[Git][reproducible-builds/reproducible-presentations][master] dc24 talk: final tuning?
Holger Levsen (@holger)
gitlab at salsa.debian.org
Mon Jul 29 01:29:44 UTC 2024
Holger Levsen pushed to branch master at Reproducible Builds / reproducible-presentations
Commits:
5ae6ae15 by Holger Levsen at 2024-07-29T10:29:25+09:00
dc24 talk: final tuning?
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
1 changed file:
- 2024-07-29-R-B-the-first-11-years/index.html
Changes:
=====================================
2024-07-29-R-B-the-first-11-years/index.html
=====================================
@@ -146,7 +146,7 @@
<section data-background-color="white">
- <img class="fragment" src="images/fosdem2014-1.png" width="100%">
+ <img class="fragment" src="images/fosdem2014-6.png" width="100%">
</section>
<section>
@@ -704,15 +704,30 @@
<li class="fragment">...and a LOT of work by MANY people over MANY years.</li>
</section>
+ <section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h2>2013 and 2014</h2>
+ <ul>
+ <li>Lunar hosted a brainstorming meeting at DebConf13.</li>
+ <li class="fragment">and another one at DebConf14</li>
+ </ul>
+ </section>
+
+
<section data-background-color="white">
<img class="fragment" src="images/fosdem2014-6.png" width="100%">
</section>
+ <section data-background-color="white">
+ <img class="fragment" src="images/fosdem2014-1.png" width="100%">
+ </section>
+
+
+
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h2>2013 and 2014</h2>
<ul>
<li>Lunar hosted a brainstorming meeting at DebConf13.</li>
- <li class="fragment">and another one at DebConf14</li>
+ <li>and another one at DebConf14</li>
<li class="fragment">patches for <code>dpkg</code>: sorting fixes and .buildinfo files (SBOM!)</li>
<li class="fragment">in September 2014 I started systematic builds of Debian packages, twice. First just 100 packages, then all of them.</li>
<li class="fragment">Mike Perry and Seth Schoen gave a presentation at CCCongress in December 2014 showing "my" graphs. Wow.</li>
@@ -827,12 +842,6 @@
</section>
- <section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>37400 bugs in 11 years ~= 9 per day</h3>
- <img class="fragment" src="images/stats_bugs_state.png">
-
- </section>
-
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h2>Resources about unreproducibilities:</h2>
<ul>
@@ -846,8 +855,15 @@
</span>
</section>
+ <section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
+ <h3>37400 bugs in 11 years ~= 9 per day</h3>
+ <span class="fragment"><img src="images/stats_bugs_state.png">
+ <p>we rebuild constantly and find lots of FTBFS bugs</p></span>
+ </section>
+
+
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h2>Detour: some unexpected benefits of reproducible builds</h2>
+ <h2>Detour: additional benefits of reproducible builds</h2>
<ul>
<li class="fragment">Lower development costs and increased development speed through less developer time wasted on waiting for builds.</li>
<li class="fragment">Software development: does this change really have no effect / the desired effect only?</li>
@@ -871,7 +887,6 @@
<li>2019 Marrakech</li>
<li>2022 Venice</li>
<li>2023 Hamburg</li>
- <li>2024 Hamburg</li>
</section>
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
@@ -1087,7 +1102,7 @@ Warpforge.
<h2>Debian <em>testing</em> migration</h2>
<ul style="font-size: 94%">
<li>Since the end of 2023, CI reproducible-builds results are included in the excuses output for Debian testing migration, but there is no penalty nor bonus yet.</li>
- <li>In 2025 for Debian 14 "<em>forky</em>" however there should penalties for violating:
+ <li>In 2025 for Debian 14 "<em>forky</em>" however there could penalties for violating:
<ul>
<li class="fragment">reproducible packages <em>must not</em> regress (to be allowed into <code>testing</code> and therefore into <code>stable</code>).</li>
<li class="fragment">NEW packages <em>must</em> build reproducibly (to be allowed into <code>testing</code> and therefore into <code>stable</code>).</li>
@@ -1153,7 +1168,7 @@ Warpforge.
</tr><tr>
<td>forky+2</td>
<td>50000</td>
-<td><span style="color: #00ff00">0 (?!?!!!)</span></td>
+<td><span style="color: #00ff00">0 (?!?!!! that's probably 2031)</span></td>
</tr><tr>
</tr>
@@ -1206,18 +1221,18 @@ Warpforge.
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h3>debootsnap and debrebuild from src:devscripts</h3>
- <ul>
+ <h3>debootsnap and debrebuild from src:devscripts in unstable</h3>
+ <ul><code>
<li class="fragment">wget https://buildinfos.debian.net/ftp-master.debian.org/buildinfo/2024/01/16/crun_1.13-1_amd64.buildinfo</li>
- <li class="fragment">debrebuild --builder=sbuild libaacs_0.11.1-3_amd64-source.buildinfo</li>
+ <li class="fragment">debrebuild --builder=sbuild libaacs_0.11.1-3_amd64-source.buildinfo</li></code>
<li class="fragment">debootsnap and debrebuild need a working snapshot.debian.org thus this didn't really work until last month.</li>
<li class="fragment">Please try it out and report bugs the BTS.</li>
</ul>
</section>
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
- <h4>https://beta.tests.reproducible-builds.org/debian</h4>
- <img src="images/bookworm_full.amd64+all.png">
+ <h4>and so <i>now finally</i> we can rebuild and compare with what we distribute on ftp.debian.org:</h4>
+ <img src="images/bookworm_full.amd64+all.png" width="60%">
<ul>
<li>needs re-setup...</li>
<li class="fragment">archlinux rebuilderd could also be used</li>
@@ -1258,26 +1273,25 @@ Warpforge.
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects (AIUI)</h3>
- <ul>
- <li class="fragment">this section is a bit outdated and incomplete...</li>
- <li class="fragment">I'm sorry.</li>
- <li class="fragment">and very happy there's so much great stuff going on!</li>
+ <ul class="fragment">
+ <li>This section is a bit outdated and incomplete. I'm sorry. And I'm very happy there's so much great stuff going on!</li>
+ <li>I'll probably skip this in the talk but will leave it here for those reading the slides.</li>
</ul>
</section>
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects (AIUI)</h3>
<ul>
- <li class="fragment">Tails: "easy", pragmatically solved.</li>
- <li class="fragment">Arch Linux: has rebuilders and snapshot binary archive, though lacks further infrastructure and thus user tools like <code>pacman-bintrans</code> are PoCs.</li>
+ <li>Tails: "easy", pragmatically solved.</li>
+ <li>Arch Linux: has rebuilders and snapshot binary archive, though lacks further infrastructure and thus user tools like <code>pacman-bintrans</code> are PoCs.</li>
- <pre class="fragment">
+ <pre>
Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
[core] repository is 93.3% reproducible with 17 bad and 238 good packages.
[extra] repository is 94.1% reproducible with 171 bad and 2860 good packages.
[community] repository is 83.8% reproducible with 1481 bad and 7674 good packages.
</pre>
- <li class="fragment">SuSE: active development, by one person, not enabled in official builds</li>
+ <li>SuSE: active development, by one person, not enabled in official builds</li>
</ul>
</section>
@@ -1286,19 +1300,19 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<ul>
<li>nixOS: https://reproducible.nixos.org: 1570 out of 1572 (99.87%) paths in the minimal installation image are reproducible.</li>
<li>GNU Guix: also reproducible by design (like nixOS) - <em>guix-challenge</em></li>
- <li class="fragment">Yocto: support for reproducible images.</li>
- <li class="fragment">F-Droid: supports reproducible builds though no UI (manual web crawling needed) nor promises.<ul>
+ <li>Yocto: support for reproducible images.</li>
+ <li>F-Droid: supports reproducible builds though no UI (manual web crawling needed) nor promises.<ul>
</ul>
</section>
<section data-background="images/debconf24.svg" data-background-size="10%" data-background-position="93% 9%" data-transition="none">
<h3>Short overview of reproducibility of various projects, continued</h3>
<ul>
- <li class="fragment">Alpine: basic support.</li>
- <li class="fragment">ElectroBSD/FreeBSD/NetBSD/OpenBSD: basic support.</li>
- <li class="fragment">Fedora/Redhat/Ubuntu: not interested it seems.</li>
+ <li>Alpine: basic support.</li>
+ <li>ElectroBSD/FreeBSD/NetBSD/OpenBSD: basic support.</li>
+ <li>Fedora/Redhat/Ubuntu: not interested it seems.</li>
<ul>
- <li class="fragment">though Fedora 38 (April 2023) enabled clamping mtimes of package files using SOURCE_DATE_EPOCH from changelog when building packages.</li>
+ <li class="fragment">though Fedora 38 (April 2023) enabled clamping mtimes of package files using SOURCE_DATE_EPOCH from changelog when building packages. YAY!</li>
</ul>
</ul>
</section>
@@ -1316,7 +1330,7 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h3>Theory vs Praxis</h3>
<ul>
<li>In theory, we are done. In practice, we have shown that reproducible builds can be done in theory.</li>
- <li class="fragment">Now we also need many rebuilders (!= CI builders) and we need to store the results somewhere and we need to define criterias how tools should treat that data, and then we need those tools...</li>
+ <li class="fragment">For Debian we now need to setup rebuilders (!= CI builders) and we need to store the results somewhere and we need to define criterias how tools should treat that data, and then we need those tools...</li>
<li class="fragment">And those missing 5% are also crucial however, or at least 1% of them. For Debian, 1% means 300 softwares...</li>
</ul>
@@ -1330,11 +1344,9 @@ Arch Linux is 86.4% reproducible with 1701 bad and 10849 good packages.
<h3>Summary, looking forward</h3>
<ul>
<li>Many projects support or aim for reproducible builds today. This is a huge success.</li>
- <li class="fragment">Next: finish those last 1-5% upstream.</li>
- <li class="fragment">Next: create infrastructure of rebuilders in practice.</li>
- <li class="fragment">Next: create infrastructure, processes and tools to securely use those results...</li>
- <li class="fragment">Next: project-level consensus and commitment to reproducible builds in practice.</li>
- <li class="fragment">Next: ... !!!</li>
+ <li class="fragment">Next: finish those last 1-5% upstream. (And there are some dragons too, eg PGO.)</li>
+ <li class="fragment">Next: create infrastructure, processes and tools to use those results...</li>
+ <li class="fragment">Also crucial: project-level consensus and commitment to reproducible builds in practice.</li>
</ul>
</section>
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/5ae6ae1579c88ec354fc6d6bb1236893b789c2d3
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-presentations/-/commit/5ae6ae1579c88ec354fc6d6bb1236893b789c2d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240729/2c9d7cc9/attachment.htm>
More information about the rb-commits
mailing list