---
layout: blog
week: 61
published: 2016-07-03 21:07:11
---

What happened in the [Reproducible
Builds](https://wiki.debian.org/ReproducibleBuilds) effort between June 19th and
June 25th 2016.

Media coverage
--------------

- Holger Levsen [gave a talk at openSUSE Conference 2016](https://events.opensuse.org/conference/oSC16/program/proposal/996) explaining the general idea and status of Reproducible Builds. This talk is available as [video recording](https://cdn.media.ccc.de/events/osc/2016/h264-hd/osc16-996-eng-Reproducible_builds_everywhere_and_beyond_hd.mp4).

- This was followed by Bernhard Wiedemannn, detailing his work on [Reproducible Builds for openSUSE](https://events.opensuse.org/conference/oSC16/program/proposal/838) which is also available as [video recording](https://cdn.media.ccc.de/events/osc/2016/h264-hd/osc16-984-eng-openSUSE_and_SUSE_Linux_Enterprise_hd.mp4):
  - openSUSE uses SOURCE_DATE_EPOCH now too
  - How to create bit-for-bit identical RPMs
  - How strip-nondeterminism is Python and thus unsuitable for the openSUSE base system

- [Mozilla awarded $77k](https://blog.mozilla.org/blog/2016/06/22/mozilla-awards-385000-to-open-source-projects-as-part-of-moss-mission-partners-program/) to work on [reproducible builds for Tails](https://tails.boum.org/blueprint/reproducible_builds/).
  The goal is to enable anyone (given sufficient technical skills and
  hardware resources) to rebuild from source a given Tails release, in
  order to independently verify that it matches the ISO image that
  was published. A substantial part of this work will be done in Debian:
  for example, to make the side-effects of some packages'
  post-installation scripts deterministic. On the longer term, this
  work should benefit other projects that want to make their own
  builds reproducible (e.g. operating system images for the cloud and
  embedded systems, operating system installation media, other Live
  systems).

GSoC and Outreachy updates
--------------------------

- Valerie Young [published a report](http://www.spectranaut.cc/?p=31) detailing what
  she did the <a href="/posts/60">last week</a> regarding improving [tests.reproducible-builds.org/debian](https://tests.reproducible-builds.org/debian/).
- Ceridwen announced reprotest's arrival in the NEW queue and [discussed](https://reproducible.alioth.debian.org/blog/posts/people/ceridwen/reprotest_week4/) autopkgtest's layout.


Toolchain fixes
---------------

 * Anton Gladky uploaded an NMU of [python-setuptools](https://tracker.debian.org/pkg/python-setuptools), which sorts entries in `native_libs.txt` files ([#825857](https://bugs.debian.org/825857)).

Other upstream fixes
--------------------

Emil Velikov searched on IRC for hints on how to guarantee unique values during
build [to invalidate](https://lists.freedesktop.org/archives/mesa-dev/2016-May/118554.html)
shader caches in Mesa, when also no
[VCS information](https://lists.freedesktop.org/archives/mesa-dev/2016-June/120709.html)
is available.  A possible solution is a timestamp, which is unique enough for
local builds, but can still be reproducible by allowing it to be overwritten
with `SOURCE_DATE_EPOCH`.

Packages fixed
--------------

The following 9 packages have become reproducible due to changes in their
build dependencies:

[cclib](https://tracker.debian.org/pkg/cclib)
[librun-parts-perl](https://tracker.debian.org/pkg/librun-parts-perl)
[llvm-toolchain-snapshot](https://tracker.debian.org/pkg/llvm-toolchain-snapshot)
[python-crypto](https://tracker.debian.org/pkg/python-crypto)
[python-openid](https://tracker.debian.org/pkg/python-openid)
[r-bioc-shortread](https://tracker.debian.org/pkg/r-bioc-shortread)
[r-bioc-variantannotation](https://tracker.debian.org/pkg/r-bioc-variantannotation)
[ruby-hdfeos5](https://tracker.debian.org/pkg/ruby-hdfeos5)
[sqlparse](https://tracker.debian.org/pkg/sqlparse)

