[Git][reproducible-builds/reproducible-presentations][master] debian hamburg reunion r-b talk slides: minor improvements
Holger Levsen (@holger)
gitlab at salsa.debian.org
Sun May 29 08:52:39 UTC 2022
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
57cd62ff by Holger Levsen at 2022-05-28T17:05:22+02:00
debian hamburg reunion r-b talk slides: minor improvements
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
1 changed file:
- 2022-05-28-reproducible-builds-for-bullseye-bookwork-and-beyond/index.html
Changes:
=====================================
2022-05-28-reproducible-builds-for-bullseye-bookwork-and-beyond/index.html
=====================================
@@ -230,13 +230,12 @@
<p>Who am I</p>
<ol>
<li>Holger Levsen / holger at debian.org</li>
- <li>Debian user since 1995</li>
- <li>Debian member since 2007, contributing since 2001</li>
+ <li>Debian user since 1995, contributing since 2001, Debian member since 2007</li>
<li>Located in Hamburg, Germany</li>
<li class="fragment">Working on Reproducible Builds since 2014</li>
<li class="fragment">Uploaded >10% of all source packages in Debian bullseye</li>
<li class="fragment">Uploaded <10% of all source packages in Debian bookworm...</li>
- <li class="fragment">May 2022 has been quite extraordinary and left me with even less time to prepare this talk then usual.</li>
+ <li class="fragment">May 2022 was quite extraordinary... little time to prepare this.</li>
</ol>
</section>
@@ -271,7 +270,7 @@
<ul>
<li class="fragment">Enable anyone to independently verify that a given source produces bit by bit identical results.</li>
<li class="fragment">Reproducible Builds are an important building block in making supply chains more secure. Nothing more, nothing less.</li>
- <li class="fragment">As a side effect: you can only be sure a binary is free software if it has been reproduced. <em>Someone elses binary is only free software if it's reproducible!</em></li>
+ <li class="fragment">As a side effect: you can only be sure a binary is free software if it has been reproduced. <em>Someone elses binary is only </em>certainly<em> free software if it's reproducible!</em></li>
</ul>
</section>
@@ -361,14 +360,23 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
<h3><em>Reproducible Builds were first discussed at DebConf13...</em></h3>
<p>..in a BoF hosted by Lunar sparking all of this. DebConf14 had another BoF.</p>
- <p class="fragment">FOSDEM 2015: getting the wider FLOSS community involved. First summit at the end of 2015. Automated rebuilds. Diffoscope.</p>
- <img class="fragment" src="images/dc15_1.jpg" width="85%">
+ <p class="fragment">Automated test builds at the end of 2014.</p>
+ <p class="fragment">FOSDEM 2015: getting the wider FLOSS community involved.</p>
+ <p class="fragment">First summit at the end of 2015 in Athens.</p>
+ <p class="fragment">Diffoscope!</p>
</section>
+ <section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
+ <h3><em>DebConf15 had four people giving the talk...</em></h3>
+ <img src="images/dc15_1.jpg" width="85%">
+
+ </section>
+
+
<section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
<h3><em>How can we get this done...???</em></h3>
- <p>at the beginning of the <em>Stretch</em> development cycle...</p>
+ <p>we wondered at the beginning of the <em>Stretch</em> development cycle...</p>
<img src="images/dc15_2.jpg" width="85%">
</section>
@@ -381,7 +389,6 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<p>DebConf19</p>
<p>DebConf20</p>
<p>DebConf21</p>
- <p>DebConf22</p>
<p class="fragment">"I feel I have given warnings that the next Debian release will not be reproducible for years." is a quote from last year.</p>
<p class="fragment">...and I feel fine! 😀</p>
@@ -416,13 +423,19 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<p>The "we are almost made it" release</p>
<h3>Debian <em>12 / bookworm</em></h3>
<p>The first Debian release with some meaningful reproducibility?</p>
- <p class="fragment">This two slides (so far) were from last year...</p>
+ </section>
+
+
+ <section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
+ <p>The previous two slides were from last year...</p>
+ <br>
+ <h3>Debian <em>12 / bookworm</em></h3>
+ <p>The first Debian release with some meaningful/usable reproducibility?!?</p>
<h3 class="fragment">Debian <em>13 / trixie</em></h3>
<p class="fragment">I still haven't found what I'm looking for</p>
</section>
-
<!--========================================================= -->
<section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
@@ -458,8 +471,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<li class="fragment">that's almost 2% up compared to buster (93.9%)</li>
<li class="fragment">or almost 3000 more reproducible packages (29674 instead of 26682 in buster)</li>
<li class="fragment">or even more impressive: we've solved one third of the remaining 6% buster had...</li>
- <li class="fragment">but...</li>
- <li class="fragment">we are at 94.8% (30482 out of 32153 source packages) CI reproducibiliy for <em>bookworm</em>! :/<p>
+ <li class="fragment"><b>but</b> we are at 94.8% (30482 out of 32153 source packages) CI reproducibiliy for <em>bookworm</em>! :/<p>
</ul>
</section>
@@ -510,7 +522,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<ul>
<li>amd64 only, also because our snapshot mirror is amd64 only</li>
<li>one rebuilder only, not several</li>
- <li>one person maintaining this, thank you very much, Frédéric Pierret</li>
