[Git][reproducible-builds/reproducible-presentations][master] Add RB Spanish DC20 slides
Jonathan Bustillos
gitlab at salsa.debian.org
Mon Aug 17 22:11:39 UTC 2020
Jonathan Bustillos pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
6d206b65 by Jonathan Bustillos at 2020-08-17T14:51:59-05:00
Add RB Spanish DC20 slides
- - - - -
26 changed files:
- + 2020-08-24-DebConf20/2020-08-24-DebConf20.tex
- + 2020-08-24-DebConf20/images/31c3.png
- + 2020-08-24-DebConf20/images/CC_BY-SA1.png
- + 2020-08-24-DebConf20/images/Debian_TRB.png
- + 2020-08-24-DebConf20/images/RB1.png
- + 2020-08-24-DebConf20/images/RB2.png
- + 2020-08-24-DebConf20/images/RB3.png
- + 2020-08-24-DebConf20/images/bugs_without_ftbfs.png
- + 2020-08-24-DebConf20/images/cii_logo.png
- + 2020-08-24-DebConf20/images/diffoscope_example_html.png
- + 2020-08-24-DebConf20/images/diffoscope_example_text.png
- + 2020-08-24-DebConf20/images/diffoscope_logo.png
- + 2020-08-24-DebConf20/images/filesystem_order_in_tarball.png
- + 2020-08-24-DebConf20/images/linux_foundation_logo.png
- + 2020-08-24-DebConf20/images/profitbricks_logo.png
- + 2020-08-24-DebConf20/images/random_function_order.png
- + 2020-08-24-DebConf20/images/random_number.png
- + 2020-08-24-DebConf20/images/stats_bugs_all_tags_state.png
- + 2020-08-24-DebConf20/images/stats_pkg_state_testing.png
- + 2020-08-24-DebConf20/images/stats_pkg_state_unstable.png
- + 2020-08-24-DebConf20/images/strawhorse.png
- + 2020-08-24-DebConf20/images/timestamp_in_git_deb.png
- + 2020-08-24-DebConf20/images/timestamp_in_nasm.png
- + 2020-08-24-DebConf20/images/uninitialized_memory.png
- + 2020-08-24-DebConf20/images/varying_version.png
- + 2020-08-24-DebConf20/images/why_is_gone.png
Changes:
=====================================
2020-08-24-DebConf20/2020-08-24-DebConf20.tex
=====================================
@@ -0,0 +1,1317 @@
+\documentclass[14pt,aspectratio=169]{beamer}
+\setbeamertemplate{caption}[numbered]
+\setbeamertemplate{caption label separator}{:}
+\setbeamercolor{caption name}{fg=normal text.fg}
+\usepackage{amssymb,amsmath}
+\usepackage{ifxetex,ifluatex}
+\usepackage{fixltx2e} % provides \textsubscript
+\usepackage{lmodern}
+\ifxetex
+ \usepackage{fontspec,xltxtra,xunicode}
+ \defaultfontfeatures{Mapping=tex-text,Scale=MatchLowercase}
+ \newcommand{\euro}{€}
+\else
+ \ifluatex
+ \usepackage{fontspec}
+ \defaultfontfeatures{Mapping=tex-text,Scale=MatchLowercase}
+ \newcommand{\euro}{€}
+ \else
+ \usepackage[T1]{fontenc}
+ \usepackage[utf8]{inputenc}
+ \fi
+\fi
+% use upquote if available, for straight quotes in verbatim environments
+\IfFileExists{upquote.sty}{\usepackage{upquote}}{}
+% use microtype if available
+\IfFileExists{microtype.sty}{\usepackage{microtype}}{}
+\PassOptionsToPackage{hyphens}{url}
+\usepackage{hyperref}
+
+% Comment these out if you don't want a slide with just the
+% part/section/subsection/subsubsection title:
+\AtBeginPart{
+ \let\insertpartnumber\relax
+ \let\partname\relax
+ \frame{\partpage}
+}
+\AtBeginSection{
+ \let\insertsectionnumber\relax
+ \let\sectionname\relax
+ \begin{frame}[plain]
+ \tableofcontents[currentsection]
+ \end{frame}
+}
+\AtBeginSubsection{
+ \let\insertsubsectionnumber\relax
+ \let\subsectionname\relax
+ \frame{\subsectionpage}
+}
+
+\setlength{\parindent}{0pt}
+\setlength{\parskip}{6pt plus 2pt minus 1pt}
+\setlength{\emergencystretch}{3em} % prevent overfull lines
+\setcounter{secnumdepth}{0}
+% Thanks Richard Darst on how to get a nice Beamer theme.
