[Git][reproducible-builds/reproducible-presentations][master] 10 years r-b cccamp talk: wip after wip
Holger Levsen (@holger)
gitlab at salsa.debian.org
Fri Aug 18 13:15:50 UTC 2023
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
4e87b2ba by Holger Levsen at 2023-08-18T15:15:37+02:00
10 years r-b cccamp talk: wip after wip
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- 2023-08-19-R-B-the-first-10-years/index.html
- 2023-08-19-R-B-the-first-10-years/todo
Changes:
=====================================
2023-08-19-R-B-the-first-10-years/index.html
=====================================
@@ -166,7 +166,7 @@
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>very incomplete list of people<br>who have been working on this <em>so far</em></h3>
+ <h3>list of people working on this so far</h3>
<!-- taken from website.git/_data/contributors.yml -->
<p style="font-size: 42%">
@@ -513,10 +513,10 @@
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<br>
- <h3>Please support these efforts</h3>
+ <h3>We need you!<br> Please support these efforts</h3>
<ul>
<li>Do you think reproducible builds should happen?<br> If so, please help. We need your help and support.</li>
- <span class="fragment"><li>The goals of this talk are to get you informed, excited & involved. And to explain that a lot of work and support is still needed, despite all the progress and successes so far!<br> We are still far from being done.</li>
+ <span class="fragment"><li>The goals of this talk it to recap what we have done and to celebrate 10 years of awesomeness of <b>many</b> with the aim to get you informed, excited & involved.<br>And to explain that a lot of work and support is still needed, despite all the progress and successes so far!<br> We are still far from being done.</li>
<li>We can do it! 💪</li></span>
</ul>
</section>
@@ -689,11 +689,6 @@
<li class="fragment">diffoscope</li>
</section>
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>results for Debian unstable, until 20230804</h3>
- <img src="images/stats_pkg_state_20230804.png">
- </section>
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
@@ -706,10 +701,16 @@
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>The unreproducible package</h3>
+ <h2>Common reasons for unreproducibilities:</h2>
+ <ul>
+ <li>422 known issue types in reproducible-notes.git<li>
+ <li>https://reproducible-builds.org/docs/</li>
+ <li>Lunar's talk at CCCamp 2015</li>
+ <span class="fragment">
<li>https://github.com/bmwiedemann/theunreproduciblepackage</li>
- <li class="fragment">It's much easier to show common pitfalls making a package unreproducible than the opposite...</li>
+ <li>It's much easier to show common pitfalls making a package unreproducible than the opposite...</li>
</ul>
+ </span>
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
@@ -856,9 +857,57 @@ Warpforge.
</ul>
</section>
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Summary of reproducibility of various projects</h3>
+ <ul>
+ <p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident.</p>
+ <p class="fragment">I call it reproducible in theory or in CI.</p>
+ <p class="fragment">This is a <em>massive</em> success! This was thought impossible not long ago.</p>
+ </ul>
+ </section>
+
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Short overview of reproducibility of Debian</h3>
+ <ul>
+ <li> TBD</li>
+ </ul>
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>results for Debian unstable, until 20230804</h3>
+ <img src="images/stats_pkg_state_20230804.png">
+ </section>
+
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Debian trixie, 20230804</h3>
+ <img src="images/stats_pkg_state_trixie_20230804.png">
+ </section>
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h4>https://beta.tests.reproducible-builds.org/debian</h4>
+ <img src="images/bookworm_full.amd64+all.png">
+
+ </section>
+
+
+ <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>Debian policy</h3>
+ <ul>
+ <li>2017: packages <em>should</em> build reproducibly.</li>
+ <li class="fragment">2023? reproducible packages <em>must not</em> regress.</li>
+ <li class="fragment">2025? packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and <code>stable</code>.</li>
+ <li class="fragment">What else?</li>
+ </ul>
+ </section>
+
+
+
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects (AIUI)</h3>
- <ul class="fragment">Tails: "easy", pragmatically "solved" but not systematically...
+ <ul>
+ <li class="fragment">Tails: "easy", pragmatically "solved" but not systematically...