+ <li>one person maintaining this, thank you very much, Frédéric Pierret!</li>
<li class="fragment">one person maintaining this, I'm so sorry... so someone, please do something, please help!</li>
</ul>
</section>
@@ -519,8 +531,9 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h3>snapshot.debian.org</h3>
<ul>
<li class="fragment">snapshot.debian.org was (and is) unusable for rebuilds, fixed by Frédéric Pierret and josch since June 2021, by providing a partial mirror for amd64 only and only going back until January 2017.</li>
- <li class="fragment">now that we have https://debian.notset.fr/snapshot/ (and soon snapshot.reproducible-builds.org hosted at OSUOSL) we can setup rebuilders</li>
- <li class="fragment">arm64 snapshot wanted too (mostly needs HW)</li>
+ <li class="fragment">so now we have snapshot.reproducible-builds.org hosted at OSUOSL and mirroring from
+ https://debian.notset.fr/snapshot/ </li>
+ <li class="fragment">arm64 snapshot wanted too (though it needs more than just HW)</li>
<li class="fragment">https://salsa.debian.org/freexian-team/project-funding/-/merge_requests/14</li>
</ul>
</section>
@@ -529,10 +542,9 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h3>"Solved" problems with <code>.buildinfo</code> files</h3>
<ul>
<li>buildinfos.debian.net is just a proof of concept, but it kinda works. (though "<em>it's called a commit because my code is a crime</em>"...)</li>
- <li class="fragment">we had >3000 packages without .buildinfo files... (solved, well...).</li>
- <li class="fragment">I've found 782 more of those... I'll fix those, but NEW ones will keep coming..</li>
+ <li class="fragment">we had >3000 packages without .buildinfo files, I NMUed all of them and I've found 782 more of those... I'll fix those too, but NEW ones will keep coming...</li>
<li class="fragment">#862073 ftp.debian.org: Please POST .buildinfo files to buildinfo.debian.net (worked around poorly)</li>
- <li class="fragment">#763822 ftp.debian.org: please include .buildinfo file in the archive (worked around poorly, causing issues with security updates)</li>
+ <li class="fragment">#763822 ftp.debian.org: please include .buildinfo file in the archive (worked around poorly, <code>dak</code> knows nothing about them)</li>
</ul>
</section>
@@ -559,15 +571,14 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
</section>
<section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
- <h3>meaningful reproducibilty of Debian is possible for:</h3>
+ <h3>meaningful reproducibilty of Debian is possible for: (amd64 only)</h3>
<ul>
<li class="fragment">Debian installer images, are reproducible when build from git, as shown by Roland Clobus. The problem here is that automated testing of d-i images fails almost constantly in sid and testing...</li>
<li class="fragment">Debian Live images are reproducible using <em>live-build</em> as shown by Roland Clobus.</em>.</li>
<ul>
<li class="fragment">reproducible package installation != reproducible packages</li>
- <li class="fragment">future of Debian live images uncertain, though we have 3 choices now: none, unreproducible or reproducible. I know which I'd pick.</em></li>
+ <li class="fragment">future of Debian live images uncertain, though we have 3 choices now: none, unreproducible or reproducible.</em></li>
</ul>
- <li class="fragment">again, amd64 only because of snapshot.d.o issues</li>
</ul>
</section>
@@ -617,21 +628,19 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<li class="fragment">I still haven't found what I'm looking for, these are rather long term goals, but nothing strategic yet:</li>
<li class="fragment">0 bugs with patches unuploaded. Currently there are 313 of these. 2 NMUs per week, uploaded to DELAYED/14.</li>
<li class="fragment">snapshot.debian.org usable for mass rebuilds of all architectures by many users.</li>
- <li class="fragment">.buildinfo files known and used by <pre>dak</pre>.</li>
+ <li class="fragment">.buildinfo files known and used by <code>dak</code>.</li>
<li class="fragment">#863622: apt: warn when installing packages that are not reproducible</li>
</ul>
</section>
- <section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="17%" data-background-position="50% 15%">
- <br>
+ <section data-background="images/debianreunionhh2022-hearts-bigger-diamond-i-dot-same-color-more-centered-bigger-hearts-pl.svg" data-background-size="12%" data-background-position="90% 10%">
<br>
- <h2>
+ <h3>
Thank you
<br><small>… and all the contributors out there!</small>
- </h2>
- <p class="fragment">Do you think reproducible builds should happen?</p>
- <p class="fragment">If so, please pick <em>one</em> of these bugs and help fixing it.<br />We need your help.</p>
+ </h3>
+ <p class="fragment">Do you think reproducible builds should happen? If so, please pick <em>one</em> of these bugs and help fixing it.<br />We need your help.</p>
<p class="fragment">https://wiki.debian.org/ReproducibleBuilds</p>
<br>
<p class="fragment"><em>I still haven't found what I'm looking for <br> but I'm confident we'll get there, eventually!</em></p>
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/57cd62ff369358a7712e903a4f52ec8b3a126649
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/57cd62ff369358a7712e903a4f52ec8b3a126649
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20220529/05b47d3a/attachment.htm>
More information about the rb-commits
mailing list