Reproducible Builds in July 2024
Chris Lamb
chris at reproducible-builds.org
Thu Aug 8 15:30:25 UTC 2024
--------------------------------------------------------------------
o
⬋ ⬊ July 2024 in Reproducible Builds
o o
⬊ ⬋ https://reproducible-builds.org/reports/2024-07/
o
--------------------------------------------------------------------
Welcome to the July 2024 report from the Reproducible Builds project!
In our reports, we outline what we've been up to over the past month
and highlight news items in software supply-chain security more
broadly. As always, if you are interested in contributing to the
project, please visit our Contribute [1] page on our website.
[0] https://reproducible-builds.org
[1] https://reproducible-builds.org/contribute/
§
Reproducible Builds Summit 2024 [2]
-----------------------------------
Last month, we were very pleased to announce the upcoming Reproducible
Builds Summit [3], set to take place from September 17th — 19th 2024
in Hamburg, Germany.
We are thrilled to host the seventh edition of this exciting event,
following the success of previous summits in various iconic locations
around the world, including Venice, Marrakesh, Paris, Berlin and
Athens. Our summits are a unique gathering that brings together
attendees from diverse projects, united by a shared vision of
advancing the Reproducible Builds effort. During this enriching event,
participants will have the opportunity to engage in discussions,
establish connections and exchange ideas to drive progress in this
vital field. Our aim is to create an inclusive space that fosters
collaboration, innovation and problem-solving.
If you're interesting in joining us this year, please make sure to read
the event page [4], which has more details about the event and location.
We are very much looking forward to seeing many readers of these
reports there.
[2] https://reproducible-builds.org/events/hamburg2024/
[3] https://reproducible-builds.org/events/hamburg2024/
[4] https://reproducible-builds.org/events/hamburg2024/
§
"Pulling Linux up by its bootstraps" (LWN)
------------------------------------------
In a recent edition of Linux Weekly News [6], Daroc Alden [7] has
written an article on "bootstrappable" builds. Starting with a brief
introduction that:
> […] a bootstrappable build [8] is one that builds existing software
> from scratch — for example, building GCC without relying on an
> existing copy of GCC. In 2023, the Guix project announced [9] that
> the project had reduced the size of the binary bootstrap seed needed
> to build its operating system to just 357-bytes — not counting the
> Linux kernel required to run the build process.
The article goes onto to describe that "now, the live-bootstrap [10]
project has gone a step further and removed the need for an existing
kernel at all." and concludes:
> The real benefit of bootstrappable builds comes from a few things.
> Like reproducible builds, they can make users more confident that
> the binary packages downloaded from a package mirror really do
> correspond to the open-source project whose source code they can
> inspect. Bootstrappable builds have also had positive effects on the
> complexity of building a Linux distribution from scratch […]. But
> most of all, bootstrappable builds are a boon to the longevity of
> our software ecosystem. It's easy for old software to become
> unbuildable. By having a well-known, self-contained chain of
> software that can build itself from a small seed, in a variety of
> environments, bootstrappable builds can help ensure that today's
> software is not lost, no matter where the open-source community goes
> from here.
[5] https://lwn.net/Articles/983340/
[6] https://lwn.net/
[7] https://setupminimal.github.io/
[8] https://lwn.net/Articles/841797/
[9] https://lwn.net/Articles/930650/
[10] https://github.com/fosslinux/live-bootstrap
§
"Towards Idempotent Rebuilds?" [11]
-----------------------------------
Trisquel [12] developer Simon Josefsson [13] wrote an interesting blog
post [14] comparing the output of the .deb files from our
tests.reproducible-builds.org [15] testing framework and the ones in
the official Debian archive.
Following up from a previous post on the reproducibility of Trisquel
[16], Simon notes that "typically [the] rebuilds do not match the
official packages, even when they say the package is reproducible",
Simon correctly identifies that "the purpose of [these] rebuilds are
not to say anything about the official binary build, instead the
purpose is to offer a QA service to maintainers by performing two
builds of a package and declaring success if both builds match."
However, Simon's post swiftly moves on to announce a new tool called
debdistrebuild [17] that performs rebuilds of the difference between
two distributions in a GitLab pipeline [18] and displays diffoscope
[19] output for further analysis.
