I am hoping to schedule some Non-Maintainer Uploads (NMU) sprints,
starting with two thursdays from now...
Planning on meeting on irc.oftc.net in the #debian-reproducible channel
at 17:00UTC and going for an hour or two or three. Feel free to start
early or stay late, or even fix things on some
On 2024-05-20, Mechtilde Stehmann wrote:
> I want to clean up my Java packages.
>
> There are several with FTBR. I found that the day of the *.poms s a date
> from 1970.
>
> for example they are the packages
>
> vinnie
Looking at the history for vinnie:
On 2024-05-04, PICCA Frederic-Emmanuel wrote:
> Hello, I am trying to understand the non reproducible status of the Debian
> silx package.
>
> here the info of the new version 2.0.0
>
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/silx.html
>
> Can you help me understand
On 2024-04-19, Chris Lamb wrote:
> The diffoscope maintainers are pleased to announce the release of
> version 265 of diffoscope.
Signed tag please? :)
live well,
vagrant
signature.asc
Description: PGP signature
Hey folks!
Do you have a reproducible builds or related project you wanted to work
on, but need some funding (~5k-50k euro) to make it happen?
Noticed that NGI Zero is open for accepting project applications till
June 1st:
https://nlnet.nl/core/
They have funded some interesting projects in
On 2024-04-01, kpcyrd wrote:
> in February I printed about 2k stickers to manifest the concept of
> reviewing source code, picturing a bug throwing a party within the
> codebases nobody reads.
>
> I usually spread these in my communities in person, due to recent events
> I've decided to give
On 2024-03-29, Vagrant Cascadian wrote:
> So far, I have not found any reproducibility issues; everything I tested
> I was able to get to build bit-for-bit identical with what is in the
> Debian archive.
>
> I only tested bookworm security updates (not bullseye)
...
> Not yet
On 2024-03-30, Vagrant Cascadian wrote:
> On 2024-03-30, Salvatore Bonaccorso wrote:
>> On Fri, Mar 29, 2024 at 07:38:35PM -0700, Vagrant Cascadian wrote:
>>> Philipp Kern asked about trying to do reproducible builds checks for
>>> recent security updates to try to gai
On 2024-03-30, Salvatore Bonaccorso wrote:
> On Fri, Mar 29, 2024 at 07:38:35PM -0700, Vagrant Cascadian wrote:
>> Philipp Kern asked about trying to do reproducible builds checks for
>> recent security updates to try to gain confidence about Debian's buildd
>> infrastructure
Philipp Kern asked about trying to do reproducible builds checks for
recent security updates to try to gain confidence about Debian's buildd
infrastructure, given that they run builds in sid chroots which may have
used or built or run a vulnerable xz-utils...
So far, I have not found any
On 2024-03-12, Holger Levsen wrote:
> On Mon, Mar 11, 2024 at 06:24:22PM +, James Addison via rb-general wrote:
>> Please find below a draft of the message I'll send to each affected
>> bugreport.
>
> looks good to me, thank you for doing this!
>
>> Note: I confused myself when writing
On 2024-03-05, John Neffenger wrote:
> On 3/5/24 2:11 PM, Vagrant Cascadian wrote:
>>> I have no way to change these choices.
>>
>> Then clearly you have not been provided sufficient information,
>> configuration, software, etc. in order to reproduce the build!
>
On 2024-03-05, John Gilmore wrote:
> A quick note:
> Vagrant Cascadian wrote:
>> It would be pretty impractical, at least for Debian tests, to test
>> without SOURC_DATE_EPOCH, as dpkg will set SOURCE_DATE_EPOCH from
>> debian/changelog for quite a few years now.
On 2024-03-05, John Gilmore wrote:
... it makes reproducibilty from around 80-85% of all
packages to >95%, IOW with this shortcut we can have meaningful
reproducibility
*many years* sooner, than without.
...
> I'd rather that we knew and documented that 57% of
On 2024-03-05, John Neffenger wrote:
> On 3/5/24 8:08 AM, John Gilmore wrote:
>> Our instructions for reproducing any package would have to identify what
>> container/chroot/namespace/whatever the end-user must set up to be able
>> to successfully reproduce a package.
