[Git][reproducible-builds/reproducible-website][master] 2025-07: Initial draft
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Sat Aug 2 22:40:16 UTC 2025
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
ccf8fd1b by Chris Lamb at 2025-08-02T15:40:01-07:00
2025-07: Initial draft
- - - - -
13 changed files:
- _reports/2025-07.md
- + images/reports/2025-07/debian.png
- + images/reports/2025-07/diffoscope.png
- + images/reports/2025-07/fdroid.png
- + images/reports/2025-07/guix.png
- + images/reports/2025-07/never-mind-the-checkboxes-1.jpg
- + images/reports/2025-07/never-mind-the-checkboxes-2.jpg
- + images/reports/2025-07/opensuse.png
- + images/reports/2025-07/oss-rebuild.png
- + images/reports/2025-07/reproducible-builds.png
- + images/reports/2025-07/summit.jpg
- + images/reports/2025-07/testframework.png
- + images/reports/2025-07/website.png
Changes:
=====================================
_reports/2025-07.md
=====================================
@@ -6,99 +6,250 @@ title: "Reproducible Builds in July 2025"
draft: true
---
-* [FIXME](https://reproducible-builds.org/events/vienna2025/)
+[![]({{ "/images/reports/2025-07/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
-* [FIXME](https://www.sciencedirect.com/science/article/pii/S0164121225002092)
+**Welcome to the seventh report from the [Reproducible Builds]({{ "/" | relative_url }}) project in 2025.** Our monthly reports outline what we've been up to over the past month, and highlight items of news from elsewhere in the increasingly-important area of software supply-chain security. If you are interested in contributing to the Reproducible Builds project, please see the [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
-* [FIXME: PEP 517 Build backend enabling reproducible builds with setuptools.](https://pypi.org/project/setuptools-reproducible/)
+<!--
+**In this report:**
-* [libfate: A simple collection of tiny libraries to patch system functions deterministically using the LD_PRELOAD trick.](https://github.com/nicolas-graves/libfate)
+0. FIXME automatically generated upon publication
+-->
-* [Reproducibility for mono](https://codeberg.org/guix/guix/pulls/507) versions [1.9](https://codeberg.org/guix/guix/commit/69d8d749e14d5c3c17628946f0b523529d041680), [2.4](https://codeberg.org/guix/guix/commit/f0b8657c429dadeee7dda7bb1a071bac41f3e354), and [2.6](https://codeberg.org/guix/guix/commit/52df09e31bc342c18369844991b2e5f70d2c36a4) in Guix.
+---
-* Diffoscope updated in guix to [300](https://codeberg.org/guix/guix/commit/dd7e39ccfdd23a388dfa6b7665de466691bc6cda)[...](https://codeberg.org/guix/guix/pulls/886), [301](https://codeberg.org/guix/guix/commit/02a94e80243b1ed1f84fc3cce2554f2d06fd1664)[...](https://codeberg.org/guix/guix/pulls/1240) [302](https://codeberg.org/guix/guix/pulls/1576) and [fixed the execute bit on extract-vmlinux](https://codeberg.org/guix/guix/commit/4c4451b9232ff22eef8bb2f8b512fd8a5e6b766c)[...](https://codeberg.org/guix/guix/pulls/1307)
+### [Next Reproducible Builds Summit dates announced]({{ "/events/vienna2025/" | relative_url }})
-### Upstream patches
+[![]({{ "/images/reports/2025-07/summit.jpg#right" | relative_url }})]({{ "/events/vienna2025/" | relative_url }})
-* Robin Candau:
+**We are extremely pleased to announce the [upcoming Reproducible Builds Summit]({{ "/events/vienna2025/" | relative_url }}), set to take place from _October 28th — 30th 2025_ in Vienna, Austria!**
+
+We are thrilled to host the eighth edition of this exciting event, following the success of previous summits in various iconic locations around the world, including Venice, Marrakesh, Paris, Berlin, Hamburg and Athens. Our summits are a unique gathering that brings together attendees from diverse projects, united by a shared vision of advancing the Reproducible Builds effort.
+
+During this enriching event, participants will have the opportunity to engage in discussions, establish connections and exchange ideas to drive progress in this vital field. Our aim is to create an inclusive space that fosters collaboration, innovation and problem-solving.
