[Git][reproducible-builds/reproducible-website][master] 2025-02: Initial draft
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Mon Mar 3 18:08:06 UTC 2025
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
85147733 by Chris Lamb at 2025-03-03T18:06:46+00:00
2025-02: Initial draft
- - - - -
12 changed files:
- _reports/2025-02.md
- + images/reports/2025-02/debian.png
- + images/reports/2025-02/diffoscope.png
- + images/reports/2025-02/fosdem-4072.png
- + images/reports/2025-02/fosdem-5897.png
- + images/reports/2025-02/fosdem-6479.png
- + images/reports/2025-02/fosdem.jpeg
- + images/reports/2025-02/opensuse.png
- + images/reports/2025-02/reproduce.png
- + images/reports/2025-02/reproducible-builds.png
- + images/reports/2025-02/testframework.png
- + images/reports/2025-02/website.png
Changes:
=====================================
_reports/2025-02.md
=====================================
@@ -6,121 +6,274 @@ title: "Reproducible Builds in February 2025"
draft: true
---
-* [FIXME](https://social.treehouse.systems/@marcan/113914172433692339)
+[![]({{ "/images/reports/2025-02/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
-* FIXME: FOSDEM2025
- * https://fosdem.org/2025/schedule/event/fosdem-2025-6479-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds/
- * [slides](https://reproducible-builds.org/_lfs/presentations/2025-02-02-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds/)
- * [video](https://video.fosdem.org/2025/h1302/fosdem-2025-6479-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds.av1.webm)
- * https://fosdem.org/2025/schedule/event/fosdem-2025-4430-how-reproducible-is-nixos-/
- * https://fosdem.org/2025/schedule/event/fosdem-2025-4072-rewriting-pyc-files-for-fun-and-reproducibility//
- * https://fosdem.org/2025/schedule/event/fosdem-2025-5897-guix-software-heritage-source-code-archiving-to-the-rescue-of-reproducible-deployment/
+**Welcome to the second report in 2025 from the [Reproducible Builds]({{ "/" | relative_url }}) project.** Our monthly reports outline what we've been up to over the past month, and highlight items of news from elsewhere in the increasingly-important area of software supply-chain security. As usual, however, if you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
-* [FIXME](https://github.com/kpcyrd/rebuilderd/pull/167) experimental Fedora support in rebuilderd
+<!--
-### Distribution work
+**Table of contents:**
-* [Arch Linux](https://archlinux.org/) has had a push to make [core] more reproducible, perl, curl and pam where fixed, see links below.
-
-* Jelle van der Waa picked up the existing [pull request for Fedora support in rebuilderd](https://github.com/kpcyrd/rebuilderd/pull/141) and made it work with the existing [koji rebuilderd script](https://github.com/keszybz/fedora-repro-build). Rebuilderd is getting packaged for Fedora in an unofficial [copr repository](https://copr.fedorainfracloud.org/coprs/jelly/rebuilderd/packages/) and in the official repositories after all the dependencies are packaged.
-
-* [FIXME](https://news.ycombinator.com/item?id=42982270)
-
-* r.d.n, Holger did:
- * [FIXME: amd64.r.d.n split into amd64 and all.reproduce.debian.net](https://all.reproduce.debian.net/)
- * we build on 4 riscv64 nodes now.
- * ionos17-amd64 was added thanks to our 10 year sponsor [IONOS](https://ionos.com) to build arch:all for r.d.n
- * $arch.r.d.n was moved to r.d.n/$arch
- * we thus found this problem which Holger filed as [FIXME: #1096129 buildd.d.o: some build-depends from incoming.d.o don't end up on snapshot.d.o](https://bugs.debian.org/1096129)
- * FIXME, src:devscripts changes in February relevant to r-b:
- devscripts (2.25.2) unstable; urgency=medium
- [ Jochen Sprickerhof ]
- * debrebuild: relax Rules-Requires-Root detection.
- devscripts (2.25.3) unstable; urgency=medium
- [ Jochen Sprickerhof ]
- * debrebuild: use $build_as_root_when_needed.
- devscripts (2.25.5) unstable; urgency=medium
- [ Jochen Sprickerhof ]
- * debrebuild: Don't set Rules-Requires-Root with new dpkg (>=1.22.13).
