Skip to content
GitLab
Commits (7)
Hide whitespace changes
Inline Side-by-side
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/Makefile 0 → 100644
View file @ 26f99cf5
# thanks to dima for walking me through this!
#
# needs: apt install emacs texlive-latex-extra org-mode
all: $(patsubst %.org,%.pdf,$(wildcard *.org))
%.pdf: %.org
emacs --batch --eval '(progn (find-file "$<") (org-beamer-export-to-pdf))'
rm -f *.tex
clean:
rm -f *.pdf *.tex *.png
.PHONY:clean
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/There-and-Back-Again-Reproducibly.org 0 → 100644
View file @ 26f99cf5
#+TITLE: There and Back Again, Reproducibly!
#+AUTHOR: Vagrant Cascadian
#+EMAIL: vagrant@reproducible-builds.org
#+DATE: SCALE 18x, 2020-03-08
#+LANGUAGE: en
#+OPTIONS: H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
#+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
#+OPTIONS: ^:nil
#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
#+EXPORT_SELECT_TAGS: export
#+EXPORT_EXCLUDE_TAGS: noexport
#+startup: beamer
#+LaTeX_CLASS: beamer
#+LaTeX_CLASS_OPTIONS: [bigger]
#+latex_header: \mode<beamer>{\usetheme{Madrid}}
#+LaTeX_CLASS_OPTIONS: [aspectratio=169]
#+BEGIN_comment
There and Back Again, Reproducibly!
SCALE 18x, Pasadena, California
2020-03-08 16:30 to 17:30
Room 106
There is an epic journey from reviewed source code to the code you
actually run on your computer, and things can go quietly wrong along
the way!
We can't do absolutely everything ourselves by hand, so we necessarily
put trust into something or someone along the way. Will you join us on
our journey, brave adventurer?
What happens to your code as it passes through dark forests,
trecherous mountain passes, or deep forboding caverns? What if
something is quietly corrupting an otherwise trustworthy ally? Help
showing up, but with it's own motives?
Reproducible Builds gives a project confidence that the journey from
source code to binary code gets you there and back again.
https://reproducible-builds.org
#+END_comment
* Who am I
** image
:PROPERTIES:
:BEAMER_col: 0.4
:END:
[[./images/vagrantupsidedown.png]]
** text
:PROPERTIES:
:BEAMER_col: 0.4
:END:
| | Vagrant |
|---------------------+---------|
| debian user | 2001 |
| debian developer | 2010 |
| reproducible builds | 2015 |
* When we say reproducible
** text
:PROPERTIES:
:BEAMER_col: 0.7
:END:
https://reproducible-builds.org/docs/definition/
\vspace{\baselineskip}
A build is reproducible if given the same source code, build
environment and build instructions, any party can recreate bit-by-bit
identical copies of all specified artifacts.
** image
:PROPERTIES:
:BEAMER_col: 0.3
:END:
[[./images/reproducible-builds.png]]
* Once upon a time
#+ATTR_BEAMER: :overlay <+->
- Historically software was reproducible! Every bit counted.
- Things eventually got more complicated...
- Bit for bit reproducible GNU toolchain in the early 90s on 10(?) architectures.
- *And then we all forgot.*
- Then, in 2011 and 2012, Bitcoin and Torbrowser were made reproducible.
* Debian
** text
:PROPERTIES:
:BEAMER_col: 0.60
:END:
#+ATTR_BEAMER: :overlay <+->
- A list mail in 1997, very few more in 2001 and 2003.
- In 2013 people in Debian began to investigate
- In 2014 systematic testing, classifications and weekly blogs.
- Since 2017 in Debian Policy
** image
:PROPERTIES:
:BEAMER_col: 0.40
:END:
[[./images/stats_pkg_state.png]]
* Humble beginnings
[[./images/800px-Hobbit_holes_reflected_in_water.jpg]]
* Unexpected guests
[[./images/r-b-projects.png]]
* Shared research and developments
https://tests.reproducible-builds.org
\vspace{\baselineskip}
#+ATTR_BEAMER: :overlay <+->
- Test/research setup for many but not all projects.
- Since end of 2018 shared database for some of those.
- Sharing issues, patches and upstreaming them.
- Shared public blog, now called monthly report.
- More collaboration is possible!
* trolls
[[./images/Trollschild.jpg]]
* caves
[[./images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG]]
* Does it like riddles?
This thing all things devours;
Birds, beasts, trees, flowers;
Gnaws iron, bites steel;
Grinds hard stones to meal;
Slays king, ruins town,
And beats mountain down.
* And more riddles
Time! I need more Time!
#+ATTR_BEAMER: :overlay <+->
- timestamps
- build paths
- timezones
- locales
- timestamps
- hundreds of classes of causes !
- also timestamps
- It's fun to discover these! Well, mostly.
* What has it got in its pockets?
** image
:PROPERTIES:
:BEAMER_col: 0.5
:END:
[[./images/887px-Unico_Anello.png]]
** text
:PROPERTIES:
:BEAMER_col: 0.4
:END:
#+ATTR_BEAMER: :overlay <+->
- Highly portable! Always keep close to you.
- Magic powers (e.g. invisibility)
- Precious
- May use *you* for it's own ends
* Dark and forboding places
** image
:PROPERTIES:
:BEAMER_col: 0.4
:END:
[[./images/345px-Mirkwood_-_entrance.jpg]]
* Forest for the trees
https://diffoscope.org
\vspace{\baselineskip}
#+ATTR_BEAMER: :overlay <+->
- Recursive and human-readable "diff"
- locates and diagnoses reproducibility issues
- *not* used for determining whether something is reproducible!
- used for analysing *why*
* diffoscope example
[[./images/diffoscope.png]]
* beyond reproducible builds
https://diffoscope.org
\vspace{\baselineskip}
useful beyond reproducible builds, eg.
#+ATTR_BEAMER: :overlay <+->
- security updates
- code refactoring
* diffoscope, supported file types
Android APK files, Android boot images, Ar(1) archives, Berkeley DB database files, Bzip2 archives, Character/block devices, ColorSync colour profiles (.icc), Coreboot CBFS filesystem images, Cpio archives, Dalvik .dex files, Debian .buildinfo files, Debian .changes files, Debian source packages (.dsc), Device Tree Compiler blob files, Directories, ELF binaries, Ext2/ext3/ext4/btrfs filesystems, FreeDesktop Fontconfig cache files, FreePascal files (.ppu), Gettext message catalogues, GHC Haskell .hi files, GIF image files, Git repositories, GNU R database files (.rdb), GNU R Rscript files (.rds), Gnumeric spreadsheets, Gzipped files, ISO 9660 CD images, Java .class files, JavaScript files, JPEG images, JSON files, LLVM IR bitcode files, MacOS binaries, Microsoft Windows icon files, Microsoft Word .docx files, Mono 'Portable Executable' files, Ogg Vorbis audio files, OpenOffice .odt files, OpenSSH public keys, OpenWRT package archives (.ipk), PDF documents, PGP signed/encrypted messages, PNG images, PostScript documents, RPM archives, Rust object files (.deflate), SQLite databases, SquashFS filesystems, Statically-linked binaries, Symlinks, Tape archives (.tar), Tcpdump capture files (.pcap), Text files, TrueType font files, XML binary schemas (.xsb), XML files, XZ compressed files, etc.
* try diffoscope
https://diffoscope.org
\vspace{\baselineskip}
#+ATTR_BEAMER: :overlay <+->
- available for Debian, Fedora, OpenSUSE, Archlinux, GNU Guix, NixOS, FreeBSD, NetBSD, Homebrew, PypI, ...
- and on the web: https://try.diffoscope.org
* spiders
[[./images/aranha.jpg]]
* A barrel in the river
** image
:PROPERTIES:
:BEAMER_col: 0.3
:END:
[[./images/hobbit-on-a-barrel.jpeg]]
** text
:PROPERTIES:
:BEAMER_col: 0.6
:END:
reprotest
#+ATTR_BEAMER: :overlay <+->
- builds something twice with many variations
- https://salsa.debian.org/reproducible/reprotest
- if unreproducible: "bisect" the variations
* Under the mountain
[[./images/640px-The_Hobbit_-_Smaug.jpg]]
* And back again
[[./images/800px-Hobbit_holes_reflected_in_water.jpg]]
* The End ... Or the Beginning?
[[./images/reproducible-builds.png]]
** text
:PROPERTIES:
:BEAMER_col: 0.67
:END:
https://reproducible-builds.org
* Who watches
** image
:PROPERTIES:
:BEAMER_col: 0.4
:END:
[[./images/Ring-eye-sauron.png]]
* Theory vs Praxis
#+ATTR_BEAMER: :overlay <+->
- 93% is a wonderful fantasy
- 7% of 30000 source packages means 2100 unreproducible source packages.