<li class="fragment">Arch Linux: has rebuilders and snapshot binary archive, though lacks further infrastructure and user tools like <code>pacman-bintrans</code> thus are merely PoCs.</li>
<pre class="fragment">
@@ -873,16 +922,17 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects, continued</h3>
- <li class="fragment">nixOS: https://reproducible.nixos.org: 1570 out of 1572 (99.87%) paths in the minimal installation image are reproducible!</li>
- <li class="fragment">GNU Guix: also reproducible by design (like nixOS) - <em>guix-challenge</em></li>
+ <ul>
+ <li>nixOS: https://reproducible.nixos.org: 1570 out of 1572 (99.87%) paths in the minimal installation image are reproducible!</li>
+ <li>GNU Guix: also reproducible by design (like nixOS) - <em>guix-challenge</em></li>
<li class="fragment">Yocto: support for reproducible images</li>
<li class="fragment">F-Droid: supports reproducible builds though no UI (manual web crawling needed) nor promises<ul>
- <li class="fragment">"Corona Contract Tracing German": update problem due to unreproducibility</li></ul></li>
</ul>
</section>
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects, continued</h3>
+ <ul>
<li class="fragment">Alpine: basic support</li>
<li class="fragment">FreeBSD/NetBSD/OpenBSD: basic support</li>
<li class="fragment">Fedora/Redhat/Ubuntu: not interested it seems</li>
@@ -890,31 +940,13 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
</ul>
</section>
-
-
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Debian trixie, 20230804</h3>
- <img src="images/stats_pkg_state_trixie_20230804.png">
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h4>https://beta.tests.reproducible-builds.org/debian</h4>
- <img src="images/bookworm_full.amd64+all.png">
-
- </section>
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Summary of reproducibility of various projects</h3>
- <p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident.</p>
- <p class="fragment">I call it reproducible in theory or in CI.</p>
- <p class="fragment">Though this is frustrating, it's also a massive success: this was thought impossible not long ago.</p>
- <p class="fragment">Finally: 96% is not good enough.</p>
+ <h3>Summary of reproducibility of various projects, summarized again</h3>
+ <p>Many projects support reproducible builds by now, but it's unclear what that means, how it's enforced and how users can know and be confident. I call it reproducible in theory or in CI.</p>
+ <p>This is a huge success.</p>
+ <p class="fragment">Next: make this accessable and usable for everyone.</p>
</section>
-
-
-
<section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<img src="images/ccc2014-13.png">
</section>
@@ -946,53 +978,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
- <!-- issues in-depth -->
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>96% in detail</h3>
- <ul>
-
- <li>we are at 96.1% (29651 out of 30869 source packages) CI reproducibiliy for bullseye now.<p>
- <li class="fragment">that's almost 2% up compared to buster (93.9%)</li>
- <li class="fragment">or almost 3000 more reproducible packages (29651 instead of 26682 in buster)</li>
- <li class="fragment">or even more impressive: we've solved one third of the remaining 6% buster had...</li>
- </ul>
-
- </section>
-
-
-
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Debian 13 / trixie goals</h3>
- More than 12 months until the next freeze.
- <ul>
- <li class="fragment">0 packages without .buildinfo files..</li>
- <li class="fragment">build-essential reproducible, at last and at least.</li>
- <li class="fragment">d-i images reproducible.</li>
- <li class="fragment">more archs on our snapshot mirror (arm64! riscv64).</li>
- </ul>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>Debian 13 / trixie goals</h3>
- <ul>
- <li class="fragment">snapshot.debian.org usable for mass rebuilds by many users for all architectures.</li>
- <li class="fragment">more rebuilders! (instead of more CI builders)</li>
- <li class="fragment">0 bugs with patches unuploaded. Currently there are 292 of these. 2 NMUs per week, uploaded to DELAYED/15.</li>
- <li class="fragment">#863622: apt: warn when installing packages that are not reproducible</li>
- <li class="fragment">.buildinfo files known and used by the Debian archive (<code>dak</code>).</li>
- </ul>
- </section>
-
- <section data-background="images/Fisty-sprayed-Stencil_Neonpink.png" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3><em>post</em> Debian 13 / trixie goals</h3>
- <ul>
- <li class="fragment">debian-policy: reproducible packages must not regress</li>
- <li class="fragment">debian-policy: all packages (in testing and then stable) must be reproducible</li>
- <li class="fragment">What else?</li>
- </ul>
- </section>
@@ -1007,6 +993,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h3>https://lists.reproducible-builds.org</h3>
<h3>#reproducible-builds on irc.oftc.net</h3>
<h3>R-B Summit in Hamburg in November 2023</h3>
+ <h5>We need funding!</h5>
</section>
=====================================
2023-08-19-R-B-the-first-10-years/todo
=====================================
@@ -1,50 +1,34 @@
main story points:
- improve end part, after summit slides
+ theory vs praxis:
+ "theory" is easy (it was not! and it was a lot of work)
+ binary transparency would be useful to bridge that gap
+ and still needed with 100% r-b
+ getting 100% of the software to build reproducible is only maybe half the work needed...
