[Git][reproducible-builds/reproducible-website][master] 2024-09: Initial draft
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Thu Oct 3 20:41:20 UTC 2024
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
88326783 by Chris Lamb at 2024-10-03T13:40:53-07:00
2024-09: Initial draft
- - - - -
12 changed files:
- _reports/2024-09.md
- + images/reports/2024-09/archlinux.png
- + images/reports/2024-09/binsider.gif
- + images/reports/2024-09/debian.png
- + images/reports/2024-09/diffoscope.png
- + images/reports/2024-09/ghc-diff.png
- + images/reports/2024-09/gradle.png
- + images/reports/2024-09/opensuse.png
- + images/reports/2024-09/paper.ieeesw-shenyu.png
- + images/reports/2024-09/reproducible-builds.png
- + images/reports/2024-09/testframework.png
- + images/reports/2024-09/website.png
Changes:
=====================================
_reports/2024-09.md
=====================================
@@ -4,74 +4,282 @@ year: "2024"
month: "09"
title: "Reproducible Builds in September 2024"
draft: true
-date: 2024-10-01 00:23:42
---
-* New reproducibility-related academic papers
+[![]({{ "/images/reports/2024-09/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
- [![]({{ "/images/reports/2024-09/paper-10.5281-zenodo-13843189.png#right" | relative_url }})](https://doi.org/10.5281/zenodo.13843189)
+**Welcome to the September 2024 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
- [Marvin Strangfeld](https://strangfeld.io/) publish his bachelor thesis "[Reproducibility of Computational Environments for Software Development](https://doi.org/10.5281/zenodo.13843189)" from [RWTH Aachen University](https://www.rwth-aachen.de).
- The author offers a more precise theoretical definition of computational environments compared to previous definitions, which can be applied to describe real-world computational environments. Additionally, he provide a definition of reproducibility in computational environments, enabling discussions about the extent to which an environment can be made reproducible. The thesis is available at [https://doi.org/10.5281/zenodo.13843189](https://doi.org/10.5281/zenodo.13843189).
+Our reports attempt to outline what we've been up to over the past month, highlighting news items from elsewhere in tech where they are related. As ever, if you are interested in contributing to the project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
-* FIXME: Holger opened 4 bugs against debrebuild from src:devscripts
- * [#1081047 in devscripts: «debrebuild from branch debrebuild fails to download .dsc file»](https://bugs.debian.org/1081047)
- * [#1081048 in devscripts: «debrebuild from main branch does not work with a proxy»](https://bugs.debian.org/1081048)
- * [#1081050 in devscripts: «debrebuild from main branch fails to create a debrebuild.tar»](https://bugs.debian.org/1081050)
- * [#1081839 in devscripts: «debrebuild: E: mmdebstrap failed to run»](https://bugs.debian.org/1081839)
+<!--
+**Table of contents:**
+
+0. FIXME prior to publication
+-->
+
+---
+
+### New [`binsider`](https://binsider.dev/) tool to analyse ELF binaries
+
+[![]({{ "/images/reports/2024-09/binsider.gif#right" | relative_url }})](https://binsider.dev/)
+
+Reproducible Builds developer [Orhun Parmaksız](https://blog.orhun.dev/) has announced a fantastic new tool to analyse the contents of [ELF binaries](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format). According to the [project's `README` page](https://github.com/orhun/binsider#readme):
+
+> Binsider can perform static and dynamic analysis, inspect strings, examine linked libraries, and perform hexdumps, all within a user-friendly terminal user interface!
+
+More information about Binsider's features and how it works can be found [within Binsider's documentation pages](https://binsider.dev/usage/general-analysis/).