- * FIXME, src:sbuild changes in February, relevant to r-b:
- sbuild (0.88.4) unstable; urgency=medium
- [ Jochen Sprickerhof ]
- * Obey $TMPDIR for unshare_tmpdir_template
- * Use root for Rules-Requires-Root: binary-targets
- (enable with $build_as_root_when_needed = 1)
- sbuild (0.88.3) unstable; urgency=medium
- [ Jochen Sprickerhof ]
- * Don't pass --root-owner-group to old dpkg
- * [FIXME: #1096112 several binNMUs for bugs found on reproduce.debian.net](https://bugs.debian.org/1096112) plus in January already, but not mentioned in the report:
- * #1092482
- * #1093902
- * filed by Jochen in coordination with Holger amounting in several hundreds of binNMUs to force rebuilds with newer toolchains.
- * all these changes brought us from 86% of the packages reproduced (at FOSDEM time) to 92% for arch:amd64 today.
- * as part of this Holger also uploaded a bunch of rust crates to Debian NEW, which kpcyrd has prepared. These are all (build) depends of rebuilderd:
- rust-libbz2-rs-sys_0.1.3-1
- rust-actix-web_4.9.0-1
- rust-actix-server_2.5.0-1
- rust-actix-http_3.9.0-1
- rust-actix-server_2.5.0-1
- rust-actix-http_3.9.0-1
- rust-actix-web-codegen_4.3.0-1
- rust-time-tz_2.0.0-1
- Many thanks for the Debian FTP team for processing these so quickly!
-
-* [R-B-OS news](https://news.opensuse.org/2025/02/18/rbos-project-hits-milestone/)
-
-* [openSUSE monthly](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3VT2UY7YUIM3AP3XIQAYO32VT7KZ7FBK/)
+-->
+
+---
+
+### Reproducible Builds at FOSDEM 2025
+
+[![]({{ "/images/reports/2025-02/fosdem.jpeg#right" | relative_url }})](https://fosdem.org/2025/)
+
+Similar to last year's event, there was considerable activity regarding Reproducible Builds at [FOSDEM 2025](https://fosdem.org/2025/), held on on 1st and 2nd February this year in Brussels, Belgium. We count at least **four** talks related to reproducible builds. (You can also [read our news report from last year's event]({{ "/news/2024/02/08/reproducible-builds-at-fosdem-2024/" | relative_url }}) in which Holger Levsen presented in the main track.)
+
+<br>
+
+[![]({{ "/images/reports/2025-02/fosdem-6479.png#right" | relative_url }})](https://fosdem.org/2025/schedule/event/fosdem-2025-6479-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds/)
+
+Jelle van der Waa, Holger Levsen and *kpcyrd* presented in the *Distributions* track on [*A Tale of several distros joining forces for a common goal*](https://fosdem.org/2025/schedule/event/fosdem-2025-6479-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds/). In this talk, three developers from two different Linux distributions (Arch Linux and Debian), discuss this goal — which is, of course, reproducible builds. The presenters discuss both what is shared and different between the two efforts, touching on the history and future challenges alike. The [slides of this talk](https://reproducible-builds.org/_lfs/presentations/2025-02-02-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds/) are available to view, as is the [full video](https://video.fosdem.org/2025/h1302/fosdem-2025-6479-a-tale-of-several-distros-joining-forces-for-a-common-goal-reproducible-builds.av1.webm) (30m02s). The talk was also [discussed on Hacker News](https://news.ycombinator.com/item?id=42982270).
+
+<br>
+
+[![]({{ "/images/reports/2025-02/fosdem-4072.png#right" | relative_url }})](https://fosdem.org/2025/schedule/event/fosdem-2025-4072-rewriting-pyc-files-for-fun-and-reproducibility/)
+
+Zbigniew Jędrzejewski-Szmek presented in the ever-popular *Python* track a on [*Rewriting `.pyc` files for fun and reproducibility*](https://fosdem.org/2025/schedule/event/fosdem-2025-4072-rewriting-pyc-files-for-fun-and-reproducibility//), i.e. the bytecode files generated by Python in order to speed up module imports: "It's been known for a while that those are not reproducible: on different architectures, the bytecode for exactly the same sources ends up slightly different." The [slides of this talk](https://fosdem.org/2025/events/attachments/fosdem-2025-4072-rewriting-pyc-files-for-fun-and-reproducibility/slides/238866/rewriting_V75oWEe.pdf) are available, as is the [full video](https://fosdem.org/2025/schedule/event/fosdem-2025-4072-rewriting-pyc-files-for-fun-and-reproducibility/) (28m32s).
