Notes for gbrowse - reproducible builds result

Version annotated: 2.54+dfsg-3
Identified issues:
Identifier: randomness_in_berkeley_db_files
Description Creating an empty Berkeley DB file (or ones with the same contents) results
in a different file.
.
This comes from:
https://sources.debian.org/src/db5.3/latest/src/os/os_uid.c/#L20 but
it's unclear where to "set" this only on the creation case - we definitely
want the uid to change if one adds stuff later.
.
Compounding this, the debugging tools *additionally* return random data for
the uid/hash fields (!), so presumably srand is being called when you do a
"db_dump -d a /path/to/my.db" which is obviously broken.
Identifier: timestamps_in_png
URL https://wiki.debian.org/ReproducibleBuilds/TimestampsInPNG
Description PNG can capture build time with the tIME chunk or custom keywords.
These timestamps are currently removed by strip-nondeterminism, so are not visible to diffoscope anymore. Yet fixing the root cause would be nice.
Comments: ConfigData.pm embeds a random 'OpenIDConsumerSecret'.
https://sources.debian.org/src/gbrowse/2.56%2Bdfsg-11/Build.PL/#L131
 

Our notes about issues affecting packages are stored in notes.git and are targeted at packages in Debian in 'unstable/amd64' (unless they say otherwise).

This page was built by the jenkins job reproducible_html_notes which is configured via this git repo. There is more information about jenkins.debian.net and about reproducible builds of Debian available elsewhere.
Please send technical feedback about this setup to the Debian jenkins development list, or as a bug report against the jenkins.debian.org package. Feedback about specific job results should go to their respective lists and/or the BTS.
The code of jenkins.debian.net is mostly GPL-2 licensed. The weather icons are public domain and were taken from the Tango Icon Library. Copyright 2014-2024 Holger Levsen and many others.
Last update: 2024-04-20 00:57 UTC