[11] https://blog.josefsson.org/2024/07/10/towards-idempotent-rebuilds/
[12] https://trisquel.info/
[13] https://josefsson.org/
[14] https://blog.josefsson.org/2024/07/10/towards-idempotent-rebuilds/
[15] https://tests.reproducible-builds.org/debian/reproducible.html
[16] https://blog.josefsson.org/2023/04/10/trisquel-is-42-reproducible/
[17] https://gitlab.com/debdistutils/debdistrebuild
[18] https://docs.gitlab.com/ee/ci/pipelines/
[19] https://diffoscope.org
§
"AROMA: Automatic Reproduction of Maven Artifacts" [20]
-------------------------------------------------------
Mehdi Keshani, Tudor-Gabriel Velican, Gideon Bot and Sebastian Proksch
of the Delft University of Technology [21], Netherlands, have
published a new paper in the ACM Software Engineering on a new tool to
automatically reproduce Apache Maven [22] artifacts:
> Reproducible Central [23] is an initiative that curates a list of
> reproducible Maven libraries, but the list is limited and
> challenging to maintain due to manual efforts. [We] investigate the
> feasibility of automatically finding the source code of a library
> from its Maven release and recovering information about the original
> release environment. Our tool, AROMA, can obtain this critical
> information from the artifact and the source repository through
> several heuristics and we use the results for reproduction attempts
> of Maven packages. Overall, our approach achieves an accuracy of up
> to 99.5% when compared field-by-field to the existing manual
> approach [and] we reveal that automatic reproducibility is feasible
> for 23.4% of the Maven packages using AROMA, and 8% of these
> packages are fully reproducible.
[20] https://dl.acm.org/doi/pdf/10.1145/3643764
[21] https://www.tudelft.nl/en/
[22] https://maven.apache.org/
[23] https://github.com/jvm-repo-rebuild/reproducible-central
§
Community updates
-----------------
On our mailing list [24] this month:
* Nichita Morcotilo reached out to the community, first to share their
efforts "to build reproducible packages cross-platform with a new
build tool called rattler-build [25], noting that "as you can
imagine, building packages reproducibly on Windows is the hardest
challenge (so far!)". Nichita goes onto mention that the Apple
ecosystem appears to be using ZERO_AR_DATE over SOURCE_DATE_EPOCH
[26]. [27]
[24] https://lists.reproducible-builds.org/listinfo/rb-general/
[25] https://github.com/prefix-dev/rattler-build
[26] https://reproducible-builds.org/docs/source-date-epoch/
[27] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003442.html
* Roland Clobus announced that the Debian bookworm 12.6 live images
are "nearly reproducible" [28], with more detail in the post [29]
itself and input in the thread [30] from other contributors.
[28] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003443.html
[29] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003443.html
[30] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/thread.html#3443
* As reported in last month's report [31], Pol Dellaiera [32] completed
his master thesis on "Reproducibility in Software Engineering" [33]
at the University of Mons [34], Belgium. This month, Pol announced
this on the list with more background info [35]. Since the master
thesis sources have been available, it has received some feedback and
contributions. As a result, an updated version of the thesis has been
published [36] containing those community fixes.
[31] https://reproducible-builds.org/reports/2024-06/
[32] https://orcid.org/0009-0008-7972-7160
[33] https://doi.org/10.5281/zenodo.12666898
[34] https://web.umons.ac.be/
[35] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003449.html
[36] https://doi.org/10.5281/zenodo.12666898
* Daniel Gröber asked for help [37] in getting the Yosys [38]
documentation to build reproducibly, citing issues in inter alia
the PDF generation causing differing CreationDate metadata values.
[37] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003452.html
[38] https://yosyshq.net/yosys/
* James Addison continued his long journey [39] towards getting the
Sphinx [40] documentation generator to build reproducible
documentation. In this thread, James concerns himself with the
problem that even "when SOURCE_DATE_EPOCH [41] is configured, Sphinx
projects that have configured their copyright notices using dynamic
elements can produce nonsensical output under some circumstances."
James' query ended up generating a number of replies [42].
