[Git][reproducible-builds/reproducible-presentations][master] 3 commits: Change symlinks to copies to prepare for packaging.

Vagrant Cascadian (@vagrant) gitlab at salsa.debian.org
Tue Jul 11 20:46:53 UTC 2023 


Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
fe9e4358 by Vagrant Cascadian at 2023-07-11T12:01:00-07:00
Change symlinks to copies to prepare for packaging.

- - - - -
70d7b5fb by Vagrant Cascadian at 2023-07-11T12:05:58-07:00
Add Debian packaging.

- - - - -
28be7410 by Vagrant Cascadian at 2023-07-11T13:45:52-07:00
Breaking the chains: pull some content from other talks.

- - - - -


11 changed files:

- 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/Breaking_the_Chains_of_Trusting_Trust.org
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/breaking-the-chains-of-trusting-trust.install
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/changelog
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/control
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/copyright
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/rules
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/source/format
- − 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png
- − 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png
- + 2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png


Changes:

=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/Breaking_the_Chains_of_Trusting_Trust.org
=====================================
@@ -144,7 +144,93 @@ Since 1974
 
 What is the Price...
 
-Of Trusting Trust?
+of Trusting Trust?
+
+* Free and Open Source Software
+
+#+ATTR_BEAMER: :overlay <+->
+- Use
+- Study
+- Change
+- Share
+- Community
+
+* Share what exactly
+
+#+ATTR_BEAMER: :overlay <+->
+- source
+- binaries
+- files packaged for distribution
+
+* Where do binaries come from
+
+#+ATTR_BEAMER: :overlay <+->
+- Source code...
+- Transformed by a toolchain...
+- Into machine code
+
+* A taste of source
+
+from bash 5.0 assoc.c:
+
+#+BEGIN_SRC C
+assoc_insert (hash, key, value)
+     HASH_TABLE *hash;
+     char *key;
+     char *value;
+{
+  BUCKET_CONTENTS *b;
+
+  b = hash_search (key, hash, HASH_CREATE);
+  if (b == 0)
+    return -1;
+  /* If we are overwriting an existing element's value, we're not going to
+     use the key.  Nothing in the array assignment code path frees the key
+     string, so we can free it here to avoid a memory leak. */
+  if (b->key != key)
+    free (key);
+  FREE (b->data);
+  b->data = value ? savestring (value) : (char *)0;
+  return (0);
+}
+#+END_SRC
+
+* Building the software
+
+#+BEGIN_SRC shell
+./configure
+make
+make install
+#+END_SRC
+
+* A resulting binary might look like
+
+#+BEGIN_SRC shell
+
+$ head /bin/bash
+ELF&@@8 @@88TTTDDPtdDDQtdRtd0<0</lib/ld-linux-aarch64.so.1GNUy;OġUQGNU 04
+                                                                          #!JzdAPDDB D  @AJ!Ih at i"r
+NL@@@AB
+0Iq(h   @(
+          H &RD!D
+                    $DP`
+ @A4 at ABf L0 dPCDDBE % 32BX at TD$
+ @A%
+
+!0`0@@bBh
+         HBH
+Xq@ Y       `1B
+BdH(0"BB1@
+          2
+ s0 "Bi$DF0"B 6)4$
+=HdL at 0( 0D at kBDQH`$yh@(>5R @!% PH
+b
+RAbN at P@L.<:B@&
+              JFD08 `
+                     p0D@`
+                           H`P30
+                                 BL 9E4( B
+#+END_SRC
 
 * Reproducible Builds
 
@@ -168,6 +254,15 @@ identical copies of all specified artifacts.
 
