[Git][reproducible-builds/reproducible-website][master] 2025-01: Initial draft
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Mon Feb 3 12:17:54 UTC 2025
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
1e8d2f5a by Chris Lamb at 2025-02-03T12:17:19+00:00
2025-01: Initial draft
- - - - -
10 changed files:
- _reports/2025-01.md
- + images/reports/2025-01/2025-MSR-reproducibility.png
- + images/reports/2025-01/debian.png
- + images/reports/2025-01/diffoscope.png
- + images/reports/2025-01/icse25_rb.png
- + images/reports/2025-01/opensuse.png
- + images/reports/2025-01/reproduce.png
- + images/reports/2025-01/reproducible-builds.png
- + images/reports/2025-01/testframework.png
- + images/reports/2025-01/website.png
Changes:
=====================================
_reports/2025-01.md
=====================================
@@ -6,51 +6,291 @@ title: "Reproducible Builds in January 2025"
draft: true
---
-* [FIXME](https://www.cs.cmu.edu/~ckaestne/pdf/icse25_rb.pdf)
+[![]({{ "/images/reports/2025-01/reproducible-builds.png#right" | relative_url }})]({{ "/" | relative_url }})
-* FIXME: Holger added https://arm64.reproduce.debian.net/ and https://armhf.reproduce.debian.net/ and https://riscv64.reproduce.debian.net/
+**Welcome to the first report in 2025 report from the [Reproducible Builds]({{ "/" | relative_url }}) project!**
-* FIXME https://freebsdfoundation.org/blog/zero-trust-builds-for-freebsd/
+Our monthly reports outline what we've been up to over the past month and highlight items of news from elsewhere in the world of software supply-chain security when relevant. As usual, though, if you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
-* FIXME https://github.com/freebsd/pkg/issues/2410 found with the help of https://tests.reproducible-builds.org/freebsd/
+<!--
-* [openSUSE monthly](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/PPDVJBF22DYFYI6BT7ONGHQLHUUJU7W3/)
+**Table of contents:**
+
+FIXME
+
+-->
+
+---
+
+### [*reproduce.debian.net*](https://reproduce.debian.net/)
+
+[![]({{ "/images/reports/2025-01/reproduce.png#right" | relative_url }})](https://reproduce.debian.net)
+
+The last few months saw the introduction of [*reproduce.debian.net*](https://reproduce.debian.net). Announced at the recent [Debian MiniDebConf in Toulouse](https://toulouse2024.mini.debconf.org/), *reproduce.debian.net* is an instance of [*rebuilderd*](https://github.com/kpcyrd/rebuilderd) operated by the Reproducible Builds project. Powering that is *rebuilderd*, our server designed monitor the official package repositories of Linux distributions and attempt to reproduce the observed results there.
+
+This month, however, we are pleased to announce that in addition to the existing [*amd64.reproduce.debian.net*](https://amd64.reproduce.debian.net) and [*i386.reproduce.debian.net*](https://i386.reproduce.debian.net) architecture-specific pages, we now build for a three more architectures (for a total of five) — [`arm64`](https://arm64.reproduce.debian.net/) [`armhf`](https://armhf.reproduce.debian.net/) and [`riscv64`](https://riscv64.reproduce.debian.net/).
+
+<br>
+
+### Two new academic papers
+
+[![]({{ "/images/reports/2025-01/icse25_rb.png#right" | relative_url }})](https://www.cs.cmu.edu/~ckaestne/pdf/icse25_rb.pdf)
+
+Giacomo Benedetti, Oreofe Solarin, Courtney Miller, Greg Tystahl, William Enck, Christian Kästner, Alexandros Kapravelos, Alessio Merlo and Luca Verderame published an interesting article recently. Titled [*An Empirical Study on Reproducible Packaging in Open-Source Ecosystem*](https://www.cs.cmu.edu/~ckaestne/pdf/icse25_rb.pdf), the abstract outlines its optimistic findings:
+
+> [We] identified that with relatively straightforward infrastructure configuration and patching of build tools, we can achieve very high rates of reproducible builds in all studied ecosystems. We conclude that if the ecosystems adopt our suggestions, the build process of published packages can be independently confirmed for nearly all packages without individual developer actions, and doing so will prevent significant future software supply chain attacks.