[39] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003458.html
[40] https://www.sphinx-doc.org/en/master/
[41] https://reproducible-builds.org/docs/source-date-epoch/
[42] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/thread.html#3458
* Allen 'gunner' Gunner posted a brief update on the progress the
core team is making towards introducing a Code of Conduct (CoC) such
that it is "in place in time for the RB Summit in Hamburg in
September". In particular, gunner asks "if you are interested in
helping with CoC design and development in the weeks ahead, simply
email rb-core at lists.reproducible-builds.org and let us know". [43]
[43] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003475.html
§
Android Reproducible Builds at IzzyOnDroid with rbtlog [44]
-----------------------------------------------------------
On our mailing list, Fay Stegerman announced [45] a new Reproducible
Builds collaboration in the Android ecosystem:
> We are pleased to announce "Reproducible Builds, special client
> support and more in our repo" [46]: a collaboration between various
> independent interoperable projects: the IzzyOnDroid [47] team,
> 3rd-party clients Droid-ify [48] & Neo Store [49], and rbtlog [50]
> (part of my collection of tools for Android Reproducible Builds) to
> bring Reproducible Builds to IzzyOnDroid and the wider Android
> ecosystem.
[44] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003485.html
[45] https://lists.reproducible-builds.org/pipermail/rb-general/2024-July/003485.html
[46] https://android.izzysoft.de/articles/named/iod-rbs-mirrors-clients
[47] https://apt.izzysoft.de/fdroid/
[48] https://github.com/Droid-ify/client
[49] https://github.com/NeoApplications/Neo-Store
[50] https://github.com/obfusk/rbtlog
§
"Extending the Scalability, Flexibility and Responsiveness of Secure Software Update Systems" [51]
--------------------------------------------------------------------------------------------------
Congratulations to Marina Moore of the New York Tandon School of
Engineering [52] who has submitted her PhD thesis on "Extending the
Scalability, Flexibility and Responsiveness of Secure Software Update
Systems" [53]. The introduction outlines its contributions to the field:
> [S]oftware repositories are a vital component of software
> development and release, with packages downloaded both for direct
> use and to use as dependencies for other software. Further, when
> software is updated due to patched vulnerabilities or new features,
> it is vital that users are able to see and install this patched
> version of the software. However, this process of updating software
> can also be the source of attack. To address these attacks, secure
> software update systems have been proposed. However, these secure
> software update systems have seen barriers to widespread adoption.
> The Update Framework (TUF) was introduced in 2010 to address several
> attacks on software update systems including repository compromise,
> rollback attacks, and arbitrary software installation. Despite this,
> compromises continue to occur, with millions of users impacted by
> such compromises. My work has addressed substantial challenges to
> adoption of secure software update systems grounded in an
> understanding of practical concerns. Work with industry and academic
> communities provided opportunities to discover challenges, expand
> adoption, and raise awareness about secure software updates. […]
[51] https://www.proquest.com/openview/07eb1454d3e506cd39b43ee0961bdabb/1?pq-origsite=gscholar&cbl=18750&diss=y
[52] https://engineering.nyu.edu/
[53] https://www.proquest.com/openview/07eb1454d3e506cd39b43ee0961bdabb/1?pq-origsite=gscholar&cbl=18750&diss=y
§
Development news
----------------
In Debian this month, 12 reviews of Debian packages were added, 13 were
updated and 6 were removed this month adding to our knowledge about
identified issues [54]. A new toolchain issue type was identified as
well, specifically ordering_differences_in_pkg_info [55].
Colin Percival filed a bug against the LLVM [56] compiler noting that
building i386 binaries on the i386 architecture is different when
building i386 binaries under amd64 [57]. The fix was narrowed down to
"x87 excess precision, which can result in slightly different register
choices when the compiler is hosted on x86_64 or i386" and a fix
committed. [58]
Fay Stegerman performed some in-depth research [59] surrounding her
"apksigcopier" [60] tool, after some Android .apk files signed with the
latest apksigner could no longer be verified as reproducible. Fay
identified the issue as follows:
> Since build-tools >= 35.0.0-rc1, backwards-incompatible changes to
apksigner break apksigcopier as it now by default forcibly replaces
existing alignment padding and changed the default page alignment from
4k to 16k (same as Android Gradle Plugin >= 8.3, so the latter is only
an issue when using older AGP). [61]
She documented multiple available workarounds and filed a bug in
Google's issue tracker [62].
