[Git][reproducible-builds/reproducible-presentations][master] 10 years r-b cccamp talk: drop 6 slides
Holger Levsen (@holger)
gitlab at salsa.debian.org
Fri Aug 4 18:25:51 UTC 2023
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
b60c567c by Holger Levsen at 2023-08-04T20:25:40+02:00
10 years r-b cccamp talk: drop 6 slides
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2023-08-19-R-B-the-first-10-years/index.html
- 2023-08-19-R-B-the-first-10-years/todo
Changes:
=====================================
2023-08-19-R-B-the-first-10-years/index.html
=====================================
@@ -850,86 +850,13 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<ul>
<li class="fragment">snapshot.debian.org was (and is) unusable for rebuilds, fixed by Frédéric Pierret and josch since June 2021, by providing a partial mirror for amd64 only and only going back until January 2017.</li>
<li class="fragment">without "a working" snapshot.debian.org (it works, "just" not for our usecases) we cannot have reproducible Debian...</li>
- <li class="fragment">sadly snapshot.notset.fr is currently down and snapshot.reproducible-builds.org ist not yet up... :/</li>
- </ul>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>improvements to our snapshot.debian.org mirror</h3>
- <ul>
<li class="fragment">soon to be hosted at OSUOSL as snapshot.reproducible-builds.org</li>
<li class="fragment">we want at least arm64 too, though that needs more than just HW. See the MR above.</li>
</ul>
</section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>"Solved" problems with <code>.buildinfo</code> files</h3>
- <ul style="font-size: 98%">
- <li class="fragment">we had >3000 packages without .buildinfo files, I NMUed all of them (with the help of David Bremner!) 😇 Just NEW ones will keep coming...</li>
- <li class="fragment">buildinfos.debian.net is just a proof of concept, but it works around #862073, #763822, #862538, #929397 well enough.</li>
- <li class="fragment">GPG keys expire, so we just ignore signatures...</li>
- </ul>
- </section>
-
-
-
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>And then, meaningful reproducibilty of Debian is still not possible because:</h3>
- <ul>
- <li class="fragment">linux, gcc and glibc are our current blockers getting <em>build-essential</em> reproducible in <em>bookworm</em>.</li>
- <li class="fragment">Debian installer images are not reproducible in <em>bullseye</em>.</li>
- <li class="fragment">Debian Live images are not reproducible in <em>bullseye</em>.</li>
- <li class="fragment">Sadly "bullseye" was not a typo in the last two lines. :(</li>
- </ul>
-
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>meaningful reproducibilty of Debian d-i images<br>(amd64 only)</h3>
- <ul>
- <li class="fragment">Debian installer images, are reproducible when build from git, as shown by Roland Clobus. The problem here is that automated testing of d-i images fails almost constantly in sid and testing...</li>
- </ul>
-
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>meaningful reproducibilty of Debian live images<br>(amd64 only)</h3>
- <ul>
- <li class="fragment">Debian Live images are reproducible using <em>live-build</em> as shown by Roland Clobus.</em>.</li>
- <ul>
- <li class="fragment">reproducible package installation != reproducible packages</li>
- <li class="fragment">future of Debian live images uncertain, though we have 3 choices now: none, unreproducible or reproducible.</em></li>
- </ul>
- </ul>
-
- </section>
-
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>more on d-i and live images</h3>
- <ul>
- <li class="fragment">Roland Clobus gave a talk at the Debian Reunion Hamburg about his efforts to revive live-images.</li>
- <li class="fragment">Roland and Phil Hands are working together to get those images tested for functionality as well, using https://openqa.debian.net.</li>
- <li class="fragment">There's a "Debian installer and images team BoF" happening now, though I don't know if live images will be covered there.</li>
- </ul>
-
- </section>
-
-
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3><em>other issues, release team area</em></h3>
- <ul>
- <li>We are very happy that testing migration is blocked for binary uploads.</li>
- <li class="fragment">We very much like the idea of accellerating migration for reproducibility.</li>
- <li class="fragment">Debian policy: too early for "must", but maybe for <em>trixie</em> we can have "must not regress"?</li>
- </ul>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3><em>other issues, salsa CI related</em></h3>
+ <h3><em>reprotest</em></h3>
<ul>
<li>"btw", <em>reprotest</em> is basically unmaintained upstream.</li>
</ul>
@@ -970,12 +897,13 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h3>History needs to be written</h3>
<li>https://reproducible-builds.org/docs/history/ ends in 2015.😟</li>
<li>Arch Linux has done a lot. Rebuilders and pacman-bintrans.<li>
- <li>CI builds vs rebuilders.</li>
- <li>Fedora finally enabled r-b macros for RPM.</li>
<li>SBOM should be mentioned. And that without reproducible builds SBOMs are rather meaningless, while with them, those are <u>verified SBOMs</u>!.</li>
- <li>Help would be very much welcome to write our history. While it's fresh, and not 30 years later.</li>
</section>
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
+ <h3>Notable mentions</h3>
+ </section>
+
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
<h3>I probably didn't backdoor this</h3>
@@ -1000,7 +928,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
- <h3>Some more information ;-)</h3>
+ <h3>Summary information</h3>
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="12%" data-background-position="90% 10%">
=====================================
2023-08-19-R-B-the-first-10-years/todo
=====================================
@@ -1,9 +1,9 @@
new todo:
+ remove slides at the end
+ improve end / debian status
incl pdf screenshots from ccc talk from 2014
incl emails (siehe lunars talk)
- remove slides at the end
mention financing, esp for summit!
- improve end / debian status
$ grep -c 'section da' index.html
should not return 74 but 42 or rather less
verifiable SBOMs!
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/b60c567c99ca415d349e166983d0742cdf9bdc44
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/b60c567c99ca415d349e166983d0742cdf9bdc44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230804/6c066737/attachment.htm>
More information about the rb-commits
mailing list