--- layout: blog week: 184 published: 2018-11-06 18:52:52 --- **If you're interested in attending the Reproducible Builds summit in Paris between 11th—13th December [please see our event page](https://reproducible-builds.org/events/paris2018/).** In the meantime, here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday October 28 and Saturday November 3 2018: * Vagrant Cascadian has [probed the Debian package archives](https://lists.reproducible-builds.org/pipermail/rb-general/2018-October/001239.html) and found that in the current Debian `sid`, 88 out of the 154 (57%) Debian binary packages installed in a minimal system can be verifiably reproduced. For a long time, 25,561 out of 27,427 (93%) of the total source packages in the Debian archive have been known to be [reproducible in a our testing environment](https://tests.reproducible-builds.org/debian/buster/index_suite_amd64_stats.html). While 57% is a lower figure it could be considered a more substantial statistic as it is not a measure of packages that behave well under carefully controlled conditions but of "real world" Debian artifacts that are installed on end-user systems. * On Tuesday 6th November, Chris Lamb [will host a seminar](http://talks.cam.ac.uk/talk/index/114232) at the William Gates Building at the University of Cambridge on reproducible builds as part of the [Computer Laboratory NetOS Group](https://www.cl.cam.ac.uk/research/srg/netos/). * Félix Sipma [submitted a merge request](https://salsa.debian.org/go-team/packages/dh-golang/merge_requests/6) to the [Debian "Go" build tools](https://salsa.debian.org/go-team/packages/dh-golang) to support the `-trimpath=all=` argument which should fix the reproducibility of `restic` as well the categorised [`randomness_in_binaries_generated_by_golang_issue`](https://tests.reproducible-builds.org/debian/issues/unstable/randomness_in_binaries_generated_by_golang_issue.html) toolchain issue. * disorderfs (our [FUSE](https://github.com/libfuse/libfuse)-based filesystem that deliberately introduces non-determinism into filesystems) was updated by Bernhard M. Wiedemann to rename test files to `test_` to make them easier to iterate over ([[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/cde568c)]) and moving the test execution logic into `Makefile` to not require a separate script ([[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/f587ed1)]). After this, Chris Lamb tidied the `Makefiles` ([[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/0232051)]). * Eelco Dolstra — the BFDL of [NixOS](https://nixos.org/) — gave a presentation on the [future roadmap of NixOS](https://www.youtube.com/watch?v=8M6yvJC00J4), referencing reproducible builds. * Chris Lamb noticed that the webpages for the [CLIP OS](https://clip-os.org/) project which aims to build a "hardened, multi-level operating system based on the Linux kernel" [lists bit-for-bit reproducibility in its security roadmap](https://docs.clip-os.org/clipos/security.html#bit-exact-reproducible-builds). ([via LWN](https://lwn.net/SubscriberLink/768819/63f750a55b508108/)) * 59 Debian package reviews were added, 7 were updated and 17 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb updated one issue type ([`randomness_in_binaries_generated_by_golang`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/16748a15)) and two were added ([`dc_created_timestamp_in_javadoc`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/4e0e4a81) & [`randomness_in_fonts_created_by_fontcustom`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/f9c5dc1d)). * Holger Levsen updated our website to add [in-toto](https://in-toto.github.io/) & Google's participation for the [upcoming Paris Summit](https://reproducible-builds.org/events/paris2018/). ([1](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/9f40e5c) & [2](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a97c843)) * [Molly de Blanc](http://deblanc.net/) forwarded [a call for applications](https://lists.reproducible-builds.org/pipermail/rb-general/2018-November/001247.html) for the [Berkman Klein Center for Internet and Society](https://cyber.harvard.edu/) in Cambridge, Massachusetts class of fellows who do research around the intersection of the internet, society, technology, etc. which may be relevant to anyone speaking, thinking, and writing around the implications of Reproducible Builds. * There were a number of updates to our [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org/) by Holger Levsen this week, mostly fighting the load introduced from a number of bots (eg. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/d02a5512)]) but also enhancing the performance of Jenkins via adjusting Java's garbage collection and heap size settings (eg. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9a1f15b3)]). We've been experiencing a high load in our test framework in the last week which we experienced some weeks ago as well after a Jenkins plugin update. However, this time Holger has not been able to get this under control yet and, as such, some test results are currently delayed. Packages reviewed and fixed, and bugs filed ------------------------------------------- * Alexander Bedrossian: * [equivs](https://salsa.debian.org/perl-team/modules/packages/equivs/merge_requests/3) (remove current date) * Amit Biswas: * [#913002](https://bugs.debian.org/913002) filed against [xpra](https://tracker.debian.org/pkg/xpra). * [libzorpll](https://github.com/Balasys/libzorpll/pull/1) (remove build option on i386) * Anoop Nadig: * [verilator](https://salsa.debian.org/electronics-team/verilator/merge_requests/1) (used `SOURCE_DATE_EPOCH`) last week * [bgoffice](https://salsa.debian.org/dmn/bgoffice/merge_requests/1) (timestamp in gzip) week before last * Bernhard M. Wiedemann: * [evolution](https://gitlab.gnome.org/GNOME/evolution/issues/196) (fixed, parallelism-race) * [pocl](https://build.opensuse.org/request/show/645732) (fix compile time CPU detection, [already upstream](https://github.com/pocl/pocl/pull/667)) * [beignet](https://build.opensuse.org/request/show/645792) (drop `.pch`) * [groff](https://build.opensuse.org/request/show/645935) (date & mtime, already upstream) * Chris Lamb: * [#912152](https://bugs.debian.org/912152) filed against [radon](https://tracker.debian.org/pkg/radon). * [#912161](https://bugs.debian.org/912161) filed against [sword](https://tracker.debian.org/pkg/sword). * ["Make the cache filenames deterministic"](https://lists.freedesktop.org/archives/fontconfig/2018-October/006374.html) for [fontconfig](https://www.freedesktop.org/wiki/Software/fontconfig/). * Mathieu Parent: * [#912340](https://bugs.debian.org/912340) filed against [samba](https://tracker.debian.org/pkg/samba). * Maliat Manzur: * [biboumi](https://salsa.debian.org/pkg-voip-team/biboumi/merge_requests/1) (used `SOURCE_DATE_EPOCH`) * Nick Gregory: * [#912299](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912299) filed against [blender](https://tracker.debian.org/pkg/blender) last week * [#913021](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913021) filed against [carbon-c-relay](https://tracker.debian.org/pkg/carbon-c-relay) * Snahil Singh: * [firehol](https://salsa.debian.org/debian/firehol/merge_requests/1) (used `SOURCE_DATE_EPOCH`) Chris Lamb also sent two previously-authored patches for [GNU mtools](https://www.gnu.org/software/mtools/) to ensure the [Debian Installer](https://www.debian.org/devel/debian-installer/) images could become reproducible. ([1](http://lists.gnu.org/archive/html/info-mtools/2018-10/msg00003.html) & [2](http://lists.gnu.org/archive/html/info-mtools/2018-10/msg00004.html)) --- This week's edition was written by Alexander Bedrossian, Amit Biswas, Anoop Nadig, Bernhard M. Wiedemann, Chris Lamb, David A. Wheeler, Holger Levsen, Snahil Singh, Nick Gregory & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.