[Git][reproducible-builds/reproducible-website][master] 2025-08: Initial draft
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Fri Sep 5 02:49:12 UTC 2025
Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website
Commits:
db8afa0b by Chris Lamb at 2025-09-04T19:48:49-07:00
2025-08: Initial draft
- - - - -
19 changed files:
- _reports/2025-07.md
- _reports/2025-08.md
- bin/generate-draft
- + images/reports/2025-08/2508.01530.png
- + images/reports/2025-08/apparmor.png
- + images/reports/2025-08/debian.png
- + images/reports/2025-08/diffoscope.png
- + images/reports/2025-08/fdroid.png
- + images/reports/2025-08/guix.png
- + images/reports/2025-08/izzyondroid.png
- + images/reports/2025-08/opensuse-lg.png
- + images/reports/2025-08/opensuse.png
- + images/reports/2025-08/oss-rebuild.png
- + images/reports/2025-08/reproducible-builds.png
- + images/reports/2025-08/rust.jpg
- + images/reports/2025-08/summit.jpg
- + images/reports/2025-08/testframework.png
- + images/reports/2025-08/website.png
- + images/reports/2025-08/why2025.png
Changes:
=====================================
_reports/2025-07.md
=====================================
@@ -48,8 +48,7 @@ If you're interesting in joining us this year, please make sure to [read the eve
On [our mailing list this month](https://lists.reproducible-builds.org/listinfo/rb-general), Bernhard M. Wiedemann revealed the big news that [reproducibility is now an official goal for SUSE Linux Enterprise Server (SLES) 16](https://lists.reproducible-builds.org/pipermail/rb-general/2025-July/003846.html):
-> [Everything] changed earlier this year when reproducible-builds for SLES-16 became an official goal for the product. More people are talking about
-digital sovereignty and supply-chain security now. […] Today, only 9 of 3319 (source) packages have significant problems left (plus 7 with pending fixes), so 99.5% of packages have reproducible builds.
+> [Everything] changed earlier this year when reproducible-builds for SLES-16 became an official goal for the product. More people are talking about digital sovereignty and supply-chain security now. […] Today, only 9 of 3319 (source) packages have significant problems left (plus 7 with pending fixes), so 99.5% of packages have reproducible builds.
<br>
@@ -214,7 +213,7 @@ Lastly, in addition to the news that [**openSUSE**](https://www.opensuse.org/) E
[![]({{ "/images/reports/2025-07/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
-The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In June, however, a number of changes were made by Holger Levsen, including:
+The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In July, however, a number of changes were made by Holger Levsen, including:
* Switch the URL for the [Tails](https://tails.net/) package set. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2c8e97a8d)]
* Make the `dsa-check-packages` output more useful. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2e1412c30)]
=====================================
_reports/2025-08.md
=====================================
@@ -6,38 +6,270 @@ title: "Reproducible Builds in August 2025"
draft: true
---
-* [FIXME](https://arxiv.org/pdf/2508.01530)
+**Welcome to the August 2025 report from the [Reproducible Builds](https://reproducible-builds.org) project!**
+{: .lead}
-* [FIXME live-bootstrap is a worthy attempt to provide a reproducible, automatic, complete end-to-end bootstrap from a minimal number of binary seeds to a supported fully functioning operating system. Although it is starts with a minimal binary seed of only 280 bytes it also depends on a lot of other sources. What are those sources exactly and how can we review these to make sure that live-bootstrap can be trusted?](https://program.why2025.org/why2025/talk/33HD7W/) [Video](https://cdn.media.ccc.de/events/why2025/h264-hd/why2025-139-eng-Reviewing_live-bootstrap_hd.mp4)
+[![]({{ "/images/reports/2025-08/reproducible-builds.png#right" | relative_url }})](https://reproducible-builds.org/)
-* https://tests.reproducible-builds.org/debian/ (trbo/d)
- * all nodes upgraded to trixie
- * does CI tests for forky now too
- * no more bookworm tests
- * armhf dropped: From July 2015 until August 2025 link:https://qa.debian.org/developer.php?login=vagrant%40debian.org[Vagrant] provided and hosted a zoo of up to 37 'armhf' systems, used for building armhf Debian packages. Many thanks for that, Vagrant
+**Welcome to the latest report from the [Reproducible Builds]({{ "/" | relative_url }}) project for August 2025.** These monthly reports outline what we've been up to over the past month, and highlight items of news from elsewhere in the increasingly-important area of software supply-chain security. If you are interested in contributing to the Reproducible Builds project, please see the [*Contribute*]({{ "/contribute/" | relative_url }}) page on our website.