+% See http://rkd.zgib.net/wiki/DebianBeamerThemes
+
+\usepackage{multicol}
+\usepackage{tikz}
+\usetikzlibrary{positioning}
+\usepackage{ctable}
+
+\usebackgroundtemplate{\includegraphics[width=\paperwidth]{images/swirl-lightest.pdf}}
+\logo{\includegraphics[viewport=274 335 360 440,width=1cm]{images/openlogo-nd.pdf}}
+
+\definecolor{debianred}{rgb}{.780,.000,.211} % 199,0,54
+\definecolor{debianblue}{rgb}{0,.208,.780} % 0,53,199
+\definecolor{debianlightbackgroundblue}{rgb}{.941,.941,.957} % 240,240,244
+\definecolor{debianbackgroundblue}{rgb}{.776,.784,.878} % 198,200,224
+
+\usetheme{Boadilla}
+\setbeamertemplate{navigation symbols}{}
+
+%\usecolortheme[named=debianbackgroundblue]{structure}
+\setbeamercolor{normal text}{fg=black}
+\setbeamercolor{titlelike}{fg=debianred}
+\setbeamercolor{sidebar}{fg=debianred,bg=debianbackgroundblue}
+
+\setbeamercolor{palette sidebar primary}{fg=debianred}
+\setbeamercolor{palette sidebar secondary}{fg=debianred}
+\setbeamercolor{palette sidebar tertiary}{fg=debianred}
+\setbeamercolor{palette sidebar quaternary}{fg=debianred}
+
+\setbeamercolor{section in toc}{fg=debianred}
+\setbeamercolor{subsection in toc}{parent=debianred}
+
+\setbeamercolor{item}{fg=debianred}
+
+\setbeamercolor{block title}{fg=debianblue}
+
+\title[Reproducible Builds]{Construcciones reproducibles en Debian\\
+(Debian Reproducible Builds)}
+\subtitle{Un camino verificable desde el origen hasta el binario}
+\author[Jathan]{%
+ \texorpdfstring{
+ Jonathan Bustillos Osornio\\
+ \href{mailto:jathan at debian.org}{\texttt{jathan at debian.org}}
+ }{Jathan}}
+\institute[Debian]{}
+\date[DebConf20]{%
+ DebConf20 Online\\
+ \small
+ 2020-08-24}
+
+\begin{document}
+\begin{frame}
+\titlepage
+\end{frame}
+
+\begin{frame}
+ \frametitle{Acerca de Jathan}
+
+ \begin{itemize}
+ \item \small{\texttt{3006 B194 2622 24C7 1607 F72B 52E4 5D29 AA34 EFC5}}
+ \item Desarrollador de Debian desde 2020
+ \item Usuario de Debian desde 2008 y contribuidor desde 2011
+ \begin{itemize}
+ \item \texttt{Equipo de localización al español (2011)}
+ \item \texttt{Voluntario equipo de video Debian (2012)}
+ \item \texttt{Debian Reproducible Builds (2017)}
+ \end{itemize}
+ \item Participante en eventos de Debian desde 2011
+ \begin{itemize}
+ \item \texttt{Día Debian}
+ \item \texttt{Fiestas de instalación}
+ \item \texttt{DebConf}
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Introducción}
+
+\begin{frame}
+\frametitle{El problema}
+
+\center
+
+\begin{tikzpicture}
+\draw (-2,0) node[font=\LARGE] (Origen) { Origen };
+\draw (2,0) node[font=\LARGE] (Binario) { Binario };
+\draw[->,very thick] (Origen) -- (Binario) node[midway] (midbuild) {};
+\draw (midbuild) node [above,color=debianred,font=\small] (Construcción) {Construcción};
+\visible<2>{
+\draw (0,2) node[font=\LARGE,color=debianred] (fs) { Software Libre };
+% font= specification is required to work-around a bug in md->latex conversion
+\draw[->,font=\normalsize] (fs) -- (Origen) node[midway,left=0.2cm,color=debianred,font=\footnotesize,align=center]{Libertad\\para estudiar};
+\draw[->,font=\normalsize] (fs) -> (Binario) node[midway,right=0.2cm,color=debianred,font=\footnotesize,align=center]{Libertad\\para ejecutar};
+}
+\visible<3->{
+\draw (-4,-1) node[font=\small,color=debianred] (Verificado) { Puede ser verificado };
+\draw (4,-1) node[font=\small,color=debianred] (Usado) { Puede ser usado };
+\path (Verificado) edge[->,bend left=30] (Origen);
+\path (Usado) edge[->,bend right=30] (Binario);
+}
+\visible<4->{
+\draw (0,-2) node[font=\LARGE,color=debianred,align=center] (Prueba) { ¿Podría obtener una prueba? };
+\path (Prueba) edge[->] (midbuild);
+}
+\end{tikzpicture}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Motivación}
+
+\begin{frame}[fragile]
+ \frametitle{El problema: tenemos que creer}
+ \begin{itemize}
+ \item ¡El Software Libre es grandioso: ¡Puedes estudiarlo, modificarlo, compartirlo y usarlo!
+ \item<2-4> Estudiamos, modificamos y compartimos el código fuente..
+ \item<2-4> Usamos binarios.
+ \item<3-4> Necesitamos creer que nuestros binarios provienen del código fuente del que se dice que provienen.
+ \item<4> \textbf{No queremos creer.}
+
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{El problema en mayor detalle}
+
+ \begin{center}
+ \includegraphics[width=0.7\textwidth]{images/31c3.png}
+
+ Disponible en \footnotesize{\url{https://media.ccc.de/v/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner}, 31C3 2014.}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Algunos ejemplos de esa plática 31C3}
+ \begin{itemize}
+ \item CVE-2002-0083: exploit de escalación a root en \texttt{sshd}, una diferencia de un sólo bit en el binario.
+ \item La plática 31C3 tiene una demostración en vivo con un módulo del kernel modificando el código fuente de un programa.
+ \item ¿Cómo puedes estar seguro qué se está ejecutando en tu máquina o en
+ un paquete como un demonio de red conectado a otras computadoras? ¿Alguna vez
+ dejas tus computadoras físicamente solas?
+ \item Desafíos legales ¿Te podrías ver obligado a desarrollar backdoors en algunos de tus
+ programas para algunos clientes?
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+\frametitle{Otro ejemplo de la vida real}
+
+En una conferencia de la CIA en 2012:
+
+\begin{center}
+\includegraphics[width=0.8\textwidth]{images/strawhorse.png}
+
+{\footnotesize
+\url{firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/}
+}
+\end{center}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+\frametitle{La solución}
+
+\begin{center}
+\Large
+Permitir a cualquier persona\\
+reproducir paquetes binarios\\
+idénticos de un origen dado.