 [[./images/reproducible-builds.png]]
 
+* Once upon a time
+
+#+ATTR_BEAMER: :overlay <+->
+- Historically software was reproducible! Every bit counted.
+- Things eventually got more complicated...
+- Bit for bit reproducible GNU toolchain in the early 90s on 10(?) architectures.
+- *And we all forgot.*
+- In 2011 and 2012, Bitcoin and Torbrowser were made reproducible...
+
 * Building on a solid foundation of turtles
 
   https://bootstrappable.org
@@ -298,11 +393,24 @@ No need to Trust, All you need is:
 \addtocounter{framenumber}{-1}
 \tiny
 
-  Copyright 2019-2022 Vagrant Cascadian <vagrant at reproducible-builds.org>
+  Copyright 2019-2023 Vagrant Cascadian <vagrant at reproducible-builds.org>
   Portions by contributors to the reproducible-builds.org website.
 
+  Copyright 2019 Holger Levsen <holger at layer-acht.org>
+
   This work is licensed under the Creative Commons
   Attribution-ShareAlike 4.0 International License.
 
   To view a copy of this license, visit
   https://creativecommons.org/licenses/by-sa/4.0/
+
+snippet from bash assoc.c:
+
+Copyright (C) 2008,2009,2011 Free Software Foundation, Inc.
+
+Bash is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+http://www.gnu.org/licenses/


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/breaking-the-chains-of-trusting-trust.install
=====================================
@@ -0,0 +1 @@
+Breaking_the_Chains_of_Trusting_Trust.pdf /usr/share/doc/breaking-the-chains-of-trusting-trust/


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/changelog
=====================================
@@ -0,0 +1,5 @@
+breaking-the-chains-of-trusting-trust (2023.07.16~0) UNRELEASED; urgency=medium
+
+  * Presented at FOSSY 2023.
+
+ -- Vagrant Cascadian <vagrant at reproducible-builds.org>  Tue, 11 Jul 2023 11:48:39 -0700


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/control
=====================================
@@ -0,0 +1,17 @@
+Source: breaking-the-chains-of-trusting-trust
+Section: doc
+Priority: optional
+Maintainer: Vagrant Cascadian <vagrant at reproducible-builds.org>
+Build-Depends: debhelper-compat (=13),
+ emacs,
+ emacs-nox,
+ texlive-latex-extra,
+ texlive-plain-generic,
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+Homepage: https://2023.fossy.us/schedule/presentation/118/
+
+Package: breaking-the-chains-of-trusting-trust
+Architecture: all
+Depends: ${misc:Depends}, ${shlibs:Depends},
+Description: Breaking the Chains of Trusting Trust


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/copyright
=====================================
@@ -0,0 +1,14 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Breaking the Chains of Trusting Trust
+Source: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/tree/master/2023-07-16-Breaking_the_Chains_of_Trusting_Trust
+
+Files: *
+Copyright: 2019-2022 Vagrant Cascadian <vagrant at reproducible-builds.org>
+License: cc-by-sa-4.0
+
+License:
+  This work is licensed under the Creative Commons
+  Attribution-ShareAlike 4.0 International License.
+  .
+  To view a copy of this license, visit
+  https://creativecommons.org/licenses/by-sa/4.0/


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/rules
=====================================
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/debian/source/format
=====================================
@@ -0,0 +1 @@
+3.0 (native)


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png deleted
=====================================
@@ -1 +0,0 @@
-../../2020-05-LFNW-beyond-trusting-open-source-software/images/reproducible-builds.png
\ No newline at end of file


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png
=====================================
Binary files /dev/null and b/2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/reproducible-builds.png differ


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png deleted
=====================================
@@ -1 +0,0 @@
-../../2020-05-LFNW-beyond-trusting-open-source-software/images/vagrantupsidedown.png
\ No newline at end of file


=====================================
2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png
=====================================
Binary files /dev/null and b/2023-07-16-Breaking_the_Chains_of_Trusting_Trust/images/vagrantupsidedown.png differ



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/a2d669c64c0f4a2f3b9c64e99b38eb2309ac9a6d...28be7410bbd91510b37a41b080e3b240945c3034

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/a2d669c64c0f4a2f3b9c64e99b38eb2309ac9a6d...28be7410bbd91510b37a41b080e3b240945c3034
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20230711/c4ac0ce7/attachment.htm>

More information about the rb-commits mailing list