+
+<br>
+
+### Unreproducibility of GHC Haskell compiler "95% fixed"
+
+[![]({{ "/images/reports/2024-09/ghc-diff.png#right" | relative_url }})](https://gitlab.haskell.org/ghc/ghc/-/issues/12935#note_583525)
+
+A [seven-year-old bug](https://gitlab.haskell.org/ghc/ghc/-/issues/12935) about the nondeterminism of object code generated by the [Glasgow Haskell Compiler](https://www.haskell.org/ghc/) (GHC) received a [recent update](https://gitlab.haskell.org/ghc/ghc/-/issues/12935#note_583525), consisting of [Rodrigo Mesquita](https://alt-romes.github.io/) noting that the issue is:
+
+> 95% fixed by [merge request] [!12680](https://gitlab.haskell.org/ghc/ghc/-/merge_requests/12680) when `-fobject-determinism` is enabled. [[…](https://gitlab.haskell.org/ghc/ghc/-/issues/12935#note_583525)]
+
+The [linked merge request](https://gitlab.haskell.org/ghc/ghc/-/merge_requests/12680) has since been merged, and Rodrigo goes on to say that:
+
+> After that patch is merged, there are some rarer bugs in both interface file determinism (eg. [`#25170`](https://gitlab.haskell.org/ghc/ghc/-/issues/25170)) and in object determinism (eg. [`#25269`](https://gitlab.haskell.org/ghc/ghc/-/issues/25269) that need to be taken care of, but the great majority of the work needed to get there should have been merged already. When merged, I think we should close this one in favour of the more specific determinism issues like the two linked above.
+
+<br>
+
+### Mailing list summary
+
+On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month:
+
+* Fay Stegerman let everyone know that they had started an [thread on the Fediverse](https://tech.lgbt/@obfusk/113081697577399562) about the problem unreproducible `zlib`/`deflate` compression in `.zip` and `.apk` files. [[…](https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003526.html)]
+
+* Long-time developer *kpcyrd* wrote that "there has been [a recent public discussion](https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/merge_requests/1) on the [Arch Linux](https://archlinux.org/) GitLab [instance] about the challenges and possible opportunities for making the Linux kernel package reproducible", all relating to the `CONFIG_MODULE_SIG` flag. [[…](https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003530.html)]
+
+* Bernhard M. Wiedemann followed-up to an in-person conversation at our recent [Hamburg 2024 summit]({{ "/events/hamburg2024/" | relative_url }}) on the potential presence for Reproducible Builds in recognised standards. [[…](https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003539.html)]
+
+* Fay Stegerman also wrote about her worry about the "possible repercussions for RB tooling of Debian migrating from `zlib` to `zlib-ng`" due the subtleties of backwards- and forwards-compatibility of compression. [[…](https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003543.html)]
+
+* [Martin Monperrus](https://www.monperrus.net/martin/) wrote the list announcing the latest release of [`maven-lockfile`](https://github.com/chains-project/maven-lockfile/) that is designed aid "building Maven projects with integrity". [[…](https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003544.html)]
+
+* Lastly, Bernhard M. Wiedemann wrote about potential role of reproducible builds in combatting silent data corruption, as detailed in a [recent Tweet](https://x.com/petereliaskraft/status/1840011158347972765) and [scholarly paper](https://dl.acm.org/doi/abs/10.1145/3458336.3465297) on faulty CPU cores. [[…](https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003548.html)]
+
+<br>
+
+### Towards a 100% bit-for-bit reproducible OS…
+
+Bernhard M. Wiedemann began writing on [journey towards a 100% bit-for-bit reproducible operating system](https://en.opensuse.org/openSUSE:Reproducible_openSUSE/Part1) on the [openSUSE](https://en.opensuse.org/Main_Page) wiki:
+
+> This is a report of Part 1 of my journey: building 100% bit-reproducible packages for every package that makes up [openSUSE's] `minimalVM` image. This target was chosen as the smallest useful result/artifact. The larger package-sets get, the more disk-space and build-power is required to build/verify all of them.
+
+This work was sponsored by [NLnet](https://nlnet.nl/)'s [NGI Zero](https://nlnet.nl/NGI0/) fund.
+
+<br>
+
+### Two new reproducibility-related academic papers
+
+[![]({{ "/images/reports/2024-09/paper-10.5281-zenodo-13843189.png#right" | relative_url }})](https://doi.org/10.5281/zenodo.13843189)
+
+[Marvin Strangfeld](https://strangfeld.io/) published his bachelor thesis, "[*Reproducibility of Computational Environments for Software Development*](https://doi.org/10.5281/zenodo.13843189)" from [RWTH Aachen University](https://www.rwth-aachen.de). The author offers a more precise theoretical definition of computational environments compared to previous definitions, which can be applied to describe real-world computational environments. Additionally, Marvin provide a definition of reproducibility in computational environments, enabling discussions about the extent to which an environment can be made reproducible. The thesis is [available to browse or download in PDF format](https://doi.org/10.5281/zenodo.13843189).