+
+The [entire PDF](https://www.cs.cmu.edu/~ckaestne/pdf/icse25_rb.pdf) is available online to view.
+
+<br>
+
+[![]({{ "/images/reports/2025-01/2025-MSR-reproducibility.png#right" | relative_url }})](https://hal.science/hal-04913007)
+
+In addition, Julien Malka, Stefano Zacchiroli and Théo Zimmermann of Télécom Paris’ in-house research laboratory, the [Information Processing and Communications Laboratory](https://www.telecom-paris.fr/en/research/labs/information-processing-ltci) (LTCI) published an article asking the question: [*Does Functional Package Management Enable Reproducible Builds at Scale?*](https://hal.science/hal-04913007).
+
+Answering strongly in the affirmative, the article's abstract reads as follows:
+
+> In this work, we perform the first large-scale study of bitwise reproducibility, in the context of the [Nix functional package manager](https://nixos.org/), rebuilding 709,816 packages from historical snapshots of the [`nixpkgs`](https://github.com/NixOS/nixpkgs) repository[. We] obtain very high bitwise reproducibility rates, between 69 and 91% with an upward trend, and even higher rebuildability rates, over 99%. We investigate unreproducibility causes, showing that about 15% of failures are due to embedded build dates. We release a novel dataset with all build statuses, logs, as well as full [*diffoscopes*](https://diffoscope.org/): recursive diffs of where unreproducible build artifacts differ.
+
+As above, the [entire PDF](https://hal.science/hal-04913007v1/file/2025-MSR-reproducibility.pdf) of the article is available to view online.
+
+<br>
+
+### Distribution work
+
+There as been the usual work in various distributions this month, such as:
+
+* [Arch Linux](https://archlinux.org/) developer *kpcyrd* has provided a [status report for January 2025](https://lists.reproducible-builds.org/pipermail/rb-general/2025-January/003641.html) related to [Arch's progress towards full reproducibility](https://reproducible.archlinux.org/). *kpcyrd* notes in particular progress towards to making a "minimal reproducible" image — that is, an Arch build containing only reproducible packages.
+
+[![]({{ "/images/reports/2025-01/debian.png#right" | relative_url }})](https://debian.org/)
+
+* 10+ reviews of Debian packages were added, 11 were updated and 10 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). A number of issue types were updated also.
+
+* The [FreeBSD](https://www.freebsd.org/) Foundation announced that "a planned project to deliver zero-trust builds has begun in January 2025". Supported by the [Sovereign Tech Agency](https://www.sovereign.tech/), this project is centered on the various build processes, and that the "primary goal of this work is to enable the entire release process to run without requiring root access, and that build artifacts build reproducibly – that is, that a third party can build bit-for-bit identical artifacts." The [full announcement](https://freebsdfoundation.org/blog/zero-trust-builds-for-freebsd/) can be found online, which includes an estimated schedule and other details.
+
+[![]({{ "/images/reports/2025-01/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+* Finally, for openSUSE, Bernhard M. Wiedemann [published another report](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/PPDVJBF22DYFYI6BT7ONGHQLHUUJU7W3/) for that distribution.
+
+<br>
+
+### On our mailing list…
+
+On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) this month:
+
+* Following-up to a substantial amount of previous work pertaining the [Sphinx](https://www.sphinx-doc.org/en/master/) documentation generator, [James Addison asked a question](https://lists.reproducible-builds.org/pipermail/rb-general/2025-January/003623.html) pertaining to the relationship between [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch/) environment variable and testing that generated a number of replies.
+
+* Adithya Balakumar of Toshiba asked a question about whether it is possible to make [`ext4`](https://en.wikipedia.org/wiki/Ext4) filesystem images reproducible. Adithya's issue is that even the smallest amount of post-processing of the filesystem results in the modification of the "Last mount" and "Last write" timestamps.
+
+* James Addison also [investigated an interesting issue](https://lists.reproducible-builds.org/pipermail/rb-general/2025-January/003637.html) surrounding our [*disorderfs*](https://salsa.debian.org/reproducible-builds/disorderfs) filesystem. In particular:
+
+ > [FUSE (Filesystem in USErspace)](https://en.wikipedia.org/wiki/Filesystem_in_Userspace) filesystems such as *disorderfs* do not delete files from the underlying filesystem when they are deleted from the overlay. This can cause seemingly straightforward tests — for example, cases that expect directory contents to be empty after deletion is requested for all files listed within them — to fail.
+
+<br>
+
+
+### Upstream patches
+
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
* Bernhard M. Wiedemann:
- * [`netrek-client-cow`](https://build.opensuse.org/request/show/1234274) (date)
- * [`nethack`](https://build.opensuse.org/request/show/1234705) (race)
- * [`perl-libconfigfile`](https://build.opensuse.org/request/show/1236852) (race)
+
* [`Komikku`](https://build.opensuse.org/request/show/1238506) (nocheck)
- * [`nvidia-modprobe`](https://build.opensuse.org/request/show/1239739) (date)
- * [`nvidia-persistenced`](https://build.opensuse.org/request/show/1239742) (date)
+ * [`abseil-cpp`](https://bugzilla.opensuse.org/show_bug.cgi?id=1235867) (race)
+ * [`dunst`](https://github.com/dunst-project/dunst/pull/1435) (date)
* [`eclipse-egit`](https://build.opensuse.org/request/show/1239889) (jar-mtime minor)
- * [`python-Django4`](https://build.opensuse.org/request/show/1240318) (FTBFS-2038)
+ * [`exaile`](https://github.com/exaile/exaile/pull/956) (race)
* [`gawk`](https://build.opensuse.org/request/show/1240443) (bug)
- * [`joker`](https://build.opensuse.org/request/show/1240514) (sort)
- * [`qore-ssh2-module`](https://build.opensuse.org/request/show/1240681) (GIGO-bug)
- * [`libchardet`](https://build.opensuse.org/request/show/1240682) (GIGO-bug)
- * [`abseil-cpp`](https://bugzilla.opensuse.org/show_bug.cgi?id=1235867) (race)
- * [`obs-build`](https://github.com/openSUSE/obs-build/pull/1047) (toolchain bug, mis-parses changelog)
- * [`zig`](https://github.com/ziglang/zig/issues/22663) (CPU, toolchain, affecting: zls, river, stacktile, waylock, wayprompt)
* [`gimp3`](https://gitlab.gnome.org/GNOME/gimp-data/-/issues/7) (png date)
+ * [`intel`](https://github.com/intel/intel-graphics-compiler/issues/359) ([ASLR](https://en.wikipedia.org/wiki/Address_space_layout_randomization))
+ * [`ioquake3`](https://github.com/ioquake/ioq3/pull/704) (`debugsource` contains date and time)
+ * [`joker`](https://build.opensuse.org/request/show/1240514) (sort)
+ * [`libchardet`](https://build.opensuse.org/request/show/1240682)
* [`llama.cpp`](https://github.com/ggerganov/llama.cpp/issues/11306) (random)
- * [`llama.cpp`](https://github.com/ggerganov/llama.cpp/pull/11366) (CPU march=native)
- * [`intel`](https://github.com/intel/intel-graphics-compiler/issues/359) (ASLR)
- * [`dunst`](https://github.com/dunst-project/dunst/pull/1435) (date)
- * [`exaile`](https://github.com/exaile/exaile/pull/956) (race)
+ * [`llama.cpp`](https://github.com/ggerganov/llama.cpp/pull/11366) (`-march=native`-related issue)
+ * [`nethack`](https://build.opensuse.org/request/show/1234705) (race)
+ * [`netrek-client-cow`](https://build.opensuse.org/request/show/1234274) (date)
+ * [`nvidia-modprobe`](https://build.opensuse.org/request/show/1239739) (date)
+ * [`nvidia-persistenced`](https://build.opensuse.org/request/show/1239742) (date)
+ * [`obs-build`](https://github.com/openSUSE/obs-build/pull/1047) (toolchain bug, mis-parses changelog)
+ * [`perl-libconfigfile`](https://build.opensuse.org/request/show/1236852) (race)
* [`pgvector`](https://github.com/pgvector/pgvector/pull/764) (CPU)
- * [`ioquake3`](https://github.com/ioquake/ioq3/pull/704) (debugsource contains date+time)
+ * [`python-Django4`](https://build.opensuse.org/request/show/1240318) (FTBFS-2038)
* [`python-python-datamatrix`](https://bugzilla.opensuse.org/show_bug.cgi?id=1236437) (FTBFS)
- * [`rpm`](https://github.com/rpm-software-management/rpm/discussions/3547) (UID in cpio header from rpmbuild )
+ * [`qore-ssh2-module`](https://build.opensuse.org/request/show/1240681) (GIGO-bug)
+ * [`rpm`](https://github.com/rpm-software-management/rpm/discussions/3547) (UID in `cpio` header from `rpmbuild`)
+ * [`zig`](https://github.com/ziglang/zig/issues/22663) (CPU-related issue)
+
+* Chris Lamb:
+
+ * [#1092251](https://bugs.debian.org/1092251) filed against [`kmetronome`](https://tracker.debian.org/pkg/kmetronome).
