[Git][reproducible-builds/reproducible-website][master] 2023-02: some improvements

FC Stegerman (@obfusk) gitlab at salsa.debian.org
Sat Mar 4 03:15:31 UTC 2023 


FC Stegerman pushed to branch master at Reproducible Builds / reproducible-website


Commits:
fb7c120e by FC Stegerman at 2023-03-04T04:14:56+01:00
2023-02: some improvements

- - - - -


1 changed file:

- _reports/2023-02.md


Changes:

=====================================
_reports/2023-02.md
=====================================
@@ -39,7 +39,7 @@ Anthony Harrison wrote to our list twice, first by [introducing himself and thei
 
 [![]({{ "/images/reports/2023-02/almalinux.png#right" | relative_url }})](https://retout.co.uk/2023/02/04/almalinux-and-sboms/)
 
-[Tim Retout](https://retout.co.uk/) wrote a blog post discussing [AlmaLinux](https://almalinux.org/) in the context of CentOS, RHEL and supply-chain security in general. [[...](https://retout.co.uk/2023/02/04/almalinux-and-sboms/)]:
+[Tim Retout](https://retout.co.uk/) wrote a blog post discussing [AlmaLinux](https://almalinux.org/) in the context of CentOS, RHEL and supply-chain security in general [[...](https://retout.co.uk/2023/02/04/almalinux-and-sboms/)]:
 
 > Alma are generating and publishing Software Bill of Material (SBOM) files for
 > every package; these are becoming a requirement for all software sold to the
@@ -60,7 +60,7 @@ Anthony Harrison wrote to our list twice, first by [introducing himself and thei
 
 * Roland Clobus posted his [latest update of the status of reproducible Debian ISO images](https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/002877.html) noting that "all major desktops build reproducibly with *bullseye*, *bookworm* and *sid*," with the caveat that "when non-free firmware is activated, some non-reproducible files are generated".
 
-* FC Stegerman submitted a new [Intent to Package (ITP)](https://wiki.debian.org/ITP#) bug report [representing an intention to package `repro-apk`](https://bugs.debian.org/1030768), a set of [scripts to make Android `.apk` files reproducible](https://github.com/obfusk/reproducible-apk-tools).
+* FC Stegerman submitted a new [Intent to Package (ITP)](https://wiki.debian.org/ITP) bug report [representing an intention to package `repro-apk`](https://bugs.debian.org/1030768), a set of [scripts to make Android `.apk` files reproducible](https://github.com/obfusk/reproducible-apk-tools).
 
 * 23 reviews of Debian packages were added, 24 were updated and 20 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). A new issue was added and identified by Chris Lamb [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c2b3882c)], and the `timestamps_embedded_in_manpages_by_node_marked_man` issue has been marked as resolved [[...](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/5cb5d781)].
 
@@ -70,15 +70,15 @@ Anthony Harrison wrote to our list twice, first by [introducing himself and thei
 
 [![]({{ "/images/reports/2023-02/fdroid.png#right" | relative_url }})](https://f-droid.org/)
 
-* There's now an [overview of F-Droid apps published with Reproducible Builds](https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/reproducible/overview.md).
+* F-Droid added 21 more apps published with reproducible builds this month, the [overview of F-Droid apps published with Reproducible Builds](https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/reproducible/overview.md) now includes graphs, and there are now also some [graphs of F-Droid apps verified by the Verification Server](https://gitlab.com/obfusk/fdroid-misc-scripts/-/blob/master/verification/graphs.md).
 
-* FC Stegerman noticed that [signatures made by older AGP versions cannot be copied](https://github.com/obfusk/apksigcopier/issues/88), because the signing method differs too much from that used by [apksigner](https://developer.android.com/studio/command-line/apksigner) (and [signflinger](https://android.googlesource.com/platform/tools/base/+/studio-master-dev/signflinger/)).
+* FC Stegerman noticed that [signatures made by older versions of Android Gradle plugin cannot be copied](https://github.com/obfusk/apksigcopier/issues/88), because the signing method differs too much from that used by [*apksigner*](https://developer.android.com/studio/command-line/apksigner) (and [*signflinger*](https://android.googlesource.com/platform/tools/base/+/studio-master-dev/signflinger/)).
 
 * FC Stegerman also created a helpful HOWTO page on the [F-Droid Wiki](https://gitlab.com/fdroid/wiki/-/wikis/pages) detailing how to [compare and subsequently make APKs reproducible](https://gitlab.com/fdroid/wiki/-/wikis/HOWTO:-diff-&-fix-APKs-for-Reproducible-Builds).
 
-* A long-running thread on [*Hiding data/code in Android APK embedded signatures*](https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/thread.html#2828) continued on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month.
+* A long-running thread on [*Hiding data/code in Android APK embedded signatures*](https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/thread.html#2828) continued on [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month; [*apksigcopier*](https://github.com/obfusk/apksigcopier) `v1.1.1` and [*reproducible-apk-tools*](https://github.com/obfusk/reproducible-apk-tools) `v0.2.2` + `v0.2.3` were also [announced](https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/002853.html) on the same list.
 
-* Lastly, FC Stegerman reported two issues on Google's own issue tracker: firstly, related to a non-deterministic "Dependency Info Block" [[...](https://issuetracker.google.com/issues/268071369)] and a  "virtual entry" added by the [signflinger](https://android.googlesource.com/platform/tools/base/+/studio-master-dev/signflinger/) tool makes builds unreproducible as well [[...](https://issuetracker.google.com/issues/268071371)].
+* Lastly, FC Stegerman reported two issues on Google's own issue tracker: one related to a non-deterministic "Dependency Info Block" [[...](https://issuetracker.google.com/issues/268071369)] and another about a "virtual entry" added by the [*signflinger*](https://android.googlesource.com/platform/tools/base/+/studio-master-dev/signflinger/) tool causing unexpected differences between signed and unsigned APKs [[...](https://issuetracker.google.com/issues/268071371)].
 
 ---
 
@@ -88,31 +88,30 @@ Anthony Harrison wrote to our list twice, first by [introducing himself and thei
 
 [*diffoscope*](https://diffoscope.org) is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats.
 
-This month, Chris Lamb released versions [`235`](https://diffoscope.org/news/diffoscope-235-released/), [`236`](https://diffoscope.org/news/diffoscope-236-released/) and Mattia Rizzolo later released version [`237`](https://diffoscope.org/news/diffoscope-237-released/).
+This month, Chris Lamb released versions [`235`](https://diffoscope.org/news/diffoscope-235-released/) and [`236`](https://diffoscope.org/news/diffoscope-236-released/); Mattia Rizzolo later released version [`237`](https://diffoscope.org/news/diffoscope-237-released/).
 
 Contributions include:
 * Chris Lamb:
-  * Fix compatibility with PyPDF2. (re. issue [#331](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/331)) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/82a767d2)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ff6d9bbd)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ccf3c2a4)]
-  * Fix compatibility with [ImageMagick](https://imagemagick.org) version 7.1. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/60ea9cc6)]
-  * Require at least version 23.1.0 to run the [Black](https://github.com/psf/black) source code tests. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c45de0a1)]
-  * Update `debian/tests/control` after merging changes from others. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/72e5b2a1)]
-  * Don't write test data during a test. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/25dcd1e6)]
-  * Update copyright years. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/be3973b0)]
+  * Fix compatibility with PyPDF2 (re. issue [#331](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/331)) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/82a767d2)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ff6d9bbd)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ccf3c2a4)].
+  * Fix compatibility with [ImageMagick](https://imagemagick.org) version 7.1 [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/60ea9cc6)].
+  * Require at least version 23.1.0 to run the [Black](https://github.com/psf/black) source code tests [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c45de0a1)].
+  * Update `debian/tests/control` after merging changes from others [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/72e5b2a1)].
+  * Don't write test data during a test [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/25dcd1e6)].
+  * Update copyright years [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/be3973b0)].
   * Merged a large number of changes from others.
 
-* Akihiro Suda edited the `.gitlab-ci.yml` configuration file to ensure that versioned tags are pushed to the container registry. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/637c2985)]
+* Akihiro Suda edited the `.gitlab-ci.yml` configuration file to ensure that versioned tags are pushed to the container registry [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/637c2985)].
 
-* Daniel Kahn Gillmor provided a way to migrate from PyPDF2 to pypdf. ([#1029741](https://bugs.debian.org/1029742))
+* Daniel Kahn Gillmor provided a way to migrate from PyPDF2 to pypdf ([#1029741](https://bugs.debian.org/1029742)).
 
-* Efraim Flashner updated the tool metadata for `isoinfo` on [GNU Guix](https://guix.gnu.org/). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7d6ce503)]
+* Efraim Flashner updated the tool metadata for `isoinfo` on [GNU Guix](https://guix.gnu.org/) [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7d6ce503)].
 
-* FC Stegerman added support for Android `resources.arsc` files. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7cf77ed1)],
-improved a number of file-matching regular expressions [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8d7762f6)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c988c3ad)] and added support for Android `dexdump` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1bb9b812)].
+* FC Stegerman added support for Android `resources.arsc` files [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7cf77ed1)], improved a number of file-matching regular expressions [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8d7762f6)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c988c3ad)] and added support for Android `dexdump` [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1bb9b812)]; they also [fixed](https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/f48fbe61) a test failure ([#1031433](https://bugs.debian.org/1031433)) caused by Debian's `black` package having been updated to a newer version.
 
 * Mattia Rizzolo:
   * updated the release documentation [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/b17b0595)],
   * fixed a number of [Flake8](https://flake8.pycqa.org/en/latest/) errors [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8f710cd5)][[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6eb8d06f)],
-  * updated the autopkgtest configuration to only install `appt` and `dexdump` on architectures where they are available [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/61f7c2b3)], making sure that the latest diffoscope release is in a good fit for the upcoming Debian bookworm freeze.
+  * updated the autopkgtest configuration to only install `aapt` and `dexdump` on architectures where they are available [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/61f7c2b3)], making sure that the latest diffoscope release is in a good fit for the upcoming Debian bookworm freeze.
 
 ---
 
@@ -120,9 +119,9 @@ improved a number of file-matching regular expressions [[...](https://salsa
 
 [Reprotest](https://salsa.debian.org/reproducible-builds/reprotest) version 0.7.23 was uploaded to both [PyPI](https://pypi.org/) and Debian unstable, including the following changes:
 
-* Holger Levsen improved a lot of documentation [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/296800e)][[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/82d585b)][[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/b2a6f6f)] tidied the documentation [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/e8d9476)][[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/84496fa)] as well as experimented with a new `--random-locale` flag [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/f76f6e1)].
+* Holger Levsen improved a lot of documentation [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/296800e)][[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/82d585b)][[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/b2a6f6f)] and tidied the documentation as well [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/e8d9476)][[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/84496fa)] as well as experimented with a new `--random-locale` flag [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/f76f6e1)].
 
-* Vagrant Cascadian adjusted *reprotest* to no longer randomise the build locale and use a UTF-8 supported locale instead[..](https://salsa.debian.org/reproducible-builds/reprotest/-/commit/610e6cae15fe8d066303694af97bf3a09a6b01c2) (re. [#925879](https://bugs.debian.org/925879), [#1004950](https://bugs.debian.org/1004950)), and also support passing `--vary=locales.locale=LOCALE` to specify the locale to vary [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/a92f741)].
+* Vagrant Cascadian adjusted *reprotest* to no longer randomise the build locale and use a UTF-8 supported locale instead [[...]](https://salsa.debian.org/reproducible-builds/reprotest/-/commit/610e6cae) (re. [#925879](https://bugs.debian.org/925879), [#1004950](https://bugs.debian.org/1004950)), and also support passing `--vary=locales.locale=LOCALE` to specify the locale to vary [[...](https://salsa.debian.org/reproducible-builds/reprotest/commit/a92f741)].
 
 Separate to this, Vagrant Cascadian started a thread on our [mailing list](https://lists.reproducible-builds.org/listinfo/rb-general) questioning the [future development and direction of *reprotest*](https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/002876.html).
 
@@ -134,7 +133,7 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
 
 * Bernhard M. Wiedemann:
 
-    * [`aiohttp`](https://github.com/aio-libs/aiohttp/pull/7191) (build fails in teh future)
+    * [`aiohttp`](https://github.com/aio-libs/aiohttp/pull/7191) (build fails in the future)
     * [`diff-pdf`](https://bugzilla.opensuse.org/show_bug.cgi?id=1180471)
     * [`dpdk`](https://build.opensuse.org/request/show/1067125) 
     * [`ebumeter`](https://build.opensuse.org/request/show/1066747) (CPU-related issue)
@@ -150,7 +149,7 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
     * [#1030708](https://bugs.debian.org/1030708) filed against [`gap-browse`](https://tracker.debian.org/pkg/gap-browse).
     * [#1030714](https://bugs.debian.org/1030714) filed against [`cwltool`](https://tracker.debian.org/pkg/cwltool).
     * [#1030715](https://bugs.debian.org/1030715) filed against [`adacgi`](https://tracker.debian.org/pkg/adacgi).
-    * [#1030724](https://bugs.debian.org/1030724) filed against [`node-marked-man`](https://tracker.debian.org/pkg/node-marked-man) ([forwarded upstream](https://github.com/kapouer/marked-man/pull/32))
+    * [#1030724](https://bugs.debian.org/1030724) filed against [`node-marked-man`](https://tracker.debian.org/pkg/node-marked-man) ([forwarded upstream](https://github.com/kapouer/marked-man/pull/32)).
     * [#1030727](https://bugs.debian.org/1030727) filed against [`multipath-tools`](https://tracker.debian.org/pkg/multipath-tools).
     * [#1031030](https://bugs.debian.org/1031030) filed against [`ruby-pgplot`](https://tracker.debian.org/pkg/ruby-pgplot).
     * [#1031412](https://bugs.debian.org/1031412) filed against [`pysdl2`](https://tracker.debian.org/pkg/pysdl2).
@@ -178,16 +177,16 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
 The Reproducible Builds project operates a comprehensive testing framework (available at [tests.reproducible-builds.org](https://tests.reproducible-builds.org)) in order to check packages and other artifacts for reproducibility. In February, the following changes were made by Holger Levsen:
 
 * Add three new [OSUOSL](https://osuosl.org/) nodes [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/d188805b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f9f9c65d)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f57dbeb1)] and decommission the `osuosl174` node [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f05f9ce7)].
-* Change the order of listed Debian architectures to show the 64-bit ones first. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0b65129f)]
-* Reduce the frequency that the Debian package sets and `dd-list` HTML pages update. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/965b4358)]
-* Sort "Tested suite" consistently (and Debian *unstable*) first. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6503fafd)]
+* Change the order of listed Debian architectures to show the 64-bit ones first [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0b65129f)].
+* Reduce the frequency that the Debian package sets and `dd-list` HTML pages update [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/965b4358)].
+* Sort "Tested suite" consistently (and Debian *unstable*) first [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/6503fafd)].
 * Updated the Jenkins shell monitor script to only query disk statistics every 230min [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/7eafae2d)] and improve the documentation [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5ed88c03)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/8d882964)].
 
 ---
 
 ## Other development work
 
-[*disorderfs*](https://salsa.debian.org/reproducible-builds/disorderfs) version `0.5.11-3` was uploaded by Holger Levsen, fixing a number of issues with the manual page. [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/2c3df22)][[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/e92c9c2)][[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/76c9e78)]
+[*disorderfs*](https://salsa.debian.org/reproducible-builds/disorderfs) version `0.5.11-3` was uploaded by Holger Levsen, fixing a number of issues with the manual page [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/2c3df22)][[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/e92c9c2)][[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/76c9e78)].
 
 <br>
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/fb7c120e83e13349cb8cfee3acf5e4c04bf9cf62

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/fb7c120e83e13349cb8cfee3acf5e4c04bf9cf62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230304/3788eb95/attachment.htm>

More information about the rb-commits mailing list