[Git][reproducible-builds/reproducible-presentations][master] 15 commits: osfc 2023: quote email
Vagrant Cascadian (@vagrant)
gitlab at salsa.debian.org
Tue Oct 10 06:10:50 UTC 2023
Vagrant Cascadian pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
6e376248 by Vagrant Cascadian at 2023-10-09T16:23:00-07:00
osfc 2023: quote email
- - - - -
708ea3d9 by Vagrant Cascadian at 2023-10-09T16:24:56-07:00
osfc 2023: Split each u-boot issue into separate slide
- - - - -
01a76620 by Vagrant Cascadian at 2023-10-09T16:25:45-07:00
osfc 2023: drop trailing whitespace.
- - - - -
eea026bf by Vagrant Cascadian at 2023-10-09T16:26:26-07:00
osfc 2023: hide the first bullet
- - - - -
217352a9 by Vagrant Cascadian at 2023-10-09T20:14:50-07:00
osfc 2023: Add slides for diffoscope and reprotest.
- - - - -
7fe8504b by Vagrant Cascadian at 2023-10-09T20:55:52-07:00
osfc 2023: more detail comparing debian to firmware projects.
- - - - -
a779e4a0 by Vagrant Cascadian at 2023-10-09T20:57:22-07:00
osfc 2023: turn commit dumps into acgtual slides.
- - - - -
e2bcd208 by Vagrant Cascadian at 2023-10-09T20:58:24-07:00
osfc 2023: fix diffoscope bullets.
- - - - -
8bcd4b84 by Vagrant Cascadian at 2023-10-09T20:58:41-07:00
osfc 2023: catching regressions...
- - - - -
e869278c by Vagrant Cascadian at 2023-10-09T21:15:26-07:00
osfc 2023: recording the build environment
- - - - -
8af31242 by Vagrant Cascadian at 2023-10-09T21:19:58-07:00
osfc 2023: Add link to more variations.
- - - - -
e806df81 by Vagrant Cascadian at 2023-10-09T21:34:30-07:00
osfc 2023: Add cheerleading open source firmware slide!
- - - - -
1985ee3f by Vagrant Cascadian at 2023-10-09T21:42:23-07:00
osfc 2023: Add images referenced in slides.
- - - - -
5ff5aac2 by Vagrant Cascadian at 2023-10-09T21:43:12-07:00
osfc 2023: fix consistency of referencing commits.
- - - - -
ceee0720 by Vagrant Cascadian at 2023-10-09T22:59:42-07:00
osfc 2023: Fix date in debian/changelog.
- - - - -
4 changed files:
- 2023-10-11-Reproducible-Builds-All-The-Way-Down/Reproducible-Builds-All-The-Way-Down.org
- 2023-10-11-Reproducible-Builds-All-The-Way-Down/debian/changelog
- + 2023-10-11-Reproducible-Builds-All-The-Way-Down/images/diffoscope.png
- + 2023-10-11-Reproducible-Builds-All-The-Way-Down/images/try.diffoscope.org.png
Changes:
=====================================
2023-10-11-Reproducible-Builds-All-The-Way-Down/Reproducible-Builds-All-The-Way-Down.org
=====================================
@@ -27,7 +27,7 @@
as tooling used to diagnose and troubleshoot reproducibility issues.
There has been Reproducible Builds work on several firmware projects
- including u-boot, trustedfirmware, opensbi and others!
+ including U-Boot, TrustedFirmware, OpenSBI and others!
Because firmware projects tend to be limited in scope, Open Source
Firmware projects make a great showcase for the viability of 100%
@@ -104,6 +104,7 @@ Debian
#+ATTR_BEAMER: :overlay <+->
- The Universal Operating System
- ~34000 source packages and counting
+- 380 million lines of code ... and counting!
- ~95% reproducible
* Scope: Open Source Firmware
@@ -112,13 +113,23 @@ Firmware projects
#+ATTR_BEAMER: :overlay <+->
- hardware specific
-- limited functionality
-- 100% reproducible
+- often limited functionality and scope
+- smaller size, quicker development cycles
+- 100% reproducible is achievable
+
+* Open Source Firmware, yay!
+
+ Because firmware projects tend to be limited in scope, Open Source
+ Firmware projects make a great showcase for the viability of 100%
+ reproducibility!
* Approaching 100% reproducible
#+ATTR_BEAMER: :overlay <+->
- Coreboot 100%
+- U-Boot 100% (more later)
+- OpenSBI 100% (more later)
+- TrustedFirmware-A 100% (more later)
- OpenWRT 96%-100%
- Yocto 99.98%
@@ -126,6 +137,7 @@ Firmware projects
https://bugs.debian.org/726699
+#+BEGIN_SRC shell
On Thu, Oct 17, 2013 at 09:48:50PM -0700, Vagrant Cascadian wrote:
> A newer version of u-boot is available (2013.10), with support for a few new
> platforms such as BeagleBone Black and Wandboard...
