[Reproducible-commits] [presentations] 01/01: initial template for fosdem15 talk, copied from fosdem14 talk. please dont edit yet, but please do read the TODO file and comment on that. or wait with reviewing until later :)
Holger Levsen
holger at moszumanska.debian.org
Tue Jan 20 11:19:17 UTC 2015
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository presentations.
commit 6520a3b176ffdb155331fb8ddd0332707ea4ba86
Author: Holger Levsen <holger at layer-acht.org>
Date: Tue Jan 20 12:19:09 2015 +0100
initial template for fosdem15 talk, copied from fosdem14 talk. please dont edit yet, but please do read the TODO file and comment on that. or wait with reviewing until later :)
---
2015-01-31-FOSDEM15/2015-01-31-FOSDEM15-header.tex | 29 +++
2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn | 286 +++++++++++++++++++++
2015-01-31-FOSDEM15/Makefile | 30 +++
2015-01-31-FOSDEM15/TODO | 40 +++
2015-01-31-FOSDEM15/images/tor-blog.png | Bin 0 -> 135486 bytes
5 files changed, 385 insertions(+)
diff --git a/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15-header.tex b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15-header.tex
new file mode 100644
index 0000000..f95eabb
--- /dev/null
+++ b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15-header.tex
@@ -0,0 +1,29 @@
+% Thanks Richard Darst on how to get a nice Beamer theme.
+% See http://rkd.zgib.net/wiki/DebianBeamerThemes
+
+\usebackgroundtemplate{\includegraphics[width=\paperwidth]{images/swirl-lightest.pdf}}
+\logo{\includegraphics[viewport=274 335 360 440,width=1cm]{images/openlogo-nd.pdf}}
+
+\definecolor{debianred}{rgb}{.780,.000,.211} % 199,0,54
+\definecolor{debianblue}{rgb}{0,.208,.780} % 0,53,199
+\definecolor{debianlightbackgroundblue}{rgb}{.941,.941,.957} % 240,240,244
+\definecolor{debianbackgroundblue}{rgb}{.776,.784,.878} % 198,200,224
+
+\usecolortheme[named=debianbackgroundblue]{structure}
+\setbeamercolor{normal text}{fg=debianred}
+\setbeamercolor{titlelike}{fg=debianblue}
+\setbeamercolor{sidebar}{fg=debianred,bg=debianbackgroundblue}
+
+\setbeamercolor{palette sidebar primary}{fg=debianred}
+\setbeamercolor{palette sidebar secondary}{fg=debianred}
+\setbeamercolor{palette sidebar tertiary}{fg=debianred}
+\setbeamercolor{palette sidebar quaternary}{fg=debianred}
+
+\setbeamercolor{section in toc}{fg=debianred}
+\setbeamercolor{subsection in toc}{parent=debianred}
+
+\setbeamercolor{item}{fg=debianred}
+
+\setbeamercolor{block title}{fg=debianblue}
+
+\usetheme{Boadilla}
diff --git a/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
new file mode 100644
index 0000000..7e6d2e9
--- /dev/null
+++ b/2015-01-31-FOSDEM15/2015-01-31-FOSDEM15.mdwn
@@ -0,0 +1,286 @@
+% Stretching out for trustworthy reproducible builds
+% Holger Levsen \<holger at debian.org\>
+% 2015-01-31 FOSDEM15
+
+What are reproducible builds?
+-----------------------------
+
+\begin{center}
+\Large
+“reproducible” builds
+enable anyone to reproduce the exact same
+binary packages from a given source
+\end{center}
+
+Why?
+----
+
+ * Prevent targeted attacks
+ * Debugging: ensure known source; create missing debug symbols
+ * Ensure packages can be built from source
+ * Help building `Multi-Arch: same` packages
+ * Similar `.deb`: deduplication, small deltas
+ * Different build profiles, same common packages
+
+How did this start?
+-------------------
+
+\begin{center}
+\includegraphics[width=0.8\textwidth]{images/tor-blog}
+\end{center}
+
+Nothing new
+-----------
+
+\texttt{\footnotesize%
+From: Martin Uecker <muecker at gmx.de> \\
+Cc: debian-devel at lists.debian.org \\
+Date: Sun, 23 Sep {\large 2007} 23:32:59 +0200 \\
+}
+
+\textit{%
+I think it would be really cool if the Debian policy required
+that packages could be rebuild bit-identical from source.
+At the moment, it is impossible to independly verify the
+integricity of binary packages.
+}
+
+\begin{flushright}
+\tiny
+\url{https://lists.debian.org/debian-devel/2007/09/msg00746.html}
+\end{flushright}
+
+BoF during DebConf13
+--------------------
+
+ * Planned at the last minute
+ * 30 attendees
+ * Kicked off
+ `wiki.debian.org/ReproducibleBuilds`
+
+How?
+----
+
+ * Record the build environment
+ * Reproduce the build environment
+ * Eliminate unneeded variations
+
+Record the build environment
+----------------------------
+
+Record which versions of the build dependencies (and their dependencies) are
+installed.
+
+Reproduce the build environment
+-------------------------------
+
+`snapshot.debian.org`
+
+Source of variations
+--------------------
+
+ * Timestamps
+ * Build paths
+ * File order
+ * Locale
+ * …
+
+Timestamps
+----------
+
+`gzip` stores a timestamp.
+
+\tiny
+
+ $ file README.txt.gz
+ README.txt.gz: gzip compressed data, was "README.txt", from Unix,
+ last modified: Mon Mar 5 00:05:49 2012, max compression
+
+Timestamps
+----------
+
+`ar`, `tar`, `zip`, `jar`… store timestamps.
+
+\tiny
+
+ $ tar ztvf copyright-format.xml.tar.gz
+ -rw-r--r-- pbuilder/pbuilder 473 2012-03-05 00:02 Makefile
+ -rw-r--r-- pbuilder/pbuilder 56918 2012-03-05 00:05 copyright-format-1.0.html
+ -rw-r--r-- pbuilder/pbuilder 37218 2012-03-05 00:05 copyright-format-1.0.txt
+ -rw-r--r-- pbuilder/pbuilder 10007 2012-03-05 00:05 copyright-format-1.0.txt.gz
+ -rw-r--r-- pbuilder/pbuilder 53917 2012-03-05 00:02 copyright-format-1.0.xml
+ -rw-r--r-- pbuilder/pbuilder 808 2012-03-05 00:02 html.dsl
+ -rw-r--r-- pbuilder/pbuilder 97 2012-03-05 00:05 version.xml
+
+Timestamps
+----------
+
+`javadoc` writes timestamps:
+
+\tiny
+
+ $ head -n 5 /usr/share/doc/libjaxe-java-doc/api/serialized-form.html
+ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+ <!-- NewPage -->
+ <html lang="en">
+ <head>
+ <!-- Generated by javadoc (version 1.6.0_27) on Sat Jul 13 17:27:51 UTC 2013 -->
+
+Build paths
+-----------
+
+Build path is embedded in debug symbols:
+
+\tiny
+
+ $ readelf -w /usr/lib/debug/usr/bin/pidgin | grep '/tmp/build' | head -n 4
+ <11> DW_AT_name : /tmp/buildd/pidgin-2.10.6/./pidgin/pidginstock.c
+ <15> DW_AT_comp_dir : /tmp/buildd/pidgin-2.10.6/build/pidgin
+ <402d> DW_AT_name : /tmp/buildd/pidgin-2.10.6/./pidgin/gtkaccount.c
+ <4031> DW_AT_comp_dir : /tmp/buildd/pidgin-2.10.6/build/pidgin
+
+File order
+----------
+
+`readdir()` returns file in the order of the file system.
+
+Locale
+------
+
+Behaviour can change depending on configured locale:
+
+\tiny
+
+ $ printf 'a\nà\nb\n' | LC_ALL=C.UTF-8 sort
+ a
+ b
+ à
+
+ $ printf 'a\nà\nb\n' | LC_ALL=fr_FR.UTF-8 sort
+ a
+ à
+ b
+
+Misc.
+-----
+
+ * Hostname
+ * Uname output
+ * Username
+
+The hard path
+-------------
+
+ * Configure the toolchain:
+ binutils `--enable-deterministic-archives`
+ * Add missing options:
+ `javadoc --no-timestamps`
+ * Patch build systems:
+ `gzip -n`
+
+Experiment
+----------
+
+\begin{center}
+\Huge 62\%
+\end{center}
+
+Waow.
+
+Already reproducible
+--------------------
+
+ source name popcon insts
+ --------------------- ------------
+ findutils 164641
+ wget 164512
+ klibc 163312
+ busybox 161494
+ installation-report 157494
+ laptop-detect 157352
+ python-support 155075
+ netkit-ftp 145548
+
+Failures in the remaining packages
+----------------------------------
+
+ 1017 build-id-mismatch
+ 295 unknown
+ 108 jar-file
+ 106 haskell-prof
+ 103 haskell-dev
+ 101 php-registry
+ 101 html-mismatch
+ 63 same-depends-different-order
+ 62 r-rds
+ 52 gzip-timestamp
+ 46 kde-doc-index
+
+Other distributions
+-------------------
+
+ * Fedora
+ <http://securityblog.redhat.com/2013/09/18/reproducible-builds-for-fedora/>
+ * OpenSUSE build-compare
+ <https://build.opensuse.org/package/show/openSUSE:Factory/build-compare>
+ * NixOS
+ <http://lists.science.uu.nl/pipermail/nix-dev/2013-June/011357.html>
+
+Want to help?
+-------------
+
+Triage:
+
+ * Let's make a new archive-wide rebuild and sort the result.
+
+Want to help?
+-------------
+
+Specify:
+
+ * Think about the best way to record the environment.
+
+Want to help?
+-------------
+
+Code:
+
+ * Add “no timestamps” option to `jar`, `javadoc`, `epydoc`…
+ * Write a script to rebuild a package from a .changes file
+ and a recorded environment.
+
+Want to help?
+-------------
+
+Project management:
+
+ * Coordinate the baby steps needed to move this forward.
+
+Want to help?
+-------------
+
+Stay in touch:
+
+ * Subscribe to the `ReproducibleBuilds` wiki page.
+ * Subscribe to the `reproducible-builds at l.a.d.o` mailing list.
+
+Reproducible Fedora ? SLES ? BSD ?
+---
+
+\begin{center}
+Please find me and talk to me. I'd love to help kickstart that.
+\end{center}
+
+Questions? Comments?
+--------------------
+
+\begin{center}
+\Huge
+?
+\end{center}
+
+\begin{center}
+\vspace{3em}
+\url{wiki.debian.org/ReproducibleBuilds}
+\url{reproducible.debian.net}
+\end{center}
diff --git a/2015-01-31-FOSDEM15/Makefile b/2015-01-31-FOSDEM15/Makefile
new file mode 100644
index 0000000..285caa3
--- /dev/null
+++ b/2015-01-31-FOSDEM15/Makefile
@@ -0,0 +1,30 @@
+.PHONY: all source
+
+PRESENTATION = 2015-01-31-FOSDEM15
+
+all: $(PRESENTATION).pdf
+
+source: $(PRESENTATION)-src.tar.gz
+
+IMGS = \
+ images/swirl-lightest.pdf \
+ images/openlogo-nd.pdf \
+ $(shell echo $$(sed -n -e 's/^[^%]*\\includegraphics\([^{]*\)\?{\([^}]*\)}.*$$/\2.*/p' $(PRESENTATION).mdwn | sed -e 's/\.svg$$/\.pdf$$/' | sort -u))
+
+$(PRESENTATION).pdf: $(PRESENTATION).mdwn $(PRESENTATION)-header.tex $(IMGS)
+ pandoc -t beamer \
+ --include-in-header=$(PRESENTATION)-header.tex \
+ --variable=fontsize=14pt \
+ --latex-engine=lualatex -o $@ $<
+
+%.pdf: %.svg
+ inkscape --export-pdf=$@ --export-dpi=600 $<
+
+SRCS = \
+ $(shell find . -maxdepth 1 '(' -name '$(PRESENTATION).GNUMakefile' -o -name 'Makefile' ')' -printf '%P\n') \
+ $(PRESENTATION).mdwn \
+ $(PRESENTATION)-header.tex \
+ $(IMGS)
+
+$(PRESENTATION)-src.tar.gz: $(SRCS)
+ tar -zcvf $@ --transform 's,$(PRESENTATION)\.GNUMakefile,Makefile,;s,^,$(PRESENTATION)/,' $(SRCS)
diff --git a/2015-01-31-FOSDEM15/TODO b/2015-01-31-FOSDEM15/TODO
new file mode 100644
index 0000000..3cd4810
--- /dev/null
+++ b/2015-01-31-FOSDEM15/TODO
@@ -0,0 +1,40 @@
+mention
+ ssh CVE one bit example from 31c3 talk
+ bitcoin started this
+ the team in debian
+ other noteworthy people
+ git repos:
+ notes.git -> master
+ jenkins.d.n/bin/reproducible* -> master
+ dpkg.git -> pu/reproducible_builds
+ debhelper.git -> pu/reproducible_builds
+ cdbs.git -> pu/reproducible_builds
+ ...
+ PTS integration
+ new cleaned up wiki (screenshot)
+ pkg stats graph
+ issues graph
+ notes graph
+ usertags graph
+ issues list (screenshots too)
+
+ pkg sets:
+ essential
+ build essential
+ popcon 1337
+ dsa installed
+ tails
+ grml
+ describe jenkins setup
+ scheduler
+ 3 builds in tmpfs
+ html pages
+ .json
+ .buildinfo support in dpkg
+ strip_nondeterminism and dh_stripnoterminism
+ srebuild
+ help: provide tool to display local packages reproducible build status
+ help: reproducible fedora
+ goal: all issues identified
+ goal: dak integration, .buildinfo files integrated in the archive #bugnumber
+ include status+next from main wiki page
diff --git a/2015-01-31-FOSDEM15/images/tor-blog.png b/2015-01-31-FOSDEM15/images/tor-blog.png
new file mode 100644
index 0000000..9bac1cb
Binary files /dev/null and b/2015-01-31-FOSDEM15/images/tor-blog.png differ
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git
More information about the Reproducible-commits
mailing list