---
layout: blog
week: 50
published: 2016-04-18 16:04:22
---

What happened in the [reproducible
builds](https://wiki.debian.org/ReproducibleBuilds) effort between April 3rd and April 9th 2016:

Media coverage
--------------

Emily Ratliff wrote an article for SecurityWeek called [Establishing Correspondence Between an Application and its Source Code - How Combining Two Completely Separate Open Source Projects Can Make Us All More Secure](http://www.securityweek.com/establishing-correspondence-between-application-and-its-source-code).

Tails have [started work](https://tails.boum.org/news/report_2016_03/) on a
design for [freezable APT repositories](https://tails.boum.org/blueprint/freezable_APT_repository/) to make it easier and practical to perform reproductions of an entire distribution at a given point in time, which will be needed to create reproducible installation- or live-media.

Toolchain fixes
---------------

Alexis Bienvenüe submitted patches adding support for
[SOURCE_DATE_EPOCH](https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal)
in several tools: [transfig](https://bugs.debian.org/819911),
[imagemagick](https://bugs.debian.org/819914),
[rdtool](https://bugs.debian.org/820144), and
[asciidoctor](https://bugs.debian.org/820435). boyska submitted one for
[python-reportlab](https://bugs.debian.org/820169).

Packages fixed
--------------

The following packages have become reproducible due to changes in their
build dependencies:
[atinject-jsr330](https://tracker.debian.org/atinject-jsr330)
[brailleutils](https://tracker.debian.org/brailleutils)
[cglib3](https://tracker.debian.org/cglib3)
[gnugo](https://tracker.debian.org/gnugo)
[libcobra-java](https://tracker.debian.org/libcobra-java)
[libgnumail-java](https://tracker.debian.org/libgnumail-java)
[libjchart2d-java](https://tracker.debian.org/libjchart2d-java)
[libjcommon-java](https://tracker.debian.org/libjcommon-java)
[libjfreechart-java](https://tracker.debian.org/libjfreechart-java)
[libjide-oss-java](https://tracker.debian.org/libjide-oss-java)
[liblaf-widget-java](https://tracker.debian.org/liblaf-widget-java)
[liblastfm-java](https://tracker.debian.org/liblastfm-java)
[liboptions-java](https://tracker.debian.org/liboptions-java)
[octave-control](https://tracker.debian.org/octave-control)
[octave-mpi](https://tracker.debian.org/octave-mpi)
[octave-nan](https://tracker.debian.org/octave-nan)
[octave-parallel](https://tracker.debian.org/octave-parallel)
[octave-stk](https://tracker.debian.org/octave-stk)
[octave-struct](https://tracker.debian.org/octave-struct)
[octave-tsa](https://tracker.debian.org/octave-tsa)
[oar](https://tracker.debian.org/oar)

The following packages became reproducible after getting fixed:

 * [apt-listchanges](https://tracker.debian.org/apt-listchanges)/2.88 by Robert Luberda.
 * [cgal](https://tracker.debian.org/cgal)/4.8-1 by Joachim Reichel.
 * [erlang-bitcask](https://tracker.debian.org/erlang-bitcask)/2.0.2+dfsg-1 by Nobuhiro Iwamatsu.
 * [geneweb](https://tracker.debian.org/geneweb)/6.08+git20160228+dfsg-2 by Guillaume Brochu.
 * [glance](https://tracker.debian.org/glance)/2:12.0.0~rc2-1 uploaded by Thomas Goirand, [original patch](https://bugs.debian.org/807475) by Chris Lamb.
 * [gle-graphics](https://tracker.debian.org/gle-graphics)/4.2.5-4 by Christian T. Steigies.
 * [maude](https://tracker.debian.org/maude) uploaded by Andreas Tille, [patch](https://bugs.debian.org/819948) by Alexis Bienvenüe.
 * [psqlodbc](https://tracker.debian.org/psqlodbc)/1:09.05.0100-3 by Christoph Berg.
 * [resource-agents](https://tracker.debian.org/resource-agents)/1:3.9.7-3 by Christoph Berg.
 * [vgabios](https://tracker.debian.org/vgabios)/0.7a-6 by Reiner Herrmann.
 * [vim](https://tracker.debian.org/vim)/2:7.4.1689-2 by James McCoy.
 * [xmhtml](https://tracker.debian.org/xmhtml)/1.1.10-2 by Graham Inggs with Reiner Herrmann's help.
 * [xscreensaver](https://tracker.debian.org/xscreensaver)/5.34-2 uploaded by Tormod Volden, [original patch](https://bugs.debian.org/819595) by Sascha Steinbiss.

Several uploads fixed some reproducibility issues, but not all of them:

 * [rkward](https://tracker.debian.org/rkward)/0.6.5-1 uploaded by Thomas Friedrichsmeier, [original patch](https://bugs.debian.org/783290) by Philip Rinn.
 * [mailfilter](https://tracker.debian.org/mailfilter)/0.8.4-1 uploaded by Elimar Riesebieter, [original patch](https://bugs.debian.org/778264) by Chris Lamb.
 * [bind9](https://tracker.debian.org/bind9)/1:9.10.3.dfsg.P4-6 uploaded by Michael Gilbert, [original patch](https://bugs.debian.org/783885) by Reiner Herrmann.
 * [bzr](https://tracker.debian.org/bzr)/2.7.0-{3,4} by Jelmer Vernooij.
 * [samba](https://tracker.debian.org/samba)/2:4.3.6+dfsg-2 uploaded by Mathieu Parent, fix by Jelmer Vernooij.
 * [fwupdate](https://tracker.debian.org/fwupdate)/0.5-3 by Mario Limonciello.
 * [paraview](https://tracker.debian.org/paraview)/5.0.1+dfsg1-1 by Anton Gladky.

