--- layout: blog week: 81 published: 2016-11-17 19:11:04 --- What happened in the [Reproducible Builds](https://wiki.debian.org/ReproducibleBuilds) effort between Sunday November 6 and Saturday November 12 2016: Media coverage -------------- Matthew Garrett blogged about [Tor, TPMs and service integrity attestation](https://mjg59.dreamwidth.org/45602.html) and how reproducible builds are the base for systems integrity. The Linux Foundation [announced](https://www.coreinfrastructure.org/news/announcements/2016/11/linux-foundations-core-infrastructure-initiative-renews-funding) renewed funding for us as part of the Core Infrastructure Initiative. Thank you! Outreachy updates ----------------- Maria Glukhova has been [accepted](https://wiki.gnome.org/Outreachy/2016/DecemberMarch#Debian) into the Outreachy winter internship and will work with us the Debian reproducible builds team. To [quote her words](https://twitter.com/siamezzze/status/796063767180275712) 
siamezzze: I've been accepted to #outreachy winter internship - going to
work with Debian reproducible builds team. So excited about that! <3
Debian
Toolchain development and fixes ------------------------------- dpkg: * Thanks to a series of dpkg uploads by Guillem Jover, all our toolchain changes are now finally available in sid! * This means your packages should now be reproducible without having to use our [custom APT repository](https://tests.reproducible-builds.org/debian/index_repositories.html). * Ximin Luo opened [#843925](https://bugs.debian.org/843925) to remind the fact that dpkg-buildpackage should sign buildinfo files. * We hope to have detailed post about the new dpkg and the new .buildinfo files for debian-devel-announce soon! debrebuild: * srebuild / debrebuild work was resumed by Johannes Schauer and others in [#774415](https://bugs.debian.org/774415). Bugs filed ---------- Chris Lamb: * [#844102](https://bugs.debian.org/844102) filed against [lava-dispatcher](https://tracker.debian.org/pkg/lava-dispatcher) * [#844103](https://bugs.debian.org/844103) filed against [lava-server](https://tracker.debian.org/pkg/lava-server) * [#844111](https://bugs.debian.org/844111) filed against [python-defaults](https://tracker.debian.org/pkg/python-defaults) * [#843698](https://bugs.debian.org/843698) filed against [tunnelx](https://tracker.debian.org/pkg/tunnelx) * [#843967](https://bugs.debian.org/843967) filed against [asyncpg](https://tracker.debian.org/pkg/asyncpg) * [#843865](https://bugs.debian.org/843865) filed against [keystone](https://tracker.debian.org/pkg/keystone) * [#844101](https://bugs.debian.org/844101) filed against [suil](https://tracker.debian.org/pkg/suil) Daniel Shahaf: * [#844232](https://bugs.debian.org/844232) filed against [daisy-player](https://tracker.debian.org/pkg/daisy-player) * [#844236](https://bugs.debian.org/844236) filed against [libhtml-lint-perl](https://tracker.debian.org/pkg/libhtml-lint-perl) * [#844228](https://bugs.debian.org/844228) filed against [ebook-speaker](https://tracker.debian.org/pkg/ebook-speaker) Niko Tyni: * [#843432](https://bugs.debian.org/843432) filed against [libwww-curl-perl](https://tracker.debian.org/pkg/libwww-curl-perl) Reiner Herrman: * [#844095](https://bugs.debian.org/844095) filed against [fdm](https://tracker.debian.org/pkg/fdm) * [#844096](https://bugs.debian.org/844096) filed against [gringo](https://tracker.debian.org/pkg/gringo) * [#843469](https://bugs.debian.org/843469) filed against [dpkg](https://tracker.debian.org/pkg/dpkg) Reviews of unreproducible packages ---------------------------------- 136 package reviews have been added, 5 have been updated and 7 have been removed in this week, adding to our knowledge about [identified issues](https://tests.reproducible-builds.org/debian/index_issues.html). 3 issue types have been updated: * Added: [random_order_in_dh_pythonX_substvars](https://tests.reproducible-builds.org/issues/unstable/random_order_in_dh_pythonX_substvars_issue.html), [valac_permutes_get_type_calls](https://tests.reproducible-builds.org/issues/unstable/valac_permutes_get_type_calls_issue.html) * Updated: [timestamps_in_static_libraries](https://tests.reproducible-builds.org/issues/unstable/timestamps_in_static_libraries_issue.html) Weekly QA work -------------- During of reproducibility testing, some FTBFS bugs have been detected and reported by: * Chris Lamb (29) * Niko Tyni (1) diffoscope development ---------------------- A new version of diffoscope `62~bpo8+1` was [uploaded](http://metadata.ftp-master.debian.org/changelogs/main/d/diffoscope/diffoscope_62~bpo8+1_changelog) to jessie-backports by Mattia Rizzolo. Meanwhile in git, Ximin Luo greatly improved speed by [fixing a O(n^2) lookup](https://salsa.debian.org/reproducible-builds/diffoscope/commit/deb8aea) which was causing diffs of large packages such as GCC and glibc to take many more hours than was necessary. When this commit is released, we should hopefully see full diffs for [such packages](https://tests.reproducible-builds.org/debian/index_breakages.html) again. Currently we have 197 source packages which - when built - diffoscope fails to analyse. buildinfo.debian.net development -------------------------------- * Submissions with duplicate Installed-Build-Depends entries are rejected now that a bug in dpkg causing them has been fixed. Thanks to Guillem Jover. * Add a new page for every (source, version) combination, for example [diffoscope 62](https://buildinfo.debian.net/sources/diffoscope/62). * DigitalOcean have generously offered to sponsor the hardware buildinfo.debian.net is running on. tests.reproducible-builds.org ----------------------------- Debian: * For privacy reasons, the new `dpkg-genbuildinfo` includes `Build-Path` only if it is under `/build`. HW42 updated our jobs so this is the case for our builds too, so you can see the build path in the .buildinfo files. * HW42 also updated our jobs to vary the basename of the source extraction directory. This detects packages that incorrectly assume a `$pkg-$version` directory naming scheme (which is what `dpkg-source -x` gives but is not mandated by Debian nor always-true) or that they're being built from a SCM. * The new `dpkg-genbuildinfo` also records a sanitised `Environment`. This is different in our builds, so HW42, Reiner and Holger updated our jobs to hide these differences from diffoscope output. * Package-set improvements: * Holger refactored the [create_meta_pkg_sets](https://jenkins.debian.net/view/reproducible/job/reproducible_create_meta_pkg_sets/) job so that it's easier to add new package sets. * This job is now also using [dose-extra](https://tracker.debian.org/pkg/dose-extra) from jessie-backports so that it can deal with versioned provides. * Added 4 new package sets: [debian-edu](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_debian-edu.html), [debian-edu_build-depends](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_debian-edu_build-depends.html), [maint_pkg-grass-devel](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_maint_pkg-grass-devel.html), [maint_debian-accessibility](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_maint_debian-accessibility.html), [maint_pkg-openstack](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_maint_pkg-openstack.html). * Switched to using the new URL for tails manifests to generate the [tails](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_tails.html) package set. * Renamed maint_lua to [maint_debian-lua](https://tests.reproducible-builds.org/debian/unstable/amd64/pkg_set_maint_debian-lua.html) * Valerie Young contributed four patches for our long-planned transition from SQLite to PostgreSQL. * In anticipation of the freeze, already-tested packages from unstable and testing on amd64 are now scheduled with [equal priority](https://tests.reproducible-builds.org/debian/index_performance.html). reproducible-builds.org website ------------------------------- F-Droid was finally added to our list of [partner projects](https://reproducible-builds.org/who/). (This was an oversight and they had already been working with us for some time.) Misc. ----- This week's edition was written by Ximin Luo and Holger Levsen and reviewed by a bunch of Reproducible Builds folks on IRC.