@@ -135,6 +147,7 @@ On Thu, Oct 17, 2013 at 09:48:50PM -0700, Vagrant Cascadian wrote:
There's basically no one willing to do long-term maintenance, so
have a blast!
+#+END_SRC
* U-Boot, the great enticement
@@ -143,158 +156,219 @@ Debian U-Boot packages were marked reproducible
https://alioth-lists.debian.net/pipermail/reproducible-builds/Week-of-Mon-20150727/002492.html
#+ATTR_BEAMER: :overlay <+->
-- Reproducible Builds tests only performed on x86
+- ...
- I knew there were timestamps!
+- Reproducible Builds tests only performed on x86
- Started with two or three little boards...
- Reproducible Builds Zoo!
-* u-boot
+* U-boot: Timestamps
-commit 878e2a50b50199cb06ee28df53151e396a29d838
-Author: Vagrant Cascadian <vagrant at reproducible-builds.org>
-Date: Thu May 2 11:14:12 2019 -0700
+5847084f6bbd0778afb29f0574085d4210ea8cff
- Set time and umask on fit-dtb.blob to ensure reproducibile builds.
+Respect SOURCE_DATE_EPOCH when building FIT images.
-commit 8664ab7debabfb6e1049c81030c2a18fd3eecb58
-Author: Vagrant Cascadian <vagrant at debian.org>
-Date: Sun Jun 3 12:26:57 2018 -0700
+* Deterministic time?
- Set time and umask on multi-dtb fit images to ensure reproducibile builds.
+SOURCE_DATE_EPOCH
+
+https://reproducible-builds.org/docs/source-date-epoch/
+
+Supported in GCC, Clang, and more!
+
+* U-Boot: Revenge of Timestamps
+
+8664ab7debabfb6e1049c81030c2a18fd3eecb58
+
+Set time and umask on multi-dtb fit images to ensure reproducibile builds.
+
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- gzip has --no-name
+- lzop has no way around it
+- a light "touch" fixes future compression choices!
+
+* U-Boot: Revenge of the Revenge of the Timestamps
+
+878e2a50b50199cb06ee28df53151e396a29d838
+
+Set time and umask on fit-dtb.blob to ensure reproducibile builds.
+
+#+ATTR_BEAMER: :overlay <+->
+- Sound familiar?
+- New files...
+- ...identical problems!
+
+* Noooo Timestamps
+
+There are no timestamps...
+
+...like No Timestamps!
+
+* U-Boot: build paths
-
https://patchwork.ozlabs.org/project/uboot/patch/20220818173133.12552-1-vagrant@debian.org/
+
Makefile: Use relative paths for debugging symbols.
-worked around in Debian u-boot packages.
+#+ATTR_BEAMER: :overlay <+->
+- Worked around in Debian u-boot packages.
+- Fixed in upstream gcc 13 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93371
+
+* U-Boot: Running kernel
+
+3a0654ecd0d6a39406e6fe91f7a40ce589594ae9
-Fixed in upstream gcc 13 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93371
+efi_loader: correctly identify binary name
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Embedded BOOTX64.EFI or BOOTIA32.EFI
+- Used host architecture rather than target architecture
-commit 3a0654ecd0d6a39406e6fe91f7a40ce589594ae9
-Author: Heinrich Schuchardt <xypron.glpk at gmx.de>
-Date: Fri Jun 10 18:24:48 2022 +0200
+* U-Boot: randomness
- efi_loader: correctly identify binary name
+aaa91a4e4b8a5d74f1317e18aa47d2a7a72e0c43
- Only on the sandbox the default EFI binary name (e.g. BOOTX64.EFI) must
- match the host architecture.
+fit_image: Use calloc() to fix reproducibility issue
- In all other cases we must use the target architecture.
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Unitialized memory areas embedded into the build
- Use #elif where appropriate.
+* U-Boot: locale
- Reported-by: Vagrant Cascadian <vagrant at reproducible-builds.org>
- Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
+42ffa51fd46bc6fd4bf2c244f00a80df31d01596
-commit aaa91a4e4b8a5d74f1317e18aa47d2a7a72e0c43
-Author: Fabio Estevam <festevam at gmail.com>
-Date: Mon Jul 27 21:03:13 2020 -0300
+Use C locale when setting CC_VERSION_STRING and LD_VERSION_STRING.
- fit_image: Use calloc() to fix reproducibility issue
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Only unreproducible when italitian locales used!!
+- Tried many, many other locales
+- GNU ld (GNU Binutils for Debian) 2.26 ...
+- ld di GNU (GNU Binutils for Debian) 2.26
+- Only language that happened to have translations for the relevent
+ string
- Vagrant Cascadian reported that mx6cuboxi target no longer builds
- reproducibility on Debian.
