[presentations] 01/02: copied from 2017-01-27-devconf.cz
Holger Levsen
holger at layer-acht.org
Thu Oct 19 13:56:49 UTC 2017
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository presentations.
commit 4ac46d9abcfff2acabd7642bea10657425540d2f
Author: Holger Levsen <holger at layer-acht.org>
Date: Thu Oct 19 15:34:19 2017 +0200
copied from 2017-01-27-devconf.cz
Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
.../2017-01-27-devconf.cz.tex | 992 +++++++++++++++++++++
2017-10-21-all-systems-go/Makefile | 29 +
2017-10-21-all-systems-go/TODO | 9 +
.../images/2016-01-26-180836.jpg | Bin 0 -> 130311 bytes
2017-10-21-all-systems-go/images/31c3.png | Bin 0 -> 435876 bytes
2017-10-21-all-systems-go/images/archlinux.png | Bin 0 -> 7149 bytes
.../images/cccamp2015_lunar_random.png | Bin 0 -> 338020 bytes
2017-10-21-all-systems-go/images/cii_logo.png | Bin 0 -> 7099 bytes
2017-10-21-all-systems-go/images/coreboot.png | Bin 0 -> 3764 bytes
.../images/diffoscope_example_html.png | Bin 0 -> 98085 bytes
.../images/diffoscope_logo.png | Bin 0 -> 2335 bytes
2017-10-21-all-systems-go/images/electrobsd.png | Bin 0 -> 8608 bytes
2017-10-21-all-systems-go/images/f-droid.png | Bin 0 -> 10225 bytes
2017-10-21-all-systems-go/images/fedora.png | Bin 0 -> 5508 bytes
2017-10-21-all-systems-go/images/freebsd.png | Bin 0 -> 21100 bytes
2017-10-21-all-systems-go/images/guix.png | Bin 0 -> 6440 bytes
2017-10-21-all-systems-go/images/lede.png | Bin 0 -> 9455 bytes
.../images/linux_foundation_logo.png | Bin 0 -> 10163 bytes
2017-10-21-all-systems-go/images/netbsd.png | Bin 0 -> 7978 bytes
2017-10-21-all-systems-go/images/openSUSE.png | Bin 0 -> 9114 bytes
2017-10-21-all-systems-go/images/openlogo-nd.pdf | Bin 0 -> 3168 bytes
2017-10-21-all-systems-go/images/openwrt.png | Bin 0 -> 6785 bytes
.../images/profitbricks_logo.png | Bin 0 -> 3778 bytes
2017-10-21-all-systems-go/images/rbwww1.png | Bin 0 -> 53235 bytes
.../images/stats_bugs_sin_ftbfs_state.png | Bin 0 -> 28257 bytes
.../images/stats_builds_per_day_amd64.png | Bin 0 -> 52732 bytes
.../images/stats_meta_pkg_state_required.png | Bin 0 -> 25817 bytes
.../images/stats_pkg_state.png | Bin 0 -> 30283 bytes
.../images/stats_pkg_state_armhf.png | Bin 0 -> 26789 bytes
.../images/stats_pkg_state_testing.png | Bin 0 -> 32427 bytes
.../images/stats_pkg_state_unstable.png | Bin 0 -> 33669 bytes
2017-10-21-all-systems-go/images/strawhorse.png | Bin 0 -> 226278 bytes
.../images/swirl-lightest.pdf | Bin 0 -> 3540 bytes
2017-10-21-all-systems-go/images/wholeworld.jpg | Bin 0 -> 156812 bytes
2017-10-21-all-systems-go/notes | 75 ++
2017-10-21-all-systems-go/outline | 58 ++
36 files changed, 1163 insertions(+)
diff --git a/2017-10-21-all-systems-go/2017-01-27-devconf.cz.tex b/2017-10-21-all-systems-go/2017-01-27-devconf.cz.tex
new file mode 100644
index 0000000..aa8ffb2
--- /dev/null
+++ b/2017-10-21-all-systems-go/2017-01-27-devconf.cz.tex
@@ -0,0 +1,992 @@
+\documentclass[14pt,aspectratio=169]{beamer}
+\setbeamertemplate{caption}[numbered]
+\setbeamertemplate{caption label separator}{:}
+\setbeamercolor{caption name}{fg=normal text.fg}
+\usepackage{amssymb,amsmath}
+\usepackage{ifxetex,ifluatex}
+\usepackage{fixltx2e} % provides \textsubscript
+\usepackage{lmodern}
+\ifxetex
+ \usepackage{fontspec,xltxtra,xunicode}
+ \defaultfontfeatures{Mapping=tex-text,Scale=MatchLowercase}
+ \newcommand{\euro}{€}
+\else
+ \ifluatex
+ \usepackage{fontspec}
+ \defaultfontfeatures{Mapping=tex-text,Scale=MatchLowercase}
+ \newcommand{\euro}{€}
+ \else
+ \usepackage[T1]{fontenc}
+ \usepackage[utf8]{inputenc}
+ \fi
+\fi
+% use upquote if available, for straight quotes in verbatim environments
+\IfFileExists{upquote.sty}{\usepackage{upquote}}{}
+% use microtype if available
+\IfFileExists{microtype.sty}{\usepackage{microtype}}{}
+\PassOptionsToPackage{hyphens}{url}
+\usepackage{hyperref}
+\usepackage{ulem}
+
+% Comment these out if you don't want a slide with just the
+% part/section/subsection/subsubsection title:
+\AtBeginPart{
+ \let\insertpartnumber\relax
+ \let\partname\relax
+ \frame{\partpage}
+}
+\AtBeginSection{
+ \let\insertsectionnumber\relax
+ \let\sectionname\relax
+ \begin{frame}[plain]
+ \tableofcontents[currentsection]
+ \end{frame}
+}
+\AtBeginSubsection{
+ \let\insertsubsectionnumber\relax
+ \let\subsectionname\relax
+ \frame{\subsectionpage}
+}
+
+\setlength{\parindent}{0pt}
+\setlength{\parskip}{6pt plus 2pt minus 1pt}
+\setlength{\emergencystretch}{3em} % prevent overfull lines
+\setcounter{secnumdepth}{0}
+% Thanks Richard Darst on how to get a nice Beamer theme.
