[Git][reproducible-builds/reproducible-presentations][master] dc22 presentation: more final brushes
Holger Levsen (@holger)
gitlab at salsa.debian.org
Mon Jul 18 17:43:57 UTC 2022
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
213dca56 by Holger Levsen at 2022-07-18T19:43:46+02:00
dc22 presentation: more final brushes
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
1 changed file:
- 2022-07-19-reproducible-builds-for-bullseye-bookwork-and-beyond/index.html
Changes:
=====================================
2022-07-19-reproducible-builds-for-bullseye-bookwork-and-beyond/index.html
=====================================
@@ -356,13 +356,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h3>Summary of reproducibility of other projects (all AIUI)</h3>
<p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident...</p>
- <p>We mostly still haven't found what we're looking for, because it's hard and without 100% it's pointless also.</p>
- </section>
-
- <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>Summary of reproducibility of other projects (all AIUI)</h3>
- <p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident...</p>
- <p>We mostly still haven't found what we're looking for, because it's hard and without 100% it's basically impossible to do a sensible user experience.</p>
+ <p>We mostly still haven't found what we're looking for, because it's really hard. <br>For example: without 100% it's basically impossible to do a sensible user experience.</p>
</section>
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
@@ -420,7 +414,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<p>DebConf20</p>
<p>DebConf21</p>
- <p class="fragment">“I feel I have given warnings that the next Debian release will not be reproducible for years.” is a quote from last year.</p>
+ <p class="fragment">“I feel I have given warnings that the next Debian release will not be reproducible for years.” <span class="fragment">is a quote from last years.</span></p>
<p class="fragment">...and I feel fine! 😀</p>
</section>
@@ -477,30 +471,20 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h3>93% reproducibility is a lie.</h3>
<p class="fragment">or rather: 93% are CI results.</p>
+ <p class="fragment">I explain what's "wrong" with CI results in a moment...</p>
</section>
- <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>CI versus rebuilds:</h3>
- <ul>
- <li>We have no <strong>Debian</strong> infrastructure rebuilding Debian packages. The reproducible-builds.org rebuilders are builders, not rebuilders.<p class="fragment">https://beta.tests.reproducible-builds.org/debian <em>is showing</em> rebuilds of ftp.debian.org - huge thanks to Frédéric Pierret for this PoC.</p></li>
- <li class="fragment">Sadly, Frédéric's rebuilder is down atm...</li>
- </ul>
- </ul>
- </section>
-
+ <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>93% reproducibility is neither a lie nor useless...</h3>
+ <img class="fragment" src="images/stats_bugs_state.png">
- <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>CI versus rebuilds:</h3>
- <ul>
- <li>We have no <strong>Debian</strong> infrastructure rebuilding Debian packages. The reproducible-builds.org rebuilders are builders, not rebuilders.<p>https://beta.tests.reproducible-builds.org/debian <em>is showing</em> rebuilds of ftp.debian.org - huge thanks to Frédéric Pierret for this PoC.</p></li>
- <li style="font-size: 90%">Up until recently we had two main blockers for rebuilders:</li>
- <ul style="font-size: 80%">
- <li class="fragment">>3000 packages without .buildinfo files, fixed by myself in February 2021 and in June 2022.</li>
- <li class="fragment">snapshot.debian.org was (and is) unusable for rebuilds, fixed by Frédéric Pierret and josch since June 2021, by providing a partial mirror for amd64 only and only going back until January 2017.</li>
+ </section>
+
+ <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>93% reproducibility is neither a lie nor useless...</h3>
+ <img src="images/stats_bugs_sin_ftbfs_state.png">
- </ul>
- </ul>
</section>
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
@@ -511,26 +495,23 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<li class="fragment">that's almost 2% up compared to buster (93.9%)</li>
<li class="fragment">or almost 3000 more reproducible packages (29674 instead of 26682 in buster)</li>
<li class="fragment">or even more impressive: we've solved one third of the remaining 6% buster had...</li>
- <li class="fragment"><b>but</b> we are at 94.8% (30482 out of 32153 source packages) CI reproducibiliy for <em>bookworm</em>! :/<p>
</ul>
</section>
-
- <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>94.8% reproducibility is neither a lie nor useless...</h3>
- <img class="fragment" src="images/stats_bugs_state.png">
+ <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>...then looking at bookworm four weeks ago...</h3>
+ <ul>
+ <li>we were at 94.8% (30482 out of 32153 source packages) CI reproducibiliy for <em>bookworm</em>.</li>
+ <li class="fragment">YAY.</li>
+ </ul>
</section>
-
- <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>94.8% reproducibility is neither a lie nor useless...</h3>
- <img src="images/stats_bugs_sin_ftbfs_state.png">
- </section>
+
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>94.8% reproducibility is a lie because something broke and we're at:</h3>
+ <h3>Then, since "Hamburg", something broke and we're at:</h3>
<ul>
<li>93.0% for bookworm/amd64</li>
<li>93.7% for bookworm/arm64</li>
@@ -550,15 +531,35 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
</section>
- <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
- <h4>https://beta.tests.reproducible-builds.org/debian</h4>
