk9).
+ * [#977529](https://bugs.debian.org/977529), [#977530](https://bugs.debian.org/977530) & [#977531](https://bugs.debian.org/977531) filed against [`vtk7`](https://tracker.debian.org/pkg/vtk7).
+ * [#977553](https://bugs.debian.org/977553) filed against [`embree`](https://tracker.debian.org/pkg/embree).
+ * [#977561](https://bugs.debian.org/977561) filed against [`osmo-hlr`](https://tracker.debian.org/pkg/osmo-hlr).
+ * [#977609](https://bugs.debian.org/977609) filed against [`grap`](https://tracker.debian.org/pkg/grap).
+ * [#977610](https://bugs.debian.org/977610) filed against [`webauth`](https://tracker.debian.org/pkg/webauth).
+ * [#977614](https://bugs.debian.org/977614) filed against [`ircd-irc2`](https://tracker.debian.org/pkg/ircd-irc2).
+ * [#977618](https://bugs.debian.org/977618) filed against [`dssp`](https://tracker.debian.org/pkg/dssp).
+ * [#977641](https://bugs.debian.org/977641) filed against [`fckit`](https://tracker.debian.org/pkg/fckit).
+ * [#977684](https://bugs.debian.org/977684) filed against [`mahimahi`](https://tracker.debian.org/pkg/mahimahi).
+ * [#977747](https://bugs.debian.org/977747) & [#977793](https://bugs.debian.org/977793) filed against [`nis`](https://tracker.debian.org/pkg/nis).
+ * [#977783](https://bugs.debian.org/977783) & [#977784](https://bugs.debian.org/977784) filed against [`magicfilter`](https://tracker.debian.org/pkg/magicfilter).
+ * [#977999](https://bugs.debian.org/977999) filed against [`libcifpp`](https://tracker.debian.org/pkg/libcifpp).
+ * [#978003](https://bugs.debian.org/978003) filed against [`density-fitness`](https://tracker.debian.org/pkg/density-fitness).
+ * [#978009](https://bugs.debian.org/978009) filed against [`calife`](https://tracker.debian.org/pkg/calife).
+ * [#978044](https://bugs.debian.org/978044) filed against [`wily`](https://tracker.debian.org/pkg/wily).
+ * [#978054](https://bugs.debian.org/978054) filed against [`autoconf`](https://tracker.debian.org/pkg/autoconf).
+ * [#978064](https://bugs.debian.org/978064) filed against [`libdigidoc`](https://tracker.debian.org/pkg/libdigidoc).
+ * [#978067](https://bugs.debian.org/978067) & [#978392](https://bugs.debian.org/978392) filed against [`epm`](https://tracker.debian.org/pkg/epm).
+ * [#978088](https://bugs.debian.org/978088) filed against [`rheolef`](https://tracker.debian.org/pkg/rheolef).
+ * [#978407](https://bugs.debian.org/978407) & [#978408](https://bugs.debian.org/978408) filed against [`libcommoncpp2`](https://tracker.debian.org/pkg/libcommoncpp2).
+ * [#978494](https://bugs.debian.org/978494) filed against [`binutils-arm-none-eabi`](https://tracker.debian.org/pkg/binutils-arm-none-eabi).
+ * [#978499](https://bugs.debian.org/978499) filed against [`fop`](https://tracker.debian.org/pkg/fop).
+ * [#978577](https://bugs.debian.org/978577) & [#978578](https://bugs.debian.org/978578) filed against [`coinor-symphony`](https://tracker.debian.org/pkg/coinor-symphony).
+ * [#978598](https://bugs.debian.org/978598) filed against [`net-snmp`](https://tracker.debian.org/pkg/net-snmp).
+ * [#978609](https://bugs.debian.org/978609) & [#978610](https://bugs.debian.org/978610) filed against [`a2ps`](https://tracker.debian.org/pkg/a2ps).
+ * [#978734](https://bugs.debian.org/978734) filed against [`mp3blaster`](https://tracker.debian.org/pkg/mp3blaster).
+ * [#978746](https://bugs.debian.org/978746) filed against [`minlog`](https://tracker.debian.org/pkg/minlog).
+ * [#978751](https://bugs.debian.org/978751) filed against [`milter-greylist`](https://tracker.debian.org/pkg/milter-greylist).
+ * [#978946](https://bugs.debian.org/978946) filed against [`gfxboot`](https://tracker.debian.org/pkg/gfxboot).
