Bug#1068890: diffoscope: --hard-timeout option
Package: diffoscope Version: 264 Severity: wishlist Dear Maintainer, currenlty diffoscope has a --timeout option --timeout SECONDS Best-effort attempt at a global timeout in seconds. If enabled, diffoscope will not recurse into any further sub-archives after X seconds of total execution time. (default: no timeout) [experimental] however this doesnt give any guarantees how long diffoscope will be running, so so far we haven't used it for the RB CI tests, mostly because I'm not sure what would be a good inner timeout (=for diffoscope) and what would be a good good outer timeout (=for killing diffoscope from the outside no matter what). Currently we use 2h as outer timeout, but have no inner timeout. Maybe we should use --timeout 1h? Anyhow, about my --hard-timeout option idea: my idea of "--hard-timeout $time" is that diffoscope terminates itself after $time, no matter what *and* then re-starts itself with "--max-container-depth 3" (or whatever is useful to get a glimpse on what files in a Debian package are different) (probably also with another hard timeout set...) as to guarantee to always produce meaningful output (especially html output if specified with --html). What do you think? Else we could also extend the current code for tests.r-b.o/debian, which currently just kills diffoscope after 2h, to then run diffoscope --max-container-depth 3 :) https://tests.reproducible-builds.org/debian/index_breakages.html lists 251 pkg/suite/arch combinations where diffoscope runs into a timeout... & many thanks for rocking diffoscope airlines..! \o/ -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Bottled water companies don't produce water, they produce plastic bottles. signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Processed: Re: Bug#1038845: reprotest: transition from /etc/timezone to /etc/localtime
Processing control commands: > block 1038845 by 1001250 Bug #1038845 [src:reprotest] reprotest: transition from /etc/timezone to /etc/localtime 1038845 was not blocked by any bugs. 1038845 was not blocking any bugs. Added blocking bug(s) of 1038845: 1001250 -- 1038845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038845 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1038845: reprotest: transition from /etc/timezone to /etc/localtime
Control: block 1038845 by 1001250 On 2023-06-21, bl...@debian.org wrote: > reprotest is currently referencing /etc/timezone without support for > /etc/localtime. /etc/timezone is a legacy interface that is Debian > specific. The cross-distro standard /etc/localtime (as a symlink to > the appropriate timezone file), so please switch your package to > /etc/localtime. tzsetup will stop creating /etc/timezone soon. Note > that the list of affected source packages was compiled with > codesearch, so false positives are possible. Thank you. This is only in the code running in a qemu virtual machine, although that is currently broken, so needs to be fixed somehow to remove /etc/timezone. live well, vagrant signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Processed: Bug#1068853 marked as pending in reprotest
Processing control commands: > tag -1 pending Bug #1068853 [reprotest] reprotest: SyntaxWarning: invalid escape sequence '\;' Added tag(s) pending. -- 1068853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068853 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1068853: reprotest: SyntaxWarning: invalid escape sequence '\;'
