What happened in the reproducible builds effort this week:

Toolchain fixes

  • Robert Luberda uploaded ispell/3.4.00-4 which fixes another issue with uninitialized memory in ispell hashes. Original patch by Valentin Lorentz.
  • Robert Luberda uploaded man2html/1.6g-8 which adds support for SOURCE_DATE_EPOCH. Original patch by akira.
  • gregor herrmann uploaded libdebian-copyright-perl/0.2-3 which sorts copyright files for deterministic ordering. Original patch by Reiner Herrmann.
  • Rafael Laboissiere uploaded octave-pkg-dev/1.3.2 which normalizes the name of the temporary build directory. This doesn't seem to be enough to make Octave packages reproducible just yet, though.
  • Nicolas Boulenguez uploaded gprbuild/2015-1 which sets a deterministic date to the generated source.

Packages fixed

The following packages became reproducible due to changes in their build dependencies: maven-plugin-tools, norwegian, ocaml-melt, python-biom-format, rivet.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues but not all of them:

The following package is currently failing to build from source but should now be reproducible:

Patches submitted which have not made their way to the archive yet:

reproducible.debian.net

A quick update on current statistics: testing is at 85% of packages tested reproducible with our modified packages, unstable on armhf caught up with amd64 with 80%.

The schroot name used for running diffoscope when testing OpenWrt, NetBSD, Coreboot, and Arch Linux has been fixed. (h01ger, Mattia Rizzolo)

Documentation update

Paul Gevers documented timestamps in unit files created by the Free Pascal Compiler.

reproducible-builds.org is now live. It contains a comprehensive documentation on all aspects that have been identified so far of what we call “reproducible builds”. It makes room for pointers to projects working on reproducible builds, news, dedicated tools, and community events.

Package reviews

206 reviews have been removed, 171 added and 196 updated this week.

Chris Lamb reported 28 failing to build from source issues.

New issues identified this week: timestamps_in_pdf_content, different_encoding_in_html_by_docbook_xsl, timestamps_in_ppu_generated_by_fpc, method_may_never_be_called_in_documentation_generated_by_javadoc.

Misc.

Andrei Borzenkov has proposed a fix for uninitialized memory in GRUB's mkimage. Uninitialized memory is one source of hard to track down reproducibility errors.

Holger Levsen presented the efforts on reproduible builds at Festival de Software Libre in Puerto Vallarta, Mexico.