+
+<br>
+
+In the *Nix and NixOS* track, Julien Malka presented on the Saturday asking [*How reproducible is NixOS*](https://fosdem.org/2025/schedule/event/fosdem-2025-4430-how-reproducible-is-nixos-/): "We know that the NixOS ISO image is very close to be perfectly reproducible thanks to [reproducible.nixos.org](https://reproducible.nixos.org/), but there doesn't exist any monitoring of Nixpkgs as a whole. In this talk I'll present the findings of a project that evaluated the reproducibility of Nixpkgs as a whole by mass rebuilding packages from revisions between 2017 and 2023 and comparing the results with the NixOS cache." Unfortunately, no video of the talk is available.
+
+<br>
+
+[![]({{ "/images/reports/2025-02/fosdem-5897.png#right" | relative_url }})](https://fosdem.org/2025/schedule/event/fosdem-2025-5897-guix-software-heritage-source-code-archiving-to-the-rescue-of-reproducible-deployment/)
+
+Lastly, Simon Tournier presented in the *Open Research* track on the confluence of [GNU Guix](https://guix.gnu.org/) and [Software Heritage](https://www.softwareheritage.org/): [*Source Code Archiving to the Rescue of Reproducible Deployment*](https://fosdem.org/2025/schedule/event/fosdem-2025-5897-guix-software-heritage-source-code-archiving-to-the-rescue-of-reproducible-deployment/). Simon's talk "describes design and implementation we came up and reports on the archival coverage for package source code with data collected over five years. It opens to some remaining challenges toward a better open and reproducible research." The [slides for the talk](https://fosdem.org/2025/events/attachments/fosdem-2025-5897-guix-software-heritage-source-code-archiving-to-the-rescue-of-reproducible-deployment/slides/237921/FOSDEM25-_lctdtLk.pdf) are available, as is [the full video](https://fosdem.org/2025/schedule/event/fosdem-2025-5897-guix-software-heritage-source-code-archiving-to-the-rescue-of-reproducible-deployment/) (23m17s).
+
+<br>
+
+### *"Does Functional Package Management Enable Reproducible Builds at Scale?"*
+
+On [our mailing list](https://lists.reproducible-builds.org/listinfo/rb-general/) last month, Julien Malka, Stefano Zacchiroli and Théo Zimmermann of Télécom Paris’ in-house research laboratory, the [Information Processing and Communications Laboratory](https://www.telecom-paris.fr/en/research/labs/information-processing-ltci) (LTCI) announced that they had published an article asking the question: [*Does Functional Package Management Enable Reproducible Builds at Scale?*](https://hal.science/hal-04913007) ([PDF](https://hal.science/hal-04913007v1/file/2025-MSR-reproducibility.pdf)).
+
+This month, however, Ludovic Courtès followed up to the [original announcement on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2025-January/003653.html) mentioning, amongst other things, the [Guix Data Service](https://data.guix.gnu.org/) and how that it shows the reproducibility of [GNU Guix](https://guix.gnu.org/) over time, as [described in a GNU Guix blog](https://guix.gnu.org/en/blog/2024/adventures-on-the-quest-for-long-term-reproducible-deployment/) back in March 2024.
+
+<br>
+
+### [*reproduce.debian.net*](https://reproduce.debian.net/) updates
+
+[![]({{ "/images/reports/2025-02/reproduce.png#right" | relative_url }})](https://reproduce.debian.net)
+
+The last few months have seen the introduction of [*reproduce.debian.net*](https://reproduce.debian.net). Announced first at the recent [Debian MiniDebConf in Toulouse](https://toulouse2024.mini.debconf.org/), *reproduce.debian.net* is an instance of [*rebuilderd*](https://github.com/kpcyrd/rebuilderd) operated by the Reproducible Builds project.
+
+Powering this work is *rebuilderd*, our server which monitors the official package repositories of Linux distributions and attempt to reproduce the observed results there. This month, however, Holger Levsen:
+
+* Split packages that are not specific to any architecture away from *amd64.reproducible.debian.net* service into a new [*all.reproducible.debian.net*](https://all.reproduce.debian.net/) page.