On 2024-04-12, Fay Stegerman wrote: > * Vagrant Cascadian [2024-04-12 19:29]: >> On 2024-04-12, Holger Levsen wrote: >> > when installing reprotest 0.7.27: >> > >> > SyntaxWarning: invalid escape sequence '\;' >> > Setting up reprotest (0.7.27) ... >> > /usr/lib/python3/dist-packages/reprotest/__init__.py:360: SyntaxWarning: >> > invalid escape sequence '\;' >> > run_or_tee(['sh', '-ec', 'find %s -type f -exec sha256sum "{}" \;' % >> > self.artifact_pattern], > [...] >> How exactly did you get this error? >> >> I installed locally, but did not encounter any such issues on package >> installation just now, and also nothing when manually running a simple >> test: >> >> reprotest 'date > date' date >> WARNING:reprotest:The control build runs on 1 CPU by default, give >> --min-cpus to increase this. >> WARNING:reprotest.build:IGNORING user_group variation; supply more >> usergroups with --variations=user_group.available+=USER1:GROUP1;USER2:GROUP2 >> or alternatively, suppress this warning with --variations=-user_group >> WARNING:reprotest.build:Not using sudo for domain_host; your build may fail. >> See man page for other options. >> WARNING:reprotest.build:Be sure to `echo 1 > >> /proc/sys/kernel/unprivileged_userns_clone` if on a Debian system. >> --- /tmp/tmp4vqq6736/control >> +++ /tmp/tmp4vqq6736/experiment-1 >> │ --- /tmp/tmp4vqq6736/control/source-root >> ├── +++ /tmp/tmp4vqq6736/experiment-1/source-root >> │ │ --- /tmp/tmp4vqq6736/control/source-root/date >> │ ├── +++ /tmp/tmp4vqq6736/experiment-1/source-root/date >> │ │ @@ -1 +1 @@ >> │ │ +L 13 apr 2024 07:27:01 GMT >> │ │ -Fri Apr 12 05:27:01 GMT 2024 > > That syntax warning is new in Python 3.12. And it's correct, one should use > raw > strings (r'...') or two backslashes for escape sequences intended for e.g. > regexes or shell commands like here, not Python itself. Ok, finally able to reproduce this by installing python3.12 in the environment, which is not yet the default python or installed by default, but obviously will be before too long... That at least gives me enough to poke at this going forward! Thanks! live well, vagrant signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1068853: reprotest: SyntaxWarning: invalid escape sequence '\;'
On Fri, Apr 12, 2024 at 10:29:07AM -0700, Vagrant Cascadian wrote: > How exactly did you get this error? upgrading my sid schroot. just confirmed the bug by removing it there and installing it again. then I mounted /proc but the bug is still there. /dev is also populated, though /usr/bin/mount fails with "mount: failed to read mtab: No such file or directory". > I installed locally, but did not encounter any such issues on package > installation just now, and also nothing when manually running a simple > test: > > reprotest 'date > date' date that also fails verbosely here: $ schroot -- reprotest 'date > date' date WARNING:reprotest:The control build runs on 1 CPU by default, give --min-cpus to increase this. WARNING:reprotest.build:IGNORING user_group variation; supply more usergroups with --variations=user_group.available+=USER1:GROUP1;USER2:GROUP2 or alternatively, suppress this warning with --variations=-user_group WARNING:reprotest.build:Not using sudo for domain_host; your build may fail. See man page for other options. WARNING:reprotest.build:Be sure to `echo 1 > /proc/sys/kernel/unprivileged_userns_clone` if on a Debian system. fusermount: failed to open /etc/mtab: No such file or directory fusermount: mount failed: Operation not permitted fusermount: failed to unmount /tmp/reprotest.AQkTKX/build-experiment-1: Operation not permitted cleanup failed with exit code 1 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 862, in run return 0 if check_func(*check_args) else 