-* [FIXME](https://github.com/rust-lang/rust-clippy/issues/15263) rust toolchain improvement
+<!--
-* Holger uploaded strip-nondeterminism (1.14.2-1) to unstable, to add `# INTROSPECTABLE: CONFIG-FILES NONE` to dh_strip_nondeterminism. Closes: #1111947.
+**In this report:**
-* [FIXME](https://gitlab.com/apparmor/apparmor/-/issues/528) build-time security policy inconsistency identified due to reproducible build regression
+0. Automatically generated
-* [openSUSE monthyl](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/IUQWPQSQ2SNDJT5CLEWVQ6S6EGXNQEYD/)
+-->
-### Upstream patches
+---
-* Robin Candau:
+### [Reproducible Builds Summit 2025]({{ "/events/vienna2025/" | relative_url }})
+
+[![]({{ "/images/reports/2025-07/summit.jpg#right" | relative_url }})]({{ "/events/vienna2025/" | relative_url }})
+
+Please join us at the [upcoming Reproducible Builds Summit]({{ "/events/vienna2025/" | relative_url }}), set to take place from _October 28th — 30th 2025_ in Vienna, Austria!**
+
+We are thrilled to host the eighth edition of this exciting event, following the success of previous summits in various iconic locations around the world, including Venice, Marrakesh, Paris, Berlin, Hamburg and Athens. Our summits are a unique gathering that brings together attendees from diverse projects, united by a shared vision of advancing the Reproducible Builds effort.
+
+During this enriching event, participants will have the opportunity to engage in discussions, establish connections and exchange ideas to drive progress in this vital field. Our aim is to create an inclusive space that fosters collaboration, innovation and problem-solving.
+
+If you're interesting in joining us this year, please make sure to [read the event page]({{ "/events/vienna2025/" | relative_url }}) which has more details about the event and location. Registration is open until 20th September 2025, and we are very much looking forward to seeing many readers of these reports there!
+
+<br>
+
+### Reproducible Builds and *live-bootstrap* at WHY2025
+
+[![]({{ "/images/reports/2025-08/why2025.png#right" | relative_url }})](https://why2025.org/)
+
+[WHY2025](https://why2025.org/) (What Hackers Yearn) is a nonprofit outdoors hacker camp that takes place in Geestmerambacht in the Netherlands (approximately 40km north of Amsterdam). The event is "organised for and by volunteers from the worldwide hacker community, and lnowledge sharing, technological advancement, experimentation, connecting with your hacker peers, forging friendships and hacking are at the core of this event".
+
+At this year's event, Frans Faase gave a talk on [*live-bootstrap*](https://iwriteiam.nl/livebootstrap.html), an attempt to "provide a reproducible, automatic, complete end-to-end bootstrap from a minimal number of binary seeds to a supported fully functioning operating system".
+
+Frans' talk is available to [watch on video](https://cdn.media.ccc.de/events/why2025/h264-hd/why2025-139-eng-Reviewing_live-bootstrap_hd.mp4) and his [slides are available](https://www.iwriteiam.nl/WHY2025_talk.html) as well.