+* opensbi
- One example of builds mismatches:
+https://github.com/riscv-software-src/opensbi/pull/229
- 00096680: 696e 6700 736f 756e 642d 6461 6900 6465 ing.sound-dai.de
- -00096690: 7465 6374 2d67 7069 6f73 0000 tect-gpios..
- +00096690: 7465 6374 2d67 7069 6f73 0061 tect-gpios.a
+Build paths embedded, new uses of __FILE__
- This problem happens because all the buffers in fit_image.c are
- allocated via malloc(), which does not zero out the allocated buffer.
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Proposed -ffile-prefix-map to workaround
+- Actually fixed by improved error handling not using __FILE__
- Using calloc() fixes this unpredictable behaviour as it guarantees
- that the allocated buffer are zero initialized.
+* trustedfirmware-a (or did you say arm-trusted-firmware)
- Reported-by: Vagrant Cascadian <vagrant at reproducible-builds.org>
- Suggested-by: Tom Rini <trini at konsulko.com>
- Signed-off-by: Fabio Estevam <festevam at gmail.com>
- Tested-by: Vagrant Cascadian <vagrant at reproducible-builds.org>
+Also embedding build paths
-commit 5847084f6bbd0778afb29f0574085d4210ea8cff
-Author: Vagrant Cascadian <vagrant at debian.org>
-Date: Thu Jun 16 12:28:40 2016 -0700
+debian/rules: Use -ffile-prefix-map in TF_CFLAGS.
- Respect SOURCE_DATE_EPOCH when building FIT images.
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Regression and only partially fixed at the moment
- Embedding timestamps in FIT images results in unreproducible builds
- for targets that generate a fit image, such as dra7xx_evm.
+* Types of reproducibility issues discovered
- This patch uses the SOURCE_DATE_EPOCH environment variable, when set,
- to use specified value for the date.
+Let us Review...
- Thanks to HW42 for debugging the issue and providing the patch:
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- Timestamps
+- Build Paths
+- Locale dependent strings
+- Also Timestamps
+- Let us not forget timestamps!
+- https://reproducible-builds.org/docs/env-variations/
- https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html
+* diffocope
- For more information about reproducible builds and the
- SOURCE_DATE_EPOCH specification:
+https://diffoscope.org
- https://reproducible-builds.org/specs/source-date-epoch/
- https://reproducible-builds.org/
+\vspace{\baselineskip}
- Signed-off-by: Vagrant Cascadian <vagrant at debian.org>
- Reviewed-by: Simon Glass <sjg at chromium.org>
+#+ATTR_BEAMER: :overlay <+->
+- Recursive and human-readable "diff"
+- locates and diagnoses reproducibility issues
+- used for analysing *why* something is reproducible!
+- *not* used for determining whether something is reproducible!
-commit 42ffa51fd46bc6fd4bf2c244f00a80df31d01596
-Author: Vagrant Cascadian <vagrant at debian.org>
-Date: Sun Jun 12 06:07:07 2016 -0700
+* diffoscope example
- Use C locale when setting CC_VERSION_STRING and LD_VERSION_STRING.
+[[./images/diffoscope.png]]
- The output reported may be locale-dependent, which results in
- unreproducible builds.
+* diffoscope, supported file types
- $ LANG=C ld --version | head -n 1
- GNU ld (GNU Binutils for Debian) 2.26
+Android APK files, Android boot images, Ar(1) archives, Berkeley DB database files, Bzip2 archives, Character/block devices, ColorSync colour profiles (.icc), Coreboot CBFS filesystem images, Cpio archives, Dalvik .dex files, Debian .buildinfo files, Debian .changes files, Debian source packages (.dsc), Device Tree Compiler blob files, Directories, ELF binaries, Ext2/ext3/ext4/btrfs filesystems, FreeDesktop Fontconfig cache files, FreePascal files (.ppu), Gettext message catalogues, GHC Haskell .hi files, GIF image files, Git repositories, GNU R database files (.rdb), GNU R Rscript files (.rds), Gnumeric spreadsheets, Gzipped files, ISO 9660 CD images, Java .class files, JavaScript files, JPEG images, JSON files, LLVM IR bitcode files, MacOS binaries, Microsoft Windows icon files, Microsoft Word .docx files, Mono 'Portable Executable' files, Ogg Vorbis audio files, OpenOffice .odt files, OpenSSH public keys, OpenWRT package archives (.ipk), PDF documents, PGP signed/encrypted messages, PNG images, PostScript documents, RPM archives, Rust object files (.deflate), SQLite databases, SquashFS filesystems, Statically-linked binaries, Symlinks, Tape archives (.tar), Tcpdump capture files (.pcap), Text files, TrueType font files, XML binary schemas (.xsb), XML files, XZ compressed files, etc.
