---
layout: blog
week: 197
published: 2019-02-05 15:15:04
---

Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday January 27th and Saturday February 2nd 2019:

* There was yet more progress towards making the [Debian Installer](https://www.debian.org/devel/debian-installer/) images reproducible. Following-on from last week, [Chris Lamb](https://chris-lamb.co.uk/) performed some further testing of the generated images resulting in two patches to ensure that builds were reproducible regardless of both the user's `umask(2)` (filed as [#920631](https://bugs.debian.org/920631)) and even the underlying ordering of files on disk ([#920676](https://bugs.debian.org/920676)). It is hoped these can be merged for the next Debian Installer alpha/beta after the [recent "Alpha 5" release](https://lists.debian.org/debian-devel-announce/2019/02/msg00000.html).

* [Tails](https://tails.boum.org/), the privacy-oriented "live" operating system [released its first USB image](https://tails.boum.org/news/version_3.12/index.en.html), which is reproducible.

* Chris Lamb implemented a check in the [Lintian](https://lintian.debian.org/) static analysis tool that performs automated checks against Debian packages in order to add a check for `.sass-cache` directories. As as they contain non-deterministic subdirectories they immediately contribute towards an unreproducible build ([#920593](https://bugs.debian.org/920593)).
* `disorderfs` is our [FUSE](https://github.com/libfuse/libfuse)-based filesystem that deliberately introduces non-determinism into filesystems for easy and reliable testing. Chris Lamb fixed an issue this week in the handling of the `fsyncdir` system call to ensure `dpkg(1)` can "flush" `/var/lib/dpkg` correctly [[...](https://salsa.debian.org/reproducible-builds/disorderfs/commit/bd35aeb)].

* Hervé Boutemy made more updates to the [reproducible-builds.org](https://reproducible-builds.org) project website, including documenting `mvn.build-root` [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f773b20)]. In addition, Chris Smith fixed a typo on the [tools]({{ "/tools/" | relative_url }}) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5a279ff)] and Holger Levsen added a link to Lukas's report to the [recent Paris Summit](https://reproducible-builds.org/events/paris2018/) page [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ad57305)].

* `strip-nondeterminism` is our tool that post-processes files to remove known non-deterministic output) version. This week, Chris Lamb investigated an issue regarding the tool [not normalising file ownerships in `.epub` files](https://bugs.debian.org/920732) that was originally identified by Holger Levsen, as well as clarified the negative message in test failures [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/3f4ba2f)] and performed some code cleanups (eg. [[...](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/a553d34)]).

* Chris Lamb updated the SSL certificate for [try.diffoscope.org](https://try.diffoscope.org) to ensure validation after the [deprecation of TLS-SNI-01 validation](https://community.letsencrypt.org/t/upcoming-tls-sni-deprecation-in-certbot/76383) in [LetsEncrypt](https://letsencrypt.org/).

* Reproducible Builds were present at [FOSDEM 2019](https://fosdem.org/2019/schedule/) handing out t-shirts to contributors. Thank you!

* On Tuesday February 26th Chris Lamb will speak at [Speck&Tech 31 "Open Security"](https://www.eventbrite.com/e/specktech-31-open-security-tickets-53503912643) on Reproducible Builds in Trento, Italy.

* 6 Debian package reviews were added, 3 were updated and 5 were removed in this week, adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb unearthed a new toolchain issue [`randomness_in_documentation_underscore_downloads_generated_by_sphinx`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/73748b20), .


## Packages reviewed and fixed, and bugs filed

* Bernhard M. Wiedemann:
    * [flashfocus](https://build.opensuse.org/request/show/670190), [policycoreutils](https://build.opensuse.org/request/show/670302), [tensorflow](https://build.opensuse.org/request/show/670481): Fix build with new Python 3.7.
    * [glfw](https://build.opensuse.org/request/show/670533): Use `find|sort` [requiring a patch to `geany`](https://github.com/geany/geany/pull/1991).
    * [javapackages-tools](https://github.com/fedora-java/javapackages/pull/66): sort / [Address space layout randomization (ASLR)](https://en.wikipedia.org/wiki/Address_space_layout_randomization).
    * [libfaketime](https://github.com/wolfcw/libfaketime/issues/183): Correct bug relating to incorrectly faked stat results.

* Chris Lamb:
    * [#891194](https://bugs.debian.org/891194) filed against [3dldf](https://tracker.debian.org/3dldf) (now [forwarded upstream](https://savannah.gnu.org/bugs/?55605)).
    * [#920591](https://bugs.debian.org/920591) filed against [lambda-align2](https://tracker.debian.org/pkg/lambda-align2).
    * [#920592](https://bugs.debian.org/920592) filed against [roaraudio](https://tracker.debian.org/pkg/roaraudio).
    * [#920594](https://bugs.debian.org/920594) filed against [papi](https://tracker.debian.org/pkg/papi).
    * [#920595](https://bugs.debian.org/920595) filed against [ukui-themes](https://tracker.debian.org/pkg/ukui-themes).
    * [#920792](https://bugs.debian.org/920792) filed against [ansible](https://tracker.debian.org/pkg/ansible) ([forwarded upstream](https://github.com/ansible/ansible/pull/51419)).

## Test framework development

We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). This week, Holger Levsen made a large number of improvements including:

* [Arch Linux](https://www.archlinux.org/)-specific changes:
    * The scheduler is now run every 4h so present stats for this time period. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/50ae9c1e)]
    * Fix detection of bad builds. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/34e71830)]

* [LEDE](https://en.wikipedia.org/wiki/LEDE)/OpenWrt-specific changes:
    * Make [OpenSSH](https://www.openssh.com/) usable with a TCP port other than `22`. This is needed for our [OSUOSL](https://osuosl.org/) nodes. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/2c70a07f)]
    * Perform a minor refactoring of the build script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1344438f)]

* [NetBSD](https://www.netbsd.org/)-specific changes:
    * Add a `~jenkins/.ssh/config` to fix jobs regarding OpenSSH running on non-standard ports. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/1399fd01)]
    * Add a note that `osuosl171` is constantly online. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/288ea56c)]

* Misc/generic changes:
    * Use same configuration for `df_inode` as for `df` to reduce noise. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/47bb2f76)]
    * Remove a now-bogus warning; we have its parallel in Git now. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5042bb23)]
    * Define `ControlMaster` and `ControlPath` in our OpenSSH configurations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/787df673)]

In addition, Mattia Rizzolo and Vagrant Cascadian performed maintenance of the build nodes. ([[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/5326d930)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4e807cdb)], [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e55e6fbf)], etc.)

---

This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, intrigeri & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.