---
layout: blog
week: 99
published: 2017-03-21 18:03:20
---

Here's what happened in the [Reproducible
Builds](https://reproducible-builds.org) effort between Sunday March 12 and
Saturday March 18 2017:

Upcoming events
---------------

* On March 23rd Holger Levsen will give a talk at the [German Unix User Group's "Frühjahrsfachgespräch"](http://www.guug.de/veranstaltungen/ffg2017/) called [Reproducible Builds everywhere](http://www.guug.de/adm/ffg-pk/abstracts.html#4_5_2).

* *Verifying Software Freedom with Reproducible Builds* will be presented
by Vagrant Cascadian at
[Libreplanet2017](https://www.libreplanet.org/2017/) in Boston, March
25th.

* *You, too, can write reproducible software!* workshop by Ximin Luo,
Vagrant Cascadian and Valerie Young at
[Libreplanet2017](https://www.libreplanet.org/2017/) in Boston, March
25th.


Reproducible Builds Hackathon Hamburg 2017
------------------------------------------

The [Reproducible Builds Hamburg Hackathon
2017](https://wiki.debian.org/ReproducibleBuilds/HamburgHackathon2017), or
RB-HH-2017 for short is a 3 day hacking event taking place May 5th-7th in the CCC Hamburg
Hackerspace located inside Frappant, as collective art space located in a
historical monument in Hamburg, Germany.

The aim of the hackathon is to spent some days working on Reproducible Builds
in every distribution and project. The event is open to anybody interested on
working on Reproducible Builds issues, with or without prior experience!

Accommodation is available and travel sponsorship may be available by agreement.
Please register your interest as soon as possible.


Reproducible Builds Summit Berlin 2016
--------------------------------------

This is just a quick note, that [all the pads we've
written](https://reproducible-builds.org/events/berlin2016/agenda/) during the
[Berlin summit in December
2016](https://reproducible-builds.org/events/berlin2016/) are now online
(thanks to Holger), nicely complementing the [report by Aspiration
Tech](https://reproducible-builds.org/files/ReproducibleBuildsSummitIIReport.pdf).


Request For Comments for new specification: `BUILD_PATH_PREFIX_MAP`
-------------------------------------------------------------------

Ximin Luo posted a [draft
version](https://reproducible-builds.org/specs/build-path-prefix-map/) of our
`BUILD_PATH_PREFIX_MAP` specification for passing build-time paths between
high-level and low-level build tools. This is meant to help eliminate
unreproducibility caused by different paths being used at build time. At the
time of writing, this affects an estimated 15-20% of 25000 Debian packages.

This is a continuation of an older proposal `SOURCE_PREFIX_MAP`, which has been
updated based on feedback on our patches from GCC upstream, attendees of our
Berlin 2016 summit, and participants on our mailing list. Thanks to everyone
that contributed!

The specification also contains runnable source code examples and test cases;
see our [git
repo](https://salsa.debian.org/reproducible-builds/build-path-prefix-map-spec.git/).

Please comment on this draft ASAP - we plan to release version 1.0 of this in a
few weeks.


Toolchain changes
-----------------

* [#857632](https://bugs.debian.org/857632) apt: ignore the currently running kernel if attempting a reproducible build (Chris Lamb)
* [#857803](https://bugs.debian.org/857803) shadow: Make the sp\_lstchg shadow field reproducible. (Chris Lamb)
* [#857892](https://bugs.debian.org/857892) fontconfig: please make the cache files reproducible (Chris Lamb)


Packages reviewed and fixed, and bugs filed
-------------------------------------------

Chris Lamb:

* [#857771](https://bugs.debian.org/857771) filed against [golang-github-go-macaron-toolbox](https://tracker.debian.org/pkg/golang-github-go-macaron-toolbox).
* [#857772](https://bugs.debian.org/857772) filed against [sushi](https://tracker.debian.org/pkg/sushi).
* [#857803](https://bugs.debian.org/857803) filed against [shadow](https://tracker.debian.org/pkg/shadow).
* [#857889](https://bugs.debian.org/857889) filed against [calendar-exchange-provider](https://tracker.debian.org/pkg/calendar-exchange-provider).
* [#857892](https://bugs.debian.org/857892) filed against [fontconfig](https://tracker.debian.org/pkg/fontconfig).
* [#858150](https://bugs.debian.org/858150) filed against [eric](https://tracker.debian.org/pkg/eric), [forwarded
  upstream](https://die-offenbachs.homelinux.org/issues/issue230).
* [#858152](https://bugs.debian.org/858152) filed against [fritzing](https://tracker.debian.org/pkg/fritzing).
* [#858220](https://bugs.debian.org/858220) filed against [ns2](https://tracker.debian.org/pkg/ns2).


Reviews of unreproducible packages
----------------------------------

5 package reviews have been added, 274 have been updated and 800 have been
removed in this week, adding to our knowledge about [identified
issues](https://tests.reproducible-builds.org/debian/index_issues.html).

1 issue type has been added:

- [filesystem_ordering_in_pak_files_generated_by_simutrans_makeobj](https://tests.reproducible-builds.org/issues/unstable/filesystem_ordering_in_pak_files_generated_by_simutrans_makeobj_issue.html)


Weekly QA work
--------------

During our reproducibility testing, FTBFS bugs have been detected and reported
by:

 - Chris Lamb (5)
 - Mattia Rizzolo (1)


diffoscope development
----------------------

diffoscope 79 and 80 were uploaded to experimental by Chris Lamb. It included
[contributions](https://salsa.debian.org/reproducible-builds/diffoscope/commits/80)
from:

Chris Lamb:

  - Ensure that we really are using ImageMagick. (Closes: [#857940](https://bugs.debian.org/857940))
  - Extract SquashFS images in one go rather than per-file, speeding up (eg.)
    Tails ISO comparison by ~10x.
  - Support newer versions of cbfstool to avoid test failures.
    (Closes: [#856446](https://bugs.debian.org/856446))
  - Skip icc test that varies on endian if the Debian-specific patch is not
    present. (Closes: [#856447](https://bugs.debian.org/856447))
  - Compare GIF images using gifbuild. (Closes: [#857610](https://bugs.debian.org/857610))
  - Various other code quality, build and UI improvements.

Maria Glukhova:

  - Improve AndroidManifest.xml comparison for APK files. (Closes: [#850758](https://bugs.debian.org/850758))


strip-nondeterminism development
--------------------------------

strip-nondeterminism 0.032-1 was uploaded to unstable by Chris Lamb. It
included
[contributions](https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commits/debian/0.032-1)
from:

Chris Lamb:

  - Fix a possible endless loop while stripping ar files due to trusting the
    file's file size data. Thanks to Tobias Stoeckmann for the report, patch
    and testcase. (Closes: [#857975](https://bugs.debian.org/857975))
  - Add support for testing files we should reject.


tests.reproducible-builds.org
-----------------------------

* The challenge for 100% reproducible BSD continues: currently it's [99.6%
  for FreeBSD](https://tests.reproducible-builds.org/freebsd/) and [98.1% for
  NetBSD](https://tests.reproducible-builds.org/netbsd/). In both cases this
  is just for their base system, without any ports built yet.

* Holger setup a jenkins job to build
  [build-path-prefix-map-spec.git](https://salsa.debian.org/reproducible-builds/build-path-prefix-map-spec.git)
  on every commit, producing nice a [HTML version of the BUILD_PATH_PREFIX_MAP
  specification](https://reproducible-builds.org/specs/build-path-prefix-map/)

* Some more tuning was done on IRC notifications by Holger.

* For testing Debian, diffoscope from experimental is now used, if available.
  (Holger too)

* Updated PyPI version check for diffoscope (Chris Lamb)


Misc.
-----

This week's edition was written by Ximin Luo, Holger Levsen and Chris Lamb &
reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.