+
+[![]({{ "/images/reports/2024-09/paper.ieeesw-shenyu.png#right" | relative_url }})](https://mcis.cs.queensu.ca/publications/2024/ieeesw-shenyu.pdf)
+
+In addition, Shenyu Zheng, Bram Adams and Ahmed E. Hassan of [Queen's University, ON, Canada](https://www.queensu.ca/) have [published an article](https://mcis.cs.queensu.ca/publications/2024/ieeesw-shenyu.pdf) on "hermeticity" in [Bazel](https://bazel.build/)-based build systems:
+
+> A hermetic build system manages its own build dependencies, isolated from the host file system, thereby securing the build process. Although, in recent years, new artifact-based build technologies like [Bazel](https://bazel.build/) offer build hermeticity as a core functionality, no empirical study has evaluated how effectively these new build technologies achieve build hermeticity. This paper studies 2,439 non-hermetic build dependency packages of 70 Bazel-using open-source projects by analyzing 150 million Linux system file calls collected in their build processes. We found that none of the studied projects has a completely hermetic build process, largely due to the use of non-hermetic top-level toolchains. [[…](https://mcis.cs.queensu.ca/publications/2024/ieeesw-shenyu.pdf)]
+
+<br>
+
+### Distribution work
+
+[![]({{ "/images/reports/2024-09/debian.png#right" | relative_url }})](https://debian.org/)
+
+In Debian this month, 14 reviews of Debian packages were added, 12 were updated and 20 were removed this month, all adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). A number of issue types were updated as well. [[…](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/7ee69bc5)][[…](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/5ade3942)]
+
+In addition, Holger opened 4 bugs against the `debrebuild` component of the [*devscripts*](https://salsa.debian.org/debian/devscripts) suite of tools. In particular:
+
+ * [`#1081047`](https://bugs.debian.org/1081047): Fails to download `.dsc` file.
+ * [`#1081048`](https://bugs.debian.org/1081048): Does not work with a proxy.
+ * [`#1081050`](https://bugs.debian.org/1081050): Fails to create a `debrebuild.tar`.
+ * [`#1081839`](https://bugs.debian.org/1081839): Fails with `E: mmdebstrap failed to run` error.
+
+Last month, an [issue was filed](https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/368) to update the [Salsa CI pipeline](https://salsa.debian.org/salsa-ci-team/pipeline) (used by 1,000s of Debian packages) to no longer test for reproducibility with *reprotest*'s `build_path` variation. Holger Levsen [provided a rationale](https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/368#note_520933) for this change in the issue, which has already been made to the tests being performed by [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org). This month, [this issue was closed by Santiago R. R.](https://salsa.debian.org/salsa-ci-team/pipeline/-/commit/3e772018954782b02114d8c95f9972bc950fde92), nicely explaining that build path variation is no longer the default, and, if desired, how developers may enable it again.
+
+[![]({{ "/images/reports/2024-09/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+In openSUSE news, Bernhard M. Wiedemann [published another report](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3CRGGASV7HFS5NQ4ECQ3DKPIJCCRKAYY/) for that distribution.