+\end{center}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+\frametitle{La solución}
+
+\begin{center}
+Nosotros llamamos a esto:
+
+\huge
+«Construcciones reproducibles» \\
+\begin{LARGE}
+(Reproducible Builds)
+\end{LARGE}
+\end{center}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+\frametitle{¡No es moda ni capricho!}
+
+\begin{itemize}
+\item Bitcoin - 2011 (\textbf{Hecho})
+\item Coreboot - 2016 (\textbf{Hecho})
+\item Debian - 2014 trabajo iniciado y actualmente ya en debian-policy
+\item FreeBSD - 2016 (\emph{En progreso})
+\item NetBSD - 2016 (\emph{En progreso})
+\item OpenWrt - 2016 (\emph{En progreso})
+\item Tails - 2017 (\emph{En progreso})
+\item Tor - 2013 (\textbf{Hecho})
+\item \ldots{}
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+\begin{center}
+\Huge Debería convertirse en la \textbf{norma}.
+
+\visible<2>{\normalsize{ Queremos cambiar el significado de «Software Libre»:
+
+ ¡Sólo es Software Libre si es reproducible!}}
+
+\end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+\frametitle{Múltiples aspectos}
+
+\begin{itemize}
+\item Sistema de construcción determinista \\
+ \textit{\small Para aquellos que escriben código fuente}
+\item Entorno de construcción reproducible \\
+ \textit{\small Para aquellos que crean binarios para otros}
+\item Distribuir el entorno de construcción \\
+ \textit{\small Para aquellos que distribuyen binarios al mundo}
+\item Realizar una reconstrucción y verificar los resultados \\
+ \textit{\small Para cada uno de nosotros}
+\end{itemize}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Sistema de construcción determinista}
+
+\begin{frame}
+\frametitle{Sistema de construcción determinista}
+
+En una palabra:
+
+\begin{itemize}
+\item Entradas estables (Stable inputs).
+\item Salidas estables (Stable ouputs).
+\item Capturar lo menos posible del entorno.
+\end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Problemas comúnes}
+
+ \begin{itemize}
+ \item Timestamps (tiempo actual de registro)
+ \item Orden del archivo
+ \item Pseudo aleatoriedad:
+ \begin{itemize}
+ \item Rutas temporales de archivos
+ \item UUID
+ \item Protección contra ataques de complejidad
+ \end{itemize}
+ \item Relación a CPU y memoria:
+ \begin{itemize}
+ \item Optimizaciones de código para la clase actual de CPU
+ \item Registro de direcciones de memoria
+ \end{itemize}
+ \item Ruta de la construcción
+ \item Configuración regional y zona horaria
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/why_is_gone.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Las entradas volátiles pueden desaparecer}
+
+ \begin{itemize}
+ \item No confíes en la red
+ \item Si lo haces:
+ \begin{itemize}
+ \item Verifica contenido usando sumas de verificación
+ \item Ten una copia de seguridad
+ \end{itemize}
+ \item El distribuidor binario debería proporcionar una alternativa
+\end{itemize}
+
+\begin{block}{\small FreeBSD lo hace bien}\footnotesize
+\begin{semiverbatim}
+\$ grep MASTER\_SITES Makefile
+MASTER\_SITES= http://gondor.apana.org.au/~herbert/dash/files/
+\$ cat distinfo
+SHA256 (dash-0.5.8.tar.gz) = c6db3a237747b02d20382a761397563d813b306c020ae28ce25…
+SIZE (dash-0.5.8.tar.gz) = 223028
+\$ wget http://distcache.freebsd.org/ports-distfiles/distfiles/dash-0.5.8.tar.gz
+\end{semiverbatim}
+\end{block}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/filesystem_order_in_tarball.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Orden estable para las entradas}
+
+ \begin{itemize}
+ \item Siempre procesa múltiples entradas en el mismo orden
+ \item ¡Las listas de directorios no son estables!
+ \item<2-> Soluciones:
+ \begin{itemize}
+ \item Lista entradas explícitamente
+ \item<3-> Usa clasificación
+ \item<4> \alert{Pero ten cuidado con la diferencia entre la localización y el idioma.}
+ \end{itemize}
+ \end{itemize}
+
+ \begin{example}
+ \begin{overprint}
+ \onslide<1>
+\begin{semiverbatim}
+tar -cf archive.tar src
+\end{semiverbatim}
+ \onslide<2>
+\begin{semiverbatim}
+tar -cf archive.tar \\
+ src/util.c src/helper.c src/main.c
+\end{semiverbatim}
+ \onslide<3->
+\begin{semiverbatim}
+find src -print0 | \only<4>{\alert{LC\_ALL=C} }sort -z |
+ tar --null -T - --no-recursion -cf archive.tar
+\end{semiverbatim}
+ \end{overprint}
+ \end{example}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/uninitialized_memory.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Inicialización de un valor controlado}
+
+ \begin{itemize}
+ \item No registres memoria por accidente
+ \item<2>Siempre inicializa un valor conocido
+ \end{itemize}
+
+ \begin{example}
+\begin{semiverbatim}\small
+static int write_binary(FILE *out, FILE *in, struct bimg_header *hdr)
+\{
+ static uint8_t file_buf[MAX_RECORD_BYTES];
+ struct bimg_data_header data_hdr\only<2>{\alert{ = \{ 0 \}}};
+ size_t n_written;
+
+ data_hdr.dest_addr = hdr->entry_addr;
+ …
+\end{semiverbatim}
+ \end{example}
+\end{frame}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/varying_version.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Utiliza información de una versión determinista}
+
+ \begin{itemize}
+ \item No generes un número de versión en cada construcción
+ \item<2> En su lugar, extrae información del origen:
+ \begin{itemize}
+ \item Revisión del sistema de control de versiones
+ \item Hash del código fuente
+ \item Entrada de registro de cambios
+ \end{itemize}
+ \end{itemize}
+
+ \begin{example}<2>\small
+\begin{semiverbatim}
+\alert{VERSION=$(shell dpkg-parsechangelog | sed -n 's/^Version: *//p')}
+
+SCONSOPTS = $(SCONSFLAGS) \alert{VERSION=$(VERSION)} \\
+ PREFIX=$(PREFIX) PREFIX_CONF=$(SYSCONF) CHMDOCS=0 \\
+ STRIP_CP=no \\
+ $(if $(findstring nostripfull,$(DEB_BUILD_OPTIONS)),STRIP_W32=no,)
+\end{semiverbatim}
+ \end{example}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/timestamp_in_nasm.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{No registres la fecha y la hora actual}
+
+ \begin{itemize}
+ \item Evita sellos de tiempo (timestamps)
+ \item<2-> Si necesitas uno:
+ \begin{itemize}
+ \item Utiliza la fecha del último commit en el VCS
+ \item Extráelo del registro de cambios
+ \item<3-> \alert{No olvides la zona horaria}
+ \end{itemize}
+ \item<4-> \texttt{faketime} es una opción pero tiene serios inconvenientes \\
+ {\small \url{https://bugs.torproject.org/12240}}
+ \item<5> Implementa \texttt{SOURCE\_DATE\_EPOCH}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{\texttt{SOURCE\_DATE\_EPOCH}}
+
+ \begin{itemize}
+ \item ¿Qué es?
