---
layout: blog
week: 95
published: 2017-02-21 18:02:00
---

Here's what happened in the [Reproducible
Builds](https://wiki.debian.org/ReproducibleBuilds) effort between Sunday
February 12 and Saturday February 18 2017:


Upcoming Events
---------------

[The Reproducible Build
Zoo](https://openiotelcna2017.sched.com/event/9Iu4/the-reproducible-build-zoo-vagrant-cascadian-aikidev-llc)
will be presented by Vagrant Cascadian at the Embedded Linux Conference in
Portland, Oregon, February 22nd.

[Introduction to Reproducible
Builds](https://www.socallinuxexpo.org/scale/15x/presentations/introduction-reproducible-builds)
will be presented by Vagrant Cascadian at Scale15x in Pasadena, California,
March 5th.


Toolchain development and fixes
-------------------------------

Ximin Luo posted a [preliminary
spec](https://github.com/infinity0/rb-prefix-map/blob/master/spec-draft.rst)
for `BUILD_PATH_PREFIX_MAP`, bringing together work and research from previous
weeks.

Ximin refactored and consolidated much of our existing documentation on both
`SOURCE_DATE_EPOCH` and `BUILD_PATH_PREFIX_MAP` into one unified page,
[Standard Environment
Variables](https://wiki.debian.org/ReproducibleBuilds/StandardEnvironmentVariables),
with extended discussion on related solutions and how these all fit into
people's ideas of what reproducible builds should look like in the long term.
The specific pages for each variable still remain, at [Timestamps
Proposal](https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal) and
[Build Path
Proposal](https://wiki.debian.org/ReproducibleBuilds/BuildPathProposal), only
without content that was previously duplicated on both pages.

Ximin filed [#855282](https://bugs.debian.org/855282) against [devscripts](https://tracker.debian.org/pkg/devscripts) for `debsign(1)` to
support buildinfo files, and wrote an [initial series of
patches](https://anonscm.debian.org/cgit/collab-maint/devscripts/commits/pu/debsign-buildinfo)
for it with some further additions from Guillem Jover.


Packages reviewed and fixed, and bugs filed
-------------------------------------------

Chris Lamb:

* [#854999](https://bugs.debian.org/854999) filed against [moin](https://tracker.debian.org/pkg/moin), and [forwarded
  upstream](https://moinmo.in/FeatureRequests/ReproducibleBuild).
* [#855002](https://bugs.debian.org/855002) filed against [samplv1](https://tracker.debian.org/pkg/samplv1), and [forwarded
  upstream](https://sourceforge.net/p/samplv1/tickets/5/).
* [#855426](https://bugs.debian.org/855426) filed against [fritzing-parts](https://tracker.debian.org/pkg/fritzing-parts).
* [#855480](https://bugs.debian.org/855480) filed against [examl](https://tracker.debian.org/pkg/examl).


Reviews of unreproducible packages
----------------------------------

35 package reviews have been added, 1 have been updated and 17 have been
removed in this week, adding to our knowledge about [identified
issues](https://tests.reproducible-builds.org/debian/index_issues.html).

1 issue type has been added:

- [nondeterminism_in_java_classes_generated_by_jxc](https://tests.reproducible-builds.org/issues/unstable/nondeterminism_in_java_classes_generated_by_jxc_issue.html)


Weekly QA work
--------------

During our reproducibility testing, the following FTBFS bugs have been detected
and reported by:

 - Chris Lamb (2)


diffoscope development
----------------------

diffoscope 77 was uploaded to unstable by Mattia Rizzolo. It included
[contributions](https://salsa.debian.org/reproducible-builds/diffoscope/commits/77)
from:

- Chris Lamb:
  - Some fixes to tests and testing config
  - Don't track archive directory locations, a better fix for CVE-2017-0359.
  - Add --exclude option.  Closes: [#854783](https://bugs.debian.org/854783)
- Mattia Rizzolo:
  - Add my key to debian/upstream/signing-key.asc
  - Add [CVE-2017-0359](https://security-tracker.debian.org/tracker/CVE-2017-0359)
    to the changelog of v76
- Ximin Luo:
  - When extracting archives, try to keep directory sizes small


strip-nondeterminism development
--------------------------------

strip-nondeterminism 0.031-1 was uploaded to unstable by Chris Lamb. It included [contributions](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commits/debian/0.031-1) from:

- Chris Lamb:
  - Make the tests less brittle, by not testing for stat(2) blksize and blocks.
    [#854937](https://bugs.debian.org/854937)

strip-nondeterminism 0.031-1~bpo8+1 was uploaded to jessie-backports by Mattia.


tests.reproducible-builds.org
-----------------------

- Vagrant Cascadian and Holger Levsen set up two new armhf nodes for Debian tests, p64b and p64c
  running on pine64 boards with an arm64 kernel and armhf userland. This introduces kernel variations to armhf. 
- Holger also added new setup & maintenance jobs, plus 6 new builder jobs for Debian armhf.
- Hans-Christoph Steiner continued work on setting up reproducible tests for F-Droid, now with daily tests for faster progress. These tests are now also using the Android SDK from Debian/stretch packages.
- Mattia Rizzolo added IRC notification to the job testing for mismatches between diffoscope's pypi and Debian archive versions.
- Mattia also improved the tempfile handling of the Debian builder jobs.
- Since we've deployed pbuilder 0.228.4 everywhere, Mattia could also simplify the pbuilder configuration and reenable the build directory name variation for Debian reproducibility tests.


Misc.
-----

This week's edition was written by Ximin Luo & Holger Levsen & reviewed by a bunch of
Reproducible Builds folks on IRC & the mailing lists.