- And there's new software every hour
- Getting software reproducible in theory is only part of the way
- Hard work begins making reproducible builds in practice
- distributed multi-party verification
- meaningful end-user interfaces
- *There is a lot to do. Please. Help.*
* Councils of the Wise
https://reproducible-builds.org/events/
\vspace{\baselineskip}
Reproducible builds summits:
#+ATTR_BEAMER: :overlay <+->
- Athens 2015
- Berlin 2016
- Berlin 2017
- Paris 2018
- Marrakesh 2019
- ??? 2020
* Collaboration
https://reproducible-builds.org/contribute/
\vspace{\baselineskip}
** image
:PROPERTIES:
:BEAMER_col: 0.4
:END:
[[./images/reprobuilds-display.jpeg]]
** text
:PROPERTIES:
:BEAMER_col: 0.6
:END:
#+ATTR_BEAMER: :overlay <+->
- We stand on the shoulders of giants.
- And women, men and people of all genders,
- And elves and dwarves,
- And wizards and hobbits,
- And beings beyond our current imagination,
- And we welcome you.
- And we welcome Free Software.
* Questions?
Thank you for your time and contributions.
\vspace{\baselineskip}
It's been a long journey but we will get there. And back again, on to new journeys!
[[./images/reproducible-builds.png]]
** text
:PROPERTIES:
:BEAMER_col: 0.67
:END:
https://reproducible-builds.org
* Copyright and attributions
\addtocounter{framenumber}{-1}
\tiny
Copyright 2019 Vagrant Cascadian <vagrant@reproducible-builds.org>
Copyright 2019 Holger Levsen <holger@layer-acht.org>
This work is licensed under the Creative Commons
Attribution-ShareAlike 4.0 International License.
To view a copy of this license, visit
https://creativecommons.org/licenses/by-sa/4.0/
\vspace{\baselineskip}
Images downloaded from commons.wikimedia.org and licensed under the
Creative Commons Attribution 2.0 Generic license:
https://creativecommons.org/licenses/by/2.0/deed.en
https://commons.wikimedia.org/wiki/File:Hobbit_holes_reflected_in_water.jpg
https://commons.wikimedia.org/wiki/File:The_Hobbit_-_Smaug.jpg
Except the ring, which is public domain and/or very, very permissive:
https://commons.wikimedia.org/wiki/File:Unico_Anello.png
Mirkwood and the Caverna Morro ..., licensed under:
https://creativecommons.org/licenses/by-sa/3.0/deed.en
https://commons.wikimedia.org/wiki/File:Mirkwood_-_entrance.jpg
https://commons.wikimedia.org/wiki/File:Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG
The Troll sign ispublic domain:
https://de.wikipedia.org/wiki/Datei:Trollschild.jpg
And the logos, which are under their respective licenses. The compilation made by Holger is CC-SA 4.0 intl.
Eye of sauron:
https://creativecommons.org/licenses/by-sa/4.0/deed.en
https://en.wikipedia.org/wiki/File:Ring-eye-sauron.gif
reprobuilds-display from Jelle is under MIT:
https://github.com/jelly/reproduciblebuilds-display
stats_pkg_state has been generated by code licensed under GPL2, written by Holger and was downloaded from:
https://tests.reproducible-builds.org/debian/unstable/amd64/stats_pkg_state.png
hobbit-on-a-barrel.jpeg used under fair use.
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/1280px-Caverna-Morro-Preto-Parque_Estadual_Alto_Ribeira-Iporanga-Brasil.JPG
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/345px-Mirkwood_-_entrance.jpg 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/345px-Mirkwood_-_entrance.jpg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/640px-The_Hobbit_-_Smaug.jpg 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/640px-The_Hobbit_-_Smaug.jpg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/800px-Hobbit_holes_reflected_in_water.jpg 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/800px-Hobbit_holes_reflected_in_water.jpg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/887px-Unico_Anello.png 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/887px-Unico_Anello.png
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/Ring-eye-sauron.png 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/Ring-eye-sauron.png
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/Trollschild.jpg 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/Trollschild.jpg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/aranha.jpg 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/aranha.jpg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/diffoscope.png 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/diffoscope.png
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/hobbit-on-a-barrel.jpeg 0 → 120000
View file @ 26f99cf5
../../2019-11-16-SeaGL-There-and-Back-Again-Reproducibly/images/hobbit-on-a-barrel.jpeg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/r-b-projects.png 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/r-b-projects.png
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/r-b-projects.xcf 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/r-b-projects.xcf
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/reprobuilds-display.jpeg 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/reprobuilds-display.jpeg
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/reproducible-builds.png 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/reproducible-builds.png
\ No newline at end of file
2020-03-08-SCALE-There-and-Back-Again-Reproducibly/images/vagrantupsidedown.png 0 → 120000
View file @ 26f99cf5
../../2019-08-04-Linuxdev-BR-There-and-Back-Again-Reproducibly/images/vagrantupsidedown.png
\ No newline at end of file