[Git][reproducible-builds/reproducible-presentations][master] 2023-11-04: Beyond Trusting Trust: variations, SOURCE_DATE_EPOCH,

Vagrant Cascadian (@vagrant) gitlab at salsa.debian.org
Wed Nov 1 22:06:19 UTC 2023 


Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations


Commits:
a8e70040 by Vagrant Cascadian at 2023-11-01T15:03:07-07:00
2023-11-04: Beyond Trusting Trust: variations, SOURCE_DATE_EPOCH,
update coypright header, consolidate and drop some slides.

- - - - -


1 changed file:

- 2023-11-04-SeaGL-Beyond-Trusting-FOSS/Beyond-Trusting-FOSS.org


Changes:

=====================================
2023-11-04-SeaGL-Beyond-Trusting-FOSS/Beyond-Trusting-FOSS.org
=====================================
@@ -144,6 +144,7 @@ assoc_insert (hash, key, value)
 make
 make install
 #+END_SRC
+
 * A resulting binary might look like
 
 #+BEGIN_SRC shell
@@ -173,8 +174,6 @@ RAbN at P@L.<:B@&
                                  BL 9E4( B
 #+END_SRC
 
-
-
 * Reproducible Builds
 
 ** text
@@ -207,7 +206,27 @@ Debian
 - 380 million lines of code ... and counting!
 - ~95% reproducible
 
-* So you want to have Reproducible builds
+* Chaos and Freinds
+
+https://reproducible-builds.org/docs/env-variations/
+
+#+ATTR_BEAMER: :overlay <+->
+- Timestamps
+- User Information
+- Host system information
+- Randomness
+- So many more!
+- Especially Timestamps!
+
+* Deterministic time?
+
+SOURCE_DATE_EPOCH
+
+https://reproducible-builds.org/docs/source-date-epoch/
+
+Supported in GCC, Clang, and more!
+
+* So you want Reproducible builds
 
 https://reproducible-builds.org/docs/recording/
 
@@ -220,6 +239,16 @@ Providing sufficient information for independent verification:
 - Works best with Free and Open Source Software!
 - Automated testing (QA, CI, etc.)
 
+* Reprotest
+
+reprotest
+
+#+ATTR_BEAMER: :overlay <+->
+- builds something twice with many variations
+- displays the differences between results
+- https://salsa.debian.org/reproducible/reprotest
+- if unreproducible: "bisect" the variations
+
 * diffocope
 
 https://diffoscope.org
@@ -231,6 +260,7 @@ https://diffoscope.org
 - locates and diagnoses reproducibility issues
 - used for analysing *why* something is reproducible!
 - *not* used for determining whether something is reproducible!
+- Supported on many distributions
 
 * diffoscope example
 
@@ -259,38 +289,6 @@ Symlinks, Tape archives (.tar), Tcpdump capture files (.pcap), Text
 files, TrueType font files, XML binary schemas (.xsb), XML files, XZ
 compressed files, etc.
 
-* try diffoscope
-
-https://diffoscope.org
-
-\vspace{\baselineskip}
-
-Available on many platforms:
-
-** text
-    :PROPERTIES:
-    :BEAMER_col: 0.4
-    :END:
-
-#+ATTR_BEAMER: :overlay <+->
-- Debian
-- Fedora
-- OpenSUSE
-- Archlinux
-- GNU Guix
-
-** text
-    :PROPERTIES:
-    :BEAMER_col: 0.4
-    :END:
-
-#+ATTR_BEAMER: :overlay <+->
-- NixOS
-- FreeBSD
-- NetBSD
-- Homebrew
-- PyPI
-
 * try diffoscope online
 
 And on the World Wide Web!
@@ -299,15 +297,6 @@ https://try.diffoscope.org
 
 [[./images/try.diffoscope.org.png]]
 
-* Reprotest
-
-reprotest
-
-#+ATTR_BEAMER: :overlay <+->
-- builds something twice with many variations
-- https://salsa.debian.org/reproducible/reprotest
-- if unreproducible: "bisect" the variations
-
 * What you get with Reproducible Builds
 
 ** text
@@ -360,16 +349,6 @@ And a C compiler to compile the other C compiler
 
 ...Ad infinitum
 
-* Java bootstrap
-
-Java bootstrapping
-
-  #+ATTR_BEAMER: :overlay <+->
-- openjdk17 needs...
-- openjdk16 which needs...
-- ...
-- openjdk9 ... etc.
-
 * Rust bootstrap
 
 Rust bootstrapping
@@ -447,6 +426,10 @@ https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source
 
 * Under that Turtle
 
+How about...
+
+...Without an operating system?
+
 #+ATTR_BEAMER: :overlay <+->
 - UEFI https://git.stikonas.eu/andrius/stage0-uefi
 - Bare Metal https://git.savannah.nongnu.org/cgit/stage0.git/tree/
@@ -462,16 +445,14 @@ No need to Trust, all we need is:
 - Diverse compilation
 - ... and lots of compile cycles
 
-* Make it happen
+* Thanks
 
-https://reproducible-builds.org/contribute/
+Help make it happen!
 
-* Keeping the lights on
+https://reproducible-builds.org/contribute/
 
 https://reproducible-builds.org/donate/
 
-* Thanks
-
 https://reproducible-builds.org/who/sponsors/
 
 Open Technology Fund
@@ -496,3 +477,14 @@ Protocol Labs
 
   To view a copy of this license, visit
   https://creativecommons.org/licenses/by-sa/4.0/
+
+snippet from bash assoc.c:
+
+  Copyright (C) 2008,2009,2011 Free Software Foundation, Inc.
+
+  Bash is free software: you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+
+  http://www.gnu.org/licenses/



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/a8e70040834c3935eb941adf0ff6f036da988078

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/a8e70040834c3935eb941adf0ff6f036da988078
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20231101/a1abf9a1/attachment.htm>

More information about the rb-commits mailing list