1 ^^^ File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 379, in check local_dists += [proc.send(nv) for nv in zip(bnames[1:], build_variations[1:])] ^^^ File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 379, in local_dists += [proc.send(nv) for nv in zip(bnames[1:], build_variations[1:])] ^ File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 339, in corun_builds bctx.run_build(testbed, build, os.environ, artifact_pattern, testbed_build_pre, no_clean_on_error) File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 218, in run_build testbed.check_exec2(build_argv, File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 63, in check_exec2 self.bomb('"%s" failed with status %i' % (' '.join(argv), code), File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 70, in bomb raise _type(m) reprotest.lib.adtlog.AutopkgtestError: "sh -ec run_build() { mkdir -p /tmp/reprotest.AQkTKX/build-experiment-1-aux && \ SETARCH_ARCH=$(for a in $(setarch --list); do setarch $a true && echo $a || true; done) && \ DROP_ARCH="-v -e ^$(uname -m)\$" && \ WORDSIZE=64 && \ if [ $WORDSIZE -eq 64 ]; then for _ARCH_TO_DROP in armh armv7b armv7l armv8b armv8l arm athlon i386 i486 i586 i686 linux32 mips32 mips parisc32 parisc ppc32le ppc32 ppcle ppc s390 sparc32bash sparc32 sparc; do DROP_ARCH="$DROP_ARCH -e ^$_ARCH_TO_DROP\$"; done; fi && \ SETARCH_ARCH=$(echo "$SETARCH_ARCH" | grep $DROP_ARCH | shuf -n1) && \ KERNEL_VERSION=$(uname -r) && \ if [ ${KERNEL_VERSION#2.6} = $KERNEL_VERSION ]; then SETARCH_OPTS=--uname-2.6; fi && \ CPU_MAX=$(nproc) && \ CPU_MIN=$({ echo $CPU_MAX; echo 1; } | sort -n | head -n1) && \ CPU_NUM=$(if [ $CPU_MIN = $CPU_MAX ]; then echo $CPU_MIN; echo >&2 "only 1 CPU is available; num_cpus is ineffective"; else shuf -i$((CPU_MIN + 1))-$CPU_MAX -n1; fi) && \ export CPU_LIST="$(echo $(shuf -i0-$((CPU_MAX - 1)) -n$CPU_NUM) | tr ' ' ,)" && \ mv /tmp/reprotest.AQkTKX/build-experiment-1/ /tmp/reprotest.AQkTKX/build-experiment-1-before-disorderfs/ && \ mkdir -p /tmp/reprotest.AQkTKX/build-experiment-1/ && \ disorderfs -q --shuffle-dirents=yes /tmp/reprotest.AQkTKX/build-experiment-1-before-disorderfs/ /tmp/reprotest.AQkTKX/build-experiment-1/ && \ umask 0002 && \ export REPROTEST_BUILD_PATH=/tmp/reprotest.AQkTKX/build-experiment-1/ && \ export REPROTEST_UMASK=$(umask) && \ unshare -r --uts sh -ec ' hostname reprotest-capture-hostname domainname "reprotest-capture-domainname" "$@"' - \ faketime +398days+2hours+27minutes \ taskset -a -c $CPU_LIST \ setarch $SETARCH_ARCH $SETARCH_OPTS \ sh -ec 'cd "$REPROTEST_BUILD_PATH"; unset REPROTEST_BUILD_PATH; umask "$REPROTEST_UMASK"; unset REPROTEST_UMASK; date > date' } cleanup() { __c=0; \ export PATH="/tmp/reprotest.AQkTKX/bin:$PATH" || __c=$?; \ fusermount -u /tmp/reprotest.AQkTKX/build-experiment-1/ || __c=$?; \ rmdir /tmp/reprotest.AQkTKX/build-experiment-1/ || __c=$?; \ mv /tmp/reprotest.AQkTKX/build-experiment-1-before-disorderfs/
Bug#1068853: reprotest: SyntaxWarning: invalid escape sequence '\;'
* Vagrant Cascadian [2024-04-12 19:29]: > On 2024-04-12, Holger Levsen wrote: > > when installing reprotest 0.7.27: > > > > SyntaxWarning: invalid escape sequence '\;' > > Setting up reprotest (0.7.27) ... > > /usr/lib/python3/dist-packages/reprotest/__init__.py:360: SyntaxWarning: > > invalid escape sequence '\;' > > run_or_tee(['sh', '-ec', 'find %s -type f -exec sha256sum "{}" \;' % > > self.artifact_pattern], [...] > How exactly did you get this error? > > I installed locally, but did not encounter any such issues on package > installation just now, and also nothing when manually running a