+
+<br>
+
+### [*DALEQ Explainable Equivalence for Java Bytecode*](https://arxiv.org/abs/2508.01530)
+
+[![]({{ "/images/reports/2025-08/2508.01530.png#right" | relative_url }})](https://arxiv.org/abs/2508.01530)
+
+Jens Dietrich of the Victoria University of Wellington, New Zealand and Behnaz Hassanshahi of Oracle Labs, Australia published an article this month entitled [*DALEQ — Explainable Equivalence for Java Bytecode*](https://arxiv.org/abs/2508.01530) which explores the options and difficulties when Java binaries are not identical despite being from the same sources, and what avenues are available for proving equivalence despite the lack of bitwise correlation:
+
+> [Java] binaries are often not bitwise identical; however, in most cases, the differences can be attributed to variations in the build environment, and the binaries can still be considered equivalent. Establishing such equivalence, however, is a labor-intensive and error-prone process.
+
+Jens and Behnaz therefore propose a tool called *DALEQ*, which:
+
+> disassembles Java byte code into a relational database, and can normalise this database by applying [Datalog](https://en.wikipedia.org/wiki/Datalog) rules. Those databases can then be used to infer equivalence between two classes. Notably, equivalence statements are accompanied with Datalog proofs recording the normalisation process. We demonstrate the impact of DALEQ in an industrial context through a large-scale evaluation involving 2,714 pairs of jars, comprising 265,690 class pairs. In this evaluation, DALEQ is compared to two existing bytecode transformation tools. Our findings reveal a significant reduction in the manual effort required to assess non-bitwise equivalent artifacts, which would otherwise demand intensive human inspection. Furthermore, the results show that DALEQ outperforms existing tools by identifying more artifacts rebuilt from the same code as equivalent, even when no behavioral differences are present.
+
+Jens also [posted this news to our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/2025-August/003853.html).
+
+<br>
+
+
+### Reproducibility regression identifies issue with AppArmor security policies
+
+[![]({{ "/images/reports/2025-08/apparmor.png#right" | relative_url }})](https://gitlab.com/apparmor/apparmor/-/issues/528)
+
+[Tails](https://tails.boum.org/) developer *intrigeri* has tracked and followed a reproducibility regression in the generation of [AppArmor](https://apparmor.net/) policy caches, and has identified an issue with the `4.1.0` version of AppArmor.
+
+Although [initially tracked on the Tails issue tracker](https://gitlab.tails.boum.org/tails/tails/-/issues/21028), *intrigeri* filed an [issue](https://gitlab.com/apparmor/apparmor/-/issues/528) on the upstream bug tracker. AppArmor developer John Johansen replied, confirming that they can reproduce the issue and went to work on a draft patch. Through this, John [revealed that it was caused by an **actual underlying security bug**](https://gitlab.com/apparmor/apparmor/-/issues/528#note_2721559918) in AppArmor — that is to say, it resulted in permissions not (always) matching what the policy intends and, crucially, not merely a cache reproducibility issue.
+
+Work on the fix is ongoing at time of writing.
+
+<br>
+
+
+### Rust toolchain fixes
+
+[![]({{ "/images/reports/2025-08/rust.jpg#right" | relative_url }})](https://www.rust-lang.org/)
+
+[Rust Clippy](https://github.com/rust-lang/rust-clippy) is a [linting](https://en.wikipedia.org/wiki/Lint_(software)) tool for the [Rust programming language](https://www.rust-lang.org/). It provides a collection of lints (rules) designed to identify common mistakes, stylistic issues, potential performance problems and unidiomatic code patterns in Rust projects. This month, however, [Sosthène Guédon](https://sgued.fr/about/) filed [a new issue in the GitHub](https://github.com/rust-lang/rust-clippy/issues/15263) requesting a new check that "would lint against non deterministic operations in `proc-macros`, such as iterating over a `HashMap`".
+
+<br>
+
+### Distribution work
+
+[![]({{ "/images/reports/2025-08/debian.png#right" | relative_url }})](https://debian.org/)
+
+In [**Debian**](https://debian.org/) this month:
+
+* Holger made extensive updates to [Debian package reproducibility testing infrastructure](https://tests.reproducible-builds.org/debian/reproducible.html) this month, including:
+
+ * Upgrading all of the nodes to Debian *trixie*.
+ * Adding tests for the new Debian *forky* release.
+ * Dropping tests for Debian *bookworm*.