+
+* Increased the number of `riscv64` nodes to a total of 4, and added a new `amd64` node added thanks to our (now 10-year sponsor), [IONOS](https://ionos.com).
+
+* Discovered an issue in the [Debian build service](https://buildd.debian.org/) where [some new 'incoming' build-dependencies do not end up historically archived](https://bugs.debian.org/1096129).
+
+* Uploaded the [`devscripts`](https://salsa.debian.org/debian/devscripts) package, incorporating changes from Jochen Sprickerhof to the `debrebuild` script — specifically to fix the handling the `Rules-Requires-Root` header in Debian source packages.
+
+* Uploaded a number of Rust dependencies of *rebuilderd* (`rust-libbz2-rs-sys`, `rust-actix-web`, `rust-actix-server`, `rust-actix-http`, `rust-actix-server`, `rust-actix-http`, `rust-actix-web-codegen` and `rust-time-tz`) after they were prepared by *kpcyrd* :
+
+Jochen Sprickerhof also updated the `sbuild` package to:
+
+* Obey requests from the user/developer for a different temporary directory.
+* Use the root/superuser for some values of `Rules-Requires-Root`.
+* Don't pass `--root-owner-group` to old versions of [dpkg](https://wiki.debian.org/Teams/Dpkg).
+
+… and additionally requested that many Debian packages are [rebuilt by the build servers](https://wiki.debian.org/binNMU) in order to work around bugs found on [*reproduce.debian.net*](https://reproduce.debian.net/). [[…](https://bugs.debian.org/1096112)][[[…](https://bugs.debian.org/1092482)][[…](https://bugs.debian.org/1093902)]
+
+<br>
+
+Lastly, *kpcyrd* has also worked towards getting [*rebuilderd* packaged in NixOS](https://github.com/NixOS/nixpkgs/pull/343334), and Jelle van der Waa picked up the existing [pull request for Fedora support within in *rebuilderd*](https://github.com/kpcyrd/rebuilderd/pull/141) and made it work with the [existing Koji *rebuilderd* script](https://github.com/keszybz/fedora-repro-build). The server is being packaged for Fedora in an unofficial ['copr' repository](https://copr.fedorainfracloud.org/coprs/jelly/rebuilderd/packages/) and in the official repositories after all the dependencies are packaged.
+
+<br>
+
+### Upstream patches
+
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
-* Bernhard M. Wiedemann:
- * [`hdf5`](https://build.opensuse.org/request/show/1242841) (date+hostname (debuginfo))
- * [`ghostscript`](https://build.opensuse.org/request/show/1243016) (date, toolchain)
- * [`uhd`](https://build.opensuse.org/request/show/1243555) (date in debugsource)
- * [`nlopt`](https://build.opensuse.org/request/show/1244447) (jar mtime)
- * [`lkl`](https://build.opensuse.org/request/show/1247659) (date+hostname)
- * [`palo`](https://build.opensuse.org/request/show/1247180) (date)
- * [`python-numpy`](https://build.opensuse.org/request/show/1245435) (.pyc RECORD)
- * [`nushell`](https://build.opensuse.org/request/show/1247347) (random rust HashSet)
- * [`sequoia`](https://gitlab.com/sequoia-pgp/sequoia-sq/-/merge_requests/554) (FTBFS-2026-01-31)
- * [`sequoia`](https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/535) (FTBFS-2026-10-05)
- * [`khal`](https://github.com/pimutils/khal/pull/1390) (FTBFS-2038)
- * [`aioquic`](https://github.com/aiortc/aioquic/issues/557) (FTBFS-2028)
- * [`schismtracker`](https://src.opensuse.org/jengelh/schismtracker/pulls/1) (date/mtime)
- * [`gputils/sdcc`](https://sourceforge.net/p/gputils/bugs/328/) (toolchain, date)
- * [`difftastic`](https://github.com/Wilfred/difftastic/pull/813) (race (rust))
- * [`zig`](https://github.com/ziglang/zig/issues/22839) (report ASLR in debuginfo)
