---
layout: blog
week: 133
published: 2017-11-20 15:11:35
---

Here's what happened in the [Reproducible
Builds](https://reproducible-builds.org) effort between Sunday November 5 and
Saturday November 11 2017:


Upcoming events
---------------

On November 17th Chris Lamb will present at [Open Compliance
Summit](http://events.linuxfoundation.org/events/open-compliance-summit/),
Yokohama, Japan on how reproducible builds ensures the long-term sustainability
of technology infrastructure.

We plan to hold [an assembly at
34C3](https://events.ccc.de/congress/2017/wiki/index.php/Assembly:Reproducible-Builds)
- hope to see you there!


LEDE CI tests
-------------

Thanks to the work of lynxis, Mattia and h01ger, we're now testing all LEDE
packages in our setup. This is our [first result for the ar71xx
target](https://tests.reproducible-builds.org/lede/lede_ar71xx.html): "502
(100.0%) out of 502 built images and 4932 (94.8%) out of 5200 built packages
were reproducible in our test setup." - see below for details how this was
achieved.


Bootstrapping and Diverse Double Compilation
--------------------------------------------

As a follow-up of a [discussion on bootstrapping compilers we had on the Berlin
summit](https://pad.riseup.net/p/reproduciblebuildsIII-crossdistro), Bernhard
and Ximin worked on a Proof of Concept for Diverse Double Compilation of tinycc
(aka tcc).

Ximin Luo did a successful [diverse-double compilation of
tinycc](https://github.com/bmwiedemann/ddcpoc/) git HEAD using gcc-7.2.0,
clang-4.0.1, icc-18.0.0 and pgcc-17.10-0 (pgcc needs to triple-compile it).
More variations are planned for the future, with the eventual aim to reproduce
the same binaries cross-distro, and extend it to test GCC itself.


Packages reviewed and fixed, and bugs filed
-------------------------------------------

Patches filed upstream:

* Bernhard M. Wiedemann:
  * [clang](https://bugs.llvm.org/show_bug.cgi?id=35277) - ASLR affects
    objective-C binaries.
* Chris Lamb:
  * [nbsphinx](https://github.com/spatialaudio/nbsphinx/pull/145) (merged) -
    Random UUIDs used as element selectors.
  * [stardicter](https://github.com/nijel/stardicter/pull/2) (merged) -
    `SOURCE_DATE_EPOCH` support.
  * [stetl](https://github.com/geopython/stetl/pull/64) - Build path in
    documentation.

Patches filed in Debian:

* Bernhard M. Wiedemann:
  * [#881231](https://bugs.debian.org/881231) filed against [chasen](https://tracker.debian.org/pkg/chasen) - Uninitialized memory from
    struct padding written into data files.
* Adrian Bunk:
  * [#881453](https://bugs.debian.org/881453) filed against [primesieve](https://tracker.debian.org/pkg/primesieve) - FTBFS.
* Chris Lamb:
  * [#881089](https://bugs.debian.org/881089) filed against [stardicter](https://tracker.debian.org/pkg/stardicter) - (merged) `SOURCE_DATE_EPOCH`.
  * [#881094](https://bugs.debian.org/881094) filed against [nbsphinx](https://tracker.debian.org/pkg/nbsphinx) - random UUIDs.
  * [#881157](https://bugs.debian.org/881157) filed against [designate](https://tracker.debian.org/pkg/designate) - build path.
  * [#881217](https://bugs.debian.org/881217) filed against [python-stetl](https://tracker.debian.org/pkg/python-stetl) - build path.
  * [#881258](https://bugs.debian.org/881258) filed against [sphinx-intl](https://tracker.debian.org/pkg/sphinx-intl) - drop date.
  * [#881259](https://bugs.debian.org/881259) filed against [soundmodem](https://tracker.debian.org/pkg/soundmodem) - build path.
  * [#881262](https://bugs.debian.org/881262) filed against [node-module-deps](https://tracker.debian.org/pkg/node-module-deps) - build path.
  * [#881474](https://bugs.debian.org/881474) filed against [phatch](https://tracker.debian.org/pkg/phatch) - random memory address.
* Daniel Kahn Gillmor:
  * [#881152](https://bugs.debian.org/881152) filed against [npth](https://tracker.debian.org/pkg/npth) - build path.

Patches filed in openSUSE:

* Bernhard M. Wiedemann:
  * [i4l-base](https://build.opensuse.org/request/show/539442) (merged) -
    Uninitialized memory written to output.


Reviews of unreproducible packages
----------------------------------

73 package reviews have been added, 88 have been updated and 40 have been removed in this week,
adding to our knowledge about [identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).

4 issue types have been updated:

- Add [randomness\_in\_files\_generated\_by\_pinyin\_gen\_binary\_files](https://tests.reproducible-builds.org/issues/unstable/randomness\_in\_files\_generated\_by\_pinyin\_gen\_binary\_files_issue.html).
- Add [build\_path\_captured\_in\_assembly\_objects](https://tests.reproducible-builds.org/issues/unstable/build\_path\_captured\_in\_assembly\_objects_issue.html).
- Add [timestamps\_in\_ifo\_files\_generated\_by\_python\_stardicter](https://tests.reproducible-builds.org/issues/unstable/timestamps\_in\_ifo\_files\_generated\_by\_python\_stardicter_issue.html).
- Update [timestamps\_in\_source\_generated\_by\_rcc](https://tests.reproducible-builds.org/issues/unstable/timestamps\_in\_source\_generated\_by\_rcc_issue.html).


Weekly QA work
--------------

During our reproducibility testing, FTBFS bugs have been detected and reported by:

 - Adrian Bunk (69)
 - Andreas Beckmann (3)
 - Dmitry Shachnev (1)
 - Graham Inggs (1)


diffoscope development
----------------------

Mattia Rizzolo [uploaded](https://tracker.debian.org/news/885342) version
`88~bpo9+1` to stretch-backports.


reprotest development
---------------------

- Ximin Luo:
    - build: add comment that `util-linux` confirmed bug in nsenter, awaiting fix.
    - Make `--print-sudoers` work for `--env-build` as well.


reproducible-website development
--------------------------------

- Holger Levsen:
    - rws3: add OTF as sponsor
    - rws3: add F-Droid, riot-os.org
- Chris Lamb:
    - Move the "contribute" page from the Debian wiki to `/contribute/` on our
      main website.
- Eitan Adler:
    - Fix typo in FreeBSD mailing list.


theunreproduciblepackage development
------------------------------------

- Bernhard M. Wiedemann:
    - [aslr: document per-process workaround](https://github.com/bmwiedemann/theunreproduciblepackage/commit/32c0267d64ec730ace4a0bd710fc701018a50c6c)
    - [aslr: add examples](https://github.com/bmwiedemann/theunreproduciblepackage/commit/0df6c17a738cae30c000c4d4ed3e2bc4636a5939)


tests.reproducible-builds.org in detail
---------------------------------------

- Mattia Rizzolo:
    - reproducible archlinux: enable debugging mode
    - reproducible archlinux: don't use hidden files for the package lists
    - reproducible fedora: don't use hidden files for the package lists
    - udd-query: move from public-udd-mirror.xvm.mit.edu to udd-mirror.debian.net
    - udd-query: remove the temporary file with a trap in case this script is called with the wrong argument, and in case of failures, etc, the temporary file would be left around otherwise
    - reproducible debian: schroot-create: drop the reproducible gpg keyring into /etc/apt/trusted.gpg.d/ instead of using `apt-key add`
    - reproducible debian: setup_pbuilder: drop the reproducible gpg keyring into /etc/apt/trusted.gpg.d/ instead of using `apt-key add`
    - reprodocible debian: setup_pbuilder: stop installing gnupg2 in our chroot, not needed anymore now
    - Mattia also merged and deployed some commits from others this week.

- Alexander 'lynxis' Couzens
    - reproducible_lede: use correct place/variable to save results: Results on remote nodes are expected to be under $TMPDIR, which defined by openwrt_build. RESULTSDIR is undefined on the remote node
    - reproducible_lede: enable building all packages again, after it was disabled to improve the debug speed.
    - reproducible_lede: correct given path for node_cleanup_tmpdirs & node_save_logs-
    reproducible_lede: enable CONFIG_BUILDBOT to reduce inodes while building.

- kpcyrd:
    - reproducible-archlinux: try porting abs to asp
    - reproducible-archlinux: explicitly sync packages
    - reproducible-archlinux: use sudo for pacman

- Hans-Christoph Steiner:
    - reproducible fdroid: point jenkins to canonical URL
    - reproducible_fdroid: separate testsuite into its own job
    - reproducible fdroid: sync upstream script names with jenkins.debian.net, make things self-documenting by reusing the same names everywhere.
    - reproducible_fdroid_test: make script executable

- Chris Lamb:
    - Move some IRC announcements to #debian-reproducible-changes.

- Holger Levsen:
    - reproducible LEDE: try to deal gracefully with problems and report
    - as usual, Holger merged many of the above commits and deployed them.


Misc.
-----

This week's edition was written by Ximin Luo, Bernhard M. Wiedemann, Chris Lamb
and Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC &
the mailing lists.