+ * Dropping support for the `armhf` archicture. From July 2015, [Vagrant Cascadian](https://qa.debian.org/developer.php?login=vagrant%40debian.org) has been hosting a 'zoo' of approximately 35 `armhf` systems which were used for building Debian packages for that architecture.
+
+* Holger Levsen also uploaded `strip-nondeterminism`, our program that improves reproducibility by stripping out non-deterministic information such as timestamps or other elements introduced during packaging. This new version, `1.14.2-1`, adds some metadata to aid the [*deputy*](https://salsa.debian.org/debian/debputy) tool. ( [#1111947](https://bugs.debian.org/1111947))
+
+* 8 reviews of Debian packages were added, 5 were updated and 5 were removed this month adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
+
+* Marc Haber posted to [our mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/) this month asking for assistance with the [`duperemove`](https://tracker.debian.org/pkg/duperemove) package in Debian, which appears to be an issue where the "[order the object files are linked together is dependent on the underlying filesystem](https://lists.reproducible-builds.org/pipermail/rb-general/2025-August/thread.html#3866)".
+
+[![]({{ "/images/reports/2025-07/opensuse.png#right" | relative_url }})](https://www.opensuse.org/)
+
+Lastly, Bernhard M. Wiedemann posted another [**openSUSE**](https://www.opensuse.org/) [monthly update](https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/NJNQL5ZX7E3QPYAO5WXEMOY4YGYB5GZ6/) for their work there.
+
+<br>
+
+### [*diffoscope*](https://diffoscope.org)
+
+[![]({{ "/images/reports/2025-08/diffoscope.png#right" | relative_url }})](https://diffoscope.org/)
+
+[diffoscope](https://diffoscope.org) is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions, `303`, `304` and `305` to Debian:
+
+* Improvements:
+
+ * Use `sed(1)` backreferences when generating `debian/tests/control` to avoid duplicating ourselves. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/45780b1a)]
+ * Move from a `mono-utils` dependency to versioned `mono-devel | mono-utils` dependency, taking care to maintain the `[!riscv64]` architecture restriction. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/38e0fb8b)]
+ * Use `sed` over `awk` to avoid mangling dependency lines containing `=` (equals) symbols such as version restrictions. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6a82eee6)]
+
+* Bug fixes:
+
+ * Fix a test after the upload of `systemd-ukify` version `258~rc3`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/c79674ec)]
+ * Ensure that Java class files are named `.class` on the filesystem before passing them to `javap(1)`. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9ec7aad2)]
+ * Do not run `jsondiff` on files over 100KiB as the algorithm runs in [O(n^2)](https://en.wikipedia.org/wiki/Big_O_notation) time. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/937c2199)]
+ * Don't check for PyPDF version 3 specifically; check for `>=` 3. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/8ea42a68)]
+
+* Misc:
- * [`syd`](https://gitlab.exherbo.org/sydbox/sydbox/-/merge_requests/14) (Don't record non-determistic info during build if SDE is set)
+ * Update copyright years. [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/e99f6227)][[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/acedd232)]
+
+In addition, Martin Joerg fixed an issue with the HTML presenter to avoid crash when page limit is `None` [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a2b71a68)] and Zbigniew Jędrzejewski-Szmek fixed compatibility with RPM 6 [[…](https://salsa.debian.org/reproducible-builds/diffoscope/commit/d1251804)]. Lastly, John Sirois fixed a missing `requests` dependency in the *trydiffoscope* tool. [[…](https://salsa.debian.org/reproducible-builds/trydiffoscope/commit/7a50fd2)]
+
+<br>
+
+### Website updates
+
+[![]({{ "/images/reports/2025-08/website.png#right" | relative_url }})]({{ "/" | relative_url }})
+
+Once again, there were a number of improvements made to our website this month including:
+
+* Chris Lamb:
+
+ * Write and publish a news entry for the upcoming summit. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/915adb22)]
+ * Add some assets used at [FOSSY](https://2025.fossy.us/), such as the badges and the paper handouts. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/bc0d6e3d)]
+
+* Holger Levsen:
+
+ * Restructure the [new project history pages]({{ "/docs/history/" | relative_url }}) pages [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4656f905)] and add some recent news entries [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/35809ade)].