+
+<br>
+
+### [*diffoscope*](https://diffoscope.org)
+
+[![]({{ "/images/reports/2024-09/diffoscope.png#right" | relative_url }})](https://diffoscope.org/)
+
+[diffoscope](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading version `278` to Debian:
+
+* New features:
+
+ * Add a helpful contextual message to the output if comparing Debian `.orig` tarballs within `.dsc` files without the ability to "fuzzy-match" away the leading directory. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e748a477)]
+
+* Bug fixes:
+
+ * Drop removal of calculated `os.path.basename` from GNU `readelf` output. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/74bd931d)]
+ * Correctly invert "X% similar" value and do not emit "100% similar". [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/7ec9db5d)]
+
+* Misc:
+
+ * Temporarily remove `procyon-decompiler` from `Build-Depends` as it was removed from testing (via [#1057532](https://bugs.debian.org/1057532)). ([#1082636](https://bugs.debian.org/1082636))
+ * Update copyright years. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/021d9cf8)]
+
+For [*trydiffoscope*](https://try.diffoscope.org), the command-line client for the web-based version of *diffoscope*, Chris Lamb also:
+
+* Added an explicit `python3-setuptools` dependency. ([#1080825](https://bugs.debian.org/1080825))
+* Bumped the `Standards-Version` to 4.7.0. [[…](https://salsa.debian.org/reproducible-builds/trydiffoscope/commit/392e64d)]
+
+<br>
+
+### Other software development
+
+[*disorderfs*](https://tracker.debian.org/pkg/disorderfs) is our [FUSE](https://en.wikipedia.org/wiki/Filesystem_in_Userspace)-based filesystem that deliberately introduces non-determinism into system calls to reliably flush out reproducibility issues. This month, version `0.5.11-4` was [uploaded to Debian unstable](https://tracker.debian.org/news/1570782/accepted-disorderfs-0511-4-source-into-unstable/) by Holger Levsen making the following changes:
+
+* Replace build-dependency on the obsolete `pkg-config` package with one on `pkgconf`, following a [Lintian](https://wiki.debian.org/Lintian) check. [[…](https://salsa.debian.org/reproducible-builds/disorderfs/commit/0211d95)]
+* Bump `Standards-Version` field to 4.7.0, with no related changes needed. [[…](https://salsa.debian.org/reproducible-builds/disorderfs/commit/d500480)]
+
+<br>
+
+In addition, [*reprotest*](https://salsa.debian.org/reproducible-builds/reprotest) is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, version `0.7.28` was [uploaded to Debian unstable](https://tracker.debian.org/news/1561430/accepted-reprotest-0728-source-into-unstable/) by Holger Levsen including a change by Jelle van der Waa to move away from the `pipes` Python module to `shlex`, as the former will be removed in Python version 3.13 [[…](https://salsa.debian.org/reproducible-builds/reprotest/commit/b7a2104)].
+
+<br>
+
+### Android toolchain core count issue reported
+
+Fay Stegerman aka. *obfusk* [reported an issue with the Android toolchain](https://issuetracker.google.com/issues/366412380) where a part of the build system generates a different `classes.dex` file (and thus a different `.apk`) depending on a number of cores, thereby breaks Reproducible Builds:
+
+> We've rebuilt [[tag `v3.6.1`]](https://github.com/TheLastProject/ShareToInputStick/releases/tag/v3.6.1) multiple times (each time in a fresh container): with 2, 4, 6, 8, and 16 cores available, respectively:
+>
+> * With 2 and 4 cores we always get an unsigned APK with SHA-256 `14763d682c9286ef…`.
+> * With 6, 8, and 16 cores we get an unsigned APK with SHA-256 `35324ba4c492760…` instead.
+
+<br>
+
+### [New Gradle plugin for reproducibility](https://github.com/gradlex-org/reproducible-builds)
+
+[![]({{ "/images/reports/2024-09/gradle.png#right" | relative_url }})](https://github.com/gradlex-org/reproducible-builds)
+
+A new plugin for the [Gradle](https://gradle.org/) build tool for Java has been released. This [easily-enabled plugin](https://github.com/gradlex-org/reproducible-builds#usage) results in:
+
+> reproducibility settings [being] applied to some of Gradle's built-in tasks that should really be the default. Compatible with Java 8 and Gradle 8.3 or later.
+
+<br>
+
+### Website updates
+
+[![]({{ "/images/reports/2024-09/website.png#right" | relative_url }})]({{ "/" | relative_url }})
+
+There were a rather substantial number of improvements made to our website this month, including:
+
+* Chris Lamb:
+
+ * Attempt to use GitLab CI to 'artifact' the website; hopefully useful for testing branches….](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f1f98564)]
+ * Correct the linting rule whilst building the website….](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e72d54fd)]
+ * Make a number of small changes to Kees' post written by Vagrant….](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f13914e5)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5ef0e7d3)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5eb0421d)]
+ * Add the [Civil Infrastructure Platform](https://www.cip-project.org/) to the [*Projects*](https://reproducible-builds.org/who/projects/) page….](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/33b4dfd5)]
+ * Miscellaneous administration of misfiled images….](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/8f252f66)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ebcb3ec0)]
+
+* Evangelos Tzaras made a huge number of changes related to the recent [Hamburg 2024 summit]({{ "/events/hamburg2024/" | relative_url }})&nbps;[[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3cbc7c7f)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1d1cdfb8)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f146906c)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6703515c)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/41bb491c)] as well as proposed an [infographic about which question Reproducible Builds is trying to answer](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/8a12fdd3)].