+
+---
-* [FIXME: David A. Wheeler started a discussion on our rb-general list about the attack on SolarWinds.](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002109.html)
+If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
-* [FIXME: Jeremiah Orians send in an update about the status of bootstraping](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002114.html)
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
-* [FIXME: Hervé Boutemy announced}(https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002094.html) that we've reproduced successfully the 100th release on Reproducible Central https://github.com/jvm-repo-rebuild/reproducible-central
+ * Twitter/Mastodon: [@ReproBuilds](https://twitter.com/ReproBuilds) / [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
-* Vagrant announced another [Office Hours / Ask Me Anything session](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002100.html) at 2021-01-07 18:00-20:00 UTC on #reproducuible-builds.
+ * Reddit: [/r/ReproducibleBuilds](https://reddit.com/r/reproduciblebuilds)
-* Bernhard M. Wiedemann send the [rb-debugging meeting minutes](https://lists.reproducible-builds.org/pipermail/rb-general/2020-December/002099.html) to our rb-general list.
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
=====================================
bin/generate-draft
=====================================
@@ -341,7 +341,7 @@ def commits(month_start, month_end, project, path="."):
r"^Add missing usertagged bugs$",
r"^Remove archived bugs$",
r"^Release .* to Debian .*$",
- r"^20\d\d[-?]\s*\d\d[: ]",
+ r"^20\d\d-?\s*\d\d[: ]",
r"^published as https:",
r"^release as \d",
r"^release \d",
=====================================
images/reports/2020-12/cwa.png
=====================================
Binary files /dev/null and b/images/reports/2020-12/cwa.png differ
=====================================
images/reports/2020-12/debian.png
=====================================
Binary files /dev/null and b/images/reports/2020-12/debian.png differ
=====================================
images/reports/2020-12/diffoscope.svg
=====================================
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ version="1.1"
+ width="128"
+ height="128"
+ id="svg2">
+ <defs
+ id="defs4" />
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ transform="matrix(1.0692573,0,0,1.0692573,-328.34726,-503.5515)"
+ id="layer1">
+ <g
+ id="g5409">
+ <g
+ transform="translate(5.418238,0)"
+ id="g5386">
+ <rect
+ width="90.304001"
+ height="50.999996"
+ x="316.36414"
+ y="472.80621"
+ id="rect4667-3"
+ style="fill:none;stroke:none" />
+ <g
+ id="text4673-8"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 316.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5371"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 348.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5373"
+ style="fill:#c00000;fill-opacity:1" />
+ <path
+ d="m 380.36413,483.82622 0,3.968 26.304,0 0,-3.968"
+ id="path5375"
+ style="fill:#c00000;fill-opacity:1" />
+ </g>
+ <g
+ id="text5366"
+ style="font-size:64px;font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#008000;fill-opacity:1;stroke:none;font-family:Inconsolata;-inkscape-font-specification:Inconsolata Medium">
+ <path
+ d="m 327.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5378" />
+ <path
+ d="m 359.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5380" />
+ <path
+ d="m 391.69213,496.99019 0,10.88 -11.328,0 0,3.968 11.328,0 0,11.968 4.032,0 0,-11.968 10.944,0 0,-3.968 -10.944,0 0,-10.88 -4.032,0"
+ id="path5382" />
+ </g>
+ </g>
+ <use
+ id="use5399"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.8,0,0,0.8,82.417275,133.65028)"
+ id="use5401"
+ style="opacity:0.85"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.6,0,0,0.6,164.83455,260.05454)"
+ id="use5403"
+ style="opacity:0.7"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ <use
+ transform="matrix(0.4,0,0,0.4,247.25182,379.25208)"
+ id="use5405"
+ style="opacity:0.55"
+ x="0"
+ y="0"
+ width="744.09448"
+ height="1052.3622"
+ xlink:href="#g5386" />
+ </g>
+ </g>
+</svg>
=====================================
images/reports/2020-12/kimzetter.jpg
=====================================
Binary files /dev/null and b/images/reports/2020-12/kimzetter.jpg differ
=====================================
images/reports/2020-12/maven.png
=====================================
Binary files /dev/null and b/images/reports/2020-12/maven.png differ
=====================================
images/reports/2020-12/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2020-12/opensuse.png differ
=====================================
images/reports/2020-12/sfconservancy-projects.png
=====================================
Binary files /dev/null and b/images/reports/2020-12/sfconservancy-projects.png differ
=====================================
images/reports/2020-12/solarwinds.jpg
=====================================
Binary files /dev/null and b/images/reports/2020-12/solarwinds.jpg differ
=====================================
images/reports/2020-12/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2020-12/testframework.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/4ad8dedcf98ac0b5a62a7c21e91f1a5176c4238f...a0c47ff23b87760cbd181fdea12d21250beef1c7
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/4ad8dedcf98ac0b5a62a7c21e91f1a5176c4238f...a0c47ff23b87760cbd181fdea12d21250beef1c7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210103/45cf5ddc/attachment.htm>
More information about the rb-commits
mailing list