+ * Mark that the [OpenWrt](https://openwrt.org/) tests as disabled on the [*Who is Involved*]({{ "/who/projects/" | relative_url }}). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4384e16d)]
+ * Various changes to the [upcoming Reproducible Builds Summit]({{ "/events/vienna2025/" | relative_url }}) page. [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f46914f2)]
+
+* Jochen Sprickerhof made various improvements to the [Vienna summit page]({{ "/events/vienna2025/" | relative_url }}). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4474ce74)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/42ed0071)]
+
+* Mattia Rizzolo also made various improvements to the [Vienna summit page]({{ "/events/vienna2025/" | relative_url }}). [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/87f6914b)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/053dada8)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2a9398f6)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4e27cadf)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/cf54e2e2)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c12132fc)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f47d8340)]
+
+* *kpcyrd* made a number of changes to the [new project history pages]({{ "/docs/history/" | relative_url }}) [[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/67487b97)][[…](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/26771307)]
+
+<br>
+
+### Reproducibility testing framework
+
+[![]({{ "/images/reports/2025-08/testframework.png#right" | relative_url }})](https://tests.reproducible-builds.org/)
+
+The Reproducible Builds project operates a comprehensive testing framework running primarily at [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org) in order to check packages and other artifacts for reproducibility. In August, however, a number of changes were made by **Holger Levsen**, including:
+
+* [*reproduce.debian.net*](https://reproduce.debian.net)-related:
+
+ * Run 4 workers on the `o4` node again in order to speed up testing. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ca26fa4c1)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/0e28ea8cb)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/189d55c92)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d4acc9282)]
+ * Also test `trixie-proposed-updates` and `trixie-updates` etc. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c95f92fb8)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/30cdcbed2)]
+ * Gather seperate statistics for each tested release. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/0020f884f)]
+ * Support sources from all Debian suites. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c1f426ab0)]
+ * Run new code from the [prototype database rework branch](https://github.com/kpcyrd/rebuilderd/pull/184) for the `amd64-pull184` pseudo-architecture. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a94085bbc)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e312e1ac2)]
+ * Add a number of helpful links. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/fb1af902e)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/cd5099b64)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/14145e77a)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/67c4d5ad6)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d70f829c1)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/829359636)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/821cbf7b8)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/9e5cf68c4)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/aa3b77111)]
+ * Temporarily call `debrebuild` without the `--cache` argument to experiment with a new version of *devscripts*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/18df3bbc2)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b3e61776a)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2c9a416fb)]
+ * Update public TODO. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5907cd486)]
+
+* Installation tests:
+
+ * Add comments to explain structure. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/3e319f33a)]
+ * Mark more old jobs as old or "dead". [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/96ffdd60a)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6634d907f)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/1d9b3e072)]
+ * Turn the maintenance job into a no-op. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/06e081971)]
+
+* Jenkins node maintenance:
+
+ * Increase penalties if the `osuosl5` or `ionos7` nodes are down. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/1cd96d63d)]
+ * Stop trying to fix network automatically. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/1f0b21122)]
+ * Correctly mark `ppc64el` architecture nodes when down. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6c2469ff4)]
+ * Upgrade the remaining `arm64` nodes to Debian *trixie* in anticipation of the release. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c8b489b0d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/b63792391)]
+ * Allow higher SSD temperatures on the `riscv64` architecture. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4b2998ce7)]
+
+* [Debian](http://debian.org/)-related:
+
+ * Drop the `armhf` architecture; many thanks to Vagrant for physically hosting the nodes for ten years. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/84373dddb)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/afe30f209)]
+ * Add Debian *forky*, and archive *bullseye*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/5761678f5)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a33000480)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ae0357100)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/8958a791d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/88db38ca6)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/3e23fa7d2)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4aecebd22)]
+ * Document the filesystem space savings from dropping the `armhf` architecture. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/17b1bbcd0)]
+ * Exclude `i386` and `armhfr` from JSON results. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/e8ad4e132)]
+ * Update TODOs for when Debian *trixie* and *forky* have been released. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a7b7e8a57)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/3b7fa1954)]
+
+* [*tests.reproducible-builds.org*](https://tests.reproducible-builds.org/)-related:
+
+ * Add a link to [*reproduce.debian.net*](https://reproduce.debian.net/). [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/9447dd74e)]
+ * Improve the dashboard graphs. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/a5e9c9d02)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/6af1dd1da)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/208e1ed51)]
+
+* Misc:
+
+ * Detect errors with [openQA](https://open.qa/) erroring out. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/106c561b6)]
+ * Drop the long-disabled `openwrt_rebuilder` jobs. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/0f0c763bc)]
+ * Use `qa-jenkins-dev at alioth-lists.debian.net` as the contact for `jenkins.debian.net`. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c0fdb7613)]
+ * Redirect `reproducible-builds.org/vienna25` to `reproducible-builds.org/vienna2025`. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d7bc3787a)]
+
+ * Disable all OpenWrt reproducible CI jobs, in coordination with the OpenWrt community. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/61ab2b112)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/53e5f6fd2)]
+ * Make [*reproduce.debian.net*](https://reproduce.debian.net/) accessable via IPv6. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/27702b19e)]
+ * Ignore that the `megacli` RAID controller requires packages from Debian *bookworm*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/77bfe5bb7)]
+
+In addition,
+
+* **James Addison** migrated away from deprecated toplevel `deb822` Python module in favour of `debian.deb822` in the `bin/reproducible_scheduler.py` script [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2d93c1e39)] and removed a note on [*reproduce.debian.net*](https://reproduce.debian.net/) note after the release of Debian *trixie* [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/158d6e8fc)].
+
+* **Jochen Sprickerhof** made a huge number of improvements to the [*reproduce.debian.net*](https://reproduce.debian.net/) statistics calculation [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2ac11691e)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f6fa425c5)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/3cd990e1d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f14c69661)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d8725b828)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d92c8c55a)] as well as to the *reproduce.debian.net* service more generally [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/2047bd931)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/701343a17)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/957034c16)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/d6c53b1fc)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/43517c478)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bd16e6b80)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/304636735)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/1f0cdd4b4)].
+
+* **Mattia Rizzolo** performed a lot of work migrating scripts to [SQLAlchemy](https://www.sqlalchemy.org/) version 2.0 [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/c0491a106)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/ef1b588cd)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/206bcc0a5)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bee35702c)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/4d1e1c92d)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/32c373e4f)] in addition to making some changes to the way [openSUSE](https://www.opensuse.org/) reproducibility tests are handled internally. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/bc5a1deb4)]
+
+* Lastly, **Roland Clobus** updated the [Debian Live](https://www.debian.org/devel/debian-live/) packages after the release of Debian *trixie*. [[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/f51f31308)][[…](https://salsa.debian.org/qa/jenkins.debian.net/commit/056451bac)]
+
+<br>
+
+### Upstream patches
+
+The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:
* Bernhard M. Wiedemann:
- * [`pocketbase`](https://github.com/pocketbase/pocketbase/issues/7123) (FTBFS-2030-03-03)
- * [`cpython`](https://github.com/python/cpython/issues/138061) (random)
- * [`neochat`](https://bugzilla.opensuse.org/show_bug.cgi?id=1248369)
+
+ * [`cpython`](https://github.com/python/cpython/issues/138061)
* [`hashcat`](https://build.opensuse.org/request/show/1300462)
+ * [`neochat`](https://bugzilla.opensuse.org/show_bug.cgi?id=1248369)
+ * [`pocketbase`](https://github.com/pocketbase/pocketbase/issues/7123)
+
+* Chris Lamb:
+
+ * [#1111497](https://bugs.debian.org/1111497) filed against [`neon27`](https://tracker.debian.org/pkg/neon27).