+
+* Holger Levsen added his two presentations ([*Reproducible Builds: The First Eleven Years*](https://debconf24.debconf.org/talks/18-reproducible-builds-the-first-eleven-years/) and [***Preserving \*other\* build artifacts***](https://debconf24.debconf.org/talks/17-preserving-other-build-artifacts/)) to the website. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7a661236)]
+
+* James Addison added a *Getting Started* guide to the website. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/636d231e)]
+
+* Jelle van der Waa completely modernised the [System Images]({{ "/docs/system-images/" | relative_url }}) documentation, noting that "a lot has changed since 2017(!); `ext4`, `erofs` and `FAT` filesystems can now be made reproducible". [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/672c19a3)]
+
+* Developer *RyanSquared* replaced the continuous integration test link for [Arch Linux](https://archlinux.org/) on our [Projects]({{ "/who/projects/" | relative_url }}) page with [an external instance](https://reproducible.archlinux.org/) [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/67d13a6c)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/eaa4ba9b)] as well as updated the documentation to reflect the dependencies required to build the website [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/634587d6)].
+
+* Vagrant Cascadian pushed a [lengthy interview with Linux developer Kees Cook](https://reproducible-builds.org/news/2024/09/29/supporter-spotlight-kees-cook/). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/53a4b2f6)][…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f935cd0b)][…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2c1f10e7)][…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/04eb01ff)]
+
+<br>
+
+### Upstream patches
+
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
* Bernhard M. Wiedemann:
- * [`perl`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230137) (perl records kernel version)
+
* [`agama-integration-tests`](https://github.com/openSUSE/agama/pull/1576) (random)
- * [`seahorse`](https://gitlab.gnome.org/GNOME/seahorse/-/issues/394) (parallelism, bug)
+ * [`contrast`](https://build.opensuse.org/request/show/1203242) (FTBFS-nocheck)
+ * [`cpython`](https://github.com/python/cpython/issues/124851) (FTBFS-2038)
* [`crash`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230281) (parallelism, race)
- * [`kernel-doc/Sphinx`](https://lore.kernel.org/linux-doc/33018311-0bdf-4258-b0c0-428a548c710d@suse.de/T/#t) (toolchain bug, parallelism/race)
- * [`python-Sphinx`](https://github.com/sphinx-doc/sphinx/issues/6714) (parallelism/race, bug, got some love)
- * [`scap-security-guide`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230361) (date)
+ * [`ghostscript`](https://mail.gnu.org/archive/html/bug-ghostscript/2024-09/msg00000.html) (toolchain date)
+ * [`glycin-loaders`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230879) (FTBFS `-j1`)
* [`gstreamer-plugins-rs`](https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/issues/599) (date, other)
+ * [`kernel-doc/Sphinx`](https://lore.kernel.org/linux-doc/33018311-0bdf-4258-b0c0-428a548c710d@suse.de/T/#t) (toolchain bug, parallelism/race)
* [`kernel`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230414) (parallelism in BTF)
- * [`libsamplerate`](https://build.opensuse.org/request/show/1202178) (random tmp-path)
- * [`python-chroma-hnswlib`](https://build.opensuse.org/request/show/1202316) (CPU)
+ * [`libcamera`](https://bugs.libcamera.org/show_bug.cgi?id=233) (random key)
+ * [`libgtop`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230850) (`uname -r`)
+ * [`libsamplerate`](https://build.opensuse.org/request/show/1202178) (random temporary directory)
+ * [`lua-luarepl`](https://build.opensuse.org/request/show/1204160) (FTBFS)
+ * [`meson`](https://github.com/mesonbuild/meson-python/issues/671) (toolchain)
+ * [`netty`](https://build.opensuse.org/request/show/1203216) (modification time in `.a`)
