---
layout: blog
week: 170
published: 2018-07-30 13:06:34
---

* [Ludovic Courtès](http://web.fdn.fr/~lcourtes/) wrote a blog post titled "[Multi-dimensional transactions and rollbacks](https://www.gnu.org/software/guix/blog/2018/multi-dimensional-transactions-and-rollbacks-oh-my/)" which promotes the functional aspects of the [GNU Guix](https://www.gnu.org/software/guix/) package manager as well as its "very strong guarantees in terms of reproducibility and provenance tracking."

* Chris Lamb performed a [Non Maintainer Upload](https://wiki.debian.org/NonMaintainerUpload) (NMU) in Debian of the [GNU mtools](https://www.gnu.org/software/mtools/) package in order to address two reproducibility-related bugs ([#900409](https://bugs.debian.org/900409) & [#900410](https://bugs.debian.org/900410)) that were blocking the inclusion of [his previous merge request to the Debian Installer](https://salsa.debian.org/installer-team/debian-installer/merge_requests/3) to make the installation images bit-for-bit reproducible.

* [NetBSD announced their 8.0 release](http://www.netbsd.org/releases/formal-8/NetBSD-8.0.html) which touts stability improvements and many other features including reproducible builds via `MKREPRO`.

* We are continuing to see "fallout" from the default GCC version in Debian `unstable` moving from GCC 7 to GCC 8. As outlined in [our previous report](https://reproducible-builds.org/blog/posts/169), as we have not updated our build path patches for this newer version it is resulting in a large number of packages becoming unreproducible in our testing framework. Holger has temporarily disabled the scheduling of packages in `unstable` and `experimental` until we have a solution for this.

* Holger also added 26GB to the partition used for Debian reproducible tests on `jenkins.debian.net` so that there is enough free space. This is to cope with the increased space needs due to issues introduced due to the GCC transition 8. This fixed a number of Jenkins jobs that were constantly failing in the last days.

* The [CircleCI](https://circleci.com/) continuous integration platform notes the importance of "deterministic builds" in a [training video it has produced](https://www.youtube.com/watch?v=xOSHKNUIkjY). As many projects use CircleCI, their emphasis on making builds deterministic should help spread that related concept elsewhere.

* Three Debian package reviews were added, one was updated and one was removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).

* In the upcoming week a number of the Reproducible Builds team are at [DebConf18](https://debconf18.debconf.org/), the annual Debian Developers conference. The [schedule](https://debconf18.debconf.org/schedule/) includes talks entitled:

  * "[Reproducible Buster and beyond](https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/)" by the Reproducible Builds team.
  * "[My crush on GNU Guix](https://debconf18.debconf.org/talks/99-my-crush-on-gnu-guix/)" by Vagrant Cascadian.
  * "[Software transparency: package security beyond signatures and reproducible builds](https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/)" by Benjamin Hof.


Upstream work
-------------

* Bernhard M. Wiedemann:

    * [sphinx](https://build.opensuse.org/request/show/624654) (hostname, kernel-ver)
    * [rnd\_jue](https://build.opensuse.org/request/show/624665) (date)
    * [nmh](https://build.opensuse.org/request/show/624777) (hostname, date, [filed upstream](https://savannah.nongnu.org/support/index.php?109535))
    * [gnubg](https://build.opensuse.org/request/show/625008) (compile-time-CPU-detection)
    * [mhvtl](https://github.com/markh794/mhvtl/pull/26) (date)
    * [minikube](https://github.com/kubernetes/minikube/pull/3009) (merged, date+time, use `SOURCE_DATE_EPOCH`)
    * [gettext](https://savannah.gnu.org/bugs/index.php?54367) (merged, help2man date)
    * [pytest](https://github.com/pytest-dev/pytest/pull/3710) (merged, fix date (copyright year))
    * [efivar](https://github.com/rhboot/efivar/pull/115) (ASLR, use `memset(3)`)
    * [gnu-cobol](https://savannah.gnu.org/bugs/index.php?54361) (`date`)
    * [R-PKI/R-base](https://bugzilla.opensuse.org/show_bug.cgi?id=1102299) (`date`)
    * [rust](https://github.com/rust-lang/rust/issues/50556) (random `cmpq` - from hash order?)
    * [util-linux](https://github.com/karelzak/util-linux/issues/668) (ask for easier disabling of ASLR)
    * [perl-IO-Socket-SSL](https://bugzilla.opensuse.org/show_bug.cgi?id=1102852) (FTBFS-2019-03)
    * [ibutils](https://bugzilla.opensuse.org/show_bug.cgi?id=1102911) (FTBFS with -j1)


tests.reproducible-builds.org development
-----------------------------------------

There were a number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org/):

* Holger Levsen:
    * [Show offline nodes as offline on nodes health overview page](https://salsa.debian.org/qa/jenkins.debian.net/commit/a22841d0).
    * [Stop scheduling sid and experimental altogether](https://salsa.debian.org/qa/jenkins.debian.net/commit/1e91c278).

* Mattia Rizzolo:
    * [Mark `opi2a-armhf-rb.debian.net` as offline for now](https://salsa.debian.org/qa/jenkins.debian.net/commit/d393b107).


Misc.
-----

This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.