+
+If you're interesting in joining us this year, please make sure to [read the event page]({{ "/events/vienna2025/" | relative_url }}) which has more details about the event and location. We are very much looking forward to seeing many readers of these reports there!
+
+<br>
+
+### New extension of Python `setuptools` to support reproducible builds
+
+Wim Jeantine-Glenn has written a [PEP 517 Build backend](https://peps.python.org/pep-0517/#build-backend-interface) in order to enable reproducible builds when building Python projects that use [setuptools](https://setuptools.pypa.io/en/latest/).
+
+Called [`setuptools-reproducible`](https://pypi.org/project/setuptools-reproducible/), the project's [README file](https://github.com/wimglenn/setuptools-reproducible/blob/main/README.md) contains the following:
+
+> Setuptools can create reproducible wheel archives (`.whl`) by setting `SOURCE_DATE_EPOCH` at build time, but setting the env var is insufficient for creating reproducible sdists (`.tar.gz`). `setuptools-reproducible` [therefore] wraps the hooks `build_sdist` `build_wheel` with some modifications to make reproducible builds by default.
+
+<br>
+
+### [Reproducible Builds at FOSSY 2025](https://2025.fossy.us/schedule/presentation/327/)
+
+[![]({{ "/images/reports/2025-07/never-mind-the-checkboxes-1.jpg#right" | relative_url }})](https://2025.fossy.us/schedule/presentation/327/)
+
+On Saturday 2nd August, Vagrant Cascadian and Chris Lamb presented at this year's [FOSSY 2025](https://2025.fossy.us/). Their talk, titled [*Never Mind the Checkboxes, Here's Reproducible Builds!*](https://2025.fossy.us/schedule/presentation/327/), was introduced as follows:
+
+> There are numerous policy compliance and regulatory processes being developed that target software development… but do they solve actual problems? Does it improve the quality of software? Do Software Bill of Materials (SBOMs) actually give you the information necessary to verify how a given software artifact was built? What is the goal of all these compliance checklists anyways… or more importantly, what *should* the goals be? If a software object is signed, who should be trusted to sign it, and can they be trusted … forever?
+
+[![]({{ "/images/reports/2025-07/never-mind-the-checkboxes-2.jpg#right" | relative_url }})](https://2025.fossy.us/schedule/presentation/327/)
+
+Hosted by the [Software Freedom Conservancy](https://sfconservancy.org/) and taking place in Portland, Oregon, USA, FOSSY aims to be a community-focused event: "Whether you are a long time contributing member of a free software project, a recent graduate of a coding bootcamp or university, or just have an interest in the possibilities that free and open source software bring, FOSSY will have something for you". More information on the event is available [on the FOSSY 2025 website](https://2025.fossy.us/about/), including the [full programme schedule](https://2025.fossy.us/schedule/).
+
+Vagrant and Chris also staffed a table, where they will be available to answer any questions about Reproducible Builds and discuss collaborations with other projects.
+
+<br>
+
+### New library to patch system functions for reproducibility
+
+[Nicolas Graves](https://git.sr.ht/~ngraves) has written and published [libfate](https://github.com/nicolas-graves/libfate), a simple collection of tiny libraries to patch system functions deterministically using `LD_PRELOAD`. According to the [project's `README`](https://github.com/nicolas-graves/libfate/blob/master/README.md):
+
+> libfate provides deterministic replacements for common non-deterministic system functions that can break reproducible builds. Instead of relying on complex build systems or apps or extensive patching, libfate uses the LD_PRELOAD trick to intercept system calls and return fixed, predictable values.
+
+Describing why he wrote it, Nicolas writes:
+
+> I originally used the OpenSUSE [dettrace](https://github.com/dettrace/dettrace) approach to make Emacs reproducible in Guix. But when Guix switch to GCC at 14, dettrace stopped working as expected. dettrace is a complex piece of software, my need was much less heavy: I don't need to systematically patch all sources of nondetermism, just the ones that make a process/binary unreproducible in a container/chroot.
