What happened in the reproducible builds effort between January 17th and January 23rd:

Toolchain fixes

James McCoy uploaded subversion/1.9.3-2 which removes -Wdate-time from CPPFLAGS passed to swig enabling several packages to build again.

The switch made in binutils/2.25-6 to use deterministic archives by default had the unfortunate effect of breaking a seldom used feature of make. Manoj Srivastava asked on debian-devel the best way to communicate the changes to Debian users. Lunar quickly came up with a patch that displays a warning when Make encounters “deterministic” archives. Manoj made it available in make/4.1-2 together with a NEWS file advertising the change.

Following Guillem Jover's comment on the latest patch to make mtimes of packaged files deterministic, Daniel Kahn Gillmor updated and extended the patch adding the --clamp-mtime option to GNU Tar.

Mattia Rizzolo updated texlive-bin in the “reproducible” experimental repository.

Packages fixed

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues, but not all of them:

desktop-profiles/1.4.21 uploaded by Petter Reinholdtsen, original patch by Chris Lamb.

gradle/2.10-1 by Kai-Chung Yan.

Patches submitted which have not made their way to the archive yet:

#811285 on strace by Reiner Herrmann: sort symbol list using the C locale.

locale. #812428 on libgcrypt20 by Lunar: add support for SOURCE_DATE_EPOCH .

reproducible.debian.net

Transition from reproducible.debian.net to the more general tests.reproducible-builds.org has started. More visual changes are coming. (h01ger)

A plan on how to run tests for F-Droid has been worked out. (hc, mvdan, h01ger) A first step has been made by adding a Jenkins job to setup an F-Droid build environment. (h01ger)

diffoscope development

diffoscope 46 has been released on January 19th, followed-up by version 47 made available on January 23rd. Try it online at try.diffoscope.org!

The biggest visible change is the improvement to ELF file handling. Comparisons are now done section by section, using the most appropriate tool and options to get meaningful results, thanks to Dhole's work and Mike Hommey's suggestions. Also suggested by Mike, symbols for IP-relative ops are now filtered out to remove clutter.

Understanding differences in ELF files belonging to Debian packages should also be much easier as diffoscope will now try to extract debug information from the matching dbgsym package. This means objdump disassembler should output line numbers for packages built with recent debhelper as long as the associated debug package is in the same directory.

As diff tends to consume huge amount of memory on large inputs, diffoscope has a limit in place to prevent crashes. diffoscope used to display a difference every time the limit was hit. Because this was confusing in case there were actually no differences, a hash is now internally computed to only report a difference when one exists.

Files in archives and other container members are now compared in the original order. This should not matter in most case but overall give more predictable results.

Debian .buildinfo files are now supported.

Amongst other minor fixes and improvements, diffoscope will now properly compare symlinks in directories. Thanks Tuomas Tynkkynen for reporting the problem.

Package reviews

70 reviews have been removed, 125 added and 33 updated in the previous week, gcc-5 amongst others.

25 FTBFS issues have been filled by Chris Lamb, Daniel Stender, Martin Michlmayr.

Misc.

The 16th FOSDEM will happen in Brussels, Belgium on January 30-31st. Several talks will be about reproducible builds: h01ger about the general ecosystem, Fabian Keil about the security oriented ElectroBSD, Baptiste Daroussin about FreeBSD packages, Ludovic Courtès about Guix.