- * [`html5ever`](https://github.com/servo/html5ever/issues/573) ([fixed](https://github.com/servo/string-cache/pull/290) random rust HashSet order)
- * [`xmlgraphics-fop`](https://bugzilla.opensuse.org/show_bug.cgi?id=1237094) (date+random)
- * [`neovim`](https://github.com/neovim/neovim/issues/32429) (FTBFS-2038)
- * [`wsjtx`](https://sourceforge.net/p/wsjt/wsjtx/merge-requests/20/) (gzip mtime)
- * [`built`](https://github.com/lukaslueg/built/issues/80) (yazi toolchain, parallelism/core-count)
- * [`tvm`](https://bugzilla.opensuse.org/show_bug.cgi?id=1237607) (verification issue in debuginfo)
-* Wolfgang Frisch:
- * [`bcc`](https://build.opensuse.org/request/show/1245248) (tell lua to be deterministic)
- * [`crash`](https://github.com/crash-utility/crash/pull/200) (Makefile race)
* Andrea Manzini:
- * [`rust-i8n`](https://github.com/longbridge/rust-i18n/pull/104) (random rust HashMap order)
- * [`starship/shadow`](https://github.com/starship/starship/issues/6599) (date, toolchain)
-* Christian Goll:
- * [`warewulf4`](https://build.opensuse.org/request/show/1248768) (embedded CPU-core count)
+
+ * [`rust-i8n`](https://github.com/longbridge/rust-i18n/pull/104) (random `HashMap` order)
+ * [`starship/shadow`](https://github.com/starship/starship/issues/6599)
+
* Andreas Stieger:
- * [`tucnak`](https://build.opensuse.org/request/show/1247238) ([bug](https://bugzilla.opensuse.org/show_bug.cgi?id=1237211), parallelism-race)
+
+ * [`tucnak`](https://build.opensuse.org/request/show/1247238)
+
+* Bernhard M. Wiedemann:
+
+ * [`aioquic`](https://github.com/aiortc/aioquic/issues/557)
+ * [`built`](https://github.com/lukaslueg/built/issues/80)
+ * [`difftastic`](https://github.com/Wilfred/difftastic/pull/813)
+ * [`ghostscript`](https://build.opensuse.org/request/show/1243016)
+ * [`gputils/sdcc`](https://sourceforge.net/p/gputils/bugs/328/)
+ * [`hdf5`](https://build.opensuse.org/request/show/1242841)
+ * [`html5ever`](https://github.com/servo/html5ever/issues/573) ([fixed upstream](https://github.com/servo/string-cache/pull/290))
+ * [`khal`](https://github.com/pimutils/khal/pull/1390)
+ * [`lkl`](https://build.opensuse.org/request/show/1247659)
+ * [`neovim`](https://github.com/neovim/neovim/issues/32429)
+ * [`nlopt`](https://build.opensuse.org/request/show/1244447)
+ * [`nushell`](https://build.opensuse.org/request/show/1247347)
+ * [`palo`](https://build.opensuse.org/request/show/1247180)
+ * [`python-numpy`](https://build.opensuse.org/request/show/1245435)
+ * [`schismtracker`](https://src.opensuse.org/jengelh/schismtracker/pulls/1)
+ * [`sequoia`](https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/535) ([2](https://gitlab.com/sequoia-pgp/sequoia-sq/-/merge_requests/554))
+ * [`tvm`](https://bugzilla.opensuse.org/show_bug.cgi?id=1237607)
+ * [`uhd`](https://build.opensuse.org/request/show/1243555)
+ * [`wsjtx`](https://sourceforge.net/p/wsjt/wsjtx/merge-requests/20/)
+ * [`xmlgraphics-fop`](https://bugzilla.opensuse.org/show_bug.cgi?id=1237094)
+ * [`zig`](https://github.com/ziglang/zig/issues/22839)
+
+* Chris Lamb:
+
+ * [#1095209](https://bugs.debian.org/1095209) filed against [`python-assertpy`](https://tracker.debian.org/pkg/python-assertpy).
+ * [#1096188](https://bugs.debian.org/1096188) filed against [`terminaltables3`](https://tracker.debian.org/pkg/terminaltables3).
+ * [#1098249](https://bugs.debian.org/1098249) filed against [`acme.sh`](https://tracker.debian.org/pkg/acme.sh).
+ * [#1098251](https://bugs.debian.org/1098251) filed against [`node-svgdotjs-svg.js`](https://tracker.debian.org/pkg/node-svgdotjs-svg.js).