+ \begin{itemize}
+ \item Variable de entorno con un tiempo de referencia
+ \item Número de segundos desde la «Época» (1970-01-01 00:00:00 +0000 UTC)
+ \item Si está configurada, reemplaza "hora actual del día" (Current time of day)
+ \item Implementado por \texttt{help2man}, Epydoc, Doxygen, Ghostscript (en Debian)
+ \item Ha sido adoptado por otras distribuciones (openSUSE, OpenWrt,
+LEDE, NetBSD, FreeBSD, Arch Linux, coreboot, Guix,. . . ) y
+muchos upstreams (GCC, dpkg, rpm, mkisofs, ghostscript, libxslt,
+sphinx, texlive-bin,. . . )
+ \item Parches listos para GCC, \texttt{txt2man}, \texttt{libxslt}, Gettext…
+ \end{itemize}
+ \item<2-> Configura \texttt{SOURCE\_DATE\_EPOCH} en tu sistema de construcción
+ \item<3> Agrega soporte en cualquier herramienta que escriba sellos de tiempo
+ \end{itemize}
+
+ \begin{center}
+ {\small \url{https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal}}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/timestamp_in_git_deb.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{No registres la hora actual (de verdad)}
+
+ \begin{itemize}
+ \item Los archivos mantienen los tiempos de modificación en los metadatos
+ \item Almacenar un archivo puede registrar el tiempo de construcción
+ \item<2-> Soluciones:
+ \begin{itemize}
+ \item Almacenar un valor arbitrario
+ \item<3-> Tiempo de modificación del archivo de preproceso
+ \item<4> Archivo post-proceso
+ \end{itemize}
+ \end{itemize}
+
+ \begin{example}
+\begin{semiverbatim}
+\only<1-3>{\visible<3>{\alert{touch --date="2015-08-13 00:00Z" build/*}}
+tar\only<2>{\alert{ --mtime='2015-08-13 00:00Z'}} -cf product.tar build
+}\only<4>{\textit{\color[rgb]{.7,.7,.7}# zip has no equivalent of --mtime}
+zip product.zip build
+\alert{strip-nondeterminism product.zip}}
+\end{semiverbatim}
+ \end{example}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[width=\paperwidth]{images/random_function_order.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Orden estable para salidas}
+
+ \begin{itemize}
+ \item Siempre listas de salida en el mismo orden
+ \item Problema típico: orden de las teclas con tablas hash\\
+ {\small \url{perldoc.perl.org/perlsec.html#Algorithmic-Complexity-Attacks}}
+ \item<2> ¡Ordenar!
+ \end{itemize}
+
+ \begin{example}
+\begin{semiverbatim}
+for module in \only<2>{\alert{sorted(}}dependencies.keys()\only<2>{\alert{)}}:
+ version = dependencies[module]
+ print('\%s (>= \%s)' \% (module, version))
+\end{semiverbatim}
+ \end{example}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+{
+\usebackgroundtemplate{%
+ \begin{tikzpicture}[remember picture,overlay]%
+ \node[shift={(-0.2\paperwidth, -0.2\paperheight)},at=(current page.north east)] (image) {
+ \includegraphics[width=0.3\paperwidth]{images/random_number.png}
+ };
+ \node[below=-0.03\paperheight of image,align=center,font=\tiny,color=gray]{XKCD \#221};
+ \end{tikzpicture}%
+}
+\begin{frame}[fragile]
+ \frametitle{Evita la aleatoriedad}
+
+ \begin{itemize}
+ \item La aleatoriedad no es determinista
+ \item<2-> Siembra tu PRNG de un valor conocido
+ \begin{itemize}
+ \item Usa un valor fijo
+ \item<3> Extrae del código fuente (nombre del archivo, contenido hash)
+ \end{itemize}
+ \end{itemize}
+
+ \begin{example}
+\begin{semiverbatim}\small
+\$ gcc -flto -c\only<2->{ \alert{-frandom-seed=}}\only<2>{\alert{0}}\only<3>{\alert{utils.o}} utils.c
+\$ nm -a utils.o | grep inline
+\only<1>{0000000000000000 n .gnu.lto\_.inline.381a277a0b6d2a35}\only<2>{0000000000000000 n .gnu.lto\_.inline.0}\only<3>{0000000000000000 n .gnu.lto\_.inline.a108e942}
+\end{semiverbatim}
+ \end{example}
+\end{frame}
+}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Define una variable de entorno que afecte a los resultados}
+
+ \begin{itemize}
+ \item Algunas variables de entorno afectarán a las salidas del software. Ejemplos:
+ \begin{itemize}
+ \item \texttt{LC\_CTIME} para las cadenas de tiempo
+ \item \texttt{LC\_CTYPE} para la codificación de texto
+ \item \texttt{TZ} para los tiempos
+ \end{itemize}
+ \item<2-> Establécelos en un valor controlado
+ \item<3> \textit{No fuerces el lenguaje}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Deja de registrar la información del sistema de construcción}
+
+ \begin{itemize}
+ \item No registres la información sobre el sistema de construcción, como:
+ \begin{itemize}
+ \item fecha y hora de la construcción
+ \item nombre de equipo (hostname)
+ \item ruta
+ \item configuración de la red
+ \item CPU
+ \item variables de entorno
+ \item …
+ \end{itemize}
+ \item<2> Si realmente quieres registrarla, hazlo fuera de los binarios
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Entorno de construcción reproducible}
+
+\begin{frame}
+ \frametitle{¿Qué hay en un entorno de construcción?}
+
+ \begin{itemize}
+ \item Al menos herramientas de construcción y sus versiones específicas
+ \item<2> Depende de ti, dependiendo del sistema de construcción:
+ \begin{itemize}
+ \item arquitectura de la construcción
+ \item sistema operativo
+ \item \textit{ruta de la construcción}
+ \item \textit{fecha y hora de la construcción}
+ \item …
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Construye desde el origen}
+
+ \begin{itemize}
+ \item Herramientas de construcción que afectan la salida del origen