+ * [#1092917](https://bugs.debian.org/1092917) filed against [`rust-xh`](https://tracker.debian.org/pkg/rust-xh).
+ * [#1093198](https://bugs.debian.org/1093198) filed against [`parser`](https://tracker.debian.org/pkg/parser).
+ * [#1093199](https://bugs.debian.org/1093199) filed against [`parser`](https://tracker.debian.org/pkg/parser).
+ * [#1093201](https://bugs.debian.org/1093201) filed against [`rsync`](https://tracker.debian.org/pkg/rsync).
+ * [#1094611](https://bugs.debian.org/1094611) filed against [`wasistlos`](https://tracker.debian.org/pkg/wasistlos).
* Egbert Eich:
+
* [`apptainer`](https://github.com/apptainer/apptainer/pull/2699) (randomness)
- * [`spack`](https://build.opensuse.org/request/show/1235522) (core-count+date)
+ * [`spack`](https://build.opensuse.org/request/show/1235522) (core-count and date)
* Valentin Lefebvre:
+
* [`uki-tool`](https://build.opensuse.org/request/show/1234742) (toolchain)
* Marvin Friedrich:
+
* [`cargo-packaging/rusty_v8`](https://build.opensuse.org/request/show/1235463) ([upstream](https://github.com/openSUSE-Rust/cargo-packaging/pull/10) toolchain [bugfix](https://bugzilla.opensuse.org/show_bug.cgi?id=1231548))
-* [FIXME](https://hal.science/hal-04913007v1/file/2025-MSR-reproducibility.pdf)
+* James Addison:
+
+ * [#1092870](https://bugs.debian.org/1092870) filed against [`binutils`](https://tracker.debian.org/pkg/binutils).
+
+<br>
+
+### [*diffoscope*](https://diffoscope.org)
+
+[![]({{ "/images/reports/2025-01/diffoscope.png#right" | relative_url }})](https://diffoscope.org/)
+
+[diffoscope](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions `285`, `286` and `287` to Debian:
+
+* Security fixes:
+
+ * Validate the `--css` command-line argument to prevent a potential [Cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) (XSS) attack. Thanks to Daniel Schmidt from SRLabs for the report. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a36ee4eb)]
+ * Prevent XML entity expansion attacks. Thanks to Florian Wilkens from SRLabs for the report.. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/889597c9)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c8cd8ee4)]
+ * Print a warning if we have disabled XML comparisons due to a potentially vulnerable version of `pyexpat`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/53ac5370)]
+
+* Bug fixes:
+
+ * Correctly identify changes to only the line-endings of files; don't mark them as *Ordering differences only*. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2236701a)]
+ * When passing files on the command line, don't call `specialize(…)` before we've checked that the files are identical or not. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5b187ad5)]
+ * Do not exit with a traceback if paths are inaccessible, either directly, via symbolic links or within a directory. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a5486ebd)]
+ * Don't cause a traceback if `cbfstool` extraction failed.. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e2c21172)]
+ * Use the `surrogateescape` mechanism to avoid a `UnicodeDecodeError` and crash when any decoding `zipinfo` output that is not UTF-8 compliant. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9a0faeed)]
+
+* Testsuite improvements:
+
+ * Don't mangle newlines when opening test fixtures; we want them untouched. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9fa3171f)]
+ * Move to `assert_diff` in `test_text.py`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e20a5055)]
+
+* Misc improvements:
+
+ * Drop unused subprocess imports. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/5f3df08f)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/28a9d61f)]
+ * Drop an unused function in `iso9600.py`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/061514a1)]
+ * Inline a call and check of `Config().force_details`; no need for an additional variable in this particular method. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d4fb5f17)]
+ * Remove an unnecessary return value from the `Difference.check_for_ordering_differences` method. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f9aced5c)]
+ * Remove unused logging facility from a few comparators. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2836c788)]
+ * Update copyright years. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/82467745)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/2343ac8f)]
+
+In addition, fridtjof added support for the [ASAR](https://github.com/electron/asar) `.tar`-like archive format. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9b426d27)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/92a2e60e)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/b8b99410)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/01f0189b)]
+
+<br>
+
+[*strip-nondeterminism*](https://salsa.debian.org/reproducible-builds/strip-nondeterminism) is our sister tool to remove specific non-deterministic results from a completed build. This month version `1.14.1-1` was [uploaded to Debian unstable](https://tracker.debian.org/news/1607484/accepted-strip-nondeterminism-1141-1-source-into-unstable/) by Chris Lamb, making the following the changes:
+
+* Clarify the `--verbose` and non `--verbose` output of `bin/strip-nondeterminism` so we don't imply we are normalizing files that we are not. [[…](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/17a5bed)]
+* Bump Standards-Version to 4.7.0. [[…](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/b9e5fcb)]
+
+<br>
+
+### Website updates
+
+[![]({{ "/images/reports/2025-01/website.png#right" | relative_url }})]({{ "/" | relative_url }})
+
+There were a large number of improvements made to our website this month, including:
+
+* Arnout Engelen:
+
+ * Update the link to [NixOS' reproducibility-related issue template](https://github.com/NixOS/nixpkgs/issues/new?template=10_unreproducible_package.yml) on the [NixOS-specific contribute page]({{ "/contribute/nixos/" | relative_url }}) [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2f3a8adf)] and remove an outdated link. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/791c3bec)]
+
+* Holger Levsen:
+
+ * Check, deduplicate, update and generally cleanup a number of presentations linked on our [*Talks & Resources*]({{ "/resources/" | relative_url }}) page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2282c7bb)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9c9e6a0b)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5a3582e0)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/439f6234)]
+
+* James Addison:
+
+ * Add some file permissions hints and guidance on the [*Archive metadata*]({{ "/docs/archives/" | relative_url }}) page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/35ed63bc)]
+
+* Michael R. Crusoe:
+
+ * Add an [R](https://en.wikipedia.org/wiki/R_(programming_language)) example to the [`SOURCE_DATE_EPOCH` documentation]({{ "/docs/source-date-epoch/" | relative_url }}). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2d425f72)]
+ * Update the website's [`README`](https://salsa.debian.org/reproducible-builds/reproducible-website#readme) to make the setup command copy & paste friendly. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4cbc0195)]
+
+<br>
+
+### Reproducibility testing framework
+
+[![]({{ "/images/reports/2025-01/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+
+The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In January, a number of changes were made by Holger Levsen, including:
+
+* [*reproduce.debian.net*](https://reproduce.debian.net)-related:
+
+ * **Add support for rebuilding the `armhf` architecture**. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/9cfe1429a)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6a101d8b5)]
+ * **Add support for rebuilding the `arm64` architecture**. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2da411c81)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/619b476e5)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/412559291)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/89f472e34)]
+ * **Add support for rebuilding the `riscv64` architecture**. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6f78d2dac)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6abdc5f61)]
+ * Move the `i386` builder to the `osuosl5` node. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b4b78f803)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c547e8fb7)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/97552fbae)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c03f53db8)]
+ * Don't run our rebuilders on a public port. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c1c34d03a)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/8a2b0507c)]
+ * Add database backups on all builders and add links. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5e4605e9b)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c673acf32)]
+ * Rework and dramatically improve the statistics collection and generation. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/8fc2409ce)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bb79085d4)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/38d5f77ef)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/816dd47ae)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4b88bc73e)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/61f2f9a7e)]
+ * Add contact info to the [main page](https://reproduce.debian.net) [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ef2a8456c)], thumbnails [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a7b01e978)] as well as the new, missing architectures. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d46b1b0ba)]
+ * Move the `amd64` worker to the `osuosl4` and node. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e2ab2a608)]
+ * Run the underlying `debrebuild` script under [`nice`](https://en.wikipedia.org/wiki/Nice_(Unix)). [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6b10da810)]
+ * Try to use `TMPDIR` when calling `debrebuild`. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ce8f11462)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6e512cd04)]
+
+* [*buildinfos.debian.net*](https://buildinfos.debian.net/)-related:
+
+ * Stop creating `buildinfo-pool_${suite}_${arch}.list` files. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/43111425b)]
+ * Temporarily disable automatic updates of pool links. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/730869a41)]
+
+* [FreeBSD](https://www.freebsd.org/)-related:
+
+ * Fix the `sudoers` to actually permit builds. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e6e206c61)]
+ * Disable debug output for FreeBSD rebuilding jobs. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/275c545ff)]
+ * Upgrade to FreeBSD 14.2 [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/0a1a6f9f4)] and document that `bmake` was installed on the underlying FreeBSD virtual machine image [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/572110855)].
