---
layout: blog
week: 77
published: 2016-10-19 00:10:51
---

What happened in the [Reproducible
Builds](https://wiki.debian.org/ReproducibleBuilds) effort between Sunday October 9 and Saturday October 15 2016:

Media coverage
--------------

 * despinosa [wrote a blog post on Vala and reproducibility](https://blogs.gnome.org/despinosa/2016/10/10/vala-and-reproducibility/)
 * h01ger and lynxis gave a talk called "From Reproducible Debian builds to
 Reproducible OpenWrt, LEDE" ([video](https://www.youtube.com/watch?v=Y1D706JCISw), [slides](http://openwrtsummit.org/slides/reproducible.pdf)) at the [OpenWrt Summit
 2016](http://openwrtsummit.org/#sessions) held in Berlin, together with ELCE,
 held by the Linux Foundation.
 * A discussion on debian-devel@ resulted in a
   [nice quotable
   comment](https://lists.debian.org/msgid-search/CAKTje6FUJKhES=sWim8YSLqavV4qgJDfx43CJFyCmWnRBBbTkw@mail.gmail.com)
   from Paul Wise: "(Reproducible) builds from source (with continuous
   rechecking) is the only way to have enough confidence that a Debian user has
   the freedoms promised to them by the Debian social contract."
 * Chris Lamb will present a talk at [Software Freedom Kosovo](http://sfk.flossk.org/sfk16/) on reproducible builds on Saturday 22nd October.

Documentation update
--------------------

After discussions with HW42, Steven Chamberlain, Vagrant Cascadian, Daniel
Shahaf, Christopher Berg, Daniel Kahn Gillmor and others, Ximin Luo has started
writing up more concrete and detailed design plans for
[setting SOURCE_ROOT_DIR for reproducible debugging symbols](https://wiki.debian.org/ReproducibleBuilds/BuildPathProposal),
[buildinfo security semantics](https://wiki.debian.org/ReproducibleBuilds/BuildinfoFiles)
and [buildinfo security infrastructure](https://wiki.debian.org/ReproducibleBuilds/BuildinfoInfrastructure).

Toolchain development and fixes
-------------------------------

Dmitry Shachnev noted that our patch for [#831779](https://bugs.debian.org/831779) has been temporarily
rejected by [docutils upstream](https://sourceforge.net/p/docutils/patches/132/); we
are trying to persuade them again.

Tony Mancill uploaded [javatools](https://tracker.debian.org/pkg/javatools)/0.59 to unstable containing [#835147](https://bugs.debian.org/835147) by Chris Lamb.  This fixed an issue where documentation Recommends:
substvars would not be reproducible.

Ximin Luo filed [bug 77985](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77985)
to GCC as a pre-requisite for future patches to make debugging symbols
reproducible.

Packages reviewed and fixed, and bugs filed
-------------------------------------------

The following updated packages have become reproducible - in our current test
setup - after being fixed:

 * [cobbler](https://tracker.debian.org/pkg/cobbler)/2.6.6+dfsg1-13 by Thomas Goirand, [#831214](https://bugs.debian.org/831214) by Chris Lamb.
 * [collectd](https://tracker.debian.org/pkg/collectd)/5.6.1-1 by Marc Fournier.
 * [fonts-tiresias](https://tracker.debian.org/pkg/fonts-tiresias)/0.1-3 by Gürkan Myczko, [#834896](https://bugs.debian.org/834896) by Chris Lamb.
 * [fntsample](https://tracker.debian.org/pkg/fntsample)/4.0-2 by Євгеній Мещеряков, [#833611](https://bugs.debian.org/833611) by Chris Lamb.
 * [fpga-icestorm](https://tracker.debian.org/pkg/fpga-icestorm)/0~20160913git266e758-2 by Ruben Undheim, [#840098](https://bugs.debian.org/840098) by Chris Lamb.
 * [frog](https://tracker.debian.org/pkg/frog)/0.13.5-1 by Maarten van Gompel, [#828017](https://bugs.debian.org/828017) by Chris Lamb.
 * [lambda-align](https://tracker.debian.org/pkg/lambda-align)/1.0.0-2 by Sascha Steinbiss, [#840156](https://bugs.debian.org/840156) by Chris Lamb.
 * [pleiades](https://tracker.debian.org/pkg/pleiades)/1.7.0-2 by Hideki Yamane, [#835633](https://bugs.debian.org/835633) by Chris Lamb.
 * [sweethome3d](https://tracker.debian.org/pkg/sweethome3d)/5.2+dfsg-1 by Markus Koschany, original fix by Gabriele Giacone.
 * [trac-subtickets](https://tracker.debian.org/pkg/trac-subtickets)/0.2.0-2 by W. Martin Borgert.

The following updated packages appear to be reproducible now, for reasons we
were not able to figure out. (Relevant changelogs did not mention reproducible
builds.)

 * [aodh](https://tracker.debian.org/pkg/aodh)/3.0.0-2 by Thomas Goirand.
 * [eog-plugins](https://tracker.debian.org/pkg/eog-plugins)/3.16.5-1 by Michael Biebl.
 * [flam3](https://tracker.debian.org/pkg/flam3)/3.0.1-5 by Daniele Adriana Goulart Lopes.
 * [hyphy](https://tracker.debian.org/pkg/hyphy)/2.2.7+dfsg-1 by Andreas Tille.
 * [libbson](https://tracker.debian.org/pkg/libbson)/1.4.1-1 by A. Jesse Jiryu Davis.
 * [libmongoc](https://tracker.debian.org/pkg/libmongoc)/1.4.1-1 by A. Jesse Jiryu Davis.
 * [lxc](https://tracker.debian.org/pkg/lxc)/1:2.0.5-1 by Evgeni Golov.
 * [spice-gtk](https://tracker.debian.org/pkg/spice-gtk)/0.33-1 by Liang Guo.
 * [spice-vdagent](https://tracker.debian.org/pkg/spice-vdagent)/0.17.0-1 by Liang Guo.
 * [tnef](https://tracker.debian.org/pkg/tnef)/1.4.12-1 by Kevin Coyner.

Some uploads have addressed some reproducibility issues, but not all of them:

 * [chktex](https://tracker.debian.org/pkg/chktex)/1.7.6-1 by Thorsten Alteholz, [#819885](https://bugs.debian.org/819885) by Sascha Steinbiss.
 * [dbus](https://tracker.debian.org/pkg/dbus)/1.10.12-1 by Simon McVittie.
 * [doomsday](https://tracker.debian.org/pkg/doomsday)/1.15.8-3 by Markus Koschany, [#839338](https://bugs.debian.org/839338) by Lucas Nussbaum.
 * [emacs25](https://tracker.debian.org/pkg/emacs25)/25.1+1-1 by Rob Browning.
 * [gpgme1.0](https://tracker.debian.org/pkg/gpgme1.0)/1.7.0-3 by Daniel Kahn Gillmor.
 * [monkeysign](https://tracker.debian.org/pkg/monkeysign)/2.2.0 by Antoine Beaupré.
 * [python-attrs](https://tracker.debian.org/pkg/python-attrs)/16.2.0-1 by Tristan Seligmann, [#833886](https://bugs.debian.org/833886) by Chris Lamb.
 * [shotwell](https://tracker.debian.org/pkg/shotwell)/0.24.0-1 by Jörg Frings-Fürst, [#822948](https://bugs.debian.org/822948) by Alexis Bienvenüe.
 * [supple](https://tracker.debian.org/pkg/supple)/1.0.6-2 by Daniel Silverstone.
 * [why](https://tracker.debian.org/pkg/why)/2.36-1 by Ralf Treinen, [#807051](https://bugs.debian.org/807051) by Valentin Lorentz.

Some uploads have addressed nearly all reproducibility issues, except for build path issues:

 * [palo](https://tracker.debian.org/pkg/palo)/1.96 by Helge Deller, [#778437](https://bugs.debian.org/778437) by Chris Lamb.
 * [rbdoom3bfg](https://tracker.debian.org/pkg/rbdoom3bfg)/1.1.0~preview3+dfsg+git20160807-1 by Tobias Frost.
 * [singular](https://tracker.debian.org/pkg/singular)/4.0.3-p3+ds-1 by Jerome Benoit.
 * [varnish](https://tracker.debian.org/pkg/varnish)/5.0.0-3 by Stig Sandbeck Mathisen, [#835061](https://bugs.debian.org/835061) by Chris Lamb.
 * [yaml-cpp](https://tracker.debian.org/pkg/yaml-cpp)/0.5.2-4 by Paul Novotny, [#808714](https://bugs.debian.org/808714) by Reiner Herrmann.

Patches submitted that have not made their way to the archive yet:

* [#840741](https://bugs.debian.org/840741) filed against [http-icons](https://tracker.debian.org/pkg/http-icons) by Chris Lamb.
* [#840177](https://bugs.debian.org/840177) filed against [qconf](https://tracker.debian.org/pkg/qconf) by Chris Lamb.
* [#840845](https://bugs.debian.org/840845) filed against [python-pygraphviz](https://tracker.debian.org/pkg/python-pygraphviz) by Chris Lamb.
* [#840346](https://bugs.debian.org/840346) filed against [qjoypad](https://tracker.debian.org/pkg/qjoypad) by Chris Lamb.

Reviews of unreproducible packages
----------------------------------

101 package reviews have been added, 49 have been updated and 4 have been
removed in this week, adding to our knowledge about [identified
issues](https://tests.reproducible-builds.org/debian/index_issues.html).

3 issue types have been updated:

- Added [max_output_size_reached](https://tests.reproducible-builds.org/issues/unstable/max_output_size_reached_issue.html), [ftbfs_due_to_jenkins_semaphore_setup](https://tests.reproducible-builds.org/issues/unstable/ftbfs_due_to_jenkins_semaphore_setup_issue.html), and [build_id_differences_only](https://tests.reproducible-builds.org/issues/unstable/build_id_differences_only_issue.html).

Weekly QA work
--------------

During of reproducibility testing, some FTBFS bugs have been detected and
reported by:

 - Anders Kaseorg (1)
 - Chris Lamb (18)

tests.reproducible-builds.org
-----------------------

Debian:

 * h01ger has turned off the "Scheduled in testing+unstable+experimental" regular IRC notifications and turned them into emails to those running jenkins.d.n.
 * Re-add opi2a armhf node and 3 new builder jobs for a total of [60 build jobs for armhf](https://tests.reproducible-builds.org/debian/stats_builds_per_day_armhf.png). (h01ger and vagrant)
 * vagrant suggested to add a [variation of init systems](https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20161003/007229.html) effecting the build, and h01ger added it to the TODO list.
 * Steven Chamberlain submitted a patch so that now all buildinfo files are collected (unsigned yet) at submit@buildinfo.kfreebsd.eu.
 * Holger enabled CPU type variation (Intel Haswell or AMD Opteron 62xx) for i386. Thanks to [Profitbricks.com](https://profitbricks.com) for their great and continued support!

Openwrt/LEDE/NetBSD/coreboot/Fedora/archlinux:

 * Increase memory on the 2 build nodes from 12 to 16gb, thanks to profitbricks.com

Misc.
-----

We are [running a poll to find a good time for an IRC meeting](https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20161017/007298.html).

This week's edition was written by Ximin Luo, Holger Levsen & Chris Lamb and
reviewed by a bunch of Reproducible Builds folks on IRC.