+ * [#1098253](https://bugs.debian.org/1098253) filed against [`onevpl-intel-gpu`](https://tracker.debian.org/pkg/onevpl-intel-gpu).
+ * [#1098350](https://bugs.debian.org/1098350) filed against [`rocdbgapi`](https://tracker.debian.org/pkg/rocdbgapi).
+ * [#1098895](https://bugs.debian.org/1098895) filed against [`siege`](https://tracker.debian.org/pkg/siege).
+ * [#1098945](https://bugs.debian.org/1098945) filed against [`pkg-rocm-tools`](https://tracker.debian.org/pkg/pkg-rocm-tools).
+
+* Christian Goll:
+
+ * [`warewulf4`](https://build.opensuse.org/request/show/1248768) (embeds CPU core count)
+
* Jay Adddison:
+
* [`linux-docs`](https://lore.kernel.org/linux-doc/20250226203516.334067-2-jvanderw@redhat.com/)
-* kpcyrd:
+
+* Jochen Sprickerhof:
+
+ * [#1098867](https://bugs.debian.org/1098867) filed against [`spdlog`](https://tracker.debian.org/pkg/spdlog).
+
+* *kpcyrd*:
+
* [`perl`](https://gitlab.archlinux.org/archlinux/packaging/packages/perl/-/commit/b2ac4e7b8d71463f8e2944693b5f27640d88b444) (hostname)
* [`pam`](https://gitlab.archlinux.org/archlinux/packaging/packages/pam/-/commit/bc4528c28672fe75a1378e4834bf58ae7889caee) (timestamp)
+
* Leonidas Spyropoulos:
+
* [`curl`](https://gitlab.archlinux.org/archlinux/packaging/packages/curl/-/commit/cb7452f4c8dfb3a88b9732d45c359a7a118ec907) ( ([bug](https://github.com/curl/curl/issues/16072), terminal size undeterministic)
-* Robin Candau (Antiz)
- * [`highlight`](https://gitlab.com/saalen/highlight/-/merge_requests/151) (timestamp)
- * [`arch-wiki-lite`](https://gitlab.archlinux.org/grawlinson/arch-wiki-lite/-/merge_requests/2
-) (timestamp)
- * [`f3d`](https://github.com/f3d-app/f3d/pull/1982) (timestamp)
- * [`jacktrip`](https://github.com/jacktrip/jacktrip/pull/1394) (timestamp)
- * [`prometheus`](https://github.com/prometheus/prometheus/pull/16035) (timestamp)
-* [FIXME: rebuilderd in NixOS](https://github.com/NixOS/nixpkgs/pull/343334)
+* Wolfgang Frisch:
+
+ * [`bcc`](https://build.opensuse.org/request/show/1245248) (instruct Lua to be deterministic)
+ * [`crash`](https://github.com/crash-utility/crash/pull/200) (`Makefile` race)
+
+<br>
+
+### Distribution work
+
+There as been the usual work in various distributions this month, such as:
+
+[![]({{ "/images/reports/2025-02/debian.png#right" | relative_url }})](https://debian.org/)
+
+In Debian, 17 reviews of Debian packages were added, 6 were updated and 8 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+<br>
+
+[Fedora](https://fedoraproject.org/) developers Davide Cavalca and Zbigniew Jędrzejewski-Szmek gave a talk on [*Reproducible Builds in Fedora*](https://cfp.fedoraproject.org/media/flock-2024/submissions/SKWEXP/resources/Reproducible_builds_in_Fedora_Flock_2024_Iiyoq3s.pdf) (PDF), touching on [SRPM](https://en.wikipedia.org/wiki/RPM_Package_Manager#SRPM)-specific issues as well as the current status and future plans.
+
+<br>
+
+[![]({{ "/images/reports/2025-02/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+Finally, Douglas DeMaio published an article on the [openSUSE blog](https://news.opensuse.org/) on announcing that the [*Reproducible-openSUSE (RBOS) Project Hits [Significant] Milestone*](https://news.opensuse.org/2025/02/18/rbos-project-hits-milestone/). In particular:
+
+> The [Reproducible-openSUSE (RBOS)](https://en.opensuse.org/openSUSE:Reproducible_openSUSE) project, which is a proof-of-concept fork of openSUSE, has reached a significant milestone after demonstrating a usable Linux distribution can be built with 100% bit-identical packages.