The build instructions
On 2024-03-04, John Gilmore wrote:
> Vagrant Cascadian wrote:
>> > > to make it easier to debug other issues, although deprioritizing them
>> > > makes sense, given buildd.debian.org now normalizes them.
>
> James Addison via rb-general wrote:
>> Ok,
On 2024-02-15, James Addison via rb-general wrote:
> A quick recap: in July 2023, Debian's package build infrastructure
> (buildd) intentionally began using a fixed directory path during
> package builds (bug #1034424). Previously, some string randomness
> existed within each source build
On 2024-02-27, Chris Lamb wrote:
>> * Update reprotest to handle a single-disabled-varations-value as a
>> special case - treating it as vary and/or emitting a warning.
Well, I would broaden this to include an arbitrary number of negating
options:
--variations=-time,-build_path
That seems
On 2024-02-12, cen wrote:
> I would like to verify that a package is reproducible by rebuilding it
> locally on Debian (bookworm).
...
> I found https://buildinfos.debian.net and I can in theory fetch a
> .buildinfo file from there using the correct package version and arch
Yeah,
On 2024-01-11, John Gilmore wrote:
> https://reproducible-builds.org/reports/2023-12/
>
> "Reproducible Builds in December 2023
>
>Welcome to the November 2023 report..."
>
> It seems better to NOT reproduce the previous month's header quite so
> accurately. ;-/
Heh, thanks!
Just pushed a
On 2023-11-16, aho...@0w.se wrote:
> On Wed, Nov 15, 2023 at 11:11:47AM -0800, Vagrant Cascadian wrote:
>> On 2023-11-15, aho...@0w.se wrote:
>> > I challenge you to explain how the use (of an arbitrary implementation)
>> > of a toolchain and of the other necessary tools
On 2023-11-15, aho...@0w.se wrote:
> On Tue, Nov 14, 2023 at 03:00:29PM -0800, Vagrant Cascadian wrote:
>> On 2023-11-14, aho...@0w.se wrote:
>> > On Tue, Nov 14, 2023 at 10:18:01AM -0800, Vagrant Cascadian wrote:
>> >> On 2023-11-14, aho...@0w.se wrote:
>> &g
On 2023-11-14, aho...@0w.se wrote:
> On Tue, Nov 14, 2023 at 10:18:01AM -0800, Vagrant Cascadian wrote:
>> On 2023-11-14, aho...@0w.se wrote:
>> > On Sun, Nov 12, 2023 at 06:19:31PM -0800, Vagrant Cascadian wrote:
>> >> The very thing the "Full-Source B
On 2023-11-14, aho...@0w.se wrote:
> On Sun, Nov 12, 2023 at 06:19:31PM -0800, Vagrant Cascadian wrote:
>> The very thing the "Full-Source Bootstrap" builds is a C development
>> toolchain; that is arguably the whole point of the "Full-Source
>> Boots
On 2023-11-11, aho...@0w.se wrote:
> On Sat, Nov 11, 2023 at 07:38:42AM +0100, Janneke Nieuwenhuizen wrote:
>> We are happy to announce the release of GNU Mes 0.25!
>
> Regrettably, the post includes a reference to
>
>> version 0.24.2 has realized the first Full Source Bootstrap for Guix
>>
On 2023-10-12, Marek Marczykowski-Górecki wrote:
> On Sat, Sep 30, 2023 at 04:59:33PM -0700, Vagrant Cascadian wrote:
>> On 2023-09-20, Lucas Nussbaum wrote:
>> > On 19/09/23 at 13:52 -0700, Vagrant Cascadian wrote:
>> >> Snapshotting the archive(s) multiple
On 2023-10-12, Vagrant Cascadian wrote:
> On 2023-10-12, Chris Lamb wrote:
>>> In the meantime, I worked on a naive implementation of this, using
>>> debmirror and btrfs snapshots (zfs or xfs are other likely candidates
>>> for filesystem-level snapshots). It is
On 2023-10-12, Chris Lamb wrote:
>> In the meantime, I worked on a naive implementation of this, using
>> debmirror and btrfs snapshots (zfs or xfs are other likely candidates
>> for filesystem-level snapshots). It is working better than I expected!