+
+* Misc:
+
+ * Update the 'real' year to 2025. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/38492eca6)]
+ * Don't try to install a Debian *bookworm* kernel from 'backports' on the `infom08` node which is running Debian *trixie*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6cbac8da4)]
+ * Don't warn about system updates for systems running Debian *testing*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/154a6b4cb)]
+ * Fix a typo in the `ZOMBIES` definition. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a000d82d1)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5cffecd97)]
+
+In addition:
+
+* Ed Maste modified the [FreeBSD](https://www.freebsd.org/) build system to the clean the object directory before commencing a build. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f0497b83a)]
+
+* Gioele Barabucci updated the rebuilder stats to first add a category for network errors [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c67beb170)] as well as to categorise failures without a [*diffoscope*](https://diffoscope.org) log [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/05c2495fa)].
+
+* Jessica Clarke also made some [FreeBSD](https://www.freebsd.org/)-related changes, including:
+
+ * Ensuring we clean up the object directory for second build as well. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/08542a237)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/9741a36b0)]
+ * Updating the `sudoers` for the relevant `rm -rf` command. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/0b246f80e)]
+ * Update the `cleanup_tmpdirs` method to to match other removals. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/259366b4e)]
+
+* Jochen Sprickerhof:
+
+ * Fix logic for old files saved on [*buildinfos.debian.net*](https://buildinfos.debian.net/). [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/554b65a01)]
+ * Rework and simplify the generation of statistics linked from [*reproduce.debian.net*](https://reproduce.debian.net). [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/293129600)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/9b2d37718)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d6934d2a5)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/54cdd5ac8)]
+
+* Roland Clobus:
+
+ * Update the `reproducible_debstrap` job to call Debian's `debootstrap` with the full path [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/43cf9ff6a)] and to use `eatmydata` as well [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/8d3c7dc56)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/df5091791)].
+ * Make some changes to deduce the CPU load in the `debian_live_build` job. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/253bfa5e1)]
+
+Lastly, both Holger Levsen [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/9170361b4)] and Vagrant Cascadian [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/665bd43de)] performed some node maintenance.
+
+
+<br>
+
+If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website. However, you can get in touch with us via:
+
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
+
+ * Mastodon: [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
+
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
+
+ * Twitter: [@ReproBuilds](https://twitter.com/ReproBuilds)
+
=====================================
images/reports/2025-01/2025-MSR-reproducibility.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/2025-MSR-reproducibility.png differ
=====================================
images/reports/2025-01/debian.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/debian.png differ
=====================================
images/reports/2025-01/diffoscope.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/diffoscope.png differ
=====================================
images/reports/2025-01/icse25_rb.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/icse25_rb.png differ
=====================================
images/reports/2025-01/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/opensuse.png differ
=====================================
images/reports/2025-01/reproduce.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/reproduce.png differ
=====================================
images/reports/2025-01/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/reproducible-builds.png differ
=====================================
images/reports/2025-01/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/testframework.png differ
=====================================
images/reports/2025-01/website.png
=====================================
Binary files /dev/null and b/images/reports/2025-01/website.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/1e8d2f5a9262b927bdae166aad1a965599a54336
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/1e8d2f5a9262b927bdae166aad1a965599a54336
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250203/9d2c518f/attachment.htm>
More information about the rb-commits
mailing list