- $ LANG=it_CH.UTF-8 ld --version | head -n 1
- ld di GNU (GNU Binutils for Debian) 2.26
+* try diffoscope
- Forcing LC_ALL=C ensures the output is consistant regardless of the
- build environment.
+https://diffoscope.org
- Thanks to HW42 for debugging the issue:
+\vspace{\baselineskip}
- https://lists.alioth.debian.org/pipermail/reproducible-builds/Week-of-Mon-20160606/005722.html
+Available on many platforms:
- For more information about reproducible builds:
+** text
+ :PROPERTIES:
+ :BEAMER_col: 0.4
+ :END:
- https://reproducible-builds.org/
+#+ATTR_BEAMER: :overlay <+->
+- Debian
+- Fedora
+- OpenSUSE
+- Archlinux
+- GNU Guix
- Signed-off-by: Vagrant Cascadian <vagrant at debian.org>
- Reviewed-by: Tom Rini <trini at konsulko.com>
-
-* opensbi
+** text
+ :PROPERTIES:
+ :BEAMER_col: 0.4
+ :END:
-https://github.com/riscv-software-src/opensbi/pull/229
-Ensure reproducible builds regardless of build path
+#+ATTR_BEAMER: :overlay <+->
+- NixOS
+- FreeBSD
+- NetBSD
+- Homebrew
+- PyPI
-Upstream commit 12753d2 introduced
-uses of FILE which may result in the build path getting embedded
-into the resulting binary.
+* try diffoscope online
-The -ffile-prefix-map argument is available in gcc 8 and clang 10, which can be used to strip out the absolute part of the path from the artifacts the compiler produces.
+And on the World Wide Web!
-https://reproducible-builds.org/docs/build-path/
+https://try.diffoscope.org
-Signed-off-by: Vagrant Cascadian vagrant at reproducible-builds.org
+[[./images/try.diffoscope.org.png]]
-commit 14faee6916bc973b9fdb816c5f4a45096e3f645a
-Author: Jessica Clarke <jrtc27 at jrtc27.com>
-Date: Sun Nov 21 17:30:22 2021 +0000
+* Reprotest
- lib: sbi: Improve fatal error handling
+reprotest
-* trustedfirmware-a (or did you say arm-trusted-firmware)
+#+ATTR_BEAMER: :overlay <+->
+- builds something twice with many variations
+- https://salsa.debian.org/reproducible/reprotest
+- if unreproducible: "bisect" the variations
+
+* So you want to have Reproducible builds
+
+https://reproducible-builds.org/docs/recording/
+
+Providing sufficient information for independent verification:
+
+#+ATTR_BEAMER: :overlay <+->
+- ...
+- "toolchain" packages at specific versions
+- SOURCE_DATE_EPOCH (seconds since 1970-01-01)
+- Works best with Free and Open Source Software!
-commit 3b984c23fc5c2810d2177af50f5ef58345ca64bc
-Author: Vagrant Cascadian <vagrant at debian.org>
-Date: Sat Oct 17 15:06:43 2020 -0700
+* To Catch a Regression
- debian/rules: Use -ffile-prefix-map in TF_CFLAGS.
+Automatic Testing (Continuous Integration, Quality Assurance, etc.)
* Copyright and attributions
\addtocounter{framenumber}{-1}
=====================================
2023-10-11-Reproducible-Builds-All-The-Way-Down/debian/changelog
=====================================
@@ -2,4 +2,4 @@ reproducible-builds-all-the-way-down (2023.10.11+OSFC) UNRELEASED; urgency=mediu
* Presented at OSFC 2023.
- -- Vagrant Cascadian <vagrant at reproducible-builds.org> Fri, 06 Oct 2023 23:17:39 -0700
+ -- Vagrant Cascadian <vagrant at reproducible-builds.org> Wed, 11 Oct 2023 12:15:00 -0700
=====================================
2023-10-11-Reproducible-Builds-All-The-Way-Down/images/diffoscope.png
=====================================
Binary files /dev/null and b/2023-10-11-Reproducible-Builds-All-The-Way-Down/images/diffoscope.png differ
=====================================
2023-10-11-Reproducible-Builds-All-The-Way-Down/images/try.diffoscope.org.png
=====================================
Binary files /dev/null and b/2023-10-11-Reproducible-Builds-All-The-Way-Down/images/try.diffoscope.org.png differ
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/2ea179ee1c05cc1774b03eeccf1e3d64985db61d...ceee0720c1527b06020e277da8a014e96ff5f50c
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/compare/2ea179ee1c05cc1774b03eeccf1e3d64985db61d...ceee0720c1527b06020e277da8a014e96ff5f50c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20231010/2bdc5cf7/attachment.htm>
More information about the rb-commits
mailing list