+ * [`nvidia-persistenced`](https://github.com/NVIDIA/nvidia-persistenced/pull/12) (date)
+ * [`nvidia-xconfig`](https://build.opensuse.org/request/show/1203885) (date-related issue)
+ * [`obs-build`](https://github.com/openSUSE/obs-build/issues/1030) (build-tooling corruption)
+ * [`perl`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230137) (Perl records kernel version)
* [`pinentry`](https://build.opensuse.org/request/show/1202479) (make efl droppable)
- * [`netty`](https://build.opensuse.org/request/show/1203216) (mtime in .a)
- * [`contrast`](https://build.opensuse.org/request/show/1203242) (FTBFS-nocheck)
- * [`subversion`](https://build.opensuse.org/request/show/1203785) (minor jar mtimes)
- * [`nvidia-xconfig`](https://build.opensuse.org/request/show/1203885) (date = https://github.com/NVIDIA/nvidia-xconfig/pull/3)
* [`python-PyGithub`](https://github.com/PyGithub/PyGithub/pull/3045) (FTBFS 2024-11-25)
- * [`libgtop`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230850) (uname -r)
- * [`xen/acpica`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230856) (toolchain date)
+ * [`python-Sphinx`](https://github.com/sphinx-doc/sphinx/issues/6714) (parallelism/race)
+ * [`python-chroma-hnswlib`](https://build.opensuse.org/request/show/1202316) (CPU)
+ * [`python-libcst`](https://github.com/Instagram/LibCST/pull/1213)
* [`python-pygraphviz`](https://github.com/pygraphviz/pygraphviz/issues/541) (random timing)
- * [`ghostscript`](https://mail.gnu.org/archive/html/bug-ghostscript/2024-09/msg00000.html) (toolchain date)
- * [`obs-build`](https://github.com/openSUSE/obs-build/issues/1030) (build-tooling corruption)
- * [`glycin-loaders`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230879) (FTBFS-j1)
- * [`libcamera`](https://bugs.libcamera.org/show_bug.cgi?id=233) (random key)
- * [`python312`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230906) (pyc embedded mtime)
- * [`python-libcst`](https://github.com/Instagram/LibCST/pull/1213) (python-libcst rust codegen-units + LTO)
- * [`nvidia-persistenced`](https://github.com/NVIDIA/nvidia-persistenced/pull/12) (date)
+ * [`python312`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230906) (`.pyc` embeds modification time)
+ * [`python312`](https://build.opensuse.org/request/show/1204725) (drop `.pyc` from documentation time)
+ * [`scap-security-guide`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230361) (date)
+ * [`seahorse`](https://gitlab.gnome.org/GNOME/seahorse/-/issues/394) (parallelism)
+ * [`subversion`](https://build.opensuse.org/request/show/1203785) (minor Java `.jar` modication times)
+ * [`xen/acpica`](https://bugzilla.opensuse.org/show_bug.cgi?id=1230856) (date-related issue in toolchain)
* [`xmvn`](https://github.com/fedora-java/xmvn/commit/1f79bc89caf3a75556a72430a524df84a16bde2b) (random)
* [`xmvn`](https://github.com/fedora-java/xmvn/pull/298) (various fixes by Fridrich Strba)
- * [`pyHanko`](https://github.com/MatthiasValvekens/pyHanko/issues/472) (report FTBFS-2030)
- * [`meson`](https://github.com/mesonbuild/meson-python/issues/671) (toolchain)
- * [`cpython`](https://github.com/python/cpython/issues/124851) (FTBFS-2038)
- * [`lua-luarepl`](https://build.opensuse.org/request/show/1204160) (FTBFS)
- * [`python312`](https://build.opensuse.org/request/show/1204725) (drop .pyc from doc)
-* Bernhard started to write [Part1 of his journey towards a 100% bit-reproducible OS](https://en.opensuse.org/openSUSE:Reproducible_openSUSE/Part1) - sponsored by NLnet NGI0
+* Chris Lamb:
+
+ * [#1082702](https://bugs.debian.org/1082702) filed against [`magic-wormhole-transit-relay`](https://tracker.debian.org/pkg/magic-wormhole-transit-relay).
+ * [#1082706](https://bugs.debian.org/1082706) filed against [`python-sphobjinv`](https://tracker.debian.org/pkg/python-sphobjinv).
+ * [#1082707](https://bugs.debian.org/1082707) filed against [`lomiri-content-hub`](https://tracker.debian.org/pkg/lomiri-content-hub).
+ * [#1082796](https://bugs.debian.org/1082796) filed against [`python-mt-940`](https://tracker.debian.org/pkg/python-mt-940).
+ * [#1082806](https://bugs.debian.org/1082806) filed against [`tree-puzzle`](https://tracker.debian.org/pkg/tree-puzzle).
+ * [#1083053](https://bugs.debian.org/1083053) filed against [`muon-meson`](https://tracker.debian.org/pkg/muon-meson).
+
+<br>
+
+### Reproducibility testing framework
-* [openSUSE monthly](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3CRGGASV7HFS5NQ4ECQ3DKPIJCCRKAYY/)
+[![]({{ "/images/reports/2024-08/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In September, a number of changes were made by Holger Levsen, including:
-* FIXME: https://issuetracker.google.com/issues/366412380
+* [Debian](https://debian.org/)-related changes:
+
+ * Upgrade the `osuosl4` node to Debian *trixie* in anticipation of running `debrebuild` and `rebuilderd` there. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bdae2a9b6)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/95aae5420)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a01d57d6e)]
+ * Temporarily mark the `osuosl4` node as offline due to ongoing `xfs_repair` filesystem maintenance. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ae7103edf)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a452842af)]
+ * Do not warn about (very old) broken nodes. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5fd46f2ce)]
+ * Add the `risc64` architecutre to the multiarch version skew tests for Debian *trixie* and *sid*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/592996dc8)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/271d325b6)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e0d15de91)]
+ * Mark the `virt{32,64}b` nodes as down. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2a4d655ac)]
+
+* Misc changes:
+
+ * Add support for powercycling OpenStack instances. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/74c2c0534)]
+ * Update the [`fail2ban`](https://github.com/fail2ban/fail2ban) to ban hosts for 4 weeks in total [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/7869acbc2)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/30c12eb56)] and take care to never ban our own [Jenkins](https://www.jenkins.io/) instance. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ad7800062)]
+
+In addition, Vagrant Cascadian recorded a disk failure for the `virt32b` and `virt64b` nodes [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/919810c8b)], performed some maintenance of the `cbxi4a` node [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d4a48600d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/145c7969d)] and marked most `armhf` architecture systems as being back online.
+
+<br>
+
+---
-* [FIXME](https://binsider.dev/)
+Finally, If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
-* [FIXME](https://gitlab.haskell.org/ghc/ghc/-/issues/12935#note_583525)
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
-* [FIXME](https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/368) closed by
- [FIXME](https://salsa.debian.org/salsa-ci-team/pipeline/-/commit/3e772018954782b02114d8c95f9972bc950fde92)
- nicely expaining that build path variation isn't the default for Salsa CI anymore
- and how to enable it again if desired.
+ * Mastodon: [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
-* [FIXME](https://github.com/gradlex-org/reproducible-builds)
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
-* [FIXME](https://mcis.cs.queensu.ca/publications/2024/ieeesw-shenyu.pdf)
+ * Twitter: [@ReproBuilds](https://twitter.com/ReproBuilds)
=====================================
images/reports/2024-09/archlinux.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/archlinux.png differ
=====================================
images/reports/2024-09/binsider.gif
=====================================
Binary files /dev/null and b/images/reports/2024-09/binsider.gif differ
=====================================
images/reports/2024-09/debian.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/debian.png differ
=====================================
images/reports/2024-09/diffoscope.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/diffoscope.png differ
=====================================
images/reports/2024-09/ghc-diff.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/ghc-diff.png differ
=====================================
images/reports/2024-09/gradle.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/gradle.png differ
=====================================
images/reports/2024-09/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/opensuse.png differ
=====================================
images/reports/2024-09/paper.ieeesw-shenyu.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/paper.ieeesw-shenyu.png differ
=====================================
images/reports/2024-09/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/reproducible-builds.png differ
=====================================
images/reports/2024-09/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/testframework.png differ
=====================================
images/reports/2024-09/website.png
=====================================
Binary files /dev/null and b/images/reports/2024-09/website.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/88326783e50060cb17a03149028f86aade516bb6
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/88326783e50060cb17a03149028f86aade516bb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20241003/77514a50/attachment.htm>
More information about the rb-commits
mailing list