+% See http://rkd.zgib.net/wiki/DebianBeamerThemes
+
+\usepackage{multicol}
+\usepackage[absolute,overlay]{textpos}
+\usepackage{tikz}
+\usepackage{ctable}
+\usetikzlibrary{positioning}
+
+\usebackgroundtemplate{\includegraphics[width=\paperwidth]{images/swirl-lightest.pdf}}
+\newif\ifplacelogo
+\placelogotrue
+\logo{\ifplacelogo\includegraphics[viewport=274 335 360 440,width=1cm]{images/openlogo-nd.pdf}\fi}
+
+\definecolor{debianred}{rgb}{.780,.000,.211} % 199,0,54
+\definecolor{debianblue}{rgb}{0,.208,.780} % 0,53,199
+\definecolor{debianlightbackgroundblue}{rgb}{.941,.941,.957} % 240,240,244
+\definecolor{debianbackgroundblue}{rgb}{.776,.784,.878} % 198,200,224
+
+\usetheme{Boadilla}
+\setbeamertemplate{navigation symbols}{}
+
+\usecolortheme[named=debianbackgroundblue]{structure}
+\setbeamercolor{normal text}{fg=black}
+\setbeamercolor{titlelike}{fg=debianblue}
+\setbeamercolor{sidebar}{fg=debianred,bg=debianbackgroundblue}
+
+\setbeamercolor{palette sidebar primary}{fg=debianred}
+\setbeamercolor{palette sidebar secondary}{fg=debianred}
+\setbeamercolor{palette sidebar tertiary}{fg=debianred}
+\setbeamercolor{palette sidebar quaternary}{fg=debianred}
+
+\setbeamercolor{section in toc}{fg=debianred}
+\setbeamercolor{subsection in toc}{parent=debianred}
+
+\setbeamercolor{item}{fg=debianred}
+
+\setbeamercolor{block title}{fg=debianblue}
+
+
+\title[Reproducible Builds and Fedora]{Reproducible
+builds everywhere \\ eg. in Debian and Fedora and everywhere}
+\subtitle{Bit by bit identical binaries \\
+from a given source}
+\author[Dennis and h01ger]{%
+ \texorpdfstring{
+ \centering
+ Dennis Gilmore\\
+ Holger 'h01ger' Levsen
+ }{Dennis and h01ger}}
+\date[DevConf.cz]{%
+ DevConf.cz in Brno, Czech Republic\\
+ \small{2017-01-27}}
+
+\begin{document}
+\placelogofalse
+
+\begin{frame}[plain]
+ \titlepage
+\end{frame}
+
+\placelogofalse
+
+\begin{frame}
+ \frametitle{about Dennis}
+
+ \begin{itemize}
+ \item \small{\texttt{28CA D001 51E6 21DA 1F2D C13B 7EE5 B4E3 663C 50D1}}
+ \item Fedora user since Fedora Core 1 (2003)
+ \item Fedora contributor since fedora.us
+ \item Plattform lead at Red Hat
+ \item Day job for the last 8 years is Fedora Release Engineering
+ \end{itemize}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[shift={(-0.07\paperwidth, 0.13\paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.15\paperheight]{images/fedora.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\placelogotrue
+
+\begin{frame}
+ \frametitle{about h01ger}
+
+ \begin{itemize}
+ \item \small{\texttt{B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C}}
+ \item Debian user since 1995, contributor since 2001, official developer
+ status since 2007
+ \item DebConf organizer,
+ founded the DebConf video team
+ \begin{itemize}
+ \item \texttt{http://video.debian.net}
+ \end{itemize}
+ \item Debian-Edu (Debian for education)
+ \item Debian QA (quality assurance)
+ \begin{itemize}
+ \item \texttt{https://piuparts.debian.org}
+ \item \texttt{https://jenkins.debian.net} (~1200 jobs continously testing Debian)
+ \end{itemize}
+ \item Debian Reproducible builds team member
+ \begin{itemize}
+ \item since April 2015 funded by the Linux Foundation
+ \end{itemize}
+ \item<2> the Debian branding on these slides is obviously my fault…
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Debian reproducible builds contributors}
+ \begin{center}
+ \begin{columns}
+ \footnotesize
+ \column{.30\linewidth}
+ {akira} \\
+ {Alexis Bienvenüe} \\
+ {Andrew Ayer} \\
+ {Asheesh Laroia} \\
+ Boyuan Yang \\
+ {Ceridwen} \\
+ {Chris Lamb} \\
+ {Chris West} \\
+ {Christoph Berg} \\
+ Clint Adams \\
+ Dafydd Harries \\
+ {Daniel Kahn Gillmor} \\
+ {Daniel Shahaf} \\
+ Daniel Stender \\
+ David Suarez \\
+ {Dhole} \\
+ Drew Fisher \\
+ Emmanuel Bourg \\
+ \column{.30\linewidth}
+ Emanuel Bronshtein \\
+ Esa Peuha \\
+ {Fabian Wolff} \\
+ {Guillem Jover} \\
+ Hans-Christoph Steiner \\
+ Harlan Lieberman-Berg \\
+ {Helmut Grohne} \\
+ \only<1>{Holger Levsen}\only<2>{{\color{debianred} Holger Levsen}} \\
+ HW42 \\
+ Intrigeri \\
+ {Jelmer Vernooij} \\
+ {josch} \\
+ Juan Picca \\
+ {Lunar} \\
+ Maria Glukhova \\
+ Mathieu Bridon \\
+ {Mattia Rizzolo} \\
+ Nicolas Boulenguez \\
+ {Niels Thykier} \\
+ \column{.30\linewidth}
+ Niko Tyni \\
+ {Paul Wise} \\
+ Peter De Wachter \\
+ Philip Rinn \\
+ {Reiner Herrmann} \\
+ Robbie Harwood \\
+ {Santiago Vila} \\
+ {Sascha Steinbiss} \\
+ {Satyam Zode} \\
+ {Scarlett Clark} \\
+ {Stefano Rivera} \\
+ {Stéphane Glondu} \\
+ {Steven Chamberlain} \\
+ Tom Fitzhenry \\
+ {Valerie Young} \\
+ Valentin Lorentz \\
+ {Wookey} \\
+ {Ximin Luo} \\
+ \end{columns}
+ \end{center}
+\end{frame}
+
+
+\placelogofalse
+
+\begin{frame}
+ \frametitle{Who are you?}
+ \begin{itemize}
+ \item<2-5> Seen a talk about reproducible builds?
+ \item<3-5> Contributed to the effort?
+ \item<4-5> Uses Debian or a Debian based system?
+ \item<5> Uses Fedora, RHEL, CentOS or a Fedora derivative based system?
+ \end{itemize}
+\end{frame}
+
+
+
+\section{Motivation}
+
+\begin{frame}[fragile]
+ \frametitle{The problem: we need to believe}
+ \begin{itemize}
+ \item Free Software is great: one can study, modify, share and use it!
+ \item<2-4> We study, modify and share source code.
+ \item<2-4> We use binaries.
+ \item<3-4> We need to believe our binaries come from the source code they are said to made from.
+ \item<4> \textbf{I don't want to believe.}
+
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The problem in greater detail}
+
+ \begin{center}
+ \includegraphics[width=0.7\textwidth]{images/31c3.png}
+
+ Available on \url{media.ccc.de}, 31c3
+ \end{center}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{A few examples from that 31c3 talk}
+ \begin{itemize}
+ \item CVE-2002-0083: remote root exploit in \texttt{sshd}, a single bit difference in the binary
+ \item<2-5> 31c3 talk had a live demo with a kernel module modifying source code in memory only
+ \item<3-5> How can you be sure what's running on your machine or on a build
+ daemon network connected to the net? Do you ever leave your computers
+ physically alone?
+ \item<4-5> How much do you pay your admins? Enough to withstand a multi million
+ dollar attack?
+ \item<5> Legal challanges. Could you be forced to backdoor (some of) your
+ software (for some customers)?
+ \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{Another example from real life}
+
+ At a CIA conference in 2012:
+ \begin{center}
+ \includegraphics[width=0.8\textwidth]{images/strawhorse.png}
+
+ {\footnotesize
+ \url{firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/}
+ }
+ \end{center}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{The solution}
+
+ \begin{center}
+ \Large{
+ Promise that anyone can always and independently generate
+ identical binary packages from a given source}
+\end{center}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{The solution}
+
+ \begin{center}
+ We call this:
+
+ \Huge{ “Reproducible builds” }
+ \end{center}
+\end{frame}
+
+\placelogotrue
+
+\begin{frame}
+ \frametitle{Debian demo (skipped)}
+ \begin{itemize}
+ \item Build a package 5 times, get 5 .debs with different checksums
+ \item Build a package 5 times, get 5 .debs with the same checksum\\
+ \item<2-4>{Yes, it's really this simple.}
+ \item<3-4>{And works the same with RPMs.}
+ \item<4>{Signed RPMs are a bit more complicated but the principle stays the
+same.}
+ \end{itemize}
+% show this once running in plain sid,
+% and then in sid with our modified toolchain.
+%
+% prepare demo:
+% mkdir demo ; cd demo ; apt-get source giftrans
+%
+% do demo:
+% PTH=$(mktemp -d); OPTH=$PWD; P=giftrans; cp ${P}_* $PTH/; cd $PTH ;
+% dpkg-source -x ${P}*.dsc ; for X in 1 2 3 4 5 ; do (cd ${P}-*/;
+% dpkg-buildpackage -b -uc -us); mkdir -p .$X ; cp $P_*.deb .$X; done ; rm
+% *.deb ; echo; sha1sum *dsc *z .*/*.deb | grep -v giftrans-dbgsym ; cd - ;
+% rm -r $PTH
+\end{frame}
+
+\placelogofalse
+
+\begin{frame}[plain]
+\begin{center}
+ \Huge{This should become the \textbf{norm}.}
+
+ \visible<2>{\small{ We want to change the meaning of "free software":
+
+ it's only free software if it's reproducible!}}
+\end{center}
+\end{frame}
+
+\begin{frame}[fragile]
+ \frametitle{More benefits than "just" security…}
+ \begin{itemize}
+ \item Lots and lots of QA benefits - we've found so many subtile bugs.
+ \item<2-5> Google does reproducible builds, to save time and money.
+ \item<3-5> Smaller deltas, thus faster updates possible (for packages and
+ images).
+ \item<4-5> Side effect: meaningful binary diff between two versions.
+ \item<5> …
+ \end{itemize}
+\end{frame}
+
+
+\section{Common ressources}
+
+\begin{frame}
+ \frametitle{reproducible-builds.org}
+
+ \begin{itemize}
+ \item \texttt{https://reproducible-builds.org}
+ \item git repositories, IRC channels, mailinglists, webspace
+ \end{itemize}
+ \begin{center}
+ \includegraphics[width=0.7\textwidth]{images/rbwww1.png}
+ \end{center}
+\end{frame}
+
+
+{
+\usebackgroundtemplate{%
+ \begin{tikzpicture}[remember picture,overlay]%
+ \node[shift={(-0.1\paperwidth, 0.15\paperheight)},at=(current page.south east)] {
+ \includegraphics[width=0.2\paperwidth]{images/diffoscope_logo.png}
+ };
+ \end{tikzpicture}%
+}
+
+\begin{frame}{diffoscope}
+ \frametitle{Debugging problems: \texttt{https://try.diffoscope.org}}
+
+ \begin{itemize}
+ \item Examines differences \textbf{in depth}.
+ \item Recursively unpacks archives, uncompresses PDFs, disassembles
+ binaries, unpacks Gettext files, …
+ \item Easy to extend to new file formats.
+ \item Falls back to binary comparison.
+ \item Outputs HTML or plain text with human readable differences.
+ \item Available from \texttt{git}, PyPI, Debian, \\
+ Arch Linux, Guix, Homebrew, Fedora. Works on BSD.
+ \item Maintainers in other distros wanted.
+ \item \url{https://diffoscope.org/}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{\texttt{diffoscope} example (HTML output)}
+ \begin{tikzpicture}[remember picture]
+ \node[at=(current page.center)] {
+ \includegraphics[width=0.9\paperwidth]{images/diffoscope_example_html.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{\texttt{diffoscope} is "just" for debugging}
+
+ \begin{itemize}
+ \item Reminder: \texttt{diffoscope} is for \textbf{debugging}
+ \item "reproducible" according to our definition means: \textbf{bit by bit
+ identical}. So the tools for testing whether something is reproducible are
+ either \texttt{diff} or \texttt{sha256sum}!
+ \item<2> \texttt{https://try.diffoscope.org}
+ \end{itemize}
+\end{frame}
+
+}
+
+
+
+\placelogotrue
+
+
+\begin{frame}
+ \frametitle{tests.reproducible-builds.org}
+
+ \begin{itemize}
+ \item Continuously testing Debian \texttt{testing}, \texttt{unstable} and
+ \texttt{experimental}
+ \item Also testing: coreboot, OpenWrt, LEDE, NetBSD, FreeBSD,
+ Arch Linux, Fedora and soon F-Droid too
+ \item 44 nodes (amd64/i386/arm64/armhf), 200 cores and 1 TB RAM
+ \item 486 jenkins jobs running on jenkins.debian.net
+ \item 43 scripts in Python and Bash, 283 lines of code in average
+ \item 37 contributors for \texttt{jenkins.debian.net.git}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[fragile]
+ \frametitle{Variations (when testing Debian)}
+
+ \begin{center}
+ \begin{table}
+ \resizebox{0.95\textwidth}{!}{%
+ \begin{tabular}{l|ll}
+\textbf{variation} & \textbf{first build} & \textbf{second build} \\
+\hline
+hostname & \texttt{jenkins} & \texttt{i-capture-the-hostname} \\
+domainname & \texttt{debian.net} & \texttt{i-capture-the-domainname} \\
+\texttt{env TZ} & \texttt{GMT+12} & \texttt{GMT-14} \\
+\texttt{env LANG} & \texttt{C} & \texttt{fr\_CH.UTF-8} \\
+\texttt{env LC\_ALL} & not set & \texttt{fr\_CH.UTF-8} \\
+\texttt{env USER} & \texttt{pbuilder1} & \texttt{pbuilder2} \\
+uid & \texttt{1111} & \texttt{2222} \\
+gid & \texttt{1111} & \texttt{2222} \\
+UTS namespace & shared with the host & \textit{modified using \texttt{/usr/bin/unshare --uts}} \\
+kernel version & Linux 3.16 or 4.X & on amd64 always varied, on armhf
+sometimes \\
+umask & 0022 & 0002 \\
+CPU type & \multicolumn{2}{l}{varied on i386} \\
+ & on armhf varied a bit, not on amd64 & \\
+filesystem & \multicolumn{2}{l}{same for both builds on amd64: (\texttt{tmpfs}), on armhf \texttt{ext3/4}} \\
+ & & \textit{(and we have} \texttt{disorderfs}\textit{, but the code is disabled)} \\
+year, month, date & \multicolumn{2}{l}{on amd64: 398 days variation, on armhf not yet} \\
+hour, minute & \multicolumn{2}{l}{hour is usually the same… usually, the minute differs… } \\
+\textit{everything else} & \multicolumn{2}{l}{\textit{is likely the same…}}
+ \end{tabular}
+ }
+ \end{table}
+ \end{center}
+\end{frame}
+
+\placelogofalse
+
+\begin{frame}
+ \frametitle{Common problems}
+
+ \begin{itemize}
+ \item time stamps
+ \item timezones
+ \item locales
+ \item build paths
+ \item everything else (seperated into known issues and the blurry rest)
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Documentation about common problems}
+ \begin{itemize}
+ \item \texttt{https://reproducible-builds.org/docs}
+ \item Lunar's talk from CCCamp 2015 also on
+ \texttt{https://media.ccc.de}
+ \begin{tikzpicture}[remember picture]
+ \node[shift={(-1.05\paperwidth, -0.3\paperheight)},at=(current page.south east)] {
+ \includegraphics[width=0.83\textwidth]{images/cccamp2015_lunar_random.png}
+ };
+ \end{tikzpicture}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{\texttt{SOURCE\_DATE\_EPOCH}}
+
+ \begin{itemize}
+ \item Build date (timestamps) usually not useful for the user
+ \item \texttt{SOURCE\_DATE\_EPOCH} is defined as the last modification of
+ the source, since the epoch (1970-01-01)
+ \item can be used instead of current date
+ \item can also be used for random seeds etc.
+ \item in Debian, set from the latest \texttt{debian/changelog} entry
+ \item can be set to the latest git commit too or the latest file
+ modification date
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{\texttt{SOURCE\_DATE\_EPOCH}}
+
+ \begin{itemize}
+ \item \texttt{SOURCE\_DATE\_EPOCH} spec available:
+ \item \texttt{https://reproducible-builds.org/specs/}
+ \item many upstreams support it already
+ \item has been adopted by other distributions
+ (openSUSE, OpenWrt, LEDE, NetBSD, FreeBSD, Arch Linux, coreboot, Guix, …) and many many
+ upstreams (GCC, dpkg, rpm, mkisofs, ghostscript, libxslt, sphinx,
+ texlive-bin, …)
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{two more tools}
+
+ \begin{itemize}
+ \item \texttt{strip-nondeterminism}
+ \item<2> \texttt{reprotest}
+ \end{itemize}
+\end{frame}
+
+\placelogotrue
+
+\section{Status Debian}
+
+\begin{frame}
+ \frametitle{Progress in Debian \texttt{testing} ("stretch")}
+ \begin{tikzpicture}[remember picture]
+ \node[shift={(-0.5\paperwidth, \paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.65\paperheight]{images/stats_pkg_state_testing.png}
+ };
+ \end{tikzpicture}
+ \begin{center}
+ \footnotesize{23,405 (93.3\%) out of 25,067 source packages are reproducible \\
+ in our test framework on \texttt{amd64}}
+ \vfill
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Progress in Debian \texttt{unstable}}
+ \begin{tikzpicture}[remember picture]
+ \node[shift={(-0.5\paperwidth, \paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.65\paperheight]{images/stats_pkg_state_unstable.png}
+ };
+ \end{tikzpicture}
+ \begin{center}
+ \footnotesize{20,309 (78.9\%) out of 25,734 source packages are reproducible \\
+ in our test framework on \texttt{amd64}} (difference due to build path variations)
+ \vfill
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Details on tests.reproducible-builds.org}
+
+ \begin{itemize}
+ \item \url{https://reproducible.debian.net/$src}
+ \item 48 package sets
+ \item 282 categorised distinct issues
+ \item 7,413 notes
+ \item 1,595 unreproducible packages in \texttt{stretch/amd64} (testing), but only
+ 111 without a note (5,288 in \texttt{unstable} but also only 154 without a
+ note)
+ \item maintained in \texttt{notes.git} by 49 contributors
+ \item currently Debian only, but cross distro notes are planned
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Debian \texttt{.buildinfo} files}
+
+ \begin{itemize}
+ \item Aggregates in the same file:
+ \begin{itemize}
+ \item Sources (checksums)
+ \item Generated binaries (checksums)
+ \item Packages used to build (with specific version, checksums coming soon)
+ \end{itemize}
+ \item Can be later used to exactly recreate environment
+ \item For Debian, all versions are available from \url{snapshot.debian.org}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Progress in the Debian bug tracker}
+ \begin{tikzpicture}[remember picture]
+ \node[shift={(-0.5\paperwidth, \paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.65\paperheight]{images/stats_bugs_sin_ftbfs_state.png}
+ };
+ \end{tikzpicture}
+ \begin{center}
+ \footnotesize{As a rule, we file bugs with patches. \\
+ There are very few exceptions.}
+ \vfill
+ \end{center}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Sending progress upstream}
+ \begin{itemize}
+ \item So we filed a lot of bugs… with patches…!
+ \item … but only in Debian and we rely on Debian maintainers sending them
+ upstream.
+ \item<2> Bernard Wiedemann (from openSUSE) thought that wasn't good enough
+ and created \texttt{https://github.com/orgs/distropatches}
+ \end{itemize}
+\end{frame}
+
+
+
+\begin{frame}
+ \frametitle{Debian summary / What's left to do}
+ \begin{itemize}
+ \item This is/was a proof-of-concept, Debian is neither 93.3\% reproducible nor
+ 78.9\%. (and 10\% > 2,500 sources packages!)
+ \item<2-3> All our required changes are finally in Debian now!
+ \item<2-3> Debian 9, "stretch", will only be partially reproducible.
+ \item<2-3> Because, Debian does not (yet?) do full rebuilds before
+ releasing… so stuff is in the archive which is not reproducible unless it's
+ rebuild.
+ \item<3> And then we don't distribute \texttt{.buildinfo} files yet.
+ That (and user tools) still needs more \it{design} and code.
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Debian summary continued}
+ \begin{itemize}
+ \item Debian 9, "stretch", will only be partially reproducible.
+ \item Canonical can take our work now and make Ubuntu 17.04
+ (partyl) reproducible…
+ \item<2-3> Debian 10, "buster", will be partly reproducible in 2019.
+ \item<3> We hope will have \texttt{debian-policy} will mandate 100\%
+ reproducible builds for Debian 11, "bullseye", in 2021.
+ \end{itemize}
+\end{frame}
+
+
+
+
+\begin{frame}
+ \frametitle{Tell the world \& collaborate}
+
+ \begin{itemize}
+ \item "We don't care about Debian (only), we care about free and open
+ source software."
+ \item<2-4> 90 Weekly reports since May 2015
+ \item<3-4> First Reproducible World Summit in December 2015 (Athens, Greece)
+ \begin{itemize}
+ \item<3-4> \texttt{reproducible.debian.net} has become \texttt{tests.reproducible-builds.org}
+ \end{itemize}
+ \item<3-4> Second Reproducible World Summit in December 2016 in Berlin
+ \item<3-4> Third summit planned for 2017, probably a hackathon in spring
+ 2017 too
+ \item<4> GSoC and Outreachy
+ \end{itemize}
+\end{frame}
+
+
+
+\section{Status Non-Debian World}
+
+\placelogofalse
+
+\begin{frame}
+ \frametitle{Skipping some…}
+ \begin{itemize}
+ \item \texttt{https://tests.r-b.org/coreboot}
+ \item \texttt{https://tests.r-b.org/netbsd}
+ \item \texttt{https://tests.r-b.org/freebsd}
+ \item paused: \texttt{https://tests.r-b.org/archlinux}
+ \item not yet: \texttt{https://tests.r-b.org/f-droid}
+ \item \texttt{https://tests.r-b.org/openwrt}
+ \item \texttt{https://tests.r-b.org/lede}
+ \end{itemize}
+ \begin{center}
+ \includegraphics[height=0.13\paperheight]{images/coreboot.png}
+ \hspace{0.05\paperwidth}
+ \includegraphics[height=0.13\paperheight]{images/netbsd.png}
+ \hspace{0.05\paperwidth}
+ \includegraphics[height=0.13\paperheight]{images/freebsd.png}
+ \hspace{0.05\paperwidth}
+ \includegraphics[height=0.13\paperheight]{images/f-droid.png}
+ \hspace{0.05\paperwidth}
+ \includegraphics[height=0.13\paperheight]{images/archlinux.png}
+ \hspace{0.05\paperwidth}
+ \includegraphics[height=0.3\paperheight]{images/openwrt.png}
+ \hspace{0.05\paperwidth}
+ \includegraphics[height=0.15\paperheight]{images/lede.png}
+\end{center}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Skipping some more…}
+ \begin{itemize}
+\item Cygnus.com (1992)
+\item Bitcoin (2011)
+\item Tor (2013)
+\item NixOS, GNU Guix, ElectroBSD
+\item openSUSE
+\item Qubes, Tails, webconverger
+\item Google Bazil
+\item ducible (build tool for Windows)
+\item very few commercial, propietary software
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Detour: what, reproducible commercial Software???}
+ \begin{itemize}
+\item Guess which
+\item <2-3> windows? (the source is available)
+\item <2-3> medical devices in your body?
+\item <2-3> arms?
+\item <2-3> critical infrastructure like in nuclear powerplants?
+\item <2-3> cars?
+\item <3> Gambling machines!
+ \end{itemize}
+\end{frame}
+
+
+\section{Status RPM world: Fedora and openSUSE}
+
+\begin{frame}
+ \frametitle{reproducible openSUSE}
+ \begin{itemize}
+ \item
+ \small{\texttt{https://build.opensuse.org/package/show \\
+ /home:bmwiedemann:reproducible/rpm?expand=0}}
+ \item Bernhard Wiedemann has built openSUSE twice (with some variations):
+ \begin{itemize}
+ \item build-succeeded: 3172
+ \item bit-by-bit-identical: 2117
+ \item not-bit-by-bit-identical: 1055
+ \end{itemize}
+ \end{itemize}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[shift={(-0.1\paperwidth, 0.13\paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.15\paperheight]{images/openSUSE.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}
+ \frametitle{tests.r-b.org/fedora}
+ \begin{itemize}
+ \item used to test Fedora 23, could be made working again
+ \item or build elsewhere and machine readable exported
+ \end{itemize}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[shift={(-0.07\paperwidth, 0.13\paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.15\paperheight]{images/fedora.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Fedora basics}
+ \begin{itemize}
+ \item \texttt{diffoscope} is available in Fedora
+ \item \texttt{yum} and \texttt{dnf} might create non-identical environments
+ \item \texttt{rpm}-4.13 has an option to override hostname via rpmmacros
+ \item signed RPMs -> re-apply signature, will match for identical builds
+ \end{itemize}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[shift={(-0.07\paperwidth, 0.13\paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.15\paperheight]{images/fedora.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}
+ \frametitle{TODO: design \texttt{.buildinfo} files from koji/mock/zypper}
+ \begin{itemize}
+ \item rfc822 format?
+ \item needs to define the environment
+ \item needs to define the sources (input)
+ \item needs to define the binaries (output)
+ \end{itemize}
+ \begin{tikzpicture}[remember picture,overlay]
+ \node[shift={(-0.07\paperwidth, 0.13\paperheight)},at=(current page.south east)] {
+ \includegraphics[height=0.15\paperheight]{images/fedora.png}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+
+
+\section{Future work}
+
+\begin{frame}
+ \frametitle{Future work}
+ \begin{itemize}
+ \item<1-3> So far we mostly worked on making reproducible builds possible…
+ \item<2-3> We'll need constant tests for future code.
+ \item<3> And then, this still needs tools, infrastructure and policies to become
+ meaningful and to be used in practice.
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Rebuilds and sharing signed checksums}
+ \begin{itemize}
+ \item Almost no work has been done here yet. We are just at the first step:
+ being able to rebuild reproducibly…
+ \item Different projects, different solutions?
+ \begin{itemize}
+ \item<2> something like \texttt{.buildinfo} files (defining the environment,
+ the input and the output(s)) will be needed everywhere:
+ \item<2> implemented for Debian (both in sbuild and well as
+ buildinfo.debian.net)
+ \item<2> work has begun for coreboot, LEDE/OpenWrt and Fedora (mock/koji)
+ and maybe openSUSE (OpenBuildService)
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Rebuilders and sharing signed checksums, cont.}
+ \begin{itemize}
+ \item Individuelly signed checksums (think web of trust) could work in the
+ Debian case (we have a gpg web of trust), but IMO won't scale.
+ \item { Another idea: rebuilders, run by large organisations
+ (ACLU, CCC, Deutsche Bank, Greenpeace, NASA, NSA, US-Army).}
+ \item Fedora rebuilds Debian, Debian rebuilds openSUSE, openSUSE rebuilds
+ NetBSD, etc…
+ \item Big customers could just rebuild everything themselves.
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Integration in user tools}
+ \begin{itemize}
+ \item "Do you really want to install this unreproducible software (y/N)"
+ \item<2-3> "Do you want to build those packages which have unconfirmed checksums,
+ before installing? (Y/n)"
+ \item<3>{ "How many signed checksums do you require to call a package
+ 'reproducible'?" - and whom do you trust?}
+ \end{itemize}
+\end{frame}
+
+
+\section{Getting involved}
+
+\begin{frame}
+ \frametitle{As a software developer}
+ \begin{itemize}
+ \item Stop using build dates
+ \item Use \texttt{SOURCE\_DATE\_EPOCH} instead
+ \item See \url{https://reproducible-builds.org/specs/}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Form your reproducible builds team!}
+ \begin{itemize}
+ \item Why?
+ \begin{itemize}
+ \item Every distribution should be reproducible!
+ \item Learn something new everyday
+ \item Change the (software) world!
+ \item \texttt{https://tests.reproducible-builds.org/fedora} needs \textbf{your} help
+ \end{itemize}
+ \item How to get started?
+ \begin{itemize}
+ \item Build something twice, run diffoscope on the results.
+ \item Experiment - learning by doing
+ \item RTFM, there is lots of documentation
+ \item Talk to Dennis or h01ger here or talk to us on IRC or via mail.
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+\section{Questions, comments, ideas?}
+
+\placelogotrue
+
+\begin{frame}
+ \frametitle{Thanks to…! …and thank \textbf{you}, too!}
+
+ \begin{itemize}
+ \item
+ {All “Reproducible Builds” contributors \\
+ {\small (you are just \textbf{so} awesome!)}}
+ \item DevConf.cz
+\end{itemize}
+
+ \begin{center}
+ \includegraphics[height=0.1\paperheight]{images/linux_foundation_logo.png}
+ \hspace{0.1\paperwidth}
+ \includegraphics[height=0.1\paperheight]{images/cii_logo.png}
+ \hspace{0.1\paperwidth}
+ \includegraphics[height=0.1\paperheight]{images/profitbricks_logo.png}
+ \end{center}
+
+ \vfill
+ \begin{center}
+ \resizebox{0.9\textwidth}{!}{%
+ \begin{tabular}{rl}
+ \texttt{dennis at ausil.us} & \texttt{28CA D001 51E6 21DA 1F2D} \\
+ & \texttt{C13B 7EE5 B4E3 663C 50D1} \\
+ \texttt{holger at debian.org} & \texttt{B8BF 5413 7B09 D35C F026} \\
+ & \texttt{FE9D 091A B856 069A AA1C}
+\end{tabular}
+ }
+ \end{center}
+\end{frame}
+
+\placelogofalse
+
+\begin{frame}
+ \frametitle{Questions, comments, ideas?}
+
+ \begin{itemize}
+ \item \url{https://reproducible-builds.org/}
+ \item \texttt{\#reproducible-builds} on \texttt{irc.OFTC.net}
+ \item \url{https://lists.reproducible-builds.org}
+ \item twitter: @ReproBuild
+ \item<2> Mike and Seth's talk from 31c3 about motivations
+ \item<2> Lunar's talk about fixing reproducible issues from CCCamp 15
+ \end{itemize}
+\end{frame}
+
+\placelogotrue
+
+\begin{frame}{}
+\begin{textblock}{12}(2, 6)
+ \tiny{
+ Copyright \copyright{} 2014--2017 \\
+ Holger Levsen \texttt{holger at layer-acht.org} and others.\\[3.0mm]
+ Copyright of images included in this document are held by
+ their respective owners.
+ \\[3.0mm]
+ This work is licensed under the \alert{Creative Commons
+ Attribution-Share Alike 3.0} License. To view a copy of this
+ license, visit
+ \url{http://creativecommons.org/licenses/by-sa/3.0/} or send a
+ letter to Creative Commons, 171 Second Street, Suite 300, San
+ Francisco, California, 94105, USA.
+ \\[2.0mm]
+ % Give a link to the 'Transparent Copy', as per Section 3 of the GFDL.
+ The source of this document is available from
+ \url{https://anonscm.debian.org/git/reproducible/presentations.git}.
+ }
+ \end{textblock}
+\end{frame}
+
+\end{document}
diff --git a/2017-10-21-all-systems-go/Makefile b/2017-10-21-all-systems-go/Makefile
new file mode 100644
index 0000000..dd3e93c
--- /dev/null
+++ b/2017-10-21-all-systems-go/Makefile
@@ -0,0 +1,29 @@
+.PHONY: all source images
+
+PRESENTATION = 2017-01-27-devconf.cz
+
+all: $(PRESENTATION).pdf
+
+source: $(PRESENTATION)-src.tar.gz
+
+IMGS = $(shell sed -n -e 's/^[^%]*\\includegraphics\([^{]*\)\?{\([^}]*\)}.*$$/\2/p' $(PRESENTATION).tex | sort -u)
+
+$(PRESENTATION).pdf: $(PRESENTATION).tex $(IMGS)
+ set -e && \
+ build=1; \
+ while [ $$build -le 5 ]; do \
+ build=$$(($$build + 1)); \
+ lualatex $<; \
+ if sha1sum -c $(PRESENTATION).aux.sha1sum > /dev/null 2>&1; then \
+ break; \
+ fi; \
+ sha1sum $(PRESENTATION).aux > $(PRESENTATION).aux.sha1sum; \
+ done
+
+clean:
+ rm -f $(PRESENTATION).aux $(PRESENTATION).log $(PRESENTATION).nav \
+ $(PRESENTATION).out $(PRESENTATION).snm $(PRESENTATION).toc \
+ $(PRESENTATION).vrb $(PRESENTATION).aux.sha1sum $(PRESENTATION).pdfpc
+
+distclean:
+ rm -f $(PRESENTATION).pdf
diff --git a/2017-10-21-all-systems-go/TODO b/2017-10-21-all-systems-go/TODO
new file mode 100644
index 0000000..01c8e5e
--- /dev/null
+++ b/2017-10-21-all-systems-go/TODO
@@ -0,0 +1,9 @@
+meta:
+ thank people for their work, diffoscope, disorderfs, armhf, mattia, val, … - mention peoples names and thank them. there's time now.
+
+
+build path proposal
+binary transparency
+backslash in tex?
+
+
diff --git a/2017-10-21-all-systems-go/images/2016-01-26-180836.jpg b/2017-10-21-all-systems-go/images/2016-01-26-180836.jpg
new file mode 100644
index 0000000..01b9a4d
Binary files /dev/null and b/2017-10-21-all-systems-go/images/2016-01-26-180836.jpg differ
diff --git a/2017-10-21-all-systems-go/images/31c3.png b/2017-10-21-all-systems-go/images/31c3.png
new file mode 100644
index 0000000..8922581
Binary files /dev/null and b/2017-10-21-all-systems-go/images/31c3.png differ
diff --git a/2017-10-21-all-systems-go/images/archlinux.png b/2017-10-21-all-systems-go/images/archlinux.png
new file mode 100644
index 0000000..0e0c2c3
Binary files /dev/null and b/2017-10-21-all-systems-go/images/archlinux.png differ
diff --git a/2017-10-21-all-systems-go/images/cccamp2015_lunar_random.png b/2017-10-21-all-systems-go/images/cccamp2015_lunar_random.png
new file mode 100644
index 0000000..9a9e91d
Binary files /dev/null and b/2017-10-21-all-systems-go/images/cccamp2015_lunar_random.png differ
diff --git a/2017-10-21-all-systems-go/images/cii_logo.png b/2017-10-21-all-systems-go/images/cii_logo.png
new file mode 100644
index 0000000..690b7c6
Binary files /dev/null and b/2017-10-21-all-systems-go/images/cii_logo.png differ
diff --git a/2017-10-21-all-systems-go/images/coreboot.png b/2017-10-21-all-systems-go/images/coreboot.png
new file mode 100644
index 0000000..7d7b186
Binary files /dev/null and b/2017-10-21-all-systems-go/images/coreboot.png differ
diff --git a/2017-10-21-all-systems-go/images/diffoscope_example_html.png b/2017-10-21-all-systems-go/images/diffoscope_example_html.png
new file mode 100644
index 0000000..f7bb7f9
Binary files /dev/null and b/2017-10-21-all-systems-go/images/diffoscope_example_html.png differ
diff --git a/2017-10-21-all-systems-go/images/diffoscope_logo.png b/2017-10-21-all-systems-go/images/diffoscope_logo.png
new file mode 100644
index 0000000..ff9c312
Binary files /dev/null and b/2017-10-21-all-systems-go/images/diffoscope_logo.png differ
diff --git a/2017-10-21-all-systems-go/images/electrobsd.png b/2017-10-21-all-systems-go/images/electrobsd.png
new file mode 100644
index 0000000..1868115
Binary files /dev/null and b/2017-10-21-all-systems-go/images/electrobsd.png differ
diff --git a/2017-10-21-all-systems-go/images/f-droid.png b/2017-10-21-all-systems-go/images/f-droid.png
new file mode 100644
index 0000000..94645d4
Binary files /dev/null and b/2017-10-21-all-systems-go/images/f-droid.png differ
diff --git a/2017-10-21-all-systems-go/images/fedora.png b/2017-10-21-all-systems-go/images/fedora.png
new file mode 100644
index 0000000..9cc341f
Binary files /dev/null and b/2017-10-21-all-systems-go/images/fedora.png differ
diff --git a/2017-10-21-all-systems-go/images/freebsd.png b/2017-10-21-all-systems-go/images/freebsd.png
new file mode 100644
index 0000000..deb2768
Binary files /dev/null and b/2017-10-21-all-systems-go/images/freebsd.png differ
diff --git a/2017-10-21-all-systems-go/images/guix.png b/2017-10-21-all-systems-go/images/guix.png
new file mode 100644
index 0000000..9c12d13
Binary files /dev/null and b/2017-10-21-all-systems-go/images/guix.png differ
diff --git a/2017-10-21-all-systems-go/images/lede.png b/2017-10-21-all-systems-go/images/lede.png
new file mode 100644
index 0000000..49a6d1b
Binary files /dev/null and b/2017-10-21-all-systems-go/images/lede.png differ
diff --git a/2017-10-21-all-systems-go/images/linux_foundation_logo.png b/2017-10-21-all-systems-go/images/linux_foundation_logo.png
new file mode 100644
index 0000000..860c2bb
Binary files /dev/null and b/2017-10-21-all-systems-go/images/linux_foundation_logo.png differ
diff --git a/2017-10-21-all-systems-go/images/netbsd.png b/2017-10-21-all-systems-go/images/netbsd.png
new file mode 100644
index 0000000..35fc1b4
Binary files /dev/null and b/2017-10-21-all-systems-go/images/netbsd.png differ
diff --git a/2017-10-21-all-systems-go/images/openSUSE.png b/2017-10-21-all-systems-go/images/openSUSE.png
new file mode 100644
index 0000000..0e150a1
Binary files /dev/null and b/2017-10-21-all-systems-go/images/openSUSE.png differ
diff --git a/2017-10-21-all-systems-go/images/openlogo-nd.pdf b/2017-10-21-all-systems-go/images/openlogo-nd.pdf
new file mode 100644
index 0000000..fed3d93
Binary files /dev/null and b/2017-10-21-all-systems-go/images/openlogo-nd.pdf differ
diff --git a/2017-10-21-all-systems-go/images/openwrt.png b/2017-10-21-all-systems-go/images/openwrt.png
new file mode 100644
index 0000000..2d457c3
Binary files /dev/null and b/2017-10-21-all-systems-go/images/openwrt.png differ
diff --git a/2017-10-21-all-systems-go/images/profitbricks_logo.png b/2017-10-21-all-systems-go/images/profitbricks_logo.png
new file mode 100644
index 0000000..2ce8ce8
Binary files /dev/null and b/2017-10-21-all-systems-go/images/profitbricks_logo.png differ
diff --git a/2017-10-21-all-systems-go/images/rbwww1.png b/2017-10-21-all-systems-go/images/rbwww1.png
new file mode 100644
index 0000000..8932f53
Binary files /dev/null and b/2017-10-21-all-systems-go/images/rbwww1.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_bugs_sin_ftbfs_state.png b/2017-10-21-all-systems-go/images/stats_bugs_sin_ftbfs_state.png
new file mode 100644
index 0000000..917903b
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_bugs_sin_ftbfs_state.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_builds_per_day_amd64.png b/2017-10-21-all-systems-go/images/stats_builds_per_day_amd64.png
new file mode 100644
index 0000000..5b596a1
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_builds_per_day_amd64.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_meta_pkg_state_required.png b/2017-10-21-all-systems-go/images/stats_meta_pkg_state_required.png
new file mode 100644
index 0000000..b9cbb32
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_meta_pkg_state_required.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_pkg_state.png b/2017-10-21-all-systems-go/images/stats_pkg_state.png
new file mode 100644
index 0000000..37ccd22
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_pkg_state.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_pkg_state_armhf.png b/2017-10-21-all-systems-go/images/stats_pkg_state_armhf.png
new file mode 100644
index 0000000..2ac7633
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_pkg_state_armhf.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_pkg_state_testing.png b/2017-10-21-all-systems-go/images/stats_pkg_state_testing.png
new file mode 100644
index 0000000..865b46a
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_pkg_state_testing.png differ
diff --git a/2017-10-21-all-systems-go/images/stats_pkg_state_unstable.png b/2017-10-21-all-systems-go/images/stats_pkg_state_unstable.png
new file mode 100644
index 0000000..9b0e33b
Binary files /dev/null and b/2017-10-21-all-systems-go/images/stats_pkg_state_unstable.png differ
diff --git a/2017-10-21-all-systems-go/images/strawhorse.png b/2017-10-21-all-systems-go/images/strawhorse.png
new file mode 100644
index 0000000..d089dbf
Binary files /dev/null and b/2017-10-21-all-systems-go/images/strawhorse.png differ
diff --git a/2017-10-21-all-systems-go/images/swirl-lightest.pdf b/2017-10-21-all-systems-go/images/swirl-lightest.pdf
new file mode 100644
index 0000000..1c8ffd2
Binary files /dev/null and b/2017-10-21-all-systems-go/images/swirl-lightest.pdf differ
diff --git a/2017-10-21-all-systems-go/images/wholeworld.jpg b/2017-10-21-all-systems-go/images/wholeworld.jpg
new file mode 100644
index 0000000..b31c95a
Binary files /dev/null and b/2017-10-21-all-systems-go/images/wholeworld.jpg differ
diff --git a/2017-10-21-all-systems-go/notes b/2017-10-21-all-systems-go/notes
new file mode 100644
index 0000000..28ddcc5
--- /dev/null
+++ b/2017-10-21-all-systems-go/notes
@@ -0,0 +1,75 @@
+notes for openwrt/lede talk…
+ S_D_R? https://wiki.debian.org/ReproducibleBuilds/BuildPathProposal
+
+
+
+
+
+demo: PTH=$(mktemp -d); OPTH=$PWD; P=giftrans; cp ${P}_* $PTH/; cd $PTH ; dpkg-source -x ${P}*.dsc ; for X in 1 2 3 4 5 ; do (cd ${P}-*/; dpkg-buildpackage -b -uc -us); mkdir -p .$X ; cp $P_*.deb .$X; done ; rm *deb ; echo; sha1sum *dsc *z .*/*.deb | grep -v giftrans-dbgsym ; cd - ; echo "don't forget to rm -r $PTH"
+
+
+
+koji records the build
+ can be used to recreate it, in theory, in practice this needs documentation / be done
+rpm container has
+ build date
+ build host
+ signature
+ signature changes between development and release
+
+mention gsoc, new people
+
+emphasize this is too much for me…
+add thanks slide for all the people working on it in other projects
+
+end (or beginning?):
+ the whole world is watching? no (not that slide, but its true… or maybe that slide indeed)
+ fosdem 2014 lunar in a dev room
+ fosdem 2015 lunar and holger in k building
+ fosdem 2016 holger in janson
+ will 2016 be the year of the reproducible linux desktop? maybe
+ or 2017?! (i think so, find a nice pic to prove it)
+ and mayne not on the desktop, but just servers
+ or 85% of Debian main ;-)
+ or something - i'll get into the details later
+
+describe debian test setup
+ debian repo
+ debian bugs categories, nah
+ mention variations from TODO
+
+diffoscope can use debug symbols now
+
+add SOURCE_DATE_EPOCH adoption outside Debian…
+
+need logos:
+ fdroid
+ qubes 4.0
+
+dpkg: mention recent developments… same for ftp!
+re-read: https://wiki.debian.org/ReproducibleBuilds/About etc
+
+explain shortcuts:
+ defined build environment with little variations
+ subsets
+
+many good sideeffects
+ QA QA QA
+ eg also arm bootloader improvements ;)
+ faster builds, saves money
+ check our wiki page on that
+
+future other tests:
+ not all variations debian has are applied, notable not yet date+time
+ seperation of test logic and html page creation planned
+
+future
+ funding
+ another meeting or two in 2016
+ fosdem devroom in 2017?!
+ tests.r-b.o doing rebuilds against releases
+
+disclaimer:
+ the mistakes are mine
+ to better present this here, chronologic order has been changed
+ this is the work of *many* more people than mentioned, this is free software!
diff --git a/2017-10-21-all-systems-go/outline b/2017-10-21-all-systems-go/outline
new file mode 100644
index 0000000..9e08f1c
--- /dev/null
+++ b/2017-10-21-all-systems-go/outline
@@ -0,0 +1,58 @@
+Outcomes
+========
+
+ * Get an idea of what has changed
+ * Learn about the open issues and questions to make Stretch (partly)
+ reproducible
+ * Learn how to help
+
+Outline
+=======
+
+What is it and why it matters
+-----------------------------
+
+5 minutes max on what it is and why it matters.
+
+What has changed and available tools
+------------------------------------
+
+What have been done real real quick but point people at:
+https://wiki.debian.org/ReproducibleBuilds/History
+
+Explain past changes in dpkg, debhelper, and others
+
+SOURCE_DATE_EPOCH
+
+strip-nondeterminism
+
+reproducible.debian.net test
+
+.buildinfo
+
+Unresolved issues
+-----------------
+
+.buildinfo signature
+
+Unmerged changes to dpkg and others
+
+others issues?
+
+announce the plenary (come help us figure out the best way to do things)
+
+How can you help
+----------------
+
+reproducible.debian.net web interface
+ useful to find other bugs too
+
+notes.git
+
+IRC channel
+
+debbindiff
+
+prebuilder script — improve the doc before, probably
+
+annonce the hack session (come learn how to fix specific packages)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/presentations.git
More information about the Reproducible-commits
mailing list