simple > test: > > reprotest 'date > date' date > WARNING:reprotest:The control build runs on 1 CPU by default, give --min-cpus > to increase this. > WARNING:reprotest.build:IGNORING user_group variation; supply more usergroups > with --variations=user_group.available+=USER1:GROUP1;USER2:GROUP2 or > alternatively, suppress this warning with --variations=-user_group > WARNING:reprotest.build:Not using sudo for domain_host; your build may fail. > See man page for other options. > WARNING:reprotest.build:Be sure to `echo 1 > > /proc/sys/kernel/unprivileged_userns_clone` if on a Debian system. > --- /tmp/tmp4vqq6736/control > +++ /tmp/tmp4vqq6736/experiment-1 > │ --- /tmp/tmp4vqq6736/control/source-root > ├── +++ /tmp/tmp4vqq6736/experiment-1/source-root > │ │ --- /tmp/tmp4vqq6736/control/source-root/date > │ ├── +++ /tmp/tmp4vqq6736/experiment-1/source-root/date > │ │ @@ -1 +1 @@ > │ │ +L 13 apr 2024 07:27:01 GMT > │ │ -Fri Apr 12 05:27:01 GMT 2024 That syntax warning is new in Python 3.12. And it's correct, one should use raw strings (r'...') or two backslashes for escape sequences intended for e.g. regexes or shell commands like here, not Python itself. - Fay ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1068853: reprotest: SyntaxWarning: invalid escape sequence '\;'
On 2024-04-12, Holger Levsen wrote: > when installing reprotest 0.7.27: > > SyntaxWarning: invalid escape sequence '\;' > Setting up reprotest (0.7.27) ... > /usr/lib/python3/dist-packages/reprotest/__init__.py:360: SyntaxWarning: > invalid escape sequence '\;' > run_or_tee(['sh', '-ec', 'find %s -type f -exec sha256sum "{}" \;' % > self.artifact_pattern], > /usr/lib/python3/dist-packages/reprotest/build.py:315: SyntaxWarning: invalid > escape sequence '\$' > _ = _.append_setup_exec_raw('DROP_ARCH="-v -e ^$(uname -m)\$"') > /usr/lib/python3/dist-packages/reprotest/build.py:317: SyntaxWarning: invalid > escape sequence '\$' > _ = _.append_setup_exec_raw('if [ $WORDSIZE -eq 64 ]; then \ > /usr/lib/python3/dist-packages/reprotest/environ.py:10: SyntaxWarning: > invalid escape sequence '\w' > "path": "(/\w{1,12}){1,4}", > /usr/lib/python3/dist-packages/reprotest/environ.py:11: SyntaxWarning: > invalid escape sequence '\d' > "port": "([1-9]\d{0,3}|[1-5]\d{4})", > /usr/lib/python3/dist-packages/reprotest/environ.py:12: SyntaxWarning: > invalid escape sequence '\w' > "domain": "\w{1,10}(\.\w{1,10}){0,3}", > /usr/lib/python3/dist-packages/reprotest/environ.py:13: SyntaxWarning: > invalid escape sequence '\w' > "password": "\w{1,40}", > /usr/lib/python3/dist-packages/reprotest/environ.py:14: SyntaxWarning: > invalid escape sequence '\w' > "username": "\w{2,20}", > /usr/lib/python3/dist-packages/reprotest/environ.py:113: SyntaxWarning: > invalid escape sequence '\w' > "REPROTEST_CAPTURE_ENVIRONMENT_UNKNOWN_\w+"] > /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:305: > SyntaxWarning: invalid escape sequence '\[' > script = '''sed -rn 's/^(deb|deb-src) +(\[.*\] *)?([^ > ]*(ubuntu.com|debian.org|ftpmaster|file:\/\/\/tmp\/testarchive)[^ ]*) +([^ > -]+) +(.*)$/\\1 \\2\\3 \\5-%s \\6/p' /etc/apt/sources.list `ls > /etc/apt/sources.list.d/*.list 2>/dev/null|| true` > > /etc/apt/sources.list.d/%s.list; for retry in 1 2 3; do apt-get > --no-list-cleanup -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/%s.list -o > Dir::Etc::sourceparts=/dev/null update 2>&1 && break || sleep 15; done''' % > (pocket, pocket, pocket) > /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:320: > SyntaxWarning: invalid escape sequence '\/' > 'for d in %s; do [ ! -d $d ] || touch -r $d %s/${d//\//_}.stamp; done' % ( > /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:342: > SyntaxWarning: invalid escape sequence '\/' > 'for d in %s; do s=%s/${d//\//_}.stamp;' > /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:724: > SyntaxWarning: invalid escape sequence '\(' > script = '''d=%(t)s/deps > /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:1211: > SyntaxWarning: invalid escape sequence '\/' > script += '''REL=$(sed -rn '/^(deb|deb-src) > .*(ubuntu.com|debian.org|ftpmaster|file:\/\/\/tmp\/testarchive)/ { s/^[^ ]+ > +(\[.*\] *)?[^ ]* +([^ -]+) +.*$/\\2/p}' $SRCS | head -n1); ''' How exactly did you get this error? I installed locally, but did not encounter any such issues on package installation just now, and also nothing when manually running a simple test: reprotest 'date > date' date WARNING:reprotest:The control build runs on 1 CPU by default, give --min-cpus to increase this. WARNING:reprotest.build:IGNORING user_group variation; supply more usergroups with --variations=user_group.available+=USER1:GROUP1;USER2:GROUP2 or alternatively, suppress this warning with --variations=-user_group WARNING:reprotest.build:Not using sudo for domain_host; your build may fail. See man page for other options. WARNING:reprotest.build:Be sure to `echo 1 > /proc/sys/kernel/unprivileged_userns_clone` if on a Debian system. --- /tmp/tmp4vqq6736/control +++ /tmp/tmp4vqq6736/experiment-1 │ --- /tmp/tmp4vqq6736/control/source-root ├── +++ /tmp/tmp4vqq6736/experiment-1/source-root │ │ --- /tmp/tmp4vqq6736/control/source-root/date │ ├── +++ /tmp/tmp4vqq6736/experiment-1/source-root/date │ │ @@ -1 +1 @@ │ │ +L 13 apr 2024 07:27:01 GMT │ │ -Fri Apr 12 05:27:01 GMT 2024 live well, vagrant signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1068705: marked as done (diffoscope crashes on libscout 2.3.2-3 build on unstable but not bullseye)
Your message dated Fri, 12 Apr 2024 16:30:52 +0100 with message-id <20d234cd-742f-4a2d-8809-118d92b58...@app.fastmail.com> and subject line Re: #1068705: diffoscope crashes on libscout 2.3.2-3 build on unstable but not bullseye has caused the Debian Bug report #1068705, regarding diffoscope crashes on libscout 2.3.2-3 build on unstable but not bullseye to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- package: diffoscope version: 263 hi, diffoscope 263 crashes on libscout 2.3.2-3 build on unstable but not bullseye: libscout 2.3.2-3 is part of bullseye (but neither bookworm nor trixie) and builds unreproducible there and diffoscope is able to show a diff. when building libscout 2.3.2-3 on current unstable, the result is also unreproducible, but diffoscope crashes when analysing the diff. this happens on all 4 tested archs. I've copied the packages in question to https://tests.reproducible-builds.org/debian/diffoscope-libscout/artifacts/r00t-me/ for further investigation. (because one .deb is 20mb and there's 16 of them.) (someone please remind me to delete them there once this bug has been closed.) -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The hardest part about defending against social engineering is that it doesn't attack attack the weakness of a community. It attacks its *strengths*: trust, collaboration, and mutual assistance. (Russ Allbery) signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Version: 264 This was fixed in version 264 but I somehow mangled the changelog entry so this was not closed as a result of that upload. The amended changelog entry reads thus: diffoscope (264) unstable; urgency=medium [ Chris Lamb ] * Don't crash on invalid zipfiles, even if we encounter 'badness' halfway through the file. (Re: #1068705) [ FC (Fay) Stegerman ] * Fix a crash when there are (invalid) duplicate entries in .zip files. (Closes: #1068705) * Add note when there are duplicate entries in ZIP files. (Closes: reproducible-builds/diffoscope!140) [ Vagrant Cascadian ] * Add an external tool reference for GNU Guix for zipdetails. -- Chris Lamb Fri, 12 Apr 2024 09:38:55 +0100 -- o ⬋ ⬊ Chris Lamb o o reproducible-builds.org ⬊ ⬋ o--- End Message --- ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Reproducible Builds in March 2024
o ⬋ ⬊ March 2024 in Reproducible Builds o o ⬊ ⬋ https://reproducible-builds.org/reports/2024-03/ o Welcome to the March 2024 report from the Reproducible Builds [0] project. In our reports, we attempt to outline what we have been up to over the past month, as well as mentioning some of the important things happening more generally in software supply-chain security. As ever, if you are interested in contributing to the project, please visit our Contribute [1] page on our website. [0] https://reproducible-builds.org [1] https://reproducible-builds.org/contribute/ Table of contents: * Arch Linux minimal container userland now 100% reproducible * Validating Debian’s build infrastructure after the XZ backdoor * Making Fedora Linux (more) reproducible * Increasing Trust in the Open Source Supply Chain with Reproducible Builds and Functional Package Management * Software and source code identification with GNU Guix and reproducible builds * Two new Rust-based tools for post-processing determinism * Distribution work * Mailing list highlights * Website updates * Delta chat clients now reproducible * diffoscope updates * Upstream patches * Reproducibility testing framework * Contacting us § Arch Linux minimal container userland now 100% reproducible --- In remarkable news, Reproducible builds developer kpcyrd reported that that the Arch Linux [2] "minimal container userland" is now 100% reproducible [3] after work by developers dvzv and Foxboron on the one remaining package. This represents a "real world", widely-used Linux distribution being reproducible. Their post, which kpcyrd suffixed with the question "now what?", continues on to outline some potential next steps, including validating whether the container image itself could be reproduced bit-for-bit. The post, which was itself a followup for an Arch Linux update earlier in the month [4], generated a significant number of replies [5]. [2] https://archlinux.org/ [3] https://lists.reproducible-builds.org/pipermail/rb-general/2024-March/003301.html [4] https://lists.reproducible-builds.org/pipermail/rb-general/2024-March/003291.html [5] https://lists.reproducible-builds.org/pipermail/rb-general/2024-March/thread.html#3301 § Validating Debian's build infrastructure after the XZ backdoor -- From our mailing list [6] this month, Vagrant Cascadian wrote about [7] being asked about trying to perform concrete reproducibility checks for recent Debian security updates, in an attempt to gain some confidence about Debian's build infrastructure given that they performed builds in environments running the high-profile XZ vulnerability [8]. Vagrant reports (with some caveats): > So far, I have not found any reproducibility issues; everything I > tested I was able to get to build bit-for-bit identical with what is > in the Debian archive. That is to say, reproducibility testing permitted Vagrant and Debian to claim with some confidence that builds performed when this vulnerable version of XZ was installed were not interfered with. [6] https://lists.reproducible-builds.org/listinfo/rb-general/ [7] https://lists.reproducible-builds.org/pipermail/rb-general/2024-March/003321.html [8] https://lwn.net/Articles/967866/ § Making Fedora Linux (more) reproducible --- In March, Davide Cavalca gave a talk at the 2024 Southern California Linux Expo [9] (aka SCALE 21x) about the ongoing effort to make the Fedora Linux distribution reproducible [10]. Documented in more detail on Fedora's website [11], the talk touched on topics such as the specifics of implementing reproducible builds in Fedora, the challenges encountered, the current status and what's coming next. (A YouTube video [12] is available) [9] https://www.socallinuxexpo.org/scale/21x [10] https://www.socallinuxexpo.org/scale/21x/presentations/making-fedora-linux-more-reproducible [11] https://docs.fedoraproject.org/en-US/reproducible-builds/ [12] https://www.youtube.com/watch?v=5c4gfXVPAbU § "Increasing Trust in the Open Source Supply Chain with Reproducible Builds and Functional Package Management" - Julien Malka published a brief but interesting paper in the HAL open archive [13]) on "Increasing Trust in the Open Source Supply Chain with Reproducible Builds and Functional Package Management" [14]: > Functional package managers (FPMs) and reproducible builds (R-B) are >
diffoscope_264_amd64.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 12 Apr 2024 09:38:55 +0100 Source: diffoscope Built-For-Profiles: nocheck Architecture: source Version: 264 Distribution: unstable Urgency: medium Maintainer: Reproducible builds folks Changed-By: Chris Lamb Changes: diffoscope (264) unstable; urgency=medium . [ Chris Lamb ] * Don't crash on invalid zipfiles, even if we encounter 'badness' through through the file. (Re: #1068705) . [ FC (Fay) Stegerman ] * Add note when there are duplicate entries in ZIP files. (Closes: reproducible-builds/diffoscope!140) . [ Vagrant Cascadian ] * Add an external tool reference for GNU Guix for zipdetails. Checksums-Sha1: 69db7fce49d2d713ca0f1d57d7c5145da14916cc 5179 diffoscope_264.dsc 5fca5ff30baf2b50cd37afa17e1451cd21af7edc 2459236 diffoscope_264.tar.xz 4c88585a80af5c6d1241d916efe2717b945f274a 7292 diffoscope_264_amd64.buildinfo Checksums-Sha256: c1e2d260f0865830fd2e27ab9597250b2d15a7b33f3a08f87519e84b10f70939 5179 diffoscope_264.dsc 32a647a3d0a0fc58ad28a8d5d12a14b34f29e7c694384a63a0aec0809a7eb9f5 2459236 diffoscope_264.tar.xz a30fa291760f58d8b171bff15c15e974a83768e0d59be30e696c035a8f857fec 7292 diffoscope_264_amd64.buildinfo Files: 42c31c3c519fc95fc618f5f06f665b61 5179 devel optional diffoscope_264.dsc 8ee85076944d25c9142a892fb1033a75 2459236 devel optional diffoscope_264.tar.xz fc1929c93516b2775f5cd8f1baa8f05f 7292 devel optional diffoscope_264_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYY80cACgkQHpU+J9Qx HlheIQ/+J0SvptZ1fQOD1wTyqi0BwN6SyS+kaOYpau2K9YcNIdOwzKSwaL2Ud5Yo eCuLaZSDTWPe4/mFWZDdSBoyza8VPGrog9npJfwvyDsp3I/H/hggrZInHf8eNfo6 ADCNZST6AVG2HwlP9CjkMGXjAEBlQjkpg6HyZm35yw5NHOif9cQO3ISM2sr16JTN AxGzBQUil4lscvH1BYFn+5cZfMQMxIvZRuucLzD/8fI5yhhpb1yBMzmLY0JuMiwq wmbYaGpfgeAhp4siz8e6abVeZ1nBUUa2A7z6f5f6pBevLFQM3fetJc3E466FRSCo Oq8bcceI4cFeTtW9EPqFY6RmlLUwtd+2cYju5xdjzq0ztjoxQKhj2y+9tWHtwxMY 9/qWIYJSjprdDpDkkJ6r0NWINNIK3A3MWOw/qJ6WC+K1hl8CKQ6GVGTuHEYH+u1M 9ocNIzW4mjCCWvNcU7MX091FJG23kW/rqnHfiiFd56sBysU6oa9cjTrPjT/JGrp9 y1jc+d9szxL775W21hXFVz9Y+CDRteHuvGcW4v8B2igDd/jaCmKLnZPU2xinwJ9A rH7rlvsMDuWVHOPUcO80RDq5dyGny41mRSkm7bXysO9j4Th4AFUY24CrtnARZAVF FQnhVQh/hEjNnmQYNQzmFaroEx2PbyWe33OS8VkJpfchIGY37YI= =T0Lj -END PGP SIGNATURE- pgp69HLxJhBA7.pgp Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1068705: diffoscope crashes on libscout 2.3.2-3 build on unstable but not bullseye
Fay Stegerman wrote: > https://salsa.debian.org/reproducible-builds/diffoscope/-/merge_requests/140 Nice; I have applied this locally in Git and will release shortly. :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org chris-lamb.co.uk `- ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Processing of diffoscope_264_amd64.changes
diffoscope_264_amd64.changes uploaded successfully to localhost along with the files: diffoscope_264.dsc diffoscope_264.tar.xz diffoscope_264_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds
Bug#1068853: reprotest: SyntaxWarning: invalid escape sequence '\;'
Package: reprotest Version: 0.7.27 Severity: important Dear Maintainer, when installing reprotest 0.7.27: SyntaxWarning: invalid escape sequence '\;' Setting up reprotest (0.7.27) ... /usr/lib/python3/dist-packages/reprotest/__init__.py:360: SyntaxWarning: invalid escape sequence '\;' run_or_tee(['sh', '-ec', 'find %s -type f -exec sha256sum "{}" \;' % self.artifact_pattern], /usr/lib/python3/dist-packages/reprotest/build.py:315: SyntaxWarning: invalid escape sequence '\$' _ = _.append_setup_exec_raw('DROP_ARCH="-v -e ^$(uname -m)\$"') /usr/lib/python3/dist-packages/reprotest/build.py:317: SyntaxWarning: invalid escape sequence '\$' _ = _.append_setup_exec_raw('if [ $WORDSIZE -eq 64 ]; then \ /usr/lib/python3/dist-packages/reprotest/environ.py:10: SyntaxWarning: invalid escape sequence '\w' "path": "(/\w{1,12}){1,4}", /usr/lib/python3/dist-packages/reprotest/environ.py:11: SyntaxWarning: invalid escape sequence '\d' "port": "([1-9]\d{0,3}|[1-5]\d{4})", /usr/lib/python3/dist-packages/reprotest/environ.py:12: SyntaxWarning: invalid escape sequence '\w' "domain": "\w{1,10}(\.\w{1,10}){0,3}", /usr/lib/python3/dist-packages/reprotest/environ.py:13: SyntaxWarning: invalid escape sequence '\w' "password": "\w{1,40}", /usr/lib/python3/dist-packages/reprotest/environ.py:14: SyntaxWarning: invalid escape sequence '\w' "username": "\w{2,20}", /usr/lib/python3/dist-packages/reprotest/environ.py:113: SyntaxWarning: invalid escape sequence '\w' "REPROTEST_CAPTURE_ENVIRONMENT_UNKNOWN_\w+"] /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:305: SyntaxWarning: invalid escape sequence '\[' script = '''sed -rn 's/^(deb|deb-src) +(\[.*\] *)?([^ ]*(ubuntu.com|debian.org|ftpmaster|file:\/\/\/tmp\/testarchive)[^ ]*) +([^ -]+) +(.*)$/\\1 \\2\\3 \\5-%s \\6/p' /etc/apt/sources.list `ls /etc/apt/sources.list.d/*.list 2>/dev/null|| true` > /etc/apt/sources.list.d/%s.list; for retry in 1 2 3; do apt-get --no-list-cleanup -o Dir::Etc::sourcelist=/etc/apt/sources.list.d/%s.list -o Dir::Etc::sourceparts=/dev/null update 2>&1 && break || sleep 15; done''' % (pocket, pocket, pocket) /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:320: SyntaxWarning: invalid escape sequence '\/' 'for d in %s; do [ ! -d $d ] || touch -r $d %s/${d//\//_}.stamp; done' % ( /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:342: SyntaxWarning: invalid escape sequence '\/' 'for d in %s; do s=%s/${d//\//_}.stamp;' /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:724: SyntaxWarning: invalid escape sequence '\(' script = '''d=%(t)s/deps /usr/lib/python3/dist-packages/reprotest/lib/adt_testbed.py:1211: SyntaxWarning: invalid escape sequence '\/' script += '''REL=$(sed -rn '/^(deb|deb-src) .*(ubuntu.com|debian.org|ftpmaster|file:\/\/\/tmp\/testarchive)/ { s/^[^ ]+ +(\[.*\] *)?[^ ]* +([^ -]+) +.*$/\\2/p}' $SRCS | head -n1); ''' -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The devel is in the details. signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/reproducible-builds