+ \item Registrar la versión / tag / git commit
+ \item Enfoque usado por Coreboot, OpenWrt, \textit{Navegador Tor}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Distribución de referencia}
+
+ \begin{itemize}
+ \item Utiliza una distribución estable (Debian, CentOS)
+ \item Registra la versión del paquete
+ \item Esperanza de que el paquete antiguo continúe disponible / registrado
+ \item Enfoque utilizado por Bitcoin, \textit{Navegador Tor}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Máquinas virtuales / contenedores}
+
+ \begin{itemize}
+ \item Usar una máquina virtual ahorra algunos problemas:
+ \begin{itemize}
+ \item Mismo usuario
+ \item Mismo nombre de equipo (hostname)
+ \item Misma configuración de red
+ \item \textit{Mismo CPU}
+ \item …
+ \end{itemize}
+ \item Presenta nuevas cosas que necesitan ser confiables
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Distribuir el entorno de construcción}
+
+\begin{frame}
+ \frametitle{Buen Makefile}
+
+ \begin{itemize}
+ \item Descarga archivos conocidos de las cadenas de herramientas
+ \item Compara sumas de verificación de referencia
+ \item Construye y configura
+ \item Coreboot: \texttt{make crossgcc}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Registra todo}
+
+ \begin{itemize}
+ \item Registra todo el código fuente de la cadena de herramientas en el VCS
+ \item Enfoque utilizado para el sistema base en *BSD y Google
+ \item Asegúrate de que todo esté registrado en él (\textit{Usar sandbox en Linux})
+ \item Liberado hace algunos años como Software Libre: Bazel \\
+ \url{http://bazel.io/}
+ \item Puede ser difícil pedirles a todos que descarguen todo todo el tiempo
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Envía la cadena de herramientas como un producto de construcción}
+
+ \begin{itemize}
+ \item Haz la cadena de herramientas como un producto de construcción
+ \item OpenWrt:
+ \url{http://wiki.openwrt.org/doc/howto/obtain.firmware.sdk}
+ \end{itemize}
+
+ \begin{example}\footnotesize
+\begin{semiverbatim}
+\$ wget https://downloads.openwrt.org/…/14.07/…OpenWrt-SDK-atheros-….tar.bz2
+\$ svn export svn://…/branches/packages\_14.07/utils/xz package/xz
+\$ make package/xz/compile
+\end{semiverbatim}
+ \end{example}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Gitian}
+
+ \begin{itemize}
+ \item Utilizado por Bitcoin, Navegador Tor
+ \item Maneja LXC o KVM
+ \item «Descriptores» que describen la construcción utilizando:
+ \begin{itemize}
+ \item Distribución base
+ \item Paquetes
+ \item Controles remotos de Git
+ \item Otros archivos de entrada
+ \item Script de construcción
+ \end{itemize}
+ \end{itemize}
+
+ \vfill
+ \begin{block}{\footnotesize Recursos}\footnotesize
+ \url{https://gitian.org/}\\
+ \url{https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md}\\
+ \url{https://github.com/bitcoin/bitcoin/blob/master/contrib/gitian-descriptors/}
+ \end{block}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Docker}
+
+ \begin{itemize}
+ \item Proporciona una forma de describir imágenes especializadas de contenedores de Linux
+ \item Construye en un entorno controlado
+ \item Las imágenes de Docker se pueden tratar con un hash de su contenido
+ \item Bazel tiene soporte para construir imágenes Docker reproducibles
+ \end{itemize}
+
+ \begin{block}{\footnotesize \url{https://github.com/tianon/gosu/blob/master/Dockerfile}}\footnotesize
+\begin{semiverbatim}
+FROM golang:1.4-cross
+[…]
+# disable CGO for ALL THE THINGS (to help ensure no libc)
+ENV CGO\_ENABLED 0
+COPY *.go /go/src/github.com/tianon/gosu/
+WORKDIR /go/src/github.com/tianon/gosu
+RUN GOARCH=amd64 go build -v -ldflags -d -o /go/bin/gosu-amd64
+\end{semiverbatim}
+ \end{block}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Vagrant}
+
+ \begin{itemize}
+ \item Maneja VirtualBox usando Ruby y otros scripts
+ \item Construye en un ambiente controlado
+ \item También funciona en OS X y Windows
+ \end{itemize}
+
+ \vfill
+ {\footnotesize
+ \url{https://www.vagrantup.com/}
+ }
+\end{frame}
+
+\begin{frame}
+ \frametitle{Debian .buildinfo}
+
+ \begin{itemize}
+ \item Registra en el mismo archivo:
+ \begin{itemize}
+ \item Orígenes
+ \item Binarios generados
+ \item Paquetes utilizados para construir (con una versión específica)
+ \end{itemize}
+ \item Puede ser procesado posteriormente para reinstalar el entorno
+ \item Todas las versiones están disponibles desde \url{snapshot.debian.org}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Ejemplo .buildinfo}
+
+{\small
+\begin{verbatim}
+Format: 1.9
+Build-Architecture: amd64
+Source: txtorcon
+Binary: python-txtorcon
+Architecture: all
+Version: 0.11.0-1
+Build-Path: /usr/src/debian/txtorcon-0.11.0-1
+Checksums-Sha256:
+ a26549d9…7b 125910 python-txtorcon_0.11.0-1_all.deb
+ 28f6bcbe…69 2039 txtorcon_0.11.0-1.dsc
+Build-Environment:
+ base-files (= 8),
+ base-passwd (= 3.5.37),
+ bash (= 4.3-11+b1),
+ …
+\end{verbatim}
+}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Consejos}
+
+\begin{frame}
+ \frametitle{Probando variantes}
+
+ \begin{itemize}
+ \item Construye una primera vez
+ \item Guarda el resultado
+ \item Realiza cambios al entorno
+ \item Construye una segunda vez
+ \item Compara resultados