update debian stats, shorten existing debian slides at end
- move goals from thanks to beginning! instead of "my talk" disclaimer
- slide debian-polich
- 2017 should
- 2023 must not regress (Debian 13 trixie)
- 2025 must (Debian 14 forky)
- shorten other distros
-
-
-
- 100% reproducible is a politcal task, not technical.
- getting 100% of the software to build reproducible is only maybe half the work needed...
- distro status:
- debian numbers
+ amd64 only
columns: stretch buster bullseye bookworm
rows: amd64 arm64 i386 armhf with percentages
- : 2017: debian-policy: should
- other distros
- missing bits / future work
- snapshot
- theory vs praxis:
- "theory" is easy (it was not! and it was a lot of work)
- 96% is not enough
- binary transparency would be useful to bridge that gap
- and still needed with 100% r-b
+ list 10 biggest blockers?
+ debian next milestones
+ realistically, 100% reproducible is a politcal decision and nothing technical.
commitment from Debian project to do it
-
+ -> policy changes
+ working snapshot.d.o service
+ -> requirement for rebuilders
+ archlinux next milestones
+ I dunno, I'm not even using Arch Linux ;)
+ They have a working snapshot service, they have rebuilders.
+ More rebuilders. Policies. User tooling.
+ Also suffers from 100% dilemma.
+ Installer .iso?
+
+
+
new todo:
nice übergänge
$ grep -c 'section da' index.html
should not return 74 but 42 or rather less
- now at 64 :/
- update numbers for trixie
- list 10 biggest blockers
- or 23
- slide: personally, i want to finish this. by 2030: no more unreproducible builds in Debian stable.
-
-old TODO:
-
-
-- slide?: bootstrapable.org - this is limited to software. reproducible hardware & free & reproducible firmware...
-
- - recap what we have done, celebrate 10y of awesomeness
- - so yeah, there's still a lot to be done after 100% which will make a UI obsolete
- - on a distro scale (say: "please do it with an r-b debian fork. hah, doesnt work because of the 97% only yet".)
+ now at 65 :/
suite all source packages reproducible icon reproducible packages FTBR icon unreproducible packages FTBFS icon packages failing to build timeout icon packages timing out depwait icon packages in depwait state not_for_us icon not for this architecture blacklisted icon blacklisted
stretch/amd64 24719 23040 / 93.2% 1514 / 6.1% 85 / 0.3% 22 / 0.1% 1 / 0.0% 56 / 0.2% 1 / 0.0%
@@ -52,5 +36,4 @@ stretch/arm64 24719 22819 / 92.3% 1292 / 5.2% 277 / 1.1% 10 / 0.0
stretch/armhf 24719 22108 / 89.4% 2026 / 8.2% 193 / 0.8% 26 / 0.1% 119 / 0.5% 231 / 0.9% 16 / 0.1%
stretch/i386 24719 22488 / 91.0% 1985 / 8.0% 130 / 0.5% 7 / 0.0% 32 / 0.1% 76 / 0.3% 1 / 0.0%
- slide: rebuilders (rebuild Debian on every point release? as in: publish those .buildinfo files as one tar archive maybe?)
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/4e87b2ba6d3d09b78497a9120d1c16de4e5ffbc4
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/4e87b2ba6d3d09b78497a9120d1c16de4e5ffbc4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230818/e37f0cb0/attachment.htm>
More information about the rb-commits
mailing list