Lastly, diffoscope [63] is our in-depth and content-aware diff utility
that can locate and diagnose reproducibility issues. This month, Chris
Lamb uploaded version 272 and Mattia Rizzolo uploaded version 273 to
Debian, and the following changes were made as well:
* Chris Lamb:
* Ensure that the convert utility is from ImageMagick version 6.x.
The command-line interface has seemingly changed with the 7.x
series of ImageMagick. [64]
* Factor out version detection in test_jpeg_image. [65]
* Correct the import of the identify_version method after a
refactoring change in a previous commit [66]. [67]
* Move away from using DSA OpenSSH keys in tests as support has
been deprecated and removed [68] in OpenSSH version 9.8p1. [69]
* Move to assert_diff in the test_openssh_pub_key package. [70]
* Update copyright years. [71]
* Mattia Rizzolo:
* Add support for ffmpeg version 7.x which adds some extra context
to the diff. [72]
* Rework the handling of OpenSSH testing of DSA keys if OpenSSH is
strictly 9.7, and add an OpenSSH key test with a ed25519-format
key [73][74][75]
* Temporarily disable a few packages that are not available in
Debian "testing". [76][77]
* Stop ignoring the results of Debian "testing" in the continuous
integration system. [78]
* Adjust options in debian/source to make sure not to pack the
Python sdist directory into the binary Debian package. [79]
* Adjust Lintian overrides. [80]
[54] https://tests.reproducible-builds.org/debian/index_issues.html
[55] https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/af496924
[56] https://llvm.org/
[57] https://github.com/llvm/llvm-project/issues/99396
[58] https://github.com/llvm/llvm-project/pull/100165/commits/28997387abf874345e9583c53739d2acbfedf761
[59] https://github.com/obfusk/apksigcopier/issues/105
[60] https://github.com/obfusk/apksigcopier
[61] https://github.com/obfusk/apksigcopier/issues/105#issuecomment-2206799316
[62] https://issuetracker.google.com/issues/351408623
[63] https://diffoscope.org
[64] https://salsa.debian.org/reproducible-builds/diffoscope/commit/bbcf367c
[65] https://salsa.debian.org/reproducible-builds/diffoscope/commit/037bdcbb
[66] https://salsa.debian.org/reproducible-builds/diffoscope/commit/037bdcbb
[67] https://salsa.debian.org/reproducible-builds/diffoscope/commit/38f76379
[68] https://lwn.net/Articles/958048/
[69] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/382
[70] https://salsa.debian.org/reproducible-builds/diffoscope/commit/e8c5dc10
[71] https://salsa.debian.org/reproducible-builds/diffoscope/commit/5b5c8c62
[72] https://salsa.debian.org/reproducible-builds/diffoscope/commit/cadfc73a
[73] https://salsa.debian.org/reproducible-builds/diffoscope/commit/7917b746
[74] https://salsa.debian.org/reproducible-builds/diffoscope/commit/f3f72b9f
[75] https://salsa.debian.org/reproducible-builds/diffoscope/commit/652b5793
[76] https://salsa.debian.org/reproducible-builds/diffoscope/commit/c6bba336
[77] https://salsa.debian.org/reproducible-builds/diffoscope/commit/f8a1e142
[78] https://salsa.debian.org/reproducible-builds/diffoscope/commit/bc2229c7
[79] https://salsa.debian.org/reproducible-builds/diffoscope/commit/40b63b71
[80] https://salsa.debian.org/reproducible-builds/diffoscope/commit/633654ee
§
Website updates
---------------
There were a number of improvements made to our website this
month, including:
* Bernhard M. Wiedemann updated the SOURCE_DATE_EPOCH [81] page to
include instructions on how to create reproducible .zip files from
within Python using the "zipfile" [82] module. [83]
[81] https://reproducible-builds.org/docs/source-date-epoch/
[82] https://docs.python.org/3/library/zipfile.html
[83] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7678a3e8
* Chris Lamb fixed a potential duplicate heading on the Projects [84]
page. [85]
[84] https://reproducible-builds.org/who/projects/
[85] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3a701087
* Fay Stegerman added rbtlog [86] to the Tools [87] page [88] and
IzzyOnDroid [89] to the Projects [90] page [91], also ensuring that
the latter page was always sorted regardless of the ordering within
the input data files. [92]
[86] https://github.com/obfusk/rbtlog
[87] https://reproducible-builds.org/tools/
[88] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6882b92f
[89] https://apt.izzysoft.de/fdroid/
[90] https://reproducible-builds.org/who/projects/
[91] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a939f2ec
[92] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b3e7154b
* Holger Levsen added Linus Nordberg to our global list of contributors
[93][94] as well as made a number of changes to the page for the
upcoming Reproducible Builds summit later this year
[95][96][97][98][99].
[93] https://reproducible-builds.org/who/people/
[94] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/595ccb28
[95] https://reproducible-builds.org/events/hamburg2024/
[96] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/de398031
[97] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ed5eb6f4
[98] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d69d7503
[99] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e048075e
* Mattia Rizzolo updated the Civil Infrastructure Platform [100] logo
[101] and also updated the 2024 summit page [102][103][104].
[100] https://www.cip-project.org/
[101] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/13058e9e
[102] https://reproducible-builds.org/events/hamburg2024/
[103] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/99054850
[104] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/fc371a3f
* Nichita Morcotilo added rattler-build [105] to the Projects [106]
page. [107][108][109]
[105] https://github.com/prefix-dev/rattler-build
[106] https://reproducible-builds.org/who/projects/
[107] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a5130fea
[108] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a9d32515
[109] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5d1b5fc7
* Pol Dellaiera updated the Academic Publications [110] page, adding
two publications. [111][112]
[110] https://reproducible-builds.org/docs/publications/
[111] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b98049f2
[112] https://salsa.debian.org/reproducible-builds/reproducible-website/commit/36da2c24
§
Upstream patches
----------------
The Reproducible Builds project detects, dissects and attempts to fix as
many currently-unreproducible packages as possible. We endeavour to send
all of our patches upstream where appropriate. This month, we wrote a
large number of such patches, including:
* Bernhard M. Wiedemann:
* armagetron [113] (date)
* blaspp [114] (hostname)
* cligen [115] (GnuTLSs date)
* cloudflared [116] (date)
* dpdk [117] (Sphinx doctrees)
* fonttosfnt/xorg-x11-fonts [118] (toolchain, date)
* gegl [119] (build machine details)
* gettext-runtime [120] (jar mtime)
* kf6-kirigami+kf6-qqc2-desktop-style [121] (race-condition)
* kubernetes1.26 [122] (backport upstream fix for random path)
* lapackpp [123] (hostname)
* latex2html [124] (nochecks)
* libdb-4_8 [125] (.jar modification time)
* librcc [126] (already merged upstream)
* libreoffice [127] (strip .jar mtimes + clucene-core
[128] toolchain)
* maliit-keyboard [129] (nocheck)
* nautilus [130] (date)
* openblas [131] (CPU type, fixed [132])
* openssl-3 [133] (random-related issue)
* python-ruff [134] (ASLR)
* python3 [135] (date [136], parallelism/race [137])
* reproducible-faketools [138] (0.5.2)
* sphinx [139] (GZip modification time)
* sphinxcontrib [140] (gzip mtime)
[113] https://build.opensuse.org/request/show/1188202
[114] https://github.com/icl-utk-edu/blaspp/pull/87
[115] https://gitlab.com/gnutls/cligen/-/merge_requests/5
[116] https://github.com/cloudflare/cloudflared/pull/1289
[117] https://build.opensuse.org/request/show/1185443
[118] https://gitlab.freedesktop.org/xorg/app/fonttosfnt/-/merge_requests/22
[119] https://build.opensuse.org/request/show/1188550
[120] https://build.opensuse.org/request/show/1188059
[121] https://bugzilla.opensuse.org/show_bug.cgi?id=1228131
[122] https://build.opensuse.org/request/show/1190449
[123] https://github.com/icl-utk-edu/lapackpp/pull/68
[124] https://build.opensuse.org/request/show/1188512
[125] https://build.opensuse.org/request/show/1190247
[126] https://build.opensuse.org/request/show/1188204
[127] https://build.opensuse.org/request/show/1189287
[128] https://build.opensuse.org/request/show/1188447
[129] https://build.opensuse.org/request/show/1185254
[130] https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1555
[131] https://bugzilla.opensuse.org/show_bug.cgi?id=1228177
[132] https://build.opensuse.org/request/show/1190320
[133] https://build.opensuse.org/request/show/1187438
[134] https://github.com/astral-sh/ruff/issues/12169
[135] https://bugzilla.opensuse.org/show_bug.cgi?id=1227999
[136] https://github.com/python/cpython/pull/121872
[137] https://github.com/python/cpython/pull/121883
[138] https://build.opensuse.org/request/show/1186763
[139] https://github.com/sphinx-doc/sphinx/pull/12606
[140] https://github.com/sphinx-doc/sphinxcontrib-devhelp/pull/13
* Chris Lamb:
* #1076368 [141] filed against nautilus [142].
* #1076507 [143] filed against mccode [144].
* #1076806 [145] filed against meson-python [146].
* #1077479 [147] filed against debcraft [148].
* #1077485 [149] filed against pytest [150].
* #1077601 [151] filed against setuptools [152].
[141] https://bugs.debian.org/1076368
[142] https://tracker.debian.org/pkg/nautilus
[143] https://bugs.debian.org/1076507
[144] https://tracker.debian.org/pkg/mccode
[145] https://bugs.debian.org/1076806
[146] https://tracker.debian.org/pkg/meson-python
[147] https://bugs.debian.org/1077479
[148] https://tracker.debian.org/pkg/debcraft
[149] https://bugs.debian.org/1077485
[150] https://tracker.debian.org/pkg/pytest
[151] https://bugs.debian.org/1077601
[152] https://tracker.debian.org/pkg/setuptools
* Fridrich Strba:
* javapackages-tools [153]
* ant [154]
* java-21-openjdk [155]
[153] https://build.opensuse.org/package/show/Java:packages/javapackages-tools
[154] https://build.opensuse.org/package/show/Java:packages/ant
[155] https://build.opensuse.org/package/show/Java:Factory/java-21-openjdk
* Evangelos Ribeiro Tzaras:
* buffybox [156]
[156] https://gitlab.com/postmarketOS/buffybox/-/merge_requests/24
§
Reproducibility testing framework
---------------------------------
The Reproducible Builds project operates a comprehensive testing
framework running primarily at "tests.reproducible-builds.org" [157] in
order to check packages and other artifacts for reproducibility. In
July, a number of changes were made by Holger Levsen, including:
* Grant bremner access to the ionos7 node. [158][159]
* Perform a dummy change to force update of all jobs. [160][161]
In addition, Vagrant Cascadian performed some necessary node maintenance
of the underlying build hosts. [162]
[157] https://tests.reproducible-builds.org
[158] https://salsa.debian.org/qa/jenkins.debian.net/commit/bf4a10cc0
[159] https://salsa.debian.org/qa/jenkins.debian.net/commit/fb5ac9533
[160] https://salsa.debian.org/qa/jenkins.debian.net/commit/d30ab7185
[161] https://salsa.debian.org/qa/jenkins.debian.net/commit/94a1e8367
[162] https://salsa.debian.org/qa/jenkins.debian.net/commit/bc50a42a1
§
If you are interested in contributing to the Reproducible Builds
project, please visit our "Contribute" [163] page on our website.
However, you can get in touch with us via:
* IRC: #reproducible-builds on irc.oftc.net.
* Mastodon: @reproducible_builds at fosstodon.org [164]
* Mailing list: rb-general at lists.reproducible-builds.org [165]
* Twitter: @ReproBuilds [166]
[163] https://reproducible-builds.org/contribute/
[164] https://fosstodon.org/@reproducible_builds
[165] https://lists.reproducible-builds.org/listinfo/rb-general
[166] https://twitter.com/ReproBuilds
--
o
⬋ ⬊
o o reproducible-builds.org 💠
⬊ ⬋
o
More information about the rb-general
mailing list