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{reproducible.debian.net}
+
+ \begin{itemize}
+ \item Sistema de prueba continua manejado por Jenkins
+ \item Hardware patrocinado por ProfitBricks
+ \item Pruebas sobre 1300 paquetes fuente de Debian por día en promedio
+ \item Los resultados son visibles en un sitio web
+ \item Otros proyectos: Coreboot, OpenWrt, \textit{¿El tuyo?}
+ \end{itemize}
+ \vfill
+ \begin{center}
+ \includegraphics[height=0.15\paperheight]{images/profitbricks_logo.png}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{\small https://tests.reproducible-builds.org/debian/reproducible.html}
+
+ \begin{center}
+ \includegraphics[height=0.7\paperheight]{images/Debian_TRB.png}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[fragile]
+ \frametitle{Variantes en reproducible.debian.net}
+
+ \begin{center}
+ \begin{table}
+ \resizebox{0.95\textwidth}{!}{%
+ \begin{tabular}{l|ll}
+\textbf{variation} & \textbf{first build} & \textbf{second build} \\
+\hline
+hostname & \texttt{jenkins} & \texttt{i-capture-the-hostname} \\
+domainname & \texttt{debian.net} & \texttt{i-capture-the-domainname} \\
+\texttt{env TZ} & \texttt{GMT+12} & \texttt{GMT-14} \\
+\texttt{env LANG} & \texttt{en\_GB.UTF-8} & \texttt{fr\_CH.UTF-8} \\
+\texttt{env LC\_ALL} & not set & \texttt{fr\_CH.UTF-8} \\
+\texttt{env USER} & \texttt{pbuilder1} & \texttt{pbuilder2} \\
+uid & \texttt{1111} & \texttt{2222} \\
+gid & \texttt{1111} & \texttt{2222} \\
+UTS namespace & shared with the host & \textit{modified using \texttt{/usr/bin/unshare --uts}} \\
+kernel version & Linux 3.16.0-4-amd64 & Linux 2.6.56-4-amd64 \\
+umask & 0022 & 0002 \\
+CPU type & \multicolumn{2}{l}{same for both builds \textit{(work in progress)}} \\
+year, month, date & \multicolumn{2}{l}{same for both builds \textit{(work in progress)}} \\
+hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minute differs… \textit{(work in progress)}} \\
+\textit{everything else} & \multicolumn{2}{l}{\textit{is likely the same…}}
+ \end{tabular}
+ }
+ \end{table}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.5\paperwidth]{images/stats_pkg_state_unstable.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.5\paperwidth]{images/bugs_without_ftbfs.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.5\paperwidth]{images/stats_bugs_all_tags_state.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+{
+\usebackgroundtemplate{%
+ \begin{tikzpicture}[remember picture,overlay]%
+ \node[shift={(-0.15\paperwidth, 0.4\paperheight)},at=(current page.south east)] {
+ \includegraphics[width=0.2\paperwidth]{images/diffoscope_logo.png}
+ };
+ \end{tikzpicture}%
+}
+\begin{frame}{diffoscope}
+ \frametitle{Depurando problemas: diffoscope}
+
+ \begin{itemize}
+ \item Examina las diferencias \textbf{en profundidad}
+ \item Salidas de HTML o de texto plano que muestran las diferencias
+ \item Desempaqueta recursivamente los archivos
+ \item Busca la legibilidad humana:
+ \begin{itemize}
+ \item Descomprime PDF
+ \item Desarma binarios
+ \item Desempaqueta archivos Gettext
+ \item … \textit{fácil de extender a nuevos formatos de archivo}
+ \end{itemize}
+ \item Retrocede a la comparación binaria
+ \end{itemize}
+ \vfill
+ \begin{center}
+ \url{http://diffoscope.org/}\\
+ {\footnotesize \color{gray}{(formely known as \texttt{debbindiff})}}
+ \end{center}
+\end{frame}
+}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Ejemplo de diffoscope (salida de HTML)}
+
+ \begin{center}
+ \includegraphics[width=0.9\paperwidth]{images/diffoscope_example_html.png}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Ejemplo de diffoscope (salida de texto)}
+
+ \begin{center}
+ \includegraphics[width=0.9\paperwidth]{images/diffoscope_example_text.png}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{strip-nondeterminism}
+
+ \begin{itemize}
+ \item Normaliza varios formatos de archivo
+ \item Actualmente maneja:
+ \begin{itemize}
+ \item archivos ar (\texttt{.a})
+ \item gzip
+ \item Java jar
+ \item Javadoc HTML
+ \item Maven \texttt{pom.properties}
+ \item PNG
+ \item archivos ZIP
+ \item … \textit{extensible a nuevos formatos}
+ \end{itemize}
+ \item Escrito en Perl (como \texttt{dpkg-dev})
+ \end{itemize}
+ \vfill
+ \begin{center}\small
+ \url{git://git.debian.org/reproducible/strip-nondeterminism.git}
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Recursos}
+
+ \begin{itemize}
+ \item Reproducible Builds HOWTO \\
+ \url{https://wiki.debian.org/ReproducibleBuilds/Howto}
+ \item<2-> Wiki de Debian Reproducible Builds \\
+ \url{https://wiki.debian.org/ReproducibleBuilds}
+ \item<2-> Descripción general de estadísticas sobre construcciones reproducibles \\
+ \url{https://tests.reproducible-builds.org/debian/reproducible.html}
+ \item<3> Construcción doble diversa \\
+ \url{http://www.dwheeler.com/trusting-trust/}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Estado en Debian}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.5\paperwidth]{images/stats_pkg_state_testing.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Estado en Debian}
+
+\begin{frame}
+ \frametitle{Resumen de Debian - situación actual en Bullseye (Debian 11)}
+ \begin{itemize}
+ \item Actualmente Debian es 94.9\% reproducible para la siguiente versión estable.
