[Soc-coordination] GSoC 2015 Week 1: Move forward reproducible builds

Mon Jun 1 16:03:28 UTC 2015

Hi,

This is my first weekly report about my work on moving forward
reproducible builds.

Previous to starting the coding period, I wrote a blog entry [1] about
my participation on this year's Google Summer of Code; introducing
myself, talking about the motivation behind the Reproducible Builds
project and how it applies to Debian.

During the first month I will be a bit busy with exams and assignments
from university, so I will be focusing on small tasks that I can do on
my free time. Upon discussing with Lunar (my mentor) I will be working
on fixing issues related to timestamps until 22nd of June.

I have set up a machine with Debian where I can easily download packages
in source form and perform iterations of editing the source code and
building a package twice with different settings (timezone, username,
machine name...) in order to find differences between builds. To do this
I'm using the pbuilder environment to build packages in a controlled
setting, and the prebuilder script to call pbuilder twice with different
settings and run debbindiff (a tool to compare .deb packages) on the
outputs.

This first week I have patched packages which had two kinds of issues:
- Timestamps of the generated files when compressed with gzip (stored in
the headers) [2].
- Timestamps of the generated files stored in the debian package [3].

The patched packages are the following:

## 26/05

- https://reproducible.debian.net/rb-pkg/unstable/amd64/flowscan.html
    patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786927

- https://reproducible.debian.net/rb-pkg/unstable/amd64/dhcp-helper.html
    patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777308

## 28/05

- https://reproducible.debian.net/rb-pkg/unstable/amd64/xtrlock.html
    patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777351

- https://reproducible.debian.net/rb-pkg/unstable/amd64/rsync.html
    patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787123

- https://reproducible.debian.net/rb-pkg/unstable/amd64/pachi.html
    patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787125

- https://reproducible.debian.net/rb-pkg/unstable/amd64/nis.html
    patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787126

[1] https://dhole.github.io/post/reproducible_builds_debian_gsoc2015/
[2] https://wiki.debian.org/ReproducibleBuilds/TimestampsInGzipHeaders
[3]
https://wiki.debian.org/ReproducibleBuilds/Howto#Members_of_control.tar_and_data.tar_have_varying_mtimes

Regards,
Dhole

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/soc-coordination/attachments/20150601/aa8b3a7e/attachment.sig>