[Git][reproducible-builds/reproducible-website][master] 2024-07: minor fixes

FC (Fay) Stegerman (@obfusk) gitlab at salsa.debian.org
Thu Aug 8 00:05:31 UTC 2024 


FC (Fay) Stegerman pushed to branch master at Reproducible Builds / reproducible-website


Commits:
1449b00a by FC (Fay) Stegerman at 2024-08-08T02:04:57+02:00
2024-07: minor fixes

- - - - -


1 changed file:

- _reports/2024-07.md


Changes:

=====================================
_reports/2024-07.md
=====================================
@@ -8,7 +8,7 @@ draft: true
 
 [![]({{ "/images/reports/2024-07/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
 
-**Welcome to the June 2024 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
+**Welcome to the July 2024 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
 
 In our reports, we outline what we've been up to over the past month and highlight news items in software supply-chain security more broadly. As always, if you are interested in contributing to the project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
 
@@ -60,7 +60,7 @@ Mehdi Keshani, Tudor-Gabriel Velican, Gideon Bot and Sebastian Proksch of the [D
 
 On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month:
 
-* Nichita Morcotilo reached to the community, first to share their efforts "to build reproducible packages cross-platform with a new build tool called [`rattler-build`](https://github.com/prefix-dev/rattler-build), noting that "as you can imagine, building packages reproducibly on Windows is the hardest challenge (so far!)". Nichita goes onto mention that the Apple ecosystem appear to be using `ZERO_AR_DATE` over [`SOURCE_DATE_EPOCH`]({{ "/docs/source-date-epoch/" | relative_url }}). [[...](https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003442.html)]
+* Nichita Morcotilo reached out to the community, first to share their efforts "to build reproducible packages cross-platform with a new build tool called [`rattler-build`](https://github.com/prefix-dev/rattler-build), noting that "as you can imagine, building packages reproducibly on Windows is the hardest challenge (so far!)". Nichita goes onto mention that the Apple ecosystem appears to be using `ZERO_AR_DATE` over [`SOURCE_DATE_EPOCH`]({{ "/docs/source-date-epoch/" | relative_url }}). [[...](https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003442.html)]
 
 * Roland Clobus announced that the Debian *bookworm* 12.6 live images are ["nearly reproducible"](https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003443.html), with more detail in the [post](https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003443.html) itself and [input in the thread](https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/thread.html#3443) from other contributors.
 
@@ -90,7 +90,7 @@ Congratulations to Marina Moore of the [New York Tandon School of Engineering](h
 
 [![]({{ "/images/reports/2024-07/debian.png#right" | relative_url }})](https://debian.org/)
 
-In Debian this month, 12 reviews of Debian packages were added, 13 were updated and 6 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). A new toolchain issue types was identified as well, specifically [`ordering_differences_in_pkg_info`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/af496924).
+In Debian this month, 12 reviews of Debian packages were added, 13 were updated and 6 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). A new toolchain issue type was identified as well, specifically [`ordering_differences_in_pkg_info`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/af496924).
 
 <br>
 
@@ -98,11 +98,11 @@ Colin Percival filed a bug against the [LLVM](https://llvm.org/) compiler noting
 
 <br>
 
-Fay Stegerman [performed some in-depth research](https://github.com/obfusk/apksigcopier/issues/105) surrounding her [*apksigcopier*](https://github.com/obfusk/apksigcopier) tool, after a report that a number of Android `.apk` files could no longer be verified as reproducible. After much investigation, Fay identified the issue as follows:
+Fay Stegerman [performed some in-depth research](https://github.com/obfusk/apksigcopier/issues/105) surrounding her [*apksigcopier*](https://github.com/obfusk/apksigcopier) tool, after some Android `.apk` files signed with the latest `apksigner` could no longer be verified as reproducible. Fay identified the issue as follows:
 
 > Since `build-tools` >= 35.0.0-rc1, backwards-incompatible changes to `apksigner` break `apksigcopier` as it now by default forcibly replaces existing alignment padding and changed the default page alignment from 4k to 16k (same as Android Gradle Plugin >= 8.3, so the latter is only an issue when using older AGP). [[...](https://github.com/obfusk/apksigcopier/issues/105#issuecomment-2206799316)]
 
-… which resulted in a [bug being filed in Google's issue tracker](https://issuetracker.google.com/issues/351408623?pli=1).
+She documented multiple available workarounds and [filed a bug in Google's issue tracker](https://issuetracker.google.com/issues/351408623).
 
 <br>
 
@@ -115,7 +115,7 @@ Lastly, [diffoscope](https://diffoscope.org) is our in-depth and content-aware d
     * Ensure that the `convert` utility is from ImageMagick version 6.x. The command-line interface has seemingly changed with the 7.x series of ImageMagick. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/bbcf367c)]
     * Factor out version detection in `test_jpeg_image`. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/037bdcbb)]
     * Correct the import of the `identify_version` method after a refactoring change in a [previous commit](https://salsa.debian.org/reproducible-builds/diffoscope/commit/037bdcbb). [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/38f76379)]
-    * Move away from using DSA OpenSSH keys in tests as support has been [deprecated and removed](https://lwn.net/Articles/958048/) in OpenSSH version 9.8p1. ([#382](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/))
+    * Move away from using DSA OpenSSH keys in tests as support has been [deprecated and removed](https://lwn.net/Articles/958048/) in OpenSSH version 9.8p1. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/382)]
     * Move to `assert_diff` in the `test_openssh_pub_key` packace. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e8c5dc10)]
     * Update copyright years. [[...](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5b5c8c62)]
 
@@ -140,9 +140,9 @@ There were a number of improvements made to our website this month, including:
 
 * Chris Lamb fixed a potential duplicate heading on the [Projects]({{ "/who/projects/" }}) page. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3a701087)]
 
-* Fay Stegerman added [`rbtlog`](https://github.com/obfusk/rbtlog) to the [Tools]({{ "/tools/" | relative_url }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6882b92f)] as well as added [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) to the [Projects]({{ "/who/projects/" }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f62c7c56)], before also ensuring that the latter page was always sorted regardless of the ordering within the input data files. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b3e7154b)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0bb01b9c)]
+* Fay Stegerman added [`rbtlog`](https://github.com/obfusk/rbtlog) to the [Tools]({{ "/tools/" | relative_url }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6882b92f)] as well as added [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) to the [Projects]({{ "/who/projects/" }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f62c7c56)], also ensuring that the latter page was always sorted regardless of the ordering within the input data files. [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b3e7154b)]
 
-* Holger Levsen added added Linus Nordberg to our [global list of contributors]({{ "/who/people/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/595ccb28)] as well as made a number of changes to the page for the upcoming [Reproducible Builds summit later this year]({{ "/events/hamburg2024/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/de398031)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ed5eb6f4)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d69d7503)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e048075e)].
+* Holger Levsen added Linus Nordberg to our [global list of contributors]({{ "/who/people/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/595ccb28)] as well as made a number of changes to the page for the upcoming [Reproducible Builds summit later this year]({{ "/events/hamburg2024/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/de398031)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ed5eb6f4)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d69d7503)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e048075e)].
 
 * Mattia Rizzolo updated the [Civil Infrastructure Platform](https://www.cip-project.org/) logo [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/13058e9e)] and also updated the [2024 summit page]({{ "/events/hamburg2024/" | relative_url }}) [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/99054850)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fc371a3f)].
 
@@ -178,9 +178,10 @@ The Reproducible Builds project detects, dissects and attempts to fix as many cu
     * [`openblas`](https://bugzilla.opensuse.org/show_bug.cgi?id=1228177) (CPU type, [fixed](https://build.opensuse.org/request/show/1190320))
     * [`openssl-3`](https://build.opensuse.org/request/show/1187438) (random-related issue)
     * [`python-ruff`](https://github.com/astral-sh/ruff/issues/12169) (ASLR)
-    * [`python3`](https://bugzilla.opensuse.org/show_bug.cgi?id=1227999) ([date](https://github.com/python/cpython/pull/121872), [sphinx/race](https://github.com/python/cpython/pull/121883), [`sphinxcontrib`](https://github.com/sphinx-doc/sphinxcontrib-devhelp/pull/13) (gzip mtime)
+    * [`python3`](https://bugzilla.opensuse.org/show_bug.cgi?id=1227999) ([date](https://github.com/python/cpython/pull/121872), [parallelism/race](https://github.com/python/cpython/pull/121883))
     * [`reproducible-faketools`](https://build.opensuse.org/request/show/1186763) (0.5.2)
     * [`sphinx`](https://github.com/sphinx-doc/sphinx/pull/12606) (GZip modification time)
+    * [`sphinxcontrib`](https://github.com/sphinx-doc/sphinxcontrib-devhelp/pull/13) (gzip mtime)
 
 * Chris Lamb:
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/1449b00a290c6a379742f6688598ab519ae6485d

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/1449b00a290c6a379742f6688598ab519ae6485d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240808/c418cd8d/attachment.htm>

More information about the rb-commits mailing list