+ \item El 94.9\% (27742) de los paquetes en Bullseye pueden construir paquetes reproducibles.. El 3.3\% (991)
+ aún fallan a ser reproducibles y el 1.3\% (396) fallan a construir de manera reproducible desde el código
+ fuente...
+ \item Porque, Debian no (¿Todavía?) hace reconstrucciones completas antes de
+ liberar una nueva versión... así las cosas estarían en el archivo que no es reproducible a menos que sea
+ reconstruido.
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Resumen de Debian - situación para derivadas y el futuro}
+ \begin{itemize}
+ \item Entonces otros (por ejemplo Kali, ParrotOS, TAILS) pueden tomar nuestro trabajo ahora y hacer su
+ siguiente versión (parcialmente) reproducible...
+ \item Debian 11 Bullseye continuará siendo parcialmente reproducible en 2021.
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Resumen de Debian - situación para derivadas y el futuro}
+ \begin{itemize}
+ \item Desde agosto de 2017 \texttt{debian-policy} establece que los paquetes \textbf{deben} ser reproducibles.
+ \item Esperamos que \texttt{debian-policy} establezca 100\% construcciones reproducibles («\textbf{deben de serlo}») para Debian 11 Bullseye en 2021. Y aún así, ahí pueden existir excepciones...
+ \item Necesitamos mucha ayuda.
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \frametitle{reproducible-builds.org}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.4\paperwidth]{images/RB1.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{¿Quieres ayudar?}
+
+\begin{frame}
+ \frametitle{Como desarrollador}
+ \begin{itemize}
+ \item Deja de usar las fechas de construcción
+ \item Utiliza \texttt{SOURCE\_DATE\_EPOCH} en su lugar
+ \item Visita \url{https://reproducible-builds.org/specs/}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Participa aprendiendo haciendo}
+
+ \begin{itemize}
+ \item Prueba por ti mismo:
+ \begin{itemize}
+ \item Construye algo dos veces, ejecuta Diffoscope en los resultados
+ \begin{itemize}
+ \item Para obtener mejores resultados, usa nuestro repositorio "reproducible", \texttt{pbuilder} y una configuración personalizada
+ \end{itemize}
+ \end{itemize}
+ \item Documentos en la web: \\
+ \small{\url{https://reproducible-builds.org/docs/}} \\
+ \item \normalsize{Pide ayuda en nuestros canales \texttt{\#debian-reproducible} y \texttt{\#reproducible-builds} ambos en la red OFTC de chat IRC o en nuestras listas de correo:} \\
+ \small{\url{reproducible-builds at lists.alioth.debian.org}} \\
+ \small{\url{rb-general at lists.reproducible-builds.org}}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Crea tutoriales y cursos sobre RB en inglés o en tu idioma local}
+
+ \begin{itemize}
+ \item Graba un video explicando como iniciar desde lo más básico.
+ \item Menciona que conocimientos se necesitan tener previamente para crear RB.
+ \item Súbelo a Peertube: \\
+ \small{\url{https://joinpeertube.org/instances}} \\
+ \item \normalsize{Difunde tus contenidos audiovisuales o escritos en redes sociales libres:} \\
+ \small{\url{https://mastodon.online/public}} \\
+ \small{\url{https://fosstodon.org/public}} \\
+ \small{\url{https://pleroma.libretux.com/main/all}} \\
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{¡Únete al equipo!}
+
+ \begin{itemize}
+ \item ¿Por qué?
+ \begin{itemize}
+ \item Ayuda directamente a que Debian no tenga backdoors
+ \item Aprende algo nuevo cada día
+ \item ¡Transforma el mundo (del software y más allá)!
+ \end{itemize}
+ \item ¿Qué hacemos?
+ \begin{itemize}
+ \item Revisar paquetes
+ \item Identificar problemas y documentar soluciones
+ \item \texttt{reproducible.d.n}, diffoscope, strip-nondeterminism
+ \item Proponer cambios para las cadenas de herramientas (toolchain)
+ \item Enviar parches para paquetes individuales
+ \item Escribir más documentación general y correr la voz por el mundo
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \frametitle{reproducible-builds.org/contribute/}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.4\paperwidth]{images/RB2.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}[plain]
+ \frametitle{reproducible-builds.org/docs/definition/}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[at=(current page.center)] {
+ \includegraphics[height=0.4\paperwidth]{images/RB3.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{¡Únete al equipo!}
+
+\begin{itemize}
+ \item ¿Cómo empezar?