+
+This news was [also announced on our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2025-February/003661.html) by Bernhard M. Wiedemann, who also [published another report](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3VT2UY7YUIM3AP3XIQAYO32VT7KZ7FBK/) for openSUSE as well.
+
+<br>
+
+### [*diffoscope*](https://diffoscope.org) & *strip-nondeterminism*
+
+[![]({{ "/images/reports/2025-02/diffoscope.png#right" | relative_url }})](https://diffoscope.org/)
+
+[diffoscope](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions `288` and `289` to Debian:
+
+* Add `asar` to `DIFFOSCOPE_FAIL_TESTS_ON_MISSING_TOOLS` in order to address Debian bug [`#1095057`](https://bugs.debian.org/1095057)) [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/79ff322e)]
+* Catch a `CalledProcessError` when calling `html2text`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e470ee25)]
+* Update the minimal [*Black*](https://black.readthedocs.io/en/stable/) version. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c5aa1ff5)]
+
+[*strip-nondeterminism*](https://salsa.debian.org/reproducible-builds/strip-nondeterminism) is our sister tool to remove specific non-deterministic results from a completed build. This month version `1.14.1-2` was [uploaded to Debian unstable](https://tracker.debian.org/news/1614424/accepted-strip-nondeterminism-1141-2-source-into-unstable/) by Holger Levsen.
+
+<br>
+
+### Website updates
+
+[![]({{ "/images/reports/2025-02/website.png#right" | relative_url }})]({{ "/" | relative_url }})
+
+There were a large number of improvements made to our website this month, including:
+
+* Bernhard M. Wiedemann fixed an issue on the [*Commandments of reproducible builds*]({{ "/docs/commandments/" | relative_url }}) fixing a link to the [`readdir`](https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/readdir) component of Bernhard's own [Unreproducible Package](https://github.com/bmwiedemann/theunreproduciblepackage). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bf9274a0)]
+
+* Holger Levsen clarified the name of a link to our old Wiki pages on the [*History*]({{ "/docs/history/" | relative_url }}) page [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0fb66ed9)] and added a number of new links to the [*Talks & Resources*]({{ "/resources/" | relative_url }}) [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/33b9594d)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f7e5a9c9)].
+
+* James Addison update the website's own [`README`](https://salsa.debian.org/reproducible-builds/reproducible-website#readme) file to document a couple of additional dependencies [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/308373c2)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ceee7b28)], as well as did more work on a future *Getting Started* guide page [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/61d6ab62)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/23f28585)].
+
+<br>
+
+### Reproducibility testing framework
+
+[![]({{ "/images/reports/2025-01/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+
+The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In January, a number of changes were made by Holger Levsen, including:
+
+* [*reproduce.debian.net*](https://reproduce.debian.net)-related:
+
+ * Add a helper script to manually schedule packages. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2a0687142)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/cb69118bc)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/30f376fbf)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/fc11778d8)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/871d7c509)]
+ * Fix a link in the website footer. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/1e4731b40)]
+ * Strip the "💠🍥♻" emojis from package names on the manual rebuilder in order to ease copy-and-paste. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bdaeaf460)]
+ * On the various statistics pages, provide the number of affected source packages [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d6538620d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/daabe3cf6)] as well as provide various totals [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f6f2be8e0)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4a622a4f5)].
+ * Fix graph labels for the various architectures [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/be76b69dd)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/cb3d39cf0)] and make them clickable too [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f141d2e1)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/8a610a2eb)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bed9b4e31)].
+ * Break the displayed HTML in blocks of 256 packages in order to address rendering issues. [[…](https://salsa.debian.orgqa/jenkins.debian.net/commit/0fa4fc68f)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/fe9d6a854)]
+ * Add monitoring jobs for `riscv64` archicture nodes and integrate them elsewhere in our infrastructure. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/675f6a11b)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a486b7447)]
+ * Add `riscv64` architecture nodes. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5fd63d56a)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f5c3650eb)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a7d52658e)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e703fe971)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/156a0c6c8)]
+ * Update much of the documentation. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/557979a6e)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ec9b33414)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4f0f31b36)]
+ * Make a number of improvements to the layout and style. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a52fa4e2c)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c6b096ef7)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4419a6619)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/39ee08ebe)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f2826eb71)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/908c5b967)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/966a2860a)]
+ * Remove direct links to JSON and database backups. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5bf4c02f5)]
+ * Drop a [Blues Brothers](https://en.wikipedia.org/wiki/The_Blues_Brothers) reference from frontpage. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e1a06c522)]
+
+* [Debian](https://debian.org/)-related:
+
+ * Deal with `/boot/vmlinuz*` being called `vmlinux*` on the `riscv64` architecture. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ebe31528a)]
+ * Add a new `ionos17` node. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/05ce176a2)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f63f2bcc1)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e223a51c)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4d405000b)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f455f7963)]
+ * Install `debian-repro-status` on all Debian *trixie* and *unstable* jobs. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/8d3f6120f)]
+
+* [FreeBSD](https://www.freebsd.org/)-related:
+
+ * Switch to run latest branch of FreeBSD. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/384e1ea79)]
+
+* Misc:
+
+ * Fix `/etc/cron.d` and `/etc/logrotate.d` permissions for Jenkins ndoes. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b4c4c10f4)]
+ * Add support for `riscv64` architecture nodes. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4779831fc)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/7ec069881)]
+ * Grant Jochen Sprickerhof access to the `o4` node. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ca539b3cf)]
+ * Disable the `janitor-setup-worker`. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4d6156e3d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b6a514ea0)]
+
+In addition:
+
+* *kpcyrd* fixed the `/all/api/` API endpoints on [*reproduce.debian.net*](https://reproduce.debian.net) by altering the [nginx](https://nginx.org/) configuration. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e62b098f4)]
+
+* James Addison updated [*reproduce.debian.net*](https://reproduce.debian.net) to display the so-called 'bad' reasons hyperlink inline [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e5a9e8749)] and merged the "Categorized issues" links into the "Reproduced builds" column [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f4d2cc828)].
+
+* Jochen Sprickerhof also made some [*reproduce.debian.net*](https://reproduce.debian.net)-related changes, adding support for detecting a [bug in the `mmdebstrap`](http://bugs.debian.org/1094165) package [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/53d49a31a)] as well as updating some documentation [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/eda9b4f37)].
+
+* Roland Clobus continued their work on reproducible 'live' images for Debian, making changes related to new clustering of jobs in [openQA](https://open.qa/). [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/aafcf255e)]
+
+And finally, both Holger Levsen [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/042c2ec6c)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2a7d73ef9)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/3346f409e)] and Vagrant Cascadian performed significant node maintenance. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5be92d0ff)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/26b34a93e)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e74e53f71)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b2c55e610)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/58ae0663f)]
+
+<br>
+
+If you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website. However, you can get in touch with us via:
+
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
-* [FIXME: slides of a talk about rb of fedora](https://cfp.fedoraproject.org/media/flock-2024/submissions/SKWEXP/resources/Reproducible_builds_in_Fedora_Flock_2024_Iiyoq3s.pdf)
+ * Mastodon: [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
+ * Twitter/X: [@ReproBuilds](https://twitter.com/ReproBuilds)
=====================================
images/reports/2025-02/debian.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/debian.png differ
=====================================
images/reports/2025-02/diffoscope.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/diffoscope.png differ
=====================================
images/reports/2025-02/fosdem-4072.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/fosdem-4072.png differ
=====================================
images/reports/2025-02/fosdem-5897.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/fosdem-5897.png differ
=====================================
images/reports/2025-02/fosdem-6479.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/fosdem-6479.png differ
=====================================
images/reports/2025-02/fosdem.jpeg
=====================================
Binary files /dev/null and b/images/reports/2025-02/fosdem.jpeg differ
=====================================
images/reports/2025-02/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/opensuse.png differ
=====================================
images/reports/2025-02/reproduce.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/reproduce.png differ
=====================================
images/reports/2025-02/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/reproducible-builds.png differ
=====================================
images/reports/2025-02/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/testframework.png differ
=====================================
images/reports/2025-02/website.png
=====================================
Binary files /dev/null and b/images/reports/2025-02/website.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/8514773385d5ce90e01e31a5196837609493acb1
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/8514773385d5ce90e01e31a5196837609493acb1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250303/a83c9141/attachment.htm>
More information about the rb-commits
mailing list