Commit aa208646 authored by Holger Levsen's avatar Holger Levsen

berlin2016: some more formatting fixes

Signed-off-by: Holger Levsen's avatarHolger Levsen <holger@layer-acht.org>
parent f8e18b67
......@@ -81,7 +81,7 @@ Day 2
- **How to use emacs**
- **How to run a start-up**
- **How to apply for funding from CII**
- **How to improve cross-distro packaging https://maintainer.zq1.de**
- **How to improve cross-distro packaging [https://maintainer.zq1.de](https://maintainer.zq1.de)**
- **How (not) to use iframes on awesome webpages *reproducible-bla.org**
- **How to sign code in git (and correctly verify the signatures)**
- **Ask me anything about building on OSX**
......
......@@ -129,7 +129,8 @@ SKILL SHARE
- What variables are (surprising) variables affecting builds? (3)
- Find argument for/against different ways how pkgs built
- Find the best way of making various packages reproducible
- https://maintainer.zq1.de/
- [https://maintainer.zq1.de/](https://maintainer.zq1.de/)
LEGAL AND LAW
......
......@@ -37,7 +37,7 @@ permalink: /events/berlin2016/bootstrapping/
* NixOS
* Java is bootstrapped with a custom maintainer build of the JDK
* Haskell: chain of three different builds to get to the latest version: https://github.com/NixOS/nixpkgs/issues/19926
* Haskell: chain of three different builds to get to the latest version: [https://github.com/NixOS/nixpkgs/issues/19926](https://github.com/NixOS/nixpkgs/issues/19926)
* Guix
* Java is bootstrapped from GCJ -> IcedTea 6 –> IcedTea7 –> IcedTea8
......@@ -59,26 +59,25 @@ permalink: /events/berlin2016/bootstrapping/
* Rather than depend on more binary blobs, throw more CPU time at it, e.g. by emulating an x86 CPU with qemu and then work from there.
* Need to reach out to compiler developers: make sure that there’s a non-self-hosted path to build the first compiler — find cooperative people in compiler projects to “bootstrap” a bootstrapping project
* try to depend only on the smallest C compiler possible
* e.g. [[http://www.landley.net/code/tinycc/][tinycc]], [[http://pcc.ludd.ltu.se/][pcc]], [[http://www.landley.net/qcc/][qcc]]
* e.g. [tinycc](http://www.landley.net/code/tinycc/), [pcc](http://pcc.ludd.ltu.se/), [qcc](http://www.landley.net/qcc/)
* coreboot folks have a simple C compiler RAMCC(?)
* register http://bootstrappable.org, collect stories there!
* register [http://bootstrappable.org](http://bootstrappable.org), collect stories there!
*** motivation: collect examples of backdoored compilers
* toy example: https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/
* ken thompson: reflections on trusting trust
* "Defending Against Compiler-Based Backdoors"
http://blog.regehr.org/archives/1241
* PoC||GTFO
https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf
* toy example: [https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/](https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/)
* Ken Thompson: reflections on trusting trust
* "Defending Against Compiler-Based Backdoors" [http://blog.regehr.org/archives/1241](http://blog.regehr.org/archives/1241)
* PoC/GTFO [https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf](ttps://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf)
* TODO: need more!
*** Examples
- e.g. the bootstrap chain for GCC –> GCJ –> IcedTea 6 –> IcedTea7 in Guix
- GNU Make doesn’t need make but just a bash script
- Cook
- Guile Scheme: includes an interpreter written in C.
- Bazel needs Bazel to build itself, *but* you can build a minimal variant of Bazel with a shell script that runs =javac= on all Java sources, etc
* Examples
- e.g. the bootstrap chain for GCC –> GCJ –> IcedTea 6 –> IcedTea7 in Guix
- GNU Make doesn’t need make but just a bash script
- Cook
- Guile Scheme: includes an interpreter written in C.
- Bazel needs Bazel to build itself, *but* you can build a minimal variant of Bazel with a shell script that runs =javac= on all Java sources, etc
* Ant, needs itself but can be build with plain Java
*** best practises
* best practises
* don’t throw old code away (to allow for a bootstrapping chain)
* have an alternative implementation backend (e.g. written in C or in a language that traces back to C eventually) — simplifies porting
*** Call for Action!
......@@ -137,14 +136,13 @@ If your compiler is written in the language that it's compiling
If other implementations of this programming language exist, please make
sure your compiler can be built with one of these. Examples include:
- The Go programming language has two implementations: [[https://golang.org/][the reference
implementation]] is self-hosted, and that in [[https://gcc.gnu.org][GCC]] is written in C++.
- The Go programming language has two implementations: [the reference implementation](https://golang.org/) is self-hosted, and that in [GCC](https://gcc.gnu.org) is written in C++.
(TODO: check if we can build one with the other) Furthermore,
version 1.4 of the reference implementation was written in a
different language and can be used to build version 1.5.
- Common Lisp has several implementations. Notably [[http://www.clisp.org/][GNU clisp]] is
- Common Lisp has several implementations. Notably [GNU Clisp](http://www.clisp.org/) is
written and C and can be used to build self-hosted implementations
such as [[http://www.sbcl.org/][SBCL]].
such as [SBCL](http://www.sbcl.org/).
If your compiler targets a language for which no other implementation
exists, then please consider maintaining a (minimal) implementation of
......@@ -157,9 +155,7 @@ simple—it does not need to be optimized.
Examples include:
- [[https://gnu.org/software/guile][GNU Guile]], a Scheme implementation with a self-hosted compiler,
relies on an [[http://git.savannah.gnu.org/cgit/guile.git/tree/libguile/eval.c][Scheme interpreter written in C]] for bootstrapping
purposes.
- [GNU Guile](https://gnu.org/software/guile), a Scheme implementation with a self-hosted compiler, relies on an [Scheme interpreter written in C](http://git.savannah.gnu.org/cgit/guile.git/tree/libguile/eval.c) for bootstrapping purposes.
Please let us know if you’d like to add your compiler to this list!
......@@ -172,14 +168,10 @@ provide an alternative way to build your build system.
Examples include:
- [[https://gnu.org/software/make][GNU Make]] does not require a ‘make’ implementation. It can be built
using a [[http://git.savannah.gnu.org/cgit/make.git/tree/build.template][shell script]].
- [[http://ant.apache.org/][Apache Ant]] can bootstrap with a [[https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob;f=bootstrap.sh;h=60b6ece03ce78716bc036a44226f4934b541f326;hb=HEAD][shell script]]
that only relies on the Java compiler.
- [[https://bazel.build/][Bazel]] does not require Bazel to build itself but
can be boostrapped with a [[https://github.com/bazelbuild/bazel/blob/master/compile.sh][shell script]].
- [[https://buckbuild.com/][Buck]] does not require Buck to build itself. Instead, it can be
built using [[https://github.com/facebook/buck/blob/master/build.xml][Ant]].
- [GNU Make](https://gnu.org/software/make) does not require a ‘make’ implementation. It can be built using a [shell script](http://git.savannah.gnu.org/cgit/make.git/tree/build.template).
- [Apache Ant](http://ant.apache.org/) can bootstrap with a [shell script](https://git-wip-us.apache.org/repos/asf?p=ant.git;a=blob;f=bootstrap.sh;h=60b6ece03ce78716bc036a44226f4934b541f326;hb=HEAD) that only relies on the Java compiler.
- [Bazel](https://bazel.build/) does not require Bazel to build itself but can be boostrapped with a [shell script](https://github.com/bazelbuild/bazel/blob/master/compile.sh).
- [Buck](https://buckbuild.com/) does not require Buck to build itself. Instead, it can be built using [Ant](https://github.com/facebook/buck/blob/master/build.xml).
Build system, compared to compiler, do not need to write a full
language compiler of its language to bootstrap. A really slow and
......@@ -221,7 +213,7 @@ https://upstream-compiler.example.org/upstream-compiler-20161211-x86_64-linux.ta
TODO: provide an example of how we do this / are going to do this in
Nixpkgs / Guix / ...?
http://git.savannah.gnu.org/cgit/guix.git/commit/?id=062134985802d85066418f6ee2f327122166a567
[http://git.savannah.gnu.org/cgit/guix.git/commit/?id=062134985802d85066418f6ee2f327122166a567](http://git.savannah.gnu.org/cgit/guix.git/commit/?id=062134985802d85066418f6ee2f327122166a567)
* Collaboration projects
......@@ -255,11 +247,7 @@ implementations?
* For users
As a user, bootstrappable implementations, together with [[https://reproducible-builds.org][reproducible
builds]], provide confidence that you are running the code you expect to
be running. Its source code is auditable by the developer community,
which in turns provides reassurance that the code you’re running does
not have backdoors.
As a user, bootstrappable implementations, together with [https://reproducible-builds.org](https://reproducible-builds.org) provide confidence that you are running the code you expect to be running. Its source code is auditable by the developer community, which in turns provides reassurance that the code you’re running does not have backdoors.
* For distributors
......@@ -280,4 +268,3 @@ binaries exist yet.
Try building gcc using gcc-4.7 <-- this already works (we used GCC 4.7 some months ago in Guix, but updated later for unrelated reasons)
Try building GCC 4.7 with TinyCC
-
......@@ -37,7 +37,7 @@ r-b-general seems to be OK - but needs to be more widely advertised.
* Docs are going to include a "Get Involved" page aimed at distro folks. This needs to be part of that.
Problem that all the current r-b infrastructure is hosted on Debian. In order to get involved, you need to know Debian process: what channels to use, how to file bugs. It's a barrier to entry. Documentation could also help with this - although that still leaves a perceptual barrier to entry. Something Forge-like would be more friendly - Something that consolidates all the work in a single place. Fedora used to have FedoraHosted; now it has https://pagure.io/.
Problem that all the current r-b infrastructure is hosted on Debian. In order to get involved, you need to know Debian process: what channels to use, how to file bugs. It's a barrier to entry. Documentation could also help with this - although that still leaves a perceptual barrier to entry. Something Forge-like would be more friendly - Something that consolidates all the work in a single place. Fedora used to have FedoraHosted; now it has [https://pagure.io/](https://pagure.io/).
Some discussion about the usability of bugs.debian.org - Submitting bugs is too hard.
......@@ -60,7 +60,7 @@ Can share the buildinfo database. e.g., generalize buildinfo.debian.net. This
## Cross-distro patch tracking
issues-and-notes.yaml - Stored in a Git repository that lists distro-specific issues
https://maintainer.zq1.de - Bernhard's site that shows the version of a package in each distro, with links to source repos and patch trackers (todo: bug-trackers?)
[https://maintainer.zq1.de](https://maintainer.zq1.de) - Bernhard's site that shows the version of a package in each distro, with links to source repos and patch trackers (todo: bug-trackers?)
Unrelated cross-distro MLs
[https://lists.linaro.org/mailman/listinfo/cross-distro](https://lists.linaro.org/mailman/listinfo/cross-distro) ARM-specific?
......
......@@ -26,7 +26,7 @@ permalink: /events/berlin2016/diffoscope/
- We should have a hack session on parallel diffoscope.
### Marketing/Docs/Undebianization
- https://try.diffoscope.org should be more well-known; it helpfully has a number of optional stuff for uncommon formats installed already.
- [https://try.diffoscope.org](https://try.diffoscope.org) should be more well-known; it helpfully has a number of optional stuff for uncommon formats installed already.
- Get the word out for non-reproducibility use cases like comparing across versions for updates or due diligence before deployment.
- The bug tracking happens at the Debian bugtracker. That should be more visible. The website should have a "how to report bugs" section for people not familiar with the Debian bug tracker.
......
......@@ -43,12 +43,12 @@ distro / project-specific pages!