+ \begin{itemize}
+ \item https://reproducible-builds.org/docs/definition/
+ \item Plática de Mike y Seth de 31C3 sobre motivaciones \url{https://media.ccc.de/v/31c3_-_6240_-_en_-_saal_g_-_201412271400_-_reproducible_builds_-_mike_perry_-_seth_schoen_-_hans_steiner}
+ \item Plática de Lunar sobre la solución de problemas reproducibles en el CCCamp 15 \url{https://media.ccc.de/v/camp2015-6657-how_to_make_your_software_build_reproducibly}
+ \item Experimenta y aprende haciendo
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{¿Preguntas?}
+
+\begin{frame}
+ \frametitle{¿Preguntas, comentarios, ideas?}
+
+ \begin{itemize}
+ \item \url{https://reproducible-builds.org}
+ \item \url{https://tests.reproducible-builds.org/debian/reproducible.html}
+ \item \texttt{\#debian-reproducible} en \texttt{irc.OFTC.net}
+ \item \texttt{\#reproducible-builds} en \texttt{irc.OFTC.net}
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Créditos}
+
+\begin{frame}
+ \frametitle{Créditos}
+
+ \begin{itemize}
+ \item Contenido original «How to make your software build reproducibly» por Lunar
+ \item Contenido original «Beyond reproducible builds» por Chris Lamb (lamby) y Holger ’h01ger’ Levsen
+ \item Contenido original «Reproducible builds where do we want to be tomorrow» por Holger ’h01ger’ Levsen
+ \item Traducción al español, edición y actualización por Jonathan Bustillos (Jathan)
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\section{Referencias}
+
+\begin{frame}
+ \frametitle{Referencias}
+
+ \begin{itemize}
+ \item \url{https://wiki.debian.org/ReproducibleBuilds/About}
+ \item \url{https://reproducible-builds.org/docs/definition/}
+ \item \url{https://reproducible.alioth.debian.org/presentations/2015-08-13-CCCamp15.pdf}
+ \item \url{https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2491/original/2014CCCReproducible.pdf}
+
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{Referencias}
+
+ \begin{itemize}
+ \item \url{http://meetings-archive.debian.net/pub/debian-meetings/2015/mini-debconf-cambridge/slides/2015-11-08-Beyond-reproducible-builds.pdf}
+ \item \url{https://anonscm.debian.org/cgit/reproducible/presentations.git/tree/2017-10-25-OSSE/}
+ \item \url{https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/blob/master/2020-05-31-Reproducing-bullseye-in-practice/index.html}
+
+ \end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{¡Gracias!}
+
+ \vfill
+ \begin{center}
+ \resizebox{0.8\textwidth}{!}{%
+ \begin{tabular}{rl}
+ \texttt{jathan at debian.org} & \texttt{3006 B194 2622 24C7 1607} \\
+ & \texttt{F72B 52E4 5D29 AA34 EFC5}
+ \end{tabular}
+ }
+ \end{center}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+\begin{frame}
+ \frametitle{¡Gracias!}
+
+ \begin{center}
+ \includegraphics[height=0.4\paperheight]{images/CC_BY-SA1.png}
+ \end{center}
+
+ \vfill
+ \begin{center}
+ \resizebox{0.8\textwidth}{!}{%
+ \begin{tabular}{rl}
+ \texttt{jathan at debian.org} & \texttt{3006 B194 2622 24C7 1607} \\
+ & \texttt{F72B 52E4 5D29 AA34 EFC5}
+ \end{tabular}
+ }
+ \end{center}
+\end{frame}
+
+\end{document}
=====================================
2020-08-24-DebConf20/images/31c3.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/31c3.png differ
=====================================
2020-08-24-DebConf20/images/CC_BY-SA1.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/CC_BY-SA1.png differ
=====================================
2020-08-24-DebConf20/images/Debian_TRB.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/Debian_TRB.png differ
=====================================
2020-08-24-DebConf20/images/RB1.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/RB1.png differ
=====================================
2020-08-24-DebConf20/images/RB2.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/RB2.png differ
=====================================
2020-08-24-DebConf20/images/RB3.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/RB3.png differ
=====================================
2020-08-24-DebConf20/images/bugs_without_ftbfs.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/bugs_without_ftbfs.png differ
=====================================
2020-08-24-DebConf20/images/cii_logo.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/cii_logo.png differ
=====================================
2020-08-24-DebConf20/images/diffoscope_example_html.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/diffoscope_example_html.png differ
=====================================
2020-08-24-DebConf20/images/diffoscope_example_text.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/diffoscope_example_text.png differ
=====================================
2020-08-24-DebConf20/images/diffoscope_logo.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/diffoscope_logo.png differ
=====================================
2020-08-24-DebConf20/images/filesystem_order_in_tarball.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/filesystem_order_in_tarball.png differ
=====================================
2020-08-24-DebConf20/images/linux_foundation_logo.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/linux_foundation_logo.png differ
=====================================
2020-08-24-DebConf20/images/profitbricks_logo.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/profitbricks_logo.png differ
=====================================
2020-08-24-DebConf20/images/random_function_order.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/random_function_order.png differ
=====================================
2020-08-24-DebConf20/images/random_number.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/random_number.png differ
=====================================
2020-08-24-DebConf20/images/stats_bugs_all_tags_state.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/stats_bugs_all_tags_state.png differ
=====================================
2020-08-24-DebConf20/images/stats_pkg_state_testing.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/stats_pkg_state_testing.png differ
=====================================
2020-08-24-DebConf20/images/stats_pkg_state_unstable.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/stats_pkg_state_unstable.png differ
=====================================
2020-08-24-DebConf20/images/strawhorse.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/strawhorse.png differ
=====================================
2020-08-24-DebConf20/images/timestamp_in_git_deb.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/timestamp_in_git_deb.png differ
=====================================
2020-08-24-DebConf20/images/timestamp_in_nasm.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/timestamp_in_nasm.png differ
=====================================
2020-08-24-DebConf20/images/uninitialized_memory.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/uninitialized_memory.png differ
=====================================
2020-08-24-DebConf20/images/varying_version.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/varying_version.png differ
=====================================
2020-08-24-DebConf20/images/why_is_gone.png
=====================================
Binary files /dev/null and b/2020-08-24-DebConf20/images/why_is_gone.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/6d206b652403b81f476835c1e80385d3822fe52f
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/6d206b652403b81f476835c1e80385d3822fe52f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20200817/fe7f3fdf/attachment.htm>
More information about the rb-commits
mailing list