> […]
>> Currently weighing in at about 550GB,
On 2023-09-30, Vagrant Cascadian wrote:
> On 2023-09-20, Lucas Nussbaum wrote:
>> On 19/09/23 at 13:52 -0700, Vagrant Cascadian wrote:
>>> * Looking forward and backwards at snapshots
>>>
>>> I do think that a more complete snapshot approach is probably better
On 2023-09-20, Lucas Nussbaum wrote:
> On 19/09/23 at 13:52 -0700, Vagrant Cascadian wrote:
>> * Looking forward and backwards at snapshots
>>
>> I do think that a more complete snapshot approach is probably better
>> than package-specific snapshots, and it might be wor
On 2023-09-19, Vagrant Cascadian wrote:
> * Some actual results!
>
> Testing only arch:all and arch:amd64 .buildinfos, I had decent luck with
> 2023/09/16:
>
> total buildinfos to check: 538
> attempted/building: 535
>
> unreproducible: 28 5 %
> reprodu
I experimented with verification builds building packages that were
recently built by the Debian buildd infrastrcture... relatively soon
after the .buildinfo files are made available, without relying on
snapshot.debian.org... with the goal of getting bit-for-bit identical
verification of newly
On 2023-08-02, David A. Wheeler wrote:
> Sphinx just merged a change, I recommend adding a note about it. E.g.,
> just before "Lastly in news, kpcyrd posted to our mailing list
> announcing a new “repro-env” tool" add this:
>
> The [Sphinx](https://github.com/sphinx-doc/sphinx) documentation tool
On 2023-08-02, Carles Pina i. Estany wrote:
> This is Debian specific but I cannot find a reproducible builds Debian
> specific mailing list. Let me know if I should ask elsewhere. Feel free
> to send me some pointers to read it myself.
There is also reproducible-bui...@lists.alioth.debian.org
On 2023-07-18, kpcyrd wrote:
> while packaging govulncheck for Arch Linux I noticed a checksum mismatch
> for a tar file I downloaded from go.googlesource.com.
...
> https://go.googlesource.com/vuln/+archive/refs/tags/v1.0.0.tar.gz
>
> I downloaded the file 3 times and got a different sha256
Yesterday I was excited to learn there is some renewed interest in
Reproducible Builds in the Fedora community!
https://flock2023.sched.com/event/1Or8e/reproducible-builds-hackfest
https://flocktofedora.org/
Cork, Ireland August 2nd through 4th
live well,
vagrant
signature.asc
On 2023-07-04, David A. Wheeler wrote:
>> On Jul 2, 2023, at 11:37 AM, Roland Clobus wrote:
>> here is the 18th update of the status for reproducible live-build ISO images
>> [1].
>>
>> Single line summary: Live images are looking good, and the number of
>> (passed) automated tests is growing
This seems like it might be a good conference for a reproducible builds
talk:
https://packaging-con.org/
Call For Proposals closes end of July:
https://cfp.packaging-con.org/2023/cfp
It is also the weekend before the Reproducible Builds World Summit in
Hamburg, so not too far from Berlin.
On 2023-05-29, David A. Wheeler wrote:
> On Sun, 28 May 2023 21:10:36 -0700, Vagrant Cascadian
> wrote:
>
>> Do such tools actually exist, or are we talking about something
>> theoretical here? I am nervous about investing too much energy in
>> something without a
On 2023-05-29, Bernhard M. Wiedemann via rb-general wrote:
> On 29/05/2023 06.10, Vagrant Cascadian wrote:
>> Do such tools actually exist, or are we talking about something
>> theoretical here?
>
> https://github.com/openSUSE/build-compare/ is in use for 13 years.
>
> A
On 2023-05-28, David A. Wheeler wrote:
> On Sun, 28 May 2023 13:04:40 +0100, James Addison via rb-general
> wrote:
>> Thanks for sharing this.
>>
>> I think that the problem with this idea and name are:
>>
>> - That it does not allow two or more people to share and confirm that
>> they have
I have been poking at gcc and binutils this month; they take a good long
while to build...
Inspired by how close we are to making the Debian build-essential set
reproducible and how important that set of packages are in general... I
have some progress, some hope, and I daresay, some fears...