The following packages have become reproducible after being fixed:

 * [allegro4.4](https://tracker.debian.org/pkg/allegro4.4)/2:4.4.2-9 by Tobias Hansen, [#824140](https://bugs.debian.org/824140) by Reiner Herrmann.
 * [atomicparsley](https://tracker.debian.org/pkg/atomicparsley)/0.9.6-1 by Jonas Smedegaard.
 * [dwarfutils](https://tracker.debian.org/pkg/dwarfutils)/20160613-1 by Fabian Wolff, [#827382](https://bugs.debian.org/827382) by Reiner Herrmann.
 * [dwm](https://tracker.debian.org/pkg/dwm)/6.1-3 by Hugo Lefeuvre, [#825545](https://bugs.debian.org/825545) by Reiner Herrmann.
 * [funtools](https://tracker.debian.org/pkg/funtools)/1.4.6+git150811-3 by Ole Streicher, [#827864](https://bugs.debian.org/827864) by Alexis Bienvenüe.
 * [golang-github-appc-spec](https://tracker.debian.org/pkg/golang-github-appc-spec)/0.8.4+dfsg-1 by Dmitry Smirnov.
 * [golang-github-appc-docker2aci](https://tracker.debian.org/pkg/golang-github-appc-docker2aci)/0.11.1+dfsg-1 Dmitry Smirnov.
 * [hdf-eos5](https://tracker.debian.org/pkg/hdf-eos5)/5.1.15.dfsg.1-7 by Alastair McKinstry.
 * [hmmer2](https://tracker.debian.org/pkg/hmmer2)/2.3.2-11 by Sascha Steinbiss, [#828065](https://bugs.debian.org/828065) by Chris Lamb.
 * [jpy](https://tracker.debian.org/pkg/jpy)/0.8-2 by Alastair McKinstry.
 * [lazarus](https://tracker.debian.org/pkg/lazarus)/1.6+dfsg-4 by Paul Gevers.
 * [pgbackrest](https://tracker.debian.org/pkg/pgbackrest)/1.02-2 by Adrian Vondendriesch.
 * [siege](https://tracker.debian.org/pkg/siege)/4.0.2-1 by Josue Abarca.
 * [starlink-pal](https://tracker.debian.org/pkg/starlink-pal)/0.5.0-4 by Ole Streicher, [#803908](https://bugs.debian.org/803908) by Chris Lamb.
 * [stylish-haskell](https://tracker.debian.org/pkg/stylish-haskell)/0.5.17.0-2 by Sean Whitton.
 * [xprobe](https://tracker.debian.org/pkg/xprobe)/0.3-3 by Sophie Brun, [#827572](https://bugs.debian.org/827572) by Reiner Herrmann.

Some uploads have fixed some reproducibility issues, but not all of them:

 * [hdfeos4](https://tracker.debian.org/pkg/hdfeos4)/2.19v1.00+dfsg.1-5 by Alastair McKinstry.
 * [icu4j](https://tracker.debian.org/pkg/icu4j)/57.1-2 by Tony Mancill, [#827985](https://bugs.debian.org/827985) by Chris Lamb.
 * [pari](https://tracker.debian.org/pkg/pari)/2.7.6-1 by Bill Allombert,

Patches submitted that have not made their way to the archive yet:

 * [#827684](https://bugs.debian.org/827684) against [cgoban](https://tracker.debian.org/pkg/cgoban) by Chris Lamb: set `SHELL` to static value.
 * [#827731](https://bugs.debian.org/827731) against [tin](https://tracker.debian.org/pkg/tin) by Alexis Bienvenüe: drop patch which overwrites `__DATE__`/`__TIME__` macros, since gcc can handle it now
 * [#827863](https://bugs.debian.org/827863) against [swedish](https://tracker.debian.org/pkg/swedish) by Alexis Bienvenüe: use C locale for sorting.
 * [#827987](https://bugs.debian.org/827987) against [glances](https://tracker.debian.org/pkg/glances) by Chris Lamb: Use `SOURCE_DATE_EPOCH` for embedded timestamp.
 * [#827994](https://bugs.debian.org/827994) against [cmtk](https://tracker.debian.org/pkg/cmtk) by Chris Lamb: use C locale for sorting.
 * [#828008](https://bugs.debian.org/828008) against [aghermann](https://tracker.debian.org/pkg/aghermann) by Chris Lamb: honour `SOURCE_DATE_EPOCH` for timestamps embedded into manpages.
 * [#828012](https://bugs.debian.org/828012) against [bind9](https://tracker.debian.org/pkg/bind9) by Chris Lamb: honour `SOURCE_DATE_EPOCH` for embedded timestamp.
 * [#828017](https://bugs.debian.org/828017) against [frog](https://tracker.debian.org/pkg/frog) by Chris Lamb: don't include pyc/pyo files in the package.
 * [#828021](https://bugs.debian.org/828021) against [extra-cmake-modules](https://tracker.debian.org/pkg/extra-cmake-modules) by Scarlett Clark: normalize permission and file order in tarballs.
 * [#828060](https://bugs.debian.org/828060) against [libffado](https://tracker.debian.org/pkg/libffado) by Chris Lamb: exclude file with test output from package.
 * [#828066](https://bugs.debian.org/828066) against [gsmlib](https://tracker.debian.org/pkg/gsmlib) by Chris Lamb: honour `SOURCE_DATE_EPOCH` for timestamps embedded into manpages.
 * [#828067](https://bugs.debian.org/828067) against [grib-api](https://tracker.debian.org/pkg/grib-api) by Chris Lamb: exclude pyc files from package.
 * [#828122](https://bugs.debian.org/828122) against [libxmlbird](https://tracker.debian.org/pkg/libxmlbird) by Chris Lamb: sort list of globbed files.
 * [#828123](https://bugs.debian.org/828123) against [magnum](https://tracker.debian.org/pkg/magnum) by Chris Lamb: use static value for embedded hostname.
 * [#828131](https://bugs.debian.org/828131) against [pyjwt](https://tracker.debian.org/pkg/pyjwt) by Chris Lamb: exclude coverage data from package.
 * [#828145](https://bugs.debian.org/828145) against [mkdocs](https://tracker.debian.org/pkg/mkdocs) by Chris Lamb: honour `SOURCE_DATE_EPOCH` for embedded timestamp.
 * [#828164](https://bugs.debian.org/828164) against [zeal](https://tracker.debian.org/pkg/zeal) by Chris Lamb: use UTC for embedded timestamp.
 * [#828168](https://bugs.debian.org/828168) against [x42-plugins](https://tracker.debian.org/pkg/x42-plugins) by Daniel Shahaf: use `printf` instead of non-portable `echo`.

Package reviews
---------------

139 reviews have been added, 20 have been updated and 21 have been removed in this week.

New issues found:

 * [timestamps_in_pdf_generated_by_reportlab](https://tests.reproducible-builds.org/issues/unstable/timestamps_in_pdf_generated_by_reportlab_issue.html)
 * [r_base_appends_built_header_to_description_files](https://tests.reproducible-builds.org/issues/unstable/r_base_appends_built_header_to_description_files_issue.html)
 * [timestamps_in_documentation_generated_by_mkdocs](https://tests.reproducible-builds.org/issues/unstable/timestamps_in_documentation_generated_by_mkdocs_issue.html)

53 FTBFS bugs have been reported by Chris Lamb, Santiago Vila and Mateusz Łukasik.

diffoscope development
----------------------

 - Satyam Zode [added argument completion](https://bugs.debian.org/826711).
 - [Chris Lamb](https://chris-lamb.co.uk) made the confusing ["No differences found inside, yet data differs"](https://bugs.debian.org/827981) message less confusing.

Quote of the week
-----------------

"My builds are so reproducible, they fail exactly every second time."
  — [Johannes Ziemke (@discordianfish)](https://twitter.com/discordianfish/status/745627442639962112)

Misc.
-----

This week's edition was written by Chris Lamb (lamby), Reiner Herrmann and Holger Levsen and reviewed by a bunch of Reproducible builds folks on IRC.