+
+<br>
+
+### [*diffoscope*](https://diffoscope.org)
+
+[![]({{ "/images/reports/2025-07/diffoscope.png#right" | relative_url }})](https://diffoscope.org/)
+
+[diffoscope](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions `301`, `302` and `303` to Debian:
+
+* Improvements:
+
+ * Use `Difference.from_operation` in an attempt to pipeline the output of the `extract-vmlinux` script, potentially avoiding it all in memory. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c7283818)]
+ * Memoize a number of calls to `--version`, saving a very large number of external subprocess calls.
+
+* Bug fixes:
+
+ * Don't check for PyPDF version 3 specifically, check for versions greater than 3. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9ec7aad21d7a45069a3dddd4bcee476fe1dff1ae)]
+ * Ensure that Java class files are named `.class` on the filesystem before passing them to `javap(1)`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9ec7aad2)]
+ * Mask `stderr` from `extract-vmlinux` script. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/35b0dbb4)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/510945b7)]
+ * Avoid spurious differences in h5dump output caused by exposure of absolute internal extraction paths. ([#1108690](https://bugs.debian.org/1108690))
+
+* Misc:
+
+ * Use `our_check_output` in the ODT comparator. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/90046c65)]
+ * Update copyright years. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/acedd232)]
+
+In addition:
+
+* Siva Mahadevan made a change to use the `--print-armap` long option when calling `nm(1)` for wider compatibility. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ffa385d3)]
+
+* Vagrant Diffoscope updated *diffoscope* in GNU Guix to [300](https://codeberg.org/guix/guix/commit/dd7e39ccfdd23a388dfa6b7665de466691bc6cda) [[…](https://codeberg.org/guix/guix/pulls/886)], [301](https://codeberg.org/guix/guix/commit/02a94e80243b1ed1f84fc3cce2554f2d06fd1664) [[…](https://codeberg.org/guix/guix/pulls/1240)], [302](https://codeberg.org/guix/guix/pulls/1576) and [fixed the execute bit on the *extract-vmlinux* script](https://codeberg.org/guix/guix/commit/4c4451b9232ff22eef8bb2f8b512fd8a5e6b766c) [[…](https://codeberg.org/guix/guix/pulls/1307)].
+
+Lastly, Chris Lamb added a `tmpfs` to [`try.diffoscope.org`](https://try.diffoscope.org/) so that *diffoscope* has a non-trivial temporary area to unpack archives, etc. [[…](https://salsa.debian.org/reproducible-builds/try.diffoscope.org/commit/514637a)]
+
+Elsewhere in our tooling, however, [*reprotest*](https://salsa.debian.org/reproducible-builds/reprotest) is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, *reprotest* version `0.7.30` was [uploaded to Debian unstable](https://tracker.debian.org/pkg/reprotest) by Holger Levsen, chiefly including a change by Rebecca N. Palmer to not call `sudo` with the `-h` flag in order to fix Debian bug [#1108550](https://bugs.debian.org/1108550). [[…](https://salsa.debian.org/reproducible-builds/reprotest/commit/513b9a5)]
+
+<br>
+
+### "[*Independently Reproducible Git Bundles*](https://blog.josefsson.org/2025/07/31/independently-reproducible-git-bundles/)"
+
+[Simon Josefsson](https://blog.josefsson.org/) has published another interesting article this month. Titled [*Independently Reproducible Git Bundles*](https://blog.josefsson.org/2025/07/31/independently-reproducible-git-bundles/), the blog post describes the advantages of why you might a reproducible bundle, and the pitfalls that can arise when trying to create them:
+
+> One desirable property is that someone else should be able to reproduce the same git bundle, and not only that a single individual is able to reproduce things on one machine. It surprised me to see that when I ran the same set of commands on a different machine (started from a fresh `git clone`), I got a different checksum. The different checksums occurred even when nothing had been committed on the server side between the two runs.