- <img class="fragment" src="images/bookworm_build-essential.amd64+all.png">
+ <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>CI versus rebuilds:</h3>
+ <ul>
+ <li>We have no <strong>Debian</strong> infrastructure rebuilding Debian packages. The reproducible-builds.org rebuilders are builders, not rebuilders.</li>
+ <li> That's why I called 93% (or whatever) a "lie".</li>
+ <li style="font-size: 90%">Up until recently we had two main blockers for rebuilders:</li>
+ <ul style="font-size: 80%">
+ <li class="fragment">>3000 packages without .buildinfo files, fixed by myself in February 2021 and in June 2022.</li>
+ <li class="fragment">snapshot.debian.org was (and is) unusable for rebuilds, fixed by Frédéric Pierret and josch since June 2021, by providing a partial mirror for amd64 only and only going back until January 2017.</li>
+
+ </ul>
+ </ul>
+ </section>
+
+ <section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3>CI versus rebuilds:</h3>
+ <ul>
+ <li class="fragment">We have no <strong>Debian</strong> infrastructure rebuilding Debian packages. The reproducible-builds.org rebuilders are builders, not rebuilders.</li>
+ <li class="fragment">https://beta.tests.reproducible-builds.org/debian <em>is showing</em> rebuilds of ftp.debian.org - huge thanks to Frédéric Pierret for this PoC.</li>
+ <li class="fragment">Sadly, Frédéric's rebuilder is down atm...</li>
+ <li class="fragment">And one rebuilder is not good enough also. It's a start though.</li>
+ </ul>
+ </ul>
</section>
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h4>https://beta.tests.reproducible-builds.org/debian</h4>
- <p>is down <span class="fragment">but should run on Debian ressources anyway</span></p>
+ <img class="fragment" src="images/bookworm_build-essential.amd64+all.png">
</section>
@@ -588,28 +589,26 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h4>https://beta.tests.reproducible-builds.org/debian</h4>
<ul>
<li>amd64 only, also because our snapshot mirror is amd64 only</li>
- <li>one rebuilder only, not several</li>
- <li>one person maintaining this, thank you very much, Frédéric Pierret!</li>
- <li class="fragment">one person maintaining this, I'm so sorry... so someone, please do something, please help!</li>
- </ul>
+ <li>one rebuilder only, not several (and at least some should run on Debian ressources)</li>
+ <li class="fragment">one person maintaining this so far. Thank you very much, Frédéric Pierret, and sorry too.</li>
</section>
+
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h3>working around snapshot.debian.org</h3>
<ul>
<li class="fragment">snapshot.debian.org was (and is) unusable for rebuilds, fixed by Frédéric Pierret and josch since June 2021, by providing a partial mirror for amd64 only and only going back until January 2017.</li>
- <li class="fragment">though snapshot.notset.fr is currently down.</li>
- <li class="fragment">and snapshot.reproducible-builds.org ist not yet up</li>
+ <li class="fragment">though snapshot.notset.fr is currently down and snapshot.reproducible-builds.org ist not yet up... :/</li>
</ul>
</section>
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h3>further improvements to our snapshot.debian.org mirror</h3>
<ul>
+ <li class="fragment">soon to be hosted at OSUOSL as snapshot.reproducible-builds.org</li>
+ <li class="fragment">probably still mirroring https://debian.notset.fr/snapshot/ and not snapshot.d.o </li>
<li class="fragment">https://salsa.debian.org/freexian-team/project-funding/-/merge_requests/14</li>
- <li class="fragment">soon to be hosted at OSUOSL as snapshot.reproducible-builds.org</li>
- <li class="fragment">probably still mirroring https://debian.notset.fr/snapshot/ and not snapshot.d.o </li>
<li class="fragment">we want at least arm64 too, though that needs more than just HW</li>
<li class="fragment">without "a working" snapshot.debian.org (it works, "just" not for our usecases) we cannot have reproducible Debian...</li>
</ul>
@@ -619,7 +618,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h3>"Solved" problems with <code>.buildinfo</code> files</h3>
<ul style="font-size: 98%">
- <li>buildinfos.debian.net is just a proof of concept, but it kinda works around #862073, #763822, #862538, #929397</li>
+ <li>buildinfos.debian.net is just a proof of concept, but it works around #862073, #763822, #862538, #929397 well enough.</li>
<li class="fragment">we had >3000 packages without .buildinfo files, I NMUed all of them (with the help of David Bremner!) 😇 Just NEW ones will keep coming...</li>
<li class="fragment">GPG keys expire.</li>
</ul>
@@ -631,9 +630,10 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/dc22-logo.svg" data-background-size="12%" data-background-position="90% 10%">
<h3>And then, meaningful reproducibilty of Debian is still not possible because:</h3>
<ul>
- <li class="fragment">linux, gcc and glibc are our current blockers getting <em>build-essential</em> reproducible.</li>
+ <li class="fragment">linux, gcc and glibc are our current blockers getting <em>build-essential</em> reproducible in <em>bookworm</em>.</li>
<li class="fragment">Debian installer images are not reproducible in <em>bullseye</em>.</li>
<li class="fragment">Debian Live images are not reproducible in <em>bullseye</em>.</li>
+ <li class="fragment">Sadly "bullseye" was not a typo in the last two lines. :(</li>
</ul>
</section>
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/213dca5666bca776e5318364e1b8ba836d63490b
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/213dca5666bca776e5318364e1b8ba836d63490b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20220718/77b3d591/attachment.htm>
More information about the rb-commits
mailing list