On 2023-04-26, James Addison wrote:
> On Tue, 18 Apr 2023 at 18:51, Vagrant Cascadian
> wrote:
>> > James Addison wrote:
>> This is why in the reproducible builds documentation on timestamps,
>> there is a paragraph "Timestamps are best avoided":
>>
On 2023-04-17, John Gilmore wrote:
> James Addison wrote:
>> When the goal is to build the software as it was available to the
>> author at the time of code commit/check-in - and I think that that is
>> a valid use case - then that makes sense.
>
> I think of the goal as being less related to the
On 2023-04-14, Holger Levsen wrote:
> i'm wondering whether distro-info should respect SOURCE_DATE_EPOCH:
> src:developers-reference builds different content based on the build
> date, due to using distro-info and distro-info knows that in 398 days
> trixie will be released :)))
> see
>
On 2023-04-13, David A. Wheeler wrote:
>> On Apr 12, 2023, at 11:46 AM, Chris Lamb
>> wrote:
>> This is, unfortunately, a little misleading. To clarify, this
>> statement only means that *tests.reproducible-builds.org* believes
>> that the fbreader source package is reproducible — it doesn't
Last month, I pondered about the future of reprotest and some related
ideas and tooling:
https://lists.reproducible-builds.org/pipermail/rb-general/2023-February/002876.html
This month, fleshed out a method of usefully using reprotest as a hook
to sbuild (a package build tool for Debian)
On 2023-03-08, aho...@0w.se wrote:
> We seem to be the first project offering bootstrappable and verifiable
> builds without any binary seeds.
>
> The project's website is at [1]
...
> [1] the site is available through the Tor/onion network
> (for the advantages of convenient and privacy-friendly
On 2023-03-01, John Gilmore wrote:
>>> So, overall, I actually don't think that diffoscope has the requested
>>> support, and it's not "just" a bug of failed identification.
>
> I have been surprised at how much effort has gone into "diffoscope" as a
> total fraction of the Reproducible Builds
I have managed to make some changes to reprotest now and again, but as a
whole, cannot say I can wrap my head around the code enough to maintain
it.
It also contains forks of some autopkgtest code, last updated in 2017,
if I am reading the git logs correctly. It is apparently no longer
working
On 2023-02-11, Larry Doolittle wrote:
> verilator 5.006-2 in Debian is not reproducible
>
> https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/verilator.html
> and I finally figured out why. It's timezone handling in python3 datetime.
>
> $ cat verilator_doc.py
> # Distilled
First Debian NMU Sprint of 2023... this coming Tuesday, January 10th,
16:00 UTC!
Some past sprints:
https://lists.reproducible-builds.org/pipermail/rb-general/2022-November/002756.html
IRC:
irc.oftc.net #debian-reproducible
Unapplied patches:
On 2022-11-20, Vagrant Cascadian wrote:
> Since the previous sprints were fun and productive, I am planning on
> doing NMU sprints every Thursday in December (1st, 8th, 15th, 22nd,
> 29th). We are planning on meeting on irc.oftc.net in the
> #debian-reproducible channel at 17:00U
On 2022-12-14, Bernhard M. Wiedemann via rb-general wrote:
> a colleague of mine is rather skeptic towards bootstrapping and
> reproducible-builds.
>
> E.g. he wrote
>
> https://fy.blackhats.net.au/blog/html/2021/05/12/compiler_bootstrapping_can_we_trust_rust.html
This seems to miss the point
On 2022-12-13, James Addison via rb-general wrote:
> As Debian's buildinfo[1] wiki page hints, it's difficult to determine
> whether a build dependency is genuinely required at build-time,
> compared to: it was required in the past, but has become dependency
> cruft.
>
> I was wondering: are there
Since the previous sprints were fun and productive, I am planning on
doing NMU sprints every Thursday in December (1st, 8th, 15th, 22nd,
29th). We are planning on meeting on irc.oftc.net in the
#debian-reproducible channel at 17:00UTC and going for an hour or two or
three. Feel free to start early
On 2022-11-13, Vagrant Cascadian wrote:
> On 2022-11-13, kpc...@archlinux.org wrote:
>> On 11/13/22 22:59, Vagrant Cascadian wrote:
>> They both serve different purposes, Build Environment Fuzzing helps
>> detect issues before they show up during Verification Builds but
On 2022-11-13, kpc...@archlinux.org wrote:
> On 11/13/22 22:59, Vagrant Cascadian wrote:
>> I'm not sure how exactly to structure a rewording or adjustment of the
>> website and whatnot, but would like to start the conversation, at least!
>
> Thanks for bringing this up, ma
So, when going to check the reproducibility status of a package in
archlinux, I went to:
https://reproducible-builds.org/citests/
Which has a link for archlinux tests:
https://tests.reproducible-builds.org/archlinux/
But I was informed that those tests are not really working...
And
On 2022-11-11, Chris Lamb wrote:
> Can you clarify whether you meant *Wednesday* November 16th or
> Thursday November *17th*? :)
Oops! The 17th!
live well,
vagrant
signature.asc
Description: PGP signature
On 2022-11-11, Chris Lamb wrote:
> Can you clarify whether you meant *Wednesday* November 16th or
> Thursday November *17th*? :)
Oops! Thursday November 17th!
live well,
vagrant
signature.asc
Description: PGP signature
We were productive and had some fun with the previous NMU sprints:
https://lists.reproducible-builds.org/pipermail/rb-general/2022-September/002689.html
So we are planning on meeting on irc.oftc.net in the
#debian-reproducible channel at 17:00UTC and going for an hour or two or
three.
We
On 2022-11-08, Chris Lamb wrote:
>> > We are planning on meeting on irc.oftc.net in the #debian-reproducible
>> > channel at 16:00UTC and going for an hour or two or three.
>>
>> It was fun, so we hope to do this roughly every two weeks!
>> Next one is thus planned for Thursday, October 6th, 16:00
On 2022-10-05, David A. Wheeler wrote:
>> On Oct 5, 2022, at 3:50 PM, Chris Lamb wrote:
>> Please review the draft for September's Reproducible Builds report:
>>
>> https://reproducible-builds.org/reports/2022-09/?draft
>
> As always, thanks! A few proposed tweaks below.
>
> --- David A.
On 2022-09-21, Vagrant Cascadian wrote:
> We are planning on meeting on irc.oftc.net in the #debian-reproducible
> channel at 16:00UTC and going for an hour or two or three.
It was fun, so we hope to do this roughly every two weeks!
Next one is thus planned for Thursday, October 6th, 16:
Holger and I were chatting about doing more Debian NMUs
(Non-Maintainer-Uploads) to clear the huge backlog of reproducible
builds patches submitted... and we may as well get started this
Thursday!
We are planning on meeting on irc.oftc.net in the #debian-reproducible
channel at 16:00UTC and going
On 2022-06-24, David A. Wheeler wrote:
>> On Jun 22, 2022, at 2:28 PM, Vagrant Cascadian
>> wrote:
> Fair enough. Let's use Debian as an example. The "typical"
> way I've seen Linux kernel headers installed would be by running:
>
>> sudo apt install linux
On 2022-06-22, Vagrant Cascadian wrote:
> On 2022-06-22, David A. Wheeler wrote:
>> GitBOM is explained at <https://gitbom.dev/>. As they explain it, its
>> purpose is to:
>> • Build a compact Artifact Dependency Graph (ADG), tracking every
>> source code
On 2022-06-22, David A. Wheeler wrote:
> The challenge is that I believe that there will be subtle variations in
> inputs caused by
> very low-level components, particularly kernels & but also potentially also
> low-level
> runtimes like the C runtime. This could result it irreproducibility of
On 2022-05-02, Vagrant Cascadian wrote:
> $ guix challenge --diff=none $(cat guix-base-set)
>
> /gnu/store/8gmqvwf0ccqfyimficcnhxvrykwx6y8g-linux-libre-5.17.5 contents
> differ:
Proving more difficult than I'd hoped for, smallish diffs in the .ko
files and in the bzImage an
On 2022-05-27, David A. Wheeler wrote:
> I think that in general *signatures* should be separated from *what
> they are signing*, preferably by being different files.
>
> This solves reproducibility problems. It also solves other problems,
> e.g., it's quite possible for multiple people to sign
On 2022-05-26, Yaobin Wen wrote:
> In my company, we use *Ubuntu (18.04)* and are practicing reproducible
> builds. Our code is built into a lot of .*deb* packages using *debuild* (and
> related tools). We have made a lot of effort to make our builds
> reproducible by following the Achieve
On 2022-05-22, Luca Boccassi wrote:
> We have been having an issue with making the systemd build reproducible
> on arm64. On x86 it's all fine, but on arm there are differences in the
> built binaries that I cannot explain - I don't speak arm assembly so I
> can't really tell where they are coming
On 2022-05-01, Vagrant Cascadian wrote:
> On 2022-05-01, Holger Levsen wrote:
>> On Sat, Apr 30, 2022 at 03:53:13PM +0200, Roland Rosenfeld wrote:
>>> [tl;dr faketime results on broken file timestamps for quilt patched
>>> files on salsa]
...
> reprotest uses faketim
On 2022-05-02, zimoun wrote:
> On Mon, 02 May 2022 at 06:11, Vagrant Cascadian
> wrote:
>> $ guix challenge --diff=none $(cat guix-base-set)
...
>> The fact that the guix and guile packages do not build reproducibly is a
>> little disappointing as they're both so c
On 2022-04-27, Vagrant Cascadian wrote:
> Lately, I've been trying to get a handle on the status of the really
> core packages in Debian
...
> I'd also be really curious to hear about the status of similar package
> sets in other distros!
With my metaphorical guix hoodie[1] on...
$ g
On 2022-05-01, Holger Levsen wrote:
> On Sat, Apr 30, 2022 at 03:53:13PM +0200, Roland Rosenfeld wrote:
>> [tl;dr faketime results on broken file timestamps for quilt patched
>> files on salsa]
>
> which is one of several reasons why (in 2014 or so) we choose not to use
> faketime to achieve
On 2022-04-28, Chris Lamb wrote:
>> Lately, I've been trying to get a handle on the status of the really
>> core packages in Debian, namely the essential, required and
>> build-essential package sets. The first two are present on nearly every
>> Debian system, and build-essential is the set of
Lately, I've been trying to get a handle on the status of the really
core packages in Debian, namely the essential, required and
build-essential package sets. The first two are present on nearly every
Debian system, and build-essential is the set of packages assumed to be
available whenever you
On 2022-01-04, John Neffenger wrote:
> On 1/3/22 7:08 AM, Chris Lamb wrote:
>> Please review the draft for December's Reproducible Builds report:
>>
>>https://reproducible-builds.org/reports/2021-12/?draft
>
> Would it be helpful to add a section about upstream changes regarding
>
On 2021-01-08, Vagrant Cascadian wrote:
> On 2021-01-08, Vagrant Cascadian wrote:
>> On 2021-01-07, Vagrant Cascadian wrote:
>>> On 2021-01-07, Michael Biebl wrote:
>>>> Am 07.01.21 um 18:24 schrieb Michael Biebl:
>>>>> as can be seen at [1],
On 2021-01-21, Mattia Rizzolo wrote:
> We are pondering whether to do a round of Outreachy this year.
> Contrary to last years' we are going to throw the topic much earlier,
> and see if
> some good proposal for that round.
>
> Example for the past rounds would be:
> *
>
On 2021-01-07, Vagrant Cascadian wrote:
> On 2021-01-07, Michael Biebl wrote:
>> Am 07.01.21 um 18:24 schrieb Michael Biebl:
>>> as can be seen at [1], systemd does not build reproducibly on armhf and
>>> arm64 (while there is no problem on amd64 and i386).
>>>
We will set aside some time to be available for asking questions about
anything related to Reproducible Builds.
This is an opportunity to ask introductory questions and is intended to
be welcoming to newcomers, though of course, any questions relating to
Reproducible Builds should be fair game!
Hi!
We are experimenting with setting aside some time to be available for
asking questions about anything related to Reproducible Builds.
This is an opportunity to ask introductory questions and is intended to
be welcoming to newcomers, though of course, any questions relating to
Reproducible
At our last IRC meeting, it was decided to host an IRC session about
sharing our distro-specific Reproducible Builds debugging workflows (or
at least, that's what I *thought* we were doing), e.g.:
https://github.com/bmwiedemann/reproducibleopensuse/blob/devel/howtodebug
We picked the date as
On 2020-10-19, Elías Alejandro wrote:
> Dear all,
> I hope you are well. I have a newbie question about how to configure
> my local box to reproduce bug[1] and finally fix it. I was following
> [2] but I got a successful message without modifying the source .
> Maybe I need to add another
On 2020-10-12, David A. Wheeler wrote:
> In the discussion today I was pointed to this awesome post about
> creating a reproducible bootstrap of the GNU Mes C compiler:
> https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-of-mes-c-compiler/
>
> I was asked if this counted as an
On 2020-08-31, kpcyrd wrote:
> I'm a bit short on time, sorry in advance if the email is a little
> short/blunt:
>
> - What was the original motivation of putting the size and checksum of the
> package into the buildinfo file? We aren't tracking this info in Arch Linux
> and it turned out we
On 2020-06-26, hartmut wrote:
> a) The build process should be well documented and obviously. It means usage
> of an environment
> variable inside the compiler, internal, it very bad for that. Because the
> value of the envvar may be
> unknown after build. It is possible to use an environment
On 2020-06-26, Bill Allombert wrote:
> Is it possible to set -fdebug-prefix-map via an environment variable or
> a similar mechanism rather than through the command line ?
>
> The issue is that adding -fdebug-prefix-map=PREFIX to CFLAGS
> leads to PREFIX leaking in buildlogs and in generated
On 2020-05-15, Jason Zions via rb-general wrote:
> kpcyrd:
>> The argument was that a debian/arch rebuilder *always* needs to take
>> the buildinfo file as a rebuild input. That's the reason the buildinfo is
>> shipped inside the arch package, collecting detached buildinfo files is a
>> debian
On 2020-06-03, Christopher Baines wrote:
> Combining that with the substitute server operated by Tobias, which has
> a pretty awesome substitute availability of over 90% for recent
> revisions, not only is there data from 4 different substitute servers to
> use in the comparison, but the
On 2020-03-29, Boyuan Yang wrote:
> I'm just writing to let you know that the link to weekly news at the
> sidebar of https://tests.reproducible-builds.org/debian/reproducible.html
> is now broken. It still uses the old alioth-related URL. Maybe it
> should be replaced by
I've drafted a poll to get a rough idea of which dates would be better
for the 2020 Reproducible Builds Summit:
https://framadate.org/dgT3WjvTV3AdfQWp
It was a little awkward to put the full date ranges in, so I simply
selected the wednesday of each week we might do the event and added
I did some quick reproducibility testing running GNU Guix, and so far
got pretty good results:
Using guix (and packages) built from commit:
f83d07f7778b699d46741a5667113342f5f0a737
$ guix challenge --verbose --diff=diffoscope ...
2,463 store items were analyzed:
- 2,016 (81.9%) were
On 2020-02-06, Thorsten Glaser wrote:
>>Indeed, an extremely quick glance at your package suggests that whilst
>>dh(1) itself resets to he umask, musescore is calling dh_auto_build
>>manually:
>
> that, yes, but dh_auto_build is called from dh, so it should
> inherit its umask. The top-level
On 2019-08-01, Bernhard M. Wiedemann wrote:
> On 31/07/2019 16.50, Vagrant Cascadian wrote:
>> This talk will mention some of the past and current issues in
>> toolchains needed to realize Reproducible Builds in the real world.
>> Let's work together to fix outstandi
On 2019-04-29, Vagrant Cascadian wrote:
> It seems to be missing the .buildinfo.N, which in some cases are the
> actual .buildinfo files built by the buildd's and the corresponding .deb
> files shipped in the archive.
>
> The .buildinfo without a numbered increment is freq
On 2019-04-29, Holger Levsen wrote:
> On Fri, Feb 15, 2019 at 01:51:40PM -0800, Vagrant Cascadian wrote:
>> On 2019-02-15, Holger Levsen wrote:
> we now have two similar implementations of a buildinfo server for Debian
> .buildinfo files:
>
> - https://buildinfo.debian.net
1 - 100 of 114 matches
Mail list logo