* find a list of contacts for these projects and propose them to add information to the website or to send a link to their documentation,
* also ask them to add a contact for RB who people can talk to
* Debian: https://lists.reproducible-builds.org/listinfo/rb-general, #debian-reproducible @ OFTC
* Debian: [https://lists.reproducible-builds.org/listinfo/rb-general](https://lists.reproducible-builds.org/listinfo/rb-general), IRC: #debian-reproducible @ OFTC
* ArchLinux
* Baserock
* Bitcoin
* Coreboot: ask lynxis
* ElectroBSD: https://archive.fosdem.org/2016/schedule/event/electrobsd/
* ElectroBSD: [https://archive.fosdem.org/2016/schedule/event/electrobsd/](https://archive.fosdem.org/2016/schedule/event/electrobsd/)
* F-Droid
* FreeBSD: -> email alias or ML to be provided (reproducibility@FreeBSD.org)
* Fedora
......@@ -103,7 +103,7 @@ Get involved page
-----------------
* A "Get involved" page should be created
* it should link to Currently Unresolved Issues
* see https://wiki.debian.org/ReproducibleBuilds/Contribute for an out-of-date list of stuff we had before
* see [https://wiki.debian.org/ReproducibleBuilds/Contribute](https://wiki.debian.org/ReproducibleBuilds/Contribute) for an out-of-date list of stuff we had before
FAQ
---
......@@ -143,15 +143,15 @@ How to get involved?
Talks
-----
* http://www.bsdcan.org/2016/schedule/events/714.en.html
* https://archive.fosdem.org/2016/schedule/event/reproducible_freebsd_packages/
* https://osem.seagl.org/conference/seagl2016/program/proposal/166
* OpenWrt/LEDE: video: https://www.youtube.com/watch?v=Y1D706JCISw, slides: https://people.debian.org/~holger/2016-10-13-OpenWrt-Summit.pdf
* DebConf16: https://debconf16.debconf.org/talks/7/
* LibrePlanet: https://media.libreplanet.org/u/libreplanet/collection/beyond-reproducable-builds/
* [http://www.bsdcan.org/2016/schedule/events/714.en.html](http://www.bsdcan.org/2016/schedule/events/714.en.html)
* [https://archive.fosdem.org/2016/schedule/event/reproducible_freebsd_packages/](https://archive.fosdem.org/2016/schedule/event/reproducible_freebsd_packages/)
* [https://osem.seagl.org/conference/seagl2016/program/proposal/166](https://osem.seagl.org/conference/seagl2016/program/proposal/166)
* OpenWrt/LEDE: video: [https://www.youtube.com/watch?v=Y1D706JCISw](https://www.youtube.com/watch?v=Y1D706JCISw), slides: [https://people.debian.org/~holger/2016-10-13-OpenWrt-Summit.pdf](https://people.debian.org/~holger/2016-10-13-OpenWrt-Summit.pdf)
* DebConf16: [https://debconf16.debconf.org/talks/7/](https://debconf16.debconf.org/talks/7/)
* LibrePlanet: [https://media.libreplanet.org/u/libreplanet/collection/beyond-reproducable-builds/](https://media.libreplanet.org/u/libreplanet/collection/beyond-reproducable-builds/)
tools
Tools
------
* where to find the tools
......
......@@ -22,7 +22,7 @@ permalink: /events/berlin2016/documentationIII/
### FAQ
* Collecting FAQ points from lamby's specific "how to make x tool reproducible"
* [https://anonscm.debian.org/cgit/reproducible/presentations.git/tree/2015-08-20-DebConf15/2015-08-20-DebConf15.tex#n534]( https://anonscm.debian.org/cgit/reproducible/presentations.git/tree/2015-08-20-DebConf15/2015-08-20-DebConf15.tex#n534)
* [https://anonscm.debian.org/cgit/reproducible/presentations.git/tree/2015-08-20-DebConf15/2015-08-20-DebConf15.tex#n534](https://anonscm.debian.org/cgit/reproducible/presentations.git/tree/2015-08-20-DebConf15/2015-08-20-DebConf15.tex#n534)
* Add link under revelant questions in the FAQ to existing parts of the reproducible-builds.org documentation page
* Under each "persona" add a "why should I care?" with a brief answer that relates to them and a link to the "buy-in" page of the documentation
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment