Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Satyam Zode: > Yes! I'm looking at those issues but it seems those issues are more in > number. Frankly speaking, I'm not completely aware about many of those. > Hence, I'm requesting you all to give some suggestions (and may be list of > issues) so that I can start working on it further. > Or maybe we can just categorize available issues :) > What I'm saying is that, in case people don't reply much, or give replies with jargon that you don't yet understand, is that there are things you can do yourself (without any input from others) to form some of your own starting ideas on what would be best. Some of the suggestions so far are easy (skip specific sections in the input) whereas other suggestions are hard (hide categories of diff, hide sections specified in a buildinfo). To be able to judge this better, you can try attempting some reproductions yourself of existing packages (instructions on how to do this are on the wiki) - try maybe 7-8 and imagine how you might do this quicker if diffoscope supported extra options. (Sorry if you know or are already doing this - I just wanted to make sure, so that nobody is "blocked" waiting on other people unnecessarily.) Anyway, hopefully other people will also add further suggestions. :) X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Bug#824183: texlive-bin: please set default value of SOURCE_DATE_EPOCH_TEX_PRIMITIVES to 1
Source: texlive-bin Version: 2016.20160512.41045-1 Severity: wishlist Tags: upstream User: reproducible-builds@lists.alioth.debian.org Usertags: toolchain X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Dear Maintainer, Extended support of SOURCE_DATE_EPOCH in TL2016 does a great job for reproducibility [1]. However, setting a tool-specific environment variable as SOURCE_DATE_EPOCH_TEX_PRIMITIVES from dpkg-buildpackage is not possible. I would suggest to set the default value of SOURCE_DATE_EPOCH_TEX_PRIMITIVES to 1 instead of 0 in pdftex. I think SOURCE_DATE_EPOCH is most often used to build reproducible packages, and in this case the user always need SOURCE_DATE_EPOCH_TEX_PRIMITIVES=1. Also, SOURCE_DATE_EPOCH_TEX_PRIMITIVES=1 makes the dates in the timestamps and in the document coherent. Regards, Alexis Bienvenüe. [1] https://wiki.debian.org/ReproducibleBuilds/ ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] [diffoscope] Support for --ignore-profile flag in diffoscope
Ximin Luo: > Concretely I have some suggestions: > > 1. instead of calling this "ignore" we call it "hide". and instead of > "irrelevant" we say "common"/"minor"/"known" Great suggestions! :) > 2. diffoscope --ignore-* (or --hide-*) MUST NOT return 0 or otherwise > give the impression that two non-identical files are the same, even if > all differences are "hidden". It should report "n differences hidden". There's a tradeoff here: you don't really know how many differences are going to be hidden until you've computed them, and that might be costly. Use case: Jane is trying to understand if her patch removing __TIME__ from the source code is enough to make the binary reproducible. As she knows how this affect the binary, she get faster results and avoid clutter by adding the flag `--hide=debug-symbols` or `--hide-pattern='*.debug'`. I'm writing “faster results” because we can avoid unpacking the debug symbols and comparing them which are costly operations. If we display “n differences hidden”, then we always have to compare everything… -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
On Fri, May 13, 2016 at 12:44:11PM +0200, Ximin Luo wrote: > Concretely I have some suggestions: > > 1. instead of calling this "ignore" we call it "hide". and instead of > "irrelevant" we say "common"/"minor"/"known" strong ACK. I really really like "--hide-timestamps" much better than "--ignore-timestamps", because the latter somewhat implies that ignoring this is ok, while hiding clearly conveys there is something, hidden. > 2. diffoscope --ignore-* (or --hide-*) MUST NOT return 0 or otherwise give > the impression that two non-identical files are the same, even if all > differences are "hidden". It should report "n differences hidden". hm. maybe it would be ok to exit with 0 when using --hide options if one also adds _another_ option, like --hide-error-on-exit or --pretend-clean-if-hidden-well or such? -- cheers, Holger signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Jérémy Bobbio: > Ximin Luo: >> This is quite an open-ended problem and there is no single "correct" >> answer. I don't even know myself what would be best, at this stage. > > I think what we need to come up with now is a list of use cases. Then we > can decide which one we want to support and how easy it should be. > > Is anyone willing to share examples where being able to ignore stuff > would have made their life easier? > > The last one I spotted that could go on the list, ignoring irrelevant > differences in two Android App packages: > https://github.com/WhisperSystems/Signal-Android/blob/master/apkdiff/apkdiff.py > For a start, there's the list of already-known issues. https://tests.reproducible-builds.org/index_issues.html and I'd imagine people analysing diffs would want an easy way to distinguish "issues that someone else has already solved" vs "issues nobody has seen before". (This is why I suggested looking through the existing data: if this mailing list discussion only produces 2 or 3 use-cases, this not immensely helpful to build a lasting tool with. But we already have a lot of data to go through as inspiration for use-cases.) On a side note, the terminology should be more be precise. I know that you know this, but in a public context it's a bit dangerous to say "irrelevant" since it gives the impression (to an uncritical reader) that it actually is 100% irrelevant. But it's not, see my previous email. The purpose of --ignore-profiles is to make it easier to achieve bitwise reproducibility and anything less than that is still unsafe. I'm worried about the scenario where (e.g.) someone might market reproducibility as "do this build then run apkdiff.py, you can see it's the same (ignoring "irrelevant" differences)". Concretely I have some suggestions: 1. instead of calling this "ignore" we call it "hide". and instead of "irrelevant" we say "common"/"minor"/"known" 2. diffoscope --ignore-* (or --hide-*) MUST NOT return 0 or otherwise give the impression that two non-identical files are the same, even if all differences are "hidden". It should report "n differences hidden". X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git signature.asc Description: OpenPGP digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Bug#824170: astroquery: FTBFS: AttributeError: module 'distutils.config' has no attribute 'ConfigParser'
Source: astroquery Version: 0.3.1+dfsg-2 Severity: serious Justification: fails to build from source User: reproducible-builds@lists.alioth.debian.org Usertags: ftbfs X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org Dear Maintainer, astroquery fails to build from source in unstable/amd64: [..] Selecting previously unselected package liblapack3. Preparing to unpack .../liblapack3_3.6.0-2_amd64.deb ... Unpacking liblapack3 (3.6.0-2) ... Selecting previously unselected package python-numpy. Preparing to unpack .../python-numpy_1%3a1.11.0-1_amd64.deb ... Unpacking python-numpy (1:1.11.0-1) ... Selecting previously unselected package libcfitsio4:amd64. Preparing to unpack .../libcfitsio4_3.380-2_amd64.deb ... Unpacking libcfitsio4:amd64 (3.380-2) ... Selecting previously unselected package liberfa1:amd64. Preparing to unpack .../liberfa1_1.2.0-3_amd64.deb ... Unpacking liberfa1:amd64 (1.2.0-3) ... Selecting previously unselected package libwcs5:amd64. Preparing to unpack .../libwcs5_5.15-1_amd64.deb ... Unpacking libwcs5:amd64 (5.15-1) ... Selecting previously unselected package python-astropy. Preparing to unpack .../python-astropy_1.1.2-1_amd64.deb ... Unpacking python-astropy (1.1.2-1) ... Selecting previously unselected package python-astropy-helpers. Preparing to unpack .../python-astropy-helpers_1.1.2-1_all.deb ... Unpacking python-astropy-helpers (1.1.2-1) ... Selecting previously unselected package python-bs4. Preparing to unpack .../python-bs4_4.4.1-1_all.deb ... Unpacking python-bs4 (4.4.1-1) ... Selecting previously unselected package python-roman. Preparing to unpack .../python-roman_2.0.0-2_all.deb ... Unpacking python-roman (2.0.0-2) ... Selecting previously unselected package sgml-base. Preparing to unpack .../sgml-base_1.26+nmu4_all.deb ... Unpacking sgml-base (1.26+nmu4) ... Selecting previously unselected package xml-core. Preparing to unpack .../xml-core_0.13+nmu2_all.deb ... Unpacking xml-core (0.13+nmu2) ... Selecting previously unselected package docutils-common. Preparing to unpack .../docutils-common_0.12+dfsg-1_all.deb ... Unpacking docutils-common (0.12+dfsg-1) ... Selecting previously unselected package python-docutils. Preparing to unpack .../python-docutils_0.12+dfsg-1_all.deb ... Unpacking python-docutils (0.12+dfsg-1) ... Selecting previously unselected package python-html5lib. Preparing to unpack .../python-html5lib_0.999-4_all.deb ... Unpacking python-html5lib (0.999-4) ... Selecting previously unselected package libdbus-1-3:amd64. Preparing to unpack .../libdbus-1-3_1.10.8-1_amd64.deb ... Unpacking libdbus-1-3:amd64 (1.10.8-1) ... Selecting previously unselected package libdbus-glib-1-2:amd64. Preparing to unpack .../libdbus-glib-1-2_0.106-1_amd64.deb ... Unpacking libdbus-glib-1-2:amd64 (0.106-1) ... Selecting previously unselected package python-dbus. Preparing to unpack .../python-dbus_1.2.4-1_amd64.deb ... Unpacking python-dbus (1.2.4-1) ... Selecting previously unselected package python-keyring. Preparing to unpack .../python-keyring_8.5.1-1_all.deb ... Unpacking python-keyring (8.5.1-1) ... Selecting previously unselected package python-py. Preparing to unpack .../python-py_1.4.31-1_all.deb ... Unpacking python-py (1.4.31-1) ... Selecting previously unselected package python-pytest. Preparing to unpack .../python-pytest_2.9.1-1_all.deb ... Unpacking python-pytest (2.9.1-1) ... Selecting previously unselected package python-urllib3. Preparing to unpack .../python-urllib3_1.13.1-2_all.deb ... Unpacking python-urllib3 (1.13.1-2) ... Selecting previously unselected package openssl. Preparing to unpack .../openssl_1.0.2h-1_amd64.deb ... Unpacking openssl (1.0.2h-1) ... Selecting previously unselected package ca-certificates. Preparing to unpack .../ca-certificates_20160104_all.deb ... Unpacking ca-certificates (20160104) ... Selecting previously unselected package python-chardet. Preparing to unpack .../python-chardet_2.3.0-2_all.deb ... Unpacking python-chardet (2.3.0-2) ... Selecting previously unselected package python-requests. Preparing to unpack .../python-requests_2.9.1-3_all.deb ... Unpacking python-requests (2.9.1-3) ... Selecting previously unselected package python-setuptools. Preparing to unpack .../python-setuptools_20.10.1-1_all.deb ... Unpacking python-setuptools (20.10.1-1) ... Selecting previously unselected package python-alabaster. Preparing to unpack .../python-alabaster_0.7.7-1_all.deb ... Unpacking python-alabaster (0.7.7-1) ... Selecting previously unselected package python-babel-localedata. Preparing to unpack .../python-babel-localedata_1.3+dfsg.1-7_all.deb ... Unpacking python-babel-localedata (1.3+dfsg.1-7) ... Selecting previously unselected package python-tz. Preparing to unpack .../python-tz_2015.7+dfsg-0.1_all.deb ... Unpacking python-tz (2015.7+dfsg-0.1) ...
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Ximin Luo: > This is quite an open-ended problem and there is no single "correct" > answer. I don't even know myself what would be best, at this stage. I think what we need to come up with now is a list of use cases. Then we can decide which one we want to support and how easy it should be. Is anyone willing to share examples where being able to ignore stuff would have made their life easier? The last one I spotted that could go on the list, ignoring irrelevant differences in two Android App packages: https://github.com/WhisperSystems/Signal-Android/blob/master/apkdiff/apkdiff.py -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds