---
layout: blog
week: 92
published: 2017-01-31 02:01:55
---

Here's what happened in the [Reproducible Builds](https://wiki.debian.org/ReproducibleBuilds) effort between Sunday January 22 and Saturday January 28 2017:


Media coverage
--------------

- [The Reproducible Build Zoo](https://openiotelcna2017.sched.com/event/9Iu4/the-reproducible-build-zoo-vagrant-cascadian-aikidev-llc) was presented by Vagrant Cascadian at the [Embedded Linux Conference](http://events.linuxfoundation.org/events/embedded-linux-conference) in Portland, Oregon on February 22nd.

- Dennis Gilmore and Holger Levsen presented "Reproducible Builds and Fedora" at [Devconf.cz](https://devconf.cz/) on February 27th.


Upcoming Events
---------------

- [Introduction to Reproducible Builds](https://www.socallinuxexpo.org/scale/15x/presentations/introduction-reproducible-builds) will be presented by Vagrant Cascadian at Scale15x in Pasadena, California, March 5th.

- "Verifying Software Freedom with Reproducible Builds" will be presented by Vagrant Cascadian at [Libreplanet2017](https://www.libreplanet.org/2017/) in Boston, March 25th-26th.


Reproducible work in other projects
-----------------------------------

John Gilmore [wrote an interesting mail about how Cygnus.com worked on reproducible builds in the early 1990s](https://lists.reproducible-builds.org/pipermail/rb-general/2017-January/000309.html). It's eye opening to see how the dealt with basically the very same problems we're dealing with today, how they solved them and then to realize that most of this has been forgotten and bit-rotted in the last 20 years. How will we prevent history repeating itself here?


Toolchain development and fixes
-------------------------------

Christoph Biedl [wrote a mail describing an interesting problem in to the way binNMUs are done in Debian](https://lists.debian.org/msgid-search/1485611066@msgid.manchmal.in-ulm.de).

Guillem Jover made a number of changes to ``dpkg`` that affect the Reproducible Builds effort within Debian:

- Always set ``SOURCE_DATE_EPOCH`` in ``dpkg-buildpackage`` and ``dpkg-source``. Use the current date if the changelog does not have one. Closes: [#849081](https://bugs.debian.org/849081)

- Add initial support for ``DEB_BUILD_OPTIONS`` to ``dpkg-genbuildinfo``. This will make it possible to enable or disable specific features that should be recorded in the ``.buildinfo`` file. For now only “all” and “path” are supported. Closes: [#848705](https://bugs.debian.org/848705)

- Include ``.buildinfo`` files also for source-only uploads in ``dpkg-genchanges``. Closes: [#846164](https://bugs.debian.org/846164)

- Add support for signed ``.buildinfo`` files to ``dpkg-buildpackage``. Add new ``-ui`` and ``--unsigned-buildinfo`` options. Closes: [#843925](https://bugs.debian.org/843925)

- Make ``dpkg-buildpackage --unsigned-changes`` not sign ``.buildinfo`` either. This breaks the expectations of users and tools, because there was no way previously to request no signing at all. Closes: [#852822](https://bugs.debian.org/852822)


Packages reviewed and fixed, and bugs filed
-------------------------------------------

Chris Lamb:

* [#852482](https://bugs.debian.org/852482) filed against [flask-limiter](https://tracker.debian.org/pkg/flask-limiter).
* [#853039](https://bugs.debian.org/853039) filed against [fontypython](https://tracker.debian.org/pkg/fontypython).

Dhole:

* [#852289](https://bugs.debian.org/852289) filed against [python-passlib](https://tracker.debian.org/pkg/python-passlib).


Reviews of unreproducible packages
----------------------------------

17 package reviews have been added, 4 have been updated and 6 have been removed in this week,
adding to our knowledge about [identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).

2 issue types have been added:

- [python\_versioneer\_uses\_parentdir](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/b72e3808)
- [captures\_kernel\_version\_via\_CMAKE\_SYSTEM](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/044f5c57)

1 issue type has been removed:

- ftbfs\_due\_to\_jenkins\_semaphore\_setup


Weekly QA work
--------------

During our reproducibility testing, the following FTBFS bugs have been detected and
reported by:

 - Chris Lamb (6)
 - Holger Levsen (1)


diffoscope development
----------------------

- diffoscope 70 was uploaded to unstable by Mattia Rizzolo. It included [contributions](https://salsa.debian.org/reproducible-builds/diffoscope/commits/debian/70) from:

- Chris Lamb:

  - [tests.presenters: Prevent FTBFS by loading fixtures as UTF-8 in case surrounding terminal is not Unicode-aware. (Closes: #852926)](https://salsa.debian.org/reproducible-builds/diffoscope/commit/ad367a0)
  - [comparators: Tidy re\_tests with list comprehensions and implicit "x, y" unpacking over indexing; lambda/filter is not idiomatic Python 3.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1e5d30b)
  - [tests: Increase coverage by adding "# noqa" in relevant parts.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4624a4e)
  - [tests: Test that no arguments (beyond the filenames) prints the text output.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/1525094)
  - [tests: Test --text-color output format.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6257836)
  - [tests: Add a test comparing two empty directories.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6a47b06)
  - [tests: Don't warn about coverage lines that raise NotImplementedError.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6f2bee3)

- anthraxx:
  - [tools: switch Arch Linux dependency for pedump to mono](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6712661)

- Ximin Luo:
  - [Fix lazy expression, filter is lazy in Python 3](https://salsa.debian.org/reproducible-builds/diffoscope/commit/737fc3b)
  - [Fix bug introduced in commit 36d1c964 that only worked "accidentally"](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4366e7b)

reprotest development
---------------------

- reprotest 0.6 was uploaded to unstable by Holger Levsen. It included [contributions](https://salsa.debian.org/reproducible-builds/reprotest/commits/debian/0.6):

- Ximin Luo:
  - [Test the extra variations we added recently and ensure they don't get missed in the future](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=c164fb5)
  - [Better logging messages that actually get controlled by the verbosity flag](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=0da15e2)
  - [Add a man page using rst2man and help2man](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=e73783f)
  - [Add a --config-file option and fix the loading of configs](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=15f243f)
  - [Fix the reading of config options](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=2a0cb81)
  - [Fix a bug where the sha256sum of a reproduction won't be displayed if --store-dir is not given](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=d20ef7b)


buildinfo.debian.net development
--------------------------------

- Chris Lamb:
  - [Show SHA256 checksums on larger displays](https://salsa.debian.org/reproducible-builds/buildinfo.debian.net.git/commit/?id=01bfa8c)
  - [Move default storage to S3.](https://salsa.debian.org/reproducible-builds/buildinfo.debian.net.git/commit/?id=37b8f4d)
  - [Store files directly onto S3.](https://salsa.debian.org/reproducible-builds/buildinfo.debian.net.git/commit/?id=61b04f8)
  - [Add tool to move data to S3.](https://salsa.debian.org/reproducible-builds/buildinfo.debian.net.git/commit/?id=5225391)
  - [Load data from S3 if we don't have it locally.](https://salsa.debian.org/reproducible-builds/buildinfo.debian.net.git/commit/?id=75bc50b)



tests.reproducible-builds.org
-----------------------

- h01ger experimented with reusing SSH control connections but stopped that experiment when we ran into more network issues than before. To be continued, as we're having 10k SSH connections per day and saving 2 seconds each time would sum up, especially on the Jenkins host itself.
- h01ger made the scheduler run 3 times a day, 2.5h after dinstall runs, instead of every 3h as before.
- h01ger restructured the [https://tests.reproducible-builds.org/debian/index_breakages.html](breakages page) and improved the corresponding Jenins job.
- h01ger also unblacklisted [xmds2](https://tracker.debian.org/pkg/xmds2), [sofia-sip](https://tracker.debian.org/pkg/sofia-sip) and [ck](https://tracker.debian.org/pkg/ck) - if you think other packages should be unblacklisted (maybe only on some architectures), please do tell us.

Misc.
-----

This week's edition was written by Chris Lamb and Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.