+
+* Jochen Sprickerhof:
+
+ * [#1111620](https://bugs.debian.org/1111620) filed against [`pcbasic`](https://tracker.debian.org/pkg/pcbasic).
+ * [#1111624](https://bugs.debian.org/1111624) filed against [`shellia`](https://tracker.debian.org/pkg/shellia).
+ * [#1111625](https://bugs.debian.org/1111625) filed against [`bup`](https://tracker.debian.org/pkg/bup).
* Mark Johnston:
- * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=4f81c42fbd76e25c9fe696fa08296b79c55fbf09) (DWARF paths)
- * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=eebadc7d8590ff8d38fdbcfd90651c931e713648) (DWARF paths)
- * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=3238878379d3bd4bb9796ccb41c090139bbde94f) (DWARF paths)
- * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=b7e0373acb1d022e9e5acb5be9727def5f941194) (DWARF paths)
+
+ * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=4f81c42fbd76e25c9fe696fa08296b79c55fbf09)
+ * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=eebadc7d8590ff8d38fdbcfd90651c931e713648)
+ * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=3238878379d3bd4bb9796ccb41c090139bbde94f)
+ * [`FreeBSD`](https://cgit.freebsd.org/src/commit/?id=b7e0373acb1d022e9e5acb5be9727def5f941194)
+
+* Robin Candau:
+
+ * [`syd`](https://gitlab.exherbo.org/sydbox/sydbox/-/merge_requests/14)
+
+<br>
+<br>
+
+Finally, if you are interested in contributing to the Reproducible Builds project, please visit our [*Contribute*](https://reproducible-builds.org/contribute/) page on our website. However, you can get in touch with us via:
+
+ * IRC: `#reproducible-builds` on `irc.oftc.net`.
+
+ * Mastodon: [@reproducible_builds at fosstodon.org](https://fosstodon.org/@reproducible_builds)
+
+ * Mailing list: [`rb-general at lists.reproducible-builds.org`](https://lists.reproducible-builds.org/listinfo/rb-general)
=====================================
bin/generate-draft
=====================================
@@ -307,7 +307,7 @@ def commits(month_start, month_end, project, path="."):
# Assume its in the parent dir
git_dir = sibling_repo_gitdir(project)
- subprocess.check_call(("git", "fetch", "origin"), cwd=git_dir)
+ #subprocess.check_call(("git", "fetch", "origin"), cwd=git_dir)
output = subprocess.check_output(
(
=====================================
images/reports/2025-08/2508.01530.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/2508.01530.png differ
=====================================
images/reports/2025-08/apparmor.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/apparmor.png differ
=====================================
images/reports/2025-08/debian.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/debian.png differ
=====================================
images/reports/2025-08/diffoscope.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/diffoscope.png differ
=====================================
images/reports/2025-08/fdroid.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/fdroid.png differ
=====================================
images/reports/2025-08/guix.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/guix.png differ
=====================================
images/reports/2025-08/izzyondroid.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/izzyondroid.png differ
=====================================
images/reports/2025-08/opensuse-lg.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/opensuse-lg.png differ
=====================================
images/reports/2025-08/opensuse.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/opensuse.png differ
=====================================
images/reports/2025-08/oss-rebuild.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/oss-rebuild.png differ
=====================================
images/reports/2025-08/reproducible-builds.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/reproducible-builds.png differ
=====================================
images/reports/2025-08/rust.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-08/rust.jpg differ
=====================================
images/reports/2025-08/summit.jpg
=====================================
Binary files /dev/null and b/images/reports/2025-08/summit.jpg differ
=====================================
images/reports/2025-08/testframework.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/testframework.png differ
=====================================
images/reports/2025-08/website.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/website.png differ
=====================================
images/reports/2025-08/why2025.png
=====================================
Binary files /dev/null and b/images/reports/2025-08/why2025.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/db8afa0bedcbd90fc51422193abfcda4acf58156
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/db8afa0bedcbd90fc51422193abfcda4acf58156
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20250905/76e9fe03/attachment.htm>
More information about the rb-commits
mailing list