Patches submitted which have not made their way to the archive yet:

 * [#819883](https://bugs.debian.org/819883) on [debootstrap](https://tracker.debian.org/debootstrap) by Reiner Herrmann: tell tar to sort the archive members.
 * [#819885](https://bugs.debian.org/819885) on [chktex](https://tracker.debian.org/chktex) by Sascha Steinbiss: use the time of latest `debian/changelog` entry as documentation timestamp.
 * [#819915](https://bugs.debian.org/819915) on [kannel](https://tracker.debian.org/kannel) by Alexis Bienvenüe: use the time of latest `debian/changelog` entry as documentation timestamp.
 * [#819921](https://bugs.debian.org/819921) on [basket](https://tracker.debian.org/basket) by Alexis Bienvenüe: remove build date from debug info.
 * [#819965](https://bugs.debian.org/819965) on [openarena-data](https://tracker.debian.org/openarena-data) by Alexandre Detiste: normalize file permissions before creating `.pk3` archive.
 * [#820016](https://bugs.debian.org/820016) on [gabedit](https://tracker.debian.org/gabedit) by Alexis Bienvenüe: sort object files used to build the executable.
 * [#820032](https://bugs.debian.org/820032) on [bibledit-gtk](https://tracker.debian.org/bibledit-gtk) by Alexis Bienvenüe: remove useless included `Makefile`.
 * [#820072](https://bugs.debian.org/820072) on [synfig](https://tracker.debian.org/synfig) by Alexis Bienvenüe: remove build date from info output.
 * [#820148](https://bugs.debian.org/820148) on [autopkgtest](https://tracker.debian.org/autopkgtest) by Alexis Bienvenüe: fix install order to cope with locales with case insensitive globbing.
 * [#820152](https://bugs.debian.org/820152) on [anope](https://tracker.debian.org/anope) by Alexis Bienvenüe: remove build date from the version string.
 * [#820179](https://bugs.debian.org/820179) on [aodh](https://tracker.debian.org/aodh) by Alexis Bienvenüe: remove build date from the documentation.
 * [#820183](https://bugs.debian.org/820183) on [cython](https://tracker.debian.org/cython) by Alexis Bienvenüe: add support `SOURCE_DATE_EPOCH`.
 * [#820194](https://bugs.debian.org/820194) on [nasm](https://tracker.debian.org/nasm) by rain1: sorts keys when traversing hash tables used to build the documentation.
 * [#820226](https://bugs.debian.org/820226) on [chrony](https://tracker.debian.org/chrony) by Alexis Bienvenüe: add support for `SOURCE_DATE_EPOCH` to preset the `ntp_era_split` parameter.
 * [#820457](https://bugs.debian.org/820457) on [recode](https://tracker.debian.org/recode) by Alexis Bienvenüe: use system `help2man`.
 * [#820522](https://bugs.debian.org/820522) on [gtkspell](https://tracker.debian.org/gtkspell) by Alexis Bienvenüe: force shell to `/bin/sh` in example `Makefile`.

Other upstream fixes
--------------------

Alexander Batischev made a
[commit](https://github.com/akrennmair/newsbeuter/commit/cd794477f51d5ea40a7b1a163f426d10222db6a7)
to make [newsbeuter](https://tracker.debian.org/pkg/newsbeuter) reproducible.

tests.reproducible-builds.org
-----------------------------

 * An architecture agnostic summary has been added to the [reproducible-tracker.json](https://tests.reproducible-builds.org/reproducible-tracker.json) by Valerie Young to make it easy to parse whether a package is unreproducible anywhere.
 * To find more reproducibility issues a new variation was added to the i386 builders, so that one build is done using a 32 bit kernel (686-PAE) and the other build is using a 64 bit kernel (amd64). (h01ger)
   * Niko Tyni was the first to notice a bug due to this: [#821182 perl: embeds kernel architecture information](https://bugs.debian.org/821182)
 * The 2nd builds are now done in fr_CH on amd64, de_CH on i386 and it_CH on armhf. (h01ger)
 * The [variation table](https://tests.reproducible-builds.org/reproducible.html#variation) has been updated to reflect the recent changes and various small bugs have been fixed. (h01ger)

Package reviews
---------------

93 [reviews](https://reproducible.debian.net/unstable/amd64/index_notes.html)
have been removed, 66 added and 21 updated in the previous week.

12 new FTBFS bugs have been reported by Chris Lamb and Niko Tyni.

Misc.
-----

This week's edition was written by Lunar, Holger Levsen, Reiner Herrmann, Mattia Rizzolo and Ximin Luo.

With the departure of Lunar as a full-time contributor, Reproducible Builds
Weekly News (this thing you're reading) has moved from his [personal Debian
blog](https://people.debian.org/~lunar/blog/posts/) on Debian People to the
Reproducible Builds team web site on Debian Alioth. You may want to update your
[RSS](https://reproducible.alioth.debian.org/blog/index.rss) or
[Atom](https://reproducible.alioth.debian.org/blog/index.atom) feeds.

Very many thanks to Lunar for writing and publishing this weekly news for so long, well & continuously!