[Git][reproducible-builds/reproducible-presentations][master] 2021-08-28: Add Draft of "Looking Forward to Reproducible Builds" for
Vagrant Cascadian (@vagrant)
gitlab at salsa.debian.org
Thu Aug 19 00:07:49 UTC 2021
Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
d9145ce8 by Vagrant Cascadian at 2021-08-18T17:06:39-07:00
2021-08-28: Add Draft of "Looking Forward to Reproducible Builds" for
DebConf21.
- - - - -
4 changed files:
- + 2021-08-28-Looking-Forward-to-Reproducible-Builds/Looking-Forward-to-Reproducible-Builds.org
- + 2021-08-28-Looking-Forward-to-Reproducible-Builds/Makefile
- + 2021-08-28-Looking-Forward-to-Reproducible-Builds/images/archlinux.png
- + 2021-08-28-Looking-Forward-to-Reproducible-Builds/images/vagrantupsidedown.png
Changes:
=====================================
2021-08-28-Looking-Forward-to-Reproducible-Builds/Looking-Forward-to-Reproducible-Builds.org
=====================================
@@ -0,0 +1,182 @@
+#+TITLE: Looking Forward to Reproducible Builds
+#+AUTHOR: Vagrant Cascadian
+#+EMAIL: vagrant at reproducible-builds.org
+#+DATE: Debconf21, 2021-08-28
+#+LANGUAGE: en
+#+OPTIONS: H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
+#+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
+#+OPTIONS: ^:nil
+#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
+#+EXPORT_SELECT_TAGS: export
+#+EXPORT_EXCLUDE_TAGS: noexport
+#+startup: beamer
+#+LaTeX_CLASS: beamer
+#+LaTeX_CLASS_OPTIONS: [bigger]
+#+latex_header: \mode<beamer>{\usetheme{Madrid}}
+#+LaTeX_CLASS_OPTIONS: [aspectratio=169]
+#+BEGIN_comment
+Looking Forward to Reproducible Builds
+Speaker: Vagrant Cascadian
+Language: English
+Track: Security
+Type: Short talk (20 minutes)
+Room: Talks 1
+Time: Aug 28 (Sat): 14:30
+Duration: 0:20
+
+Reproducible Builds has been a project within the Debian community
+since 2013; huge progress has been made in those years, including
+broadening the community to projects outside of Debian!
+
+This talk will mention some historic blockers that “recently” have
+been solved, worked around, or are actively in progress.
+
+It will highlight some recent developments, with an eye to what might
+happen as Debian embarks upon the “Bookworm” development cycle.
+
+Will also point out some exciting milestones reached by projects
+outside of Debian.
+#+END_comment
+
+* Who am I
+
+** image
+ :PROPERTIES:
+ :BEAMER_col: 0.4
+ :END:
+
+[[./images/vagrantupsidedown.png]]
+
+
+** text
+ :PROPERTIES:
+ :BEAMER_col: 0.4
+ :END:
+
+ | | Vagrant |
+ |---------------------+---------|
+ | debian user | 2001 |
+ | debian developer | 2010 |
+ | reproducible builds | 2015 |
+
+* Verification Builds
+
+ Verify against packages actually shipped by Debian!
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- More challenging that expected...
+- Download .buildinfo files for a given package
+- Download specific/old package versions
+- How do I actually verify a package?
+
+* Keeping up with our good neighbors
+
+ ArchLinux
+
+ https://reproducible.archlinux.org/
+
+** image
+ :PROPERTIES:
+ :BEAMER_col: 0.3
+ :END:
+
+[[./images/archlinux.png]]
+
+** text
+ :PROPERTIES:
+ :BEAMER_col: 0.6
+ :END:
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- embedded .buildinfo files
+- https://archive.archlinux.org/ (falls back to archive.org)
+- repro makes verification simple
+
+* The greener grass
+
+ I want what ArchLinux has... But for Debian of course!
+
+* Buildinfo files
+
+ include .buildinfo file in the archive
+
+ https://bugs.debian.org/763822
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- buildinfos.debian.net
+- LTS .buildinfo files https://bugs.debian.org/929397
+
+* Downloading old versions
+
+ snapshot.debian.org
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- connection droping https://bugs.debian.org/960304
+- bandwith limits https://bugs.debian.org/977653
+- timestamps https://bugs.debian.org/969603
+
+* Metasolution
+
+ metasnap.debian.net
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- feed it a .buildinfo, get a snapshot date
+- minimize calls to snapshot.debian.org
+
+* A look in the mirror
+
+ https://debian.notset.fr/snapshot
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- currenty a Work-In-Progress
+- all of amd64 since buster
+- plans to have a mirror hosted by OSUOSL
+
+* Forget trust, Verify!
+
+ Verifying a build
+
+ #+ATTR_BEAMER: :overlay <+->
+- ...
+- verification WIP for tests.reproducible-builds.org
+- debrebuild
+
+* On the path
+
+ The fixfilepath feature was enabled by default for dpkg-buildflags:
+
+ https://bugs.debian.org/974087
+
+ Use gcc .spec files for fixfilepath/fixdebugpath:
+
+ https://bugs.debian.org/985553
+
+* Lively reproducibility
+
+ https://jenkins.debian.net/view/live/
+
+ Most live image variants are reproducible!
+
+* NixOS
+
+ NixOS reached 100% reproducibility for a minimal image
+
+ https://r13y.com
+
+* Copyright and attributions
+\addtocounter{framenumber}{-1}
+\tiny
+
+ Copyright 2021 Vagrant Cascadian <vagrant at reproducible-builds.org>
+
+ This work is licensed under the Creative Commons
+ Attribution-ShareAlike 4.0 International License.
+
+ To view a copy of this license, visit
+ https://creativecommons.org/licenses/by-sa/4.0/
=====================================
2021-08-28-Looking-Forward-to-Reproducible-Builds/Makefile
=====================================
@@ -0,0 +1,16 @@
+# thanks to dima for walking me through this!
+#
+# needs: apt install emacs texlive-latex-extra librsvg2-bin graphviz
+
+export FORCE_SOURCE_DATE = 1
+export SOURCE_DATE_EPOCH := $(shell date --utc --date '2021-08-28 14:30 UTC' +%s)
+
+all: $(patsubst %.org,%.pdf,$(wildcard *.org))
+
+%.pdf: %.org
+ emacs -Q --batch --eval '(progn (random "0") (find-file "$<") (org-beamer-export-to-pdf))'
+
+clean:
+ rm -f *.pdf *.tex *.png
+
+.PHONY:clean
=====================================
2021-08-28-Looking-Forward-to-Reproducible-Builds/images/archlinux.png
=====================================
@@ -0,0 +1 @@
+../../2017-08-11-DebConf17/images/who/archlinux.png
\ No newline at end of file
=====================================
2021-08-28-Looking-Forward-to-Reproducible-Builds/images/vagrantupsidedown.png
=====================================
@@ -0,0 +1 @@
+../../2020-05-LFNW-beyond-trusting-open-source-software/images/vagrantupsidedown.png
\ No newline at end of file
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/d9145ce87ce2b2c74157b393cabdf7191f3a8584
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/d9145ce87ce2b2c74157b393cabdf7191f3a8584
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210819/5bde44d9/attachment.htm>
More information about the rb-commits
mailing list