+
+<br>
+
+### Website updates
- * [`netdata`](https://github.com/netdata/netdata/pull/20714) (timestamps)
+[![]({{ "/images/reports/2025-07/website.png#right" | relative_url }})]({{ "/" | relative_url }})
+
+Once again, there were a number of improvements made to our website this month including:
+
+* Bernhard M. Wiedemann added an entry related to [R-B-OS](https://news.opensuse.org/2025/02/18/rbos-project-hits-milestone/) on the [*History*]({{ "/docs/history/" | relative_url }}) page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3d9b305f)]
+
+* Chris Lamb:
+
+ * Replaced "rbtlog run by Fay" by "rbtlog run by Benl" on the [*Who is involved*](https://reproducible-builds.org/who/projects/) page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/38403846)]
+ * Added a new, centered version of the RB logo. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a97b47a9)]
+
+* Holger Levsen:
+
+ * Added and worked on the [page for the Vienna 2025 summit]({{ "/events/vienna2025/" | relative_url }}). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/db6a0059)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b69089de)]
+ * Add Jarl Gullberg to the [*Who is involved?*]({{ "/who/people/" | relative_url }}) page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3802fc00)]
+ * Add a talk from the [recent MiniDebConf in Hamburg](https://hamburg2025.mini.debconf.org/) to our [database of talks and presentations]({{ "/resources/" | relative_url }}). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f13c6636)]
+
+* Julien Cristau fixed a link to the [*diffoci* repository](https://github.com/reproducible-containers/diffoci) on the [*Tools*]({{ "/tools/" | relative_url }} page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a77192d3)]
+
+<br>
+
+### Distribution work
+
+[![]({{ "/images/reports/2025-07/debian.png#right" | relative_url }})](https://debian.org/)
+
+In [**Debian**](https://debian.org/) this month:
+
+* 5 reviews of Debian packages were added, 4 were updated and 2 were removed this month adding to our [ever-increasing knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+* The release notes for the upcoming Debian *Trixie* release feature the following paragraph related to Reproducible Builds, thanks to the [collaboration of Justin B Rye, Chris Hofstaedtler, Vagrant Cascadian and Holger Levsen](https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/294):
+
+> Debian contributors have made significant progress toward ensuring package builds produce byte-for-byte reproducible results. You can check the status for packages installed on your system using the new package `debian-repro-status`, or visit [*reproduce.debian.net*](https://reproduce.debian.net/) for Debian’s overall statistics for *trixie* and later. You can contribute to these efforts by joining `#debian-reproducible` on IRC to discuss fixes, or verify the statistics by installing the new `rebuilderd` package and setting up your own instance.
+
+<br>
+
+[![]({{ "/images/reports/2025-07/guix.png#right" | relative_url }})](https://guix.gnu.org)
+
+In [**GNU Guix**](https://guix.gnu.org/), a [series of patches intended to fix the reproducibility for the Mono programming language](https://codeberg.org/guix/guix/pulls/507) was merged, fixing reproducibility in Mono versions 1.9 [[…](https://codeberg.org/guix/guix/commit/69d8d749e14d5c3c17628946f0b523529d041680)], 2.4 [[…](https://codeberg.org/guix/guix/commit/f0b8657c429dadeee7dda7bb1a071bac41f3e354)] and 2.6 [[…](https://codeberg.org/guix/guix/commit/52df09e31bc342c18369844991b2e5f70d2c36a4)].
+
+<br>
+
+[![]({{ "/images/reports/2025-07/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+Lastly, in [**openSUSE**](https://www.opensuse.org/) news, Bernhard M. Wiedemann posted another [monthly update](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/NJNQL5ZX7E3QPYAO5WXEMOY4YGYB5GZ6/) for their work there.
+
+
+<br>
+
+### Reproducibility testing framework
+
+[![]({{ "/images/reports/2025-07/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+
+The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In June, however, a number of changes were made by Holger Levsen, including:
+
+* Switch the URL for the [Tails](https://tails.net/) package set. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2c8e97a8d)]
+* Make the `dsa-check-packages` output more useful. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2e1412c30)]
+* Setup the `ppc64el` architecture again, has it has returned — this time with a 2.7 GiB database instead of 72 GiB. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5d3cfe792)]
+
+In addition, Jochen Sprickerhof improved the reproducibility statistics generation:
+
+* Enable caching of statistics. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ec7825b98)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/76d6da2c2)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b90162104)]
+* Add some common non-reproducible patterns. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/59c30493d)]
+* Change output to directory. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/3f8d857ff)]
+* Add a page sorted by *diffoscope* size. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c8b1bac24)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/7deb59d83)]
+* Switch to Python's `argparse` module and separate `output()`. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/52af44ce3)]
+
+Holger also submitted a number of Debian bugs against `rebuilderd` and `rebuilderd-worker`:
+
+* Config files and scripts for a simple one machine setup. [[…](https://bugs.debian.org/1109459)][[…](https://bugs.debian.org/1110037)]
+* Create a `rebuilderd` user. [[…](https://bugs.debian.org/1110036)]
+* Create `rebuilderd-worker` user with `sbuild`. [[…](https://bugs.debian.org/1110038)]
+
+Lastly, Mattia Rizzolo added a scheduled job to renew some SSL certificates [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ed312001f)] and Vagrant Cascadian performed some node maintenance [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/29aa71bf2)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f83ef9b59)].
+
+<br>
+
+### Upstream patches
+
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
+
+* Bernhard M. Wiedemann:
+
+ * [`dpdk`](https://build.opensuse.org/request/show/1296685)
+ * [`HTTP-CookieJar`](https://github.com/dagolden/HTTP-CookieJar/pull/16)
+ * [`ibus-libzhuyin`](https://build.opensuse.org/request/show/1296344)
+ * [`java-21-openjdk`](https://build.opensuse.org/request/show/1293272)
+ * [`kea`](https://src.opensuse.org/dhcp/kea/pulls/9)
+ * [`libcamera`](https://src.opensuse.org/jengelh/libcamera/pulls/6)
+ * [`libpinyin`](https://build.opensuse.org/request/show/1296340)
+ * [`libsemigroups`](https://github.com/libsemigroups/libsemigroups/issues/767)
+ * [`llvm`](https://github.com/llvm/llvm-project/pull/146822), [`llvm20`](https://build.opensuse.org/request/show/1290617) , [`llvm20`](https://build.opensuse.org/request/show/1293268), [`llvm19`](https://build.opensuse.org/request/show/1292247), [`llvm15`](https://build.opensuse.org/request/show/1292274), [`llvm17`](https://build.opensuse.org/request/show/1292273) (and all backports to `llvm7-19`)
+ * [`mumble`](https://github.com/mumble-voip/mumble/pull/6872)
+ * [`python-Babel/pympress`](https://build.opensuse.org/request/show/1295211)
+ * [`python-numpy`](https://build.opensuse.org/request/show/1296687)
+ * [`python-numpy`](https://github.com/numpy/SVML/pull/7)
+ * [`python-paho-mqtt`](https://build.opensuse.org/request/show/1290153)
+ * [`python-rencode`](https://bugzilla.opensuse.org/show_bug.cgi?id=1246916)
+ * [`rabbitmq-server`](https://bugzilla.opensuse.org/show_bug.cgi?id=1245558)
+ * [`rage`](https://github.com/str4d/rage/pull/580)
+ * [`re-flex`](https://bugzilla.opensuse.org/show_bug.cgi?id=1246164)
+ * [`shadow-rs`](https://github.com/baoyachi/shadow-rs/pull/235)
+
+* Chris Lamb:
+
+ * [#1109484](https://bugs.debian.org/1109484) filed against [`rust-microformats`](https://tracker.debian.org/pkg/rust-microformats)
+ * [#1109731](https://bugs.debian.org/1109731) filed against [`piglit`](https://tracker.debian.org/pkg/piglit)
* Rafał Mikrut:
+
* [`cargo-i18n`](https://github.com/kellpossible/cargo-i18n/pull/151)
-* SUSE:
- * [`emacs`](https://build.opensuse.org/request/show/1292097) (by Werner Fink)
- * [`firecracker`](https://github.com/firecracker-microvm/firecracker/pull/5298) (by Andrea Manzini)
- * [`obs-build`](https://github.com/openSUSE/obs-build/commit/e3812b225f8b6fb66301c8dbee9e5bf242939f8a) (by Adrian Schroeter, tar ctime)
- * [`BCI-dockerfile-generator`](https://github.com/SUSE/BCI-dockerfile-generator/pull/2749) (by Dirk Mueller)
- * [`python-rdflib`](https://build.opensuse.org/request/show/1291184) (by Daniel Garcia)
- * [`python313:doc`](https://github.com/python/cpython/pull/136165) (by Daniel Garcia)
- * [`maven-archiver`](https://github.com/apache/maven-archiver/pull/273) (by Fridrich Strba)
- * [`moditect`](https://github.com/moditect/moditect/pull/263) (by Fridrich Strba)
- * [`agama`](https://github.com/agama-project/agama/pull/2528) (by Imobach Gonzalez Sosa)
- * [`ovmf`](https://build.opensuse.org/request/show/1290620) (by Richard Lyu)
- * [`rsign2`](https://codeberg.org/cunix/vendored_licenses_packager/pulls/1) (toolchain, random, by Bernhard with help by Michael Schroeder)
- * Bernhard M. Wiedemann:
- * [`libcamera`](https://src.opensuse.org/jengelh/libcamera/pulls/6) (random signatures)
- * [`rage`](https://github.com/str4d/rage/pull/580) (version update to replace HashMap)
- * [`HTTP-CookieJar`](https://github.com/dagolden/HTTP-CookieJar/pull/16) (FTBFS-2041)
- * [`mumble`](https://github.com/mumble-voip/mumble/pull/6872) (FTBFS)
- * [`shadow-rs`](https://github.com/baoyachi/shadow-rs/pull/235) (toolchain, date)
- * [`python-rencode`](https://bugzilla.opensuse.org/show_bug.cgi?id=1246916) (CPU, order)
- * [`llvm`](https://github.com/llvm/llvm-project/pull/146822), [`llvm20`](https://build.opensuse.org/request/show/1290617) , [`llvm20`](https://build.opensuse.org/request/show/1293268), [`llvm19`](https://build.opensuse.org/request/show/1292247), [`llvm15`](https://build.opensuse.org/request/show/1292274), [`llvm17`](https://build.opensuse.org/request/show/1292273) and all backports to llvm7-19
- * [`java-21-openjdk`](https://build.opensuse.org/request/show/1293272) (FTBFS-2035)
- * [`python-paho-mqtt`](https://build.opensuse.org/request/show/1290153) ([SSL expired](https://github.com/eclipse/paho.mqtt.python/pull/854))
- * [`python-Babel/pympress`](https://build.opensuse.org/request/show/1295211) (toolchain, date)
- * [`rabbitmq-server`](https://bugzilla.opensuse.org/show_bug.cgi?id=1245558)
- * [`libsemigroups`](https://github.com/libsemigroups/libsemigroups/issues/767) (FTBFS-j1)
- * [`re-flex`](https://bugzilla.opensuse.org/show_bug.cgi?id=1246164) (CPU)
- * [`python-numpy`](https://build.opensuse.org/request/show/1296687) (random)
- * [`libpinyin`](https://build.opensuse.org/request/show/1296340) (ASLR)
- * [`ibus-libzhuyin`](https://build.opensuse.org/request/show/1296344) (ASLR)
- * [`dpdk`](https://build.opensuse.org/request/show/1296685) (drop pesign)
- * [`kea`](https://src.opensuse.org/dhcp/kea/pulls/9) (drop files with randomness)
- * [`python-numpy`](https://github.com/numpy/SVML/pull/7) (numpy/gcc random)
-
-* [openSUSE monthly](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/NJNQL5ZX7E3QPYAO5WXEMOY4YGYB5GZ6/)
-
-* [FIXME](https://lwn.net/Articles/1030603/)
-
-* FIXME: Holger submitted bugs against rebuilderd and rebuilderd-worker:
- * [Debian#1109459: rebuilderd: config files and scripts for a simple one machine setup](https://bugs.debian.org/1109459)
- * [Debian#1110036: rebuilderd: create rebuilderd user](https://bugs.debian.org/1110036)
- * [Debian#1110037: rebuilderd-worker: config files and scripts for a simple one machine setup](https://bugs.debian.org/1110037)
- * [Debian#1110038: rebuilderd-worker: create rebuilderd-worker user with subuid](https://bugs.debian.org/1110038)
-
-* [FIXME: Holger uploaded reprotest 0.7.30](https://tracker.debian.org/news/1652043/accepted-reprotest-0730-source-into-unstable/) to fix [Debian#1108550 reprotest: fails with "sudo: a remote host may only be specified when listing privileges"](https://bugs.debian.org/1108550) using a patch from Rebecca N. Palmer.
-
-* [FIXME: The release-notes for the upcoming Debian "Trixie" 13.0 release feature the following paragraph](https://www.debian.org/releases/trixie/release-notes/whats-new.en.html#debian-progress-towards-reproducible-builds), thanks to the [collaboration of Justin B Rye, Chris Hofstaedtler, Vagrant and Holger Levsen](https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/294]:
-
-```
-Debian progress towards reproducible builds
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Debian contributors have made significant progress toward ensuring package
-builds produce byte-for-byte reproducible results. You can check the status for
-packages installed on your system using the new package **debian-repro-status**,
-or visit `reproduce.debian.net <https://reproduce.debian.net/>`__
-for Debian's overall statistics for trixie and later.
-
-You can contribute to these efforts by joining ``#debian-reproducible`` on IRC
-to discuss fixes, or verify the statistics by installing the new **rebuilderd**
-package and setting up your own instance.
-```
-
-* statistics from [reproduce.debian.net](https://reproduce.debian.net) on July 30th 2025, roughly a week before the trixie release:
-
-trixie/all repro: 92.04% good: 30994 bad: 2681
-trixie/amd64 repro: 96.40% good: 33811 bad: 1264
-trixie/arm64 repro: 96.30% good: 33167 bad: 1274
-trixie/armel repro: 91.70% good: 28516 bad: 2581
-trixie/armhf repro: 94.46% good: 29803 bad: 1747
-trixie/i386 repro: 96.84% good: 32245 bad: 1051
-trixie/ppc64el repro: 89.50% good: 30323 bad: 3556
-trixie/riscv64 repro: 95.05% good: 30821 bad: 1604
-
-
-* [FIXME](https://blog.josefsson.org/2025/07/31/independently-reproducible-git-bundles/)
+* Robin Candau:
+
+ * [`netdata`](https://github.com/netdata/netdata/pull/20714)
+
+There were a number of other patches from [openSUSE](https://www.opensuse.org/) developers:
+
+* [`BCI-dockerfile-generator`](https://github.com/SUSE/BCI-dockerfile-generator/pull/2749) (Dirk Mueller)
+* [`agama`](https://github.com/agama-project/agama/pull/2528) (Imobach Gonzalez Sosa)
+* [`emacs`](https://build.opensuse.org/request/show/1292097) (Werner Fink)
+* [`firecracker`](https://github.com/firecracker-microvm/firecracker/pull/5298) (Andrea Manzini)
+* [`maven-archiver`](https://github.com/apache/maven-archiver/pull/273) (Fridrich Strba)
+* [`moditect`](https://github.com/moditect/moditect/pull/263) (Fridrich Strba)
+* [`obs-build`](https://github.com/openSUSE/obs-build/commit/e3812b225f8b6fb66301c8dbee9e5bf242939f8a) (Adrian Schroeter)
+* [`ovmf`](https://build.opensuse.org/request/show/1290620) (Richard Lyu)
+* [`python-rdflib`](https://build.opensuse.org/request/show/1291184) (Daniel Garcia)
+* [`python313:doc`](https://github.com/python/cpython/pull/136165) (Daniel Garcia)
+
+<br>
+<br>
+
+Finally, if you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
+
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
+
+ * Mastodon: [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
+
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
=====================================
images/reports/2025-07/debian.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/debian.png differ
=====================================
images/reports/2025-07/diffoscope.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/diffoscope.png differ
=====================================
images/reports/2025-07/fdroid.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/fdroid.png differ
=====================================
images/reports/2025-07/guix.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/guix.png differ
=====================================
images/reports/2025-07/never-mind-the-checkboxes-1.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-07/never-mind-the-checkboxes-1.jpg differ
=====================================
images/reports/2025-07/never-mind-the-checkboxes-2.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-07/never-mind-the-checkboxes-2.jpg differ
=====================================
images/reports/2025-07/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/opensuse.png differ
=====================================
images/reports/2025-07/oss-rebuild.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/oss-rebuild.png differ
=====================================
images/reports/2025-07/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/reproducible-builds.png differ
=====================================
images/reports/2025-07/summit.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-07/summit.jpg differ
=====================================
images/reports/2025-07/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/testframework.png differ
=====================================
images/reports/2025-07/website.png
=====================================
Binary files /dev/null and b/images/reports/2025-07/website.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/ccf8fd1bec574a0552b8c293fbbbea6aa0233f37
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/ccf8fd1bec574a0552b8c293fbbbea6aa0233f37
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250802/8359ef92/attachment.htm>
More information about the rb-commits
mailing list