--- layout: blog week: 206 published: 2019-04-10 08:29:29 --- Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday March 31 and Saturday April 6 2019: * Bernhard M. Wiedemann wrote a blog post about his [import of openSUSE Tumbleweed into IPFS](https://lizards.opensuse.org/2019/04/03/experimental-opensuse-mirror-via-ipfs/) to aid verification of older binaries. * [Chris Lamb](https://chris-lamb.co.uk/) filed a wishlist bug against Debian's [`jenkins.debian.org`](http://bugs.debian.org/jenkins.debian.org) "[pseudo-package](https://www.debian.org/Bugs/pseudo-packages)" to request that we test and ensure the reproducibility status of [Debian Installer](https://www.debian.org/devel/debian-installer/) images. * [diffoscope](https://diffoscope.org/) is our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages. This week Chris Lamb changed the behaviour such that specifying "`-`" (a hyphen) is explicitly required on the command-line to read a single diff from standard input to avoid somewhat non-intuitive behaviour when *diffoscope* is called without any arguments ([[#54](https://salsa.debian.org/reproducible-builds/diffoscope/issues/54)]). In addition, [Holger Levsen](http://layer-acht.org/thinking/) requested permission for [diffoscope](https://diffoscope.org/) version `113` to enter the upcoming Debian *buster* release via bug [#926065](https://bugs.debian.org/926065). This was subsequently processed by Jonathan Wiltshire. * 33 reviews of Debian packages were added, 2 were updated and 8 were removed in this week adding to [our knowledge about identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). Chris Lamb identified and triaged a fresh toolchain issue, [`randomness_in_perl6_precompiled_libraries`](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/b718ab29). * There were a number of updates to the [reproducible-builds.org project website](https://reproducible-builds.org) including Chris Lamb adding an explicit link to the "[who]({{ "/who/" | relative_url }})" and "[donate]({{ "/donate/" | relative_url }})" pages in the new footer template [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/2d14946)][[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7a95a81)] as well as tidying the language a little[[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/7a222f0)]. In addition, Daniel Shahaf adding an April's Fools joke [[...](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/68f4b00)]. * On our [mailing list](https://lists.reproducible-builds.org/pipermail/rb-general/), David A. Wheeler started a thread regarding the [definition of reproducibility](https://lists.reproducible-builds.org/pipermail/rb-general/2019-April/001523.html) and how it appears on the [reproducible-builds.org project website](https://reproducible-builds.org). * Chris Lamb updated the [LetsEncrypt](https://letsencrypt.org/) SSL certificate for [buildinfo.debian.net](https://buildinfo.debian.net). * On the [Software Freedom Conservancy](https://sfconservancy.org/) blog, [Pamela Chestek](https://chesteklegal.com/) wrote a post titled "[Do You Know Where Your Code Came From?](https://sfconservancy.org/blog/2019/apr/04/nosource-nosecurity/)" which references the Reproducible Builds project. In addition,Reproducible Builds (and supply chain security in general) were mentioned on [episode 15 of the LibreLounge podcast](https://librelounge.org/episodes/episode-15-at-libre-planet-with-sean-obrien.html). ## Packages reviewed and fixed, and bugs filed * Bernhard M. Wiedemann: * [mstflint](https://github.com/Mellanox/mstflint/pull/57) (date/time) * [mhvtl](https://github.com/markh794/mhvtl/pull/39) (time) * A number of fixes for the [pesign-obs-integration](https://github.com/openSUSE/pesign-obs-integration) to [pass through RPM `%licence` filetype tag](https://github.com/openSUSE/pesign-obs-integration/pull/13) and [better keep RPM bits](https://github.com/openSUSE/pesign-obs-integration/pull/14) and a related [fix of an RPM bug](https://github.com/rpm-software-management/rpm/pull/656) * [oyranos](https://github.com/oyranos-cms/oyranos/pull/52) (`uname -r`) * [linphone](https://github.com/BelledonneCommunications/linphone/pull/112) (sort Python `readdir`) * [mvapich2](http://mailman.cse.ohio-state.edu/pipermail/mvapich-discuss/2019-April/006837.html) (sort `readdir`) * [miredo](http://git.remlab.net/gitweb/?p=miredo.git;a=commitdiff;h=a31ef243d0038bf22bfe5f03b9f377a8819c5da0) (hostname) * [python-Django1](https://build.opensuse.org/request/show/690652) ("FTBFS-2028") * [inotify-tools](https://build.opensuse.org/request/show/691329) (date [orphaned upstream](https://github.com/rvoicilas/inotify-tools/pull/97)) * [warzone2100](https://build.opensuse.org/request/show/691438) (`sort zip -X` [already upstream](https://github.com/Warzone2100/warzone2100/pull/98)) * [diffoscope](https://build.opensuse.org/request/show/691762) (update to version 113) * Chris Lamb: * [#926298](https://bugs.debian.org/926298) filed against [adms](https://tracker.debian.org/pkg/adms). * [#926300](https://bugs.debian.org/926300) filed against [qpid-proton](https://tracker.debian.org/pkg/qpid-proton). * [#926301](https://bugs.debian.org/926301) filed against [coda](https://tracker.debian.org/pkg/coda). * [#926421](https://bugs.debian.org/926421) filed against [netcdf-parallel](https://tracker.debian.org/pkg/netcdf-parallel). ## Test framework development * We operate a comprehensive [Jenkins](https://jenkins.io/)-based testing framework that powers [tests.reproducible-builds.org](https://tests.reproducible-builds.org). The following changes were done this week: * Chris Lamb: * Avoid double spaces in IRC output, eg. "`Failed http://example.com/`". [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/f4b80011)] * Holger Levsen: * Don't turn nodes offline too quickly. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0e33802d)] * Add new experimental [buildinfos.debian.net](https://buildinfos.debian.net) service. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/4bcef9ec)] * Allow "long-running" `.buildinfo` download runners. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/3cf2f09d)] * Node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/84e2ca8e)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/993c6772)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/fc38984b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/0b0ec92b)][[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/81c9cc0b)] * Mattia Rizzolo: * Apply [`flake8`](http://flake8.pycqa.org/en/latest/) to the `email2irc.py` script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/31f0e955)] * Install the `python3-yaml` library everywhere as it is needed by the deploy script. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/46d33b21)] * Special-case the `src:debian-installer` package as it has "special" download requirements. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/e3117ca2)] (see [#926242](https://bugs.debian.org/926242)) * Add the new `reproducible-builds.org` [mail server](https://en.wikipedia.org/wiki/Message_transfer_agent) to our [Munin](http://munin-monitoring.org/) configurations. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/9ddd1042)] * Drop the old [Alioth](https://en.wikipedia.org/wiki/Alioth_(Debian)) OpenSSH key from Jenkins' `authorized_keys`. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/116e7a39)] * Node maintenance. [[...](https://salsa.debian.org/qa/jenkins.debian.net/commit/a780e10f)] --- This week's edition was written by Bernhard M. Wiedemann, Chris Lamb, Daniel Shahaf, Holger Levsen, Mattia Rizzolo & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.