Fix various typos

parent b71b3d67
......@@ -14,7 +14,7 @@ Reproducible Builds Hackathon Hamburg 2017
The [Reproducible Builds Hamburg Hackathon
2017](https://wiki.debian.org/ReproducibleBuilds/HamburgHackathon2017) (or
RB-HH-2017 for short) is a 3-day hacking event taking place May 5th-7th in the CCC Hamburg
Hackerspace inside Frappant, as collective art space located witin a
Hackerspace inside Frappant, as collective art space located within a
historical monument in Hamburg, Germany. The event is open to everyone and
we still have some free seats. If you wish to attend, please register your
interest as soon as possible.
......
......@@ -36,7 +36,7 @@ Some of the things we worked on:
- Phil Hands came by to say hi and worked on testing [d-i on jenkins.debian.net](https://jenkins.debian.net/view/lvc).
- Chris West (Faux) worked on extending `misc.git:has-only.py`, and started looking at Britney.
We had a Debian focussed meeting where we discussed a number of topics:
We had a Debian focused meeting where we discussed a number of topics:
- IRC meetings: yes, we want to try again to have them, monthly, a poll for a good date is being held.
- Debian tests post Stretch: we'll add tests for stable/Stretch.
......
......@@ -77,7 +77,7 @@ tests.reproducible-builds.org
Holger wrote a new systemd-based scheduling system replacing 162 constantly running Jenkins jobs which were slowing down job execution in general:
- Nothing fancy really, just 370 lines of shell code in two scripts, out of these 370 lines 80 are comments and 162 are node defitions for those 162 "jobs".
- Nothing fancy really, just 370 lines of shell code in two scripts, out of these 370 lines 80 are comments and 162 are node definitions for those 162 "jobs".
- Worker logs not yet as good as with Jenkins but usually we don't need real time log viewing of specific builds. Or rather, its a waste of time to do it. (Actual package build logs remain unchanged.)
- Builds are a lot faster for the fast archs, but not so much difference on `armhf`.
- Since April 12 for `i386` (and a week later for the rest), the images below are ordered with `i386` on top, then `amd64`, `armhf` and `arm64`. Except for `armhf` it's pretty visible when the switch was made.
......
......@@ -49,7 +49,7 @@ determinitiscally](https://github.com/Homebrew/homebrew-core/pull/14860) for
Homebrew, a package manager for MacOS.
Dan Kegel worked on using `SOURCE_DATE_EPOCH` and other reproduciblity fixes
[in fpm](https://github.com/jordansissel/fpm/pull/1360), a multi plattform
[in fpm](https://github.com/jordansissel/fpm/pull/1360), a multi platform
package builder.
The Fedora Haskell team [disabled parallel
......
......@@ -124,7 +124,7 @@ tests.reproducible-builds.org
- Merging all the above commits.
- Added a check for (known) Jenkins zombie jobs and report them. (This is an long known problem with jenkins; deleted jobs sometimes come back…)
- Upgraded the remaining `amd64` nodes to `stretch`.
- Accidentially purged `postgres-9.4` from jenkins, so we could test our backups ;-)
- Accidentally purged `postgres-9.4` from jenkins, so we could test our backups ;-)
- Updated our stretch upgrade TODOs.
Misc.
......
......@@ -44,7 +44,7 @@ easier for packages to meet it.
* Holger Levsen [wrote a blog post](https://layer-acht.org/thinking/blog/20170812-reproducible-policy/)
briefly describing the background and implications of this. To quote him: "we are *not 94% done* yet, rather more like half done or so. We still need tools and processes to *enable anyone to indepently verify* that a given binary comes from the sources it is said to be coming, this will involve distributing `.buildinfo` files and providing user interfaces in APT and elsewhere and probably also systematic rebuilds by us and other parties. And 6% or 7% of the archive is still a lot of packages, eg. in Buster we currently still have [273 unreproducible key packages](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_key_packages.html) and for a large part we don't have patches yet so there is still a lot of work ahead."
briefly describing the background and implications of this. To quote him: "we are *not 94% done* yet, rather more like half done or so. We still need tools and processes to *enable anyone to independently verify* that a given binary comes from the sources it is said to be coming, this will involve distributing `.buildinfo` files and providing user interfaces in APT and elsewhere and probably also systematic rebuilds by us and other parties. And 6% or 7% of the archive is still a lot of packages, eg. in Buster we currently still have [273 unreproducible key packages](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_key_packages.html) and for a large part we don't have patches yet so there is still a lot of work ahead."
* There were discussion threads on [Hacker News](https://news.ycombinator.com/item?id=15010438)
and [Reddit](https://www.reddit.com/r/debian/comments/6touxc/new_debian_policy_packages_should_be_reproducible/).
* Our long-term goal is that Policy mandates that packages "must" be reproducible, but for that we need to show further progress and also reach a consensus on `.buildinfo` files and much more.
......
......@@ -94,7 +94,7 @@ strip-nondeterminism development
--------------------------------
- Chris Lamb:
- [Log which handler procesed a file.](https://salsa.debian.org/reproducible-builds/strip-nondeterminism.git/commit/?id=aa9c311) (Closes: [#876140](https://bugs.debian.org/876140))
- [Log which handler processed a file.](https://salsa.debian.org/reproducible-builds/strip-nondeterminism.git/commit/?id=aa9c311) (Closes: [#876140](https://bugs.debian.org/876140))
- [Bump Standards-Version to 4.1.0.](https://salsa.debian.org/reproducible-builds/strip-nondeterminism.git/commit/?id=d17ee5b)
......
......@@ -145,7 +145,7 @@ reproducible Arch Linux:
- Bug fixes:
- [Don't fail the build if `PKGBUILD` cannot be sourced](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=b128725f)
- [Also detect `==> ERROR: Failure while creating working copy` as a download failure](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=100e1b44)
- [Dont use `sudo` if `-u root` works](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=f049c47b)
- [Don't use `sudo` if `-u root` works](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=f049c47b)
- [Cleanup files before the next build](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=cb3a5085)
- Alerting:
- [Conditionally shorten IRC messages](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=4a373f6c)
......@@ -154,7 +154,7 @@ reproducible Arch Linux:
- [Log which old packages have been rescheduled](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=cf8d1e3b)
- [Output number of currently scheduled packages](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=ba1c68b8)
- [Show blacklisted packages](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=5cea6adc)
- [Correctly create pkg.html for blacklisted packages we dont know anything about](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=7e7e05c0)
- [Correctly create pkg.html for blacklisted packages we don't know anything about](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=7e7e05c0)
- Misc:
- Blacklist management: [Refactoring, blacklist core/gnutls](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=16f54f61) and blacklist [ltrace](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=d69dcea2)
- [Add pointer to a patch we want to see merged](https://anonscm.debian.org/git/qa/jenkins.debian.net.git/commit/?id=ba7a2bf0)
......
......@@ -103,7 +103,7 @@ reproducible-website development
- [Add group photo](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d0a4fa2)
- [Cleanup some markup](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/38e7bdc)
- [Link agenda brains-torming session](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a303994)
- [Seperate ogo-design notes](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c2afe16)
- [Separate ogo-design notes](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/c2afe16)
- [Move agenda to its own page](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/489a42c)
- [Add archive-formats notes](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b7513c2)
- [Include PDF version of report by Aspiration and link to it](https://salsa.debian.org/reproducible-builds/reproducible-website/commit/14689b9)
......
......@@ -23,7 +23,7 @@ Packages reviewed and fixed, and bugs filed
* Bernhard M. Wiedemann:
* [vit](https://github.com/scottkosty/vit/commit/71fd605a75551506115e5ab71dc4b20fe8d84576) (merged, time)
* [cpython](https://github.com/python/cpython/pull/5200) (replacing old .pyc mtime aproach for python-3.7 - nearly accepted, needs testing)
* [cpython](https://github.com/python/cpython/pull/5200) (replacing old .pyc mtime approach for python-3.7 - nearly accepted, needs testing)
* [cpython tarfile/zipfile](https://github.com/python/cpython/pull/2263) (finally getting some love)
During reproducibility testing, 83 FTBFS bugs have been detected and reported by Adrian Bunk.
......@@ -42,7 +42,7 @@ diffoscope development
- In the elf test, [return `0` as the version if we can't parse one](https://salsa.debian.org/reproducible-builds/diffoscope/commit/34b54b4)
Furthermore Juliana Oliveira has been working on a separated branch on
parallizing diffoscope.
parallelizing diffoscope.
jenkins.debian.net development
------------------------------
......
......@@ -9,7 +9,7 @@ Here's what happened in the [Reproducible Builds](https://reproducible-builds.or
Media coverage
--------------
* On Febuary 7th, Christos Zoulas gave at talk entitled [Reproducible builds on NetBSD](http://www.nycbug.org/index.cgi?action=view&id=10657) at the [New York City \*BSD User Group](http://www.nycbug.org/).
* On February 7th, Christos Zoulas gave at talk entitled [Reproducible builds on NetBSD](http://www.nycbug.org/index.cgi?action=view&id=10657) at the [New York City \*BSD User Group](http://www.nycbug.org/).
Packages reviewed and fixed, and bugs filed
......
......@@ -67,7 +67,7 @@ There were a number of changes to our [Jenkins](https://jenkins.io/)-based testi
* Holger Levsen:
* [Dont (additionally) compress `Packages.gz`](https://salsa.debian.org/qa/jenkins.debian.net/commit/22c41491).
* [Don't (additionally) compress `Packages.gz`](https://salsa.debian.org/qa/jenkins.debian.net/commit/22c41491).
* Mattia Rizzolo:
......
......@@ -43,14 +43,14 @@ There were a large number of changes to our [Jenkins](https://jenkins.io/)-based
* [Correct "which build timed out" grammar](https://salsa.debian.org/qa/jenkins.debian.net/commit/30a24438).
* Mattia Rizzolo:
* Improve our script handling the databse schema updates ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/26739d90), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/cb6b2f90), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/01ac367e)).
* Improve our script handling the database schema updates ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/26739d90), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/cb6b2f90), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/01ac367e)).
* Normalize the status names as the code sees them: ["not for us" and "not_for_us" to "NFU"](https://salsa.debian.org/qa/jenkins.debian.net/commit/09012516), ["unreproducible" to "FTBR"](https://salsa.debian.org/qa/jenkins.debian.net/commit/ccc94fcf), [and rename "404" to "E404"](https://salsa.debian.org/qa/jenkins.debian.net/commit/ca3416d7).
* [Introduce a new "Status" enum](https://salsa.debian.org/qa/jenkins.debian.n
et/commit/187636a0) and use it ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/92b6fa82), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/6a18da2e), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/dfffafb2), [4](https://salsa.debian.org/qa/jenkins.debian.net/commit/6f71ed16)).
* [Reschedule stale builds, instead of dropping them](https://salsa.debian.org/qa/jenkins.debian.net/commit/99cdf49a).
* [list packages in all status in the issues pages](https://salsa.debian.org/qa/jenkins.debian.net/commit/f6dfd246).
* [Error out when `psql` fails](https://salsa.debian.org/qa/jenkins.debian.net/commit/3cb06dd7).
* Varius improvements to the build script ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/0470f48c), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/0470f48c), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/84dffbff), [4](https://salsa.debian.org/qa/jenkins.debian.net/commit/53e059fd), [5](https://salsa.debian.org/qa/jenkins.debian.net/commit/e7cde572), [6](https://salsa.debian.org/qa/jenkins.debian.net/commit/bdaff5af)), and especially:
* Various improvements to the build script ([1](https://salsa.debian.org/qa/jenkins.debian.net/commit/0470f48c), [2](https://salsa.debian.org/qa/jenkins.debian.net/commit/0470f48c), [3](https://salsa.debian.org/qa/jenkins.debian.net/commit/84dffbff), [4](https://salsa.debian.org/qa/jenkins.debian.net/commit/53e059fd), [5](https://salsa.debian.org/qa/jenkins.debian.net/commit/e7cde572), [6](https://salsa.debian.org/qa/jenkins.debian.net/commit/bdaff5af)), and especially:
* [change the way ftbfs are handled](https://salsa.debian.org/qa/jenkins.debian.net/commit/fda61fc7) making the remote script exit with a clear error, instead of inferring the FTBFS status by the lack of build artifacts.
* [apply the 120m timeout directly to diffoscope instead of the wrapping schroot](https://salsa.debian.org/qa/jenkins.debian.net/commit/a903dd7b) in a tentative to reduce the schroot errors.
* [differentiate the irc message between diffoscope errors and timeouts](https://salsa.debian.org/qa/jenkins.debian.net/commit/bae726d3) (and [fixup](https://salsa.debian.org/qa/jenkins.debian.net/commit/0b123b98)).
......
......@@ -39,7 +39,7 @@ Packages reviewed and fixed, and bugs filed
* [infinipath-psm](https://build.opensuse.org/request/show/622529) (date, use `SOURCE_DATE_EPOCH`)
* [lam](https://build.opensuse.org/request/show/621765) (fix date and hostname)
* [legion](https://build.opensuse.org/request/show/621947) (drop march=native)
* [librsb](https://build.opensuse.org/request/show/622196) (dont store compile CPU cache details)
* [librsb](https://build.opensuse.org/request/show/622196) (don't store compile CPU cache details)
* [linux-glibc-devel](https://build.opensuse.org/request/show/622351) (`uname -r`)
* [lv2](https://build.opensuse.org/request/show/621773) (use upstreamed patches)
* [opa-fm](https://build.opensuse.org/request/show/622572) (date, use `SOURCE_DATE_EPOCH`)
......
......@@ -14,7 +14,7 @@ Here's what happened in the [Reproducible Builds](https://reproducible-builds.or
* A number of Reproducible Builds team were presenting at [DebConf18](https://debconf18.debconf.org/) the annual Debian Developers conference. Benjamin Hof gave a talk titled [Software transparency: package security beyond signatures and reproducible builds](https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/)" and there was also a status update from the team entitled "[Reproducible Buster and beyond](https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/)". These, and many more talks, are available [Resources](https://reproducible-builds.org/resources/) section of our website.
* Holger added the [Civil Infrastructure Plattform](https://www.cip-project.org/)'s key package list and their build-dependencies [to our testing framework](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_CIP.html)
* Holger added the [Civil Infrastructure Platform](https://www.cip-project.org/)'s key package list and their build-dependencies [to our testing framework](https://tests.reproducible-builds.org/debian/buster/amd64/pkg_set_CIP.html)
* Santiago Torres sent a [reminder that there's a reproducible builds IRC meeting](https://lists.reproducible-builds.org/pipermail/rb-general/2018-August/001095.html) on the [21th of August at 16:00 UTC](https://time.is/compare/1600_21_Aug_2018_in_UTC).
......
......@@ -69,7 +69,7 @@ There were a handful of updates to [diffoscope](https://diffoscope.org), our in-
* [Explicitly add `file` to the dependencies of the autopkgtests to have the tests triggered whenever the `file` package changes](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fc0ae56).
* Ricardo Gaviria:
* [Handle error when encrypted archive file is exctracted.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a6beb04). ([#904685](https://bugs.debian.org/904685))
* [Handle error when encrypted archive file is extracted.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/a6beb04). ([#904685](https://bugs.debian.org/904685))
jenkins.debian.net development
------------------------------
......
......@@ -6,7 +6,7 @@ published: 2018-08-27 16:09:03
Here's what happened in the [Reproducible Builds](https://reproducible-builds.org) effort between Sunday August 19 and Saturday August 25 2018:
* [Jelle van der Waa](https://vdwaa.nl/) gave a talk at [FroSCon 2018](https://www.froscon.de/news/froscon-2018/) titled [Arch Linux and Reproducible Builds](https://programm.froscon.de/2018/events/2321.html). ([PDF slides](https://programm.froscon.de/2018/system/event_attachments/attachments/000/000/509/original/Arch_Linux_Reproducible_Builds.pdf))
* [Jelle van der Waa](https://vdwaa.nl/) gave a talk at [FroSCon 2018](https://www.froscon.de/news/froscon-2018/) titled [Arch Linux and Reproducible Builds](https://program.froscon.de/2018/events/2321.html). ([PDF slides](https://program.froscon.de/2018/system/event_attachments/attachments/000/000/509/original/Arch_Linux_Reproducible_Builds.pdf))
* Daniel Kahn Gillmor provided two patches to [diffoscope](https://diffoscope.org) (our in-depth "diff-on-steroids" utility which helps us diagnose reproducibility issues in packages) to first [correct the spelling of "ereser"](https://salsa.debian.org/reproducible-builds/diffoscope/commit/3522476) and then to [avoid a line eraser error on dumb terminals](https://salsa.debian.org/reproducible-builds/diffoscope/commit/038ac84) ([#906967](htps://bugs.debian.org/906967)).
......
......@@ -63,7 +63,7 @@ diffoscope development
* Chris Lamb:
* [Prevent test failures when running under `stretch-backports` by checking the OCaml version number.](https://salsa.debian.org/reproducible-builds/diffoscope/commit/554c9a2). ( [#911846](https://bugs.debian.org/911846))
* [Add support for comparing PDF metadata using PyPDF2](https://salsa.debian.org/reproducible-builds/diffoscope/commit/4e7ba71). ([#911446](https://bugs.debian.org/911446))
* [Correct "didnt" typo in test utilities](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f5b3a7a).
* [Correct "didn't" typo in test utilities](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f5b3a7a).
* [Regenerate `debian/tests/control` with no material changes to "add" a regeneration comment](https://salsa.debian.org/reproducible-builds/diffoscope/commit/f8fc0ba).
* Mattia Rizzolo:
......
......@@ -56,7 +56,7 @@ Packages reviewed and fixed, and bugs filed
* Chris Lamb:
* [#912152](https://bugs.debian.org/912152) filed against [radon](https://tracker.debian.org/pkg/radon).
* [#912161](https://bugs.debian.org/912161) filed against [sword](https://tracker.debian.org/pkg/sword).
* ["Make the cache filenames determinstic"](https://lists.freedesktop.org/archives/fontconfig/2018-October/006374.html) for [fontconfig](https://www.freedesktop.org/wiki/Software/fontconfig/).
* ["Make the cache filenames deterministic"](https://lists.freedesktop.org/archives/fontconfig/2018-October/006374.html) for [fontconfig](https://www.freedesktop.org/wiki/Software/fontconfig/).
* Mathieu Parent:
* [#912340](https://bugs.debian.org/912340) filed against [samba](https://tracker.debian.org/pkg/samba).
......
......@@ -32,7 +32,7 @@ Toolchain fixes
* [#794241](https://bugs.debian.org/794241): export `SOURCE_DATE_EPOCH`. [Original patch](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794241;msg=5;filename=cdbs.diff;att=1) by akira
* [#764478](https://bugs.debian.org/764478): call dh_strip_nondeterminism if available. Original patch by Holger Levsen
* [libxslt](https://tracker.debian.org/pkg/libxslt) 1.1.28-3 has been uploaded to unstable by Mattia Rizzolo, fixing the following toolchain issues:
* [#823857](https://bugs.debian.org/823857): backport patch from upstream to provide stable IDs in the genrated documents.
* [#823857](https://bugs.debian.org/823857): backport patch from upstream to provide stable IDs in the generated documents.
* [#791815](https://bugs.debian.org/791815): Honour `SOURCE_DATE_EPOCH` when embedding timestamps in docs. [Patch](https://bugzilla.gnome.org/show_bug.cgi?id=758148) by Eduard Sanou.
Packages fixed
......
......@@ -122,7 +122,7 @@ tests.reproducible-builds.org
-----------------------
* Icons have been added to the [package test history pages](https://tests.reproducible-builds.org/rb-pkg/unstable/amd64/mosh.html) (h01ger).
* Test [performance](https://tests.reproducible-builds.org/index_performance.html) and [variation](https://tests.reproducible-builds.org/index_variations.html) pages have been splitted out of the [dashboard view](https://tests.reproducible-builds.org/index_dashboard.html) (h01ger).
* Test [performance](https://tests.reproducible-builds.org/index_performance.html) and [variation](https://tests.reproducible-builds.org/index_variations.html) pages have been split out of the [dashboard view](https://tests.reproducible-builds.org/index_dashboard.html) (h01ger).
* A [new pkg set](https://tests.reproducible-builds.org/unstable/amd64/pkg_set_maint_debian-med.html) has been added: packages maintained by [debian-med-packaging@l.a.d.o](https://qa.debian.org/developer.php?email=debian-med-packaging%40lists.alioth.debian.org) (h01ger).
* The *preliminary* results for testing have improved further:
* testing/amd64 has 20944 / *90.2%* reproducible packages now,
......
......@@ -16,7 +16,7 @@ Media coverage
Documentation update
--------------------
* The wiki page [TimestampsProposal](https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal) has been extended to cover more usage examples and to list more softwares supporting SOURCE_DATE_EPOCH. (Axel Beckert, Dhole and Ximin Luo)
* The wiki page [TimestampsProposal](https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal) has been extended to cover more usage examples and to list more software supporting SOURCE_DATE_EPOCH. (Axel Beckert, Dhole and Ximin Luo)
* h01ger started a [reference card for tools and information about reproducible builds](https://salsa.debian.org/reproducible-builds/reference-card.git) but hasn't progressed much yet. Help with it is much welcome, this is also a good opportunity to learn about this project ;-) The idea is simply to have one coherent place with pointers to all the stuff we have and provide, without repeating nor replacing other documentation.
Toolchain fixes
......
......@@ -204,7 +204,7 @@ to allow reproducible builds of the kfreebsd installer.
Ed Maste [committed a patch to FreeBSD's
binutils](https://svnweb.freebsd.org/ports?view=revision&revision=416639) to
enable determinstic archives by default in GNU ar.
enable deterministic archives by default in GNU ar.
Helmut Grohne
[experimented](https://anonscm.debian.org/cgit/users/helmutg/rebootstrap.git/commit/?id=12d820314bcb459131eebc55e22a48e545acb0b5)
......
......@@ -160,7 +160,7 @@ tests.reproducible-builds.org
Debian:
- Since we introduced [build path variations for unstable and experimental](https://reproducible.alioth.debian.org/blog/posts/69/) last week, our IRC channel has been flooded with notifcations about packages becoming unreproducible - and [you might have noticed some of your packages having become unreproducible](https://tests.reproducible-builds.org/debian/issues/unstable/captures_build_path_issue.html) recently too. To make our IRC more bearable again, notifications for status changes on i386 and armhf have been disabled, so that now we only get notifications for status changes in unstable. (h01ger)
- Since we introduced [build path variations for unstable and experimental](https://reproducible.alioth.debian.org/blog/posts/69/) last week, our IRC channel has been flooded with notifications about packages becoming unreproducible - and [you might have noticed some of your packages having become unreproducible](https://tests.reproducible-builds.org/debian/issues/unstable/captures_build_path_issue.html) recently too. To make our IRC more bearable again, notifications for status changes on i386 and armhf have been disabled, so that now we only get notifications for status changes in unstable. (h01ger)
- Link to jenkins documentation in every page (h01ger)
- The "pre build" check, whether a node is up, now also detects if a node has a read-only filesystem, which sometimes happens on some broken armhf nodes. (h01ger)
- To further improve monitoring of those armhf nodes Work to make them send mails (through an ISP which is blocking outgoing mails) has been started and should be finished next week. (h01ger)
......
......@@ -117,7 +117,7 @@ reprotest development
- [Flush so subprocess output is guaranteed to appear later](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=c1b17ed)
- [Don't error if the build command generates stderr](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=49e67ca)
- [Default tests to run on "null" only since it takes effort to set up the others](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=07ec6d1)
- [hey dawg i herd u liek tests so i put some tests in ur tests so u can test while u test](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=28937c1)
- [hey dawg i herd u like tests so i put some tests in ur tests so u can test while u test](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=28937c1)
- [Make no\_clear\_on\_error optional; we don't want to pass it in everywhere e.g. tests](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=2ea325f)
- [Output a nice big obvious summary at the end when successful](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=77219d8)
- [Don't repeat documentation in two different places, move it all to --help](https://salsa.debian.org/reproducible-builds/reprotest.git/commit/?id=714cf5b)
......
......@@ -43,7 +43,7 @@ Reviews of unreproducible packages
31 package reviews have been added, 27 have been updated and over 20 have been removed in this week,
adding to our knowledge about [identified issues](https://tests.reproducible-builds.org/debian/index_issues.html).
3 issue types have been addded:
3 issue types have been added:
- [ghc\_captures\_build\_path\_via\_tempdir](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/d983dee)
- [dict\_ordering\_in\_python\_alabaster\_sphinx\_theme\_extra\_nav\_links](https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/ea3ef2d)
......
......@@ -135,7 +135,7 @@ tests.reproducible-builds.org
* Debian:
* An [index of our usertagged bugs](https://tests.reproducible-builds.org/debian/index_bugs.html) page was added by Holger after a Q+A session in Cambridge.
* Holger also setup two new i386 builders, build12+16, for >50% increased build performance. For this, we went from 18+17 cores on two 48GB machines to 10+10+9+9 cores on four 36GB ram machines… and from 16 to 24 builder jobs. Thanks to Profitbricks for providing us with all these ressources once more!
* Holger also setup two new i386 builders, build12+16, for >50% increased build performance. For this, we went from 18+17 cores on two 48GB machines to 10+10+9+9 cores on four 36GB ram machines… and from 16 to 24 builder jobs. Thanks to Profitbricks for providing us with all these resources once more!
* h01ger also tried to enable disorderfs again, but hit [#844498](https://bugs.debian.org/844498), which brought down the i386 builders, so he disabled it again. Next will be trying disorderfs on armhf or amd64, to see whether this bug also manifests there.
Misc.
......
......@@ -128,7 +128,7 @@ diffoscope development
- [Fix wording in comment](https://salsa.debian.org/reproducible-builds/diffoscope/commit/9d9fbd2)
- Baptiste Daroussin:
- [Improve portability by not relying on /dev/fd](https://salsa.debian.org/reproducible-builds/diffoscope/commit/fec9e97)
- [comparators/directory: add compatibily with FreeBSD's getfacl](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6812c22)
- [comparators/directory: add compatibility with FreeBSD's getfacl](https://salsa.debian.org/reproducible-builds/diffoscope/commit/6812c22)
reprotest development
---------------------
......
......@@ -136,7 +136,7 @@ The website is now also accessible via the
- [https://www.reproducible-builds.org](https://www.reproducible-builds.org)
- Chris Lamb:
- Various usability, style and wording improvements.
- Add Debconf15, Skroutz.gz and MiniDebconfCambridge15 talks to resouces page.
- Add Debconf15, Skroutz.gz and MiniDebconfCambridge15 talks to resources page.
tests.reproducible-builds.org
......
......@@ -51,13 +51,13 @@ Better examples:
*Wish*: Compiler implementors would provide a easily executable rewrite-semantics for their languages, for bootstrapping. But likely far too much effort. One selling point would be that it also helps bootstrapping on new architectures.
Certifcation for compilers: is there a way to certify compilers? Can we create a standard procedure for bootstrapping a compiler and providing a hash of a known good GCC 4.8 (+ `libc`, Make) binary, for example?
Certification for compilers: is there a way to certify compilers? Can we create a standard procedure for bootstrapping a compiler and providing a hash of a known good GCC 4.8 (+ `libc`, Make) binary, for example?
Should we try to encourage languages:
- To have two diverse compilers?
- To have a compiler written in C (which can then be verified)?
- To have an interpreter written in another lanuage? (This may be easier than a compiler)
- To have an interpreter written in another language? (This may be easier than a compiler)
- To create a compiler ring (A compiles B compiles C compiles A)?
**Task**: Investigate whether NetBSD can be fully diverse double-compiled.
......
......@@ -12,7 +12,7 @@ What we wanted to address:
* What should we have in the build info file?
* What currently affects the build but isn't documented?
* What explictily shouldn't affect the build and should we record that?
* What explicitly shouldn't affect the build and should we record that?
We ran through the existing `.buildinfo` specification and found a lot of terms
which meant different things to different people. “Architecture” is assumed to
......
......@@ -33,7 +33,7 @@ documentation currently available on `reproducible-builds.org` website.
and how to resolve them. “If you use this tool, these are the things you
need to think about”
- **missing**
* Contact opportunities/getting connected information on the website (mailling
* Contact opportunities/getting connected information on the website (mailing
list and/or IRC channel)
- *available*
* Slidedeck for someone running a class with motivation/pitfalls/solutions
......
......@@ -127,7 +127,7 @@ permalink: /events/berlin2016/2017lookahead/
- get gentoo on board!
- more distros and FLOSS OSes join reproducible builds
- OpenWrt & LEDE to 90% RB
- propietary software incorporating reproduciblity
- proprietary software incorporating reproduciblity
- first 100% reproducible OS (with packages too)
- reproducible pkg src packages
......@@ -152,7 +152,7 @@ permalink: /events/berlin2016/2017lookahead/
### Arch Linux
- write documention
- write documentation
- tools for users to verify reproducibility
- 100% reproducible core repo
......
......@@ -11,7 +11,7 @@ permalink: /events/berlin2016/RPM/
- Build service sign the binaries that get published to the mirror infrastructure
- Discussion point: signatures, you can copy signatures to on the newly built package to obtain the same package.
- OpenSUSE might still have MD5 in some places, Fedora has switched to SHA-256.
- for fedora "Mock" creates the environment and chroot, install build dependencies and build. So build is failing when missing depenency.
- for fedora "Mock" creates the environment and chroot, install build dependencies and build. So build is failing when missing dependency.
- Needs to set SOURCE_DATE_EPOCH? Timestamp will be different, but timestamp is in the spec file? A end-user might want to download a source package from anywhere.
### Problems in RPM?
......
......@@ -41,7 +41,7 @@ Day 1
* Proposals for hacking sessions to take place later in the afternoon:
- **SquashFS**
- **FreeBSD filesystems**
- **Pyton packages in git**
- **Python packages in git**
- **Gettext**
- **Make diffoscope deal with Android apks**
- **Markdowns**
......@@ -109,7 +109,7 @@ Day 2
- **Funding and CII**
- **RPM and hacking**
- **Nix build stuff to be incorporated with tests at [https://tests.reproducible-builds.org](https://tests.reproducible-builds.org)**
- **Boostrap test jenkins to replicate [https://tests.reproducible-builds.org](https://tests.reproducible-builds.org)**
- **Bootstrap test jenkins to replicate [https://tests.reproducible-builds.org](https://tests.reproducible-builds.org)**
- **Embedded images cross-distro**
* 16:30 Adjourn
......
......@@ -85,7 +85,7 @@ BUILD INFO (IMPLEMENTATION) / DEBIAN INFRASTRUCTURE
- implement/help with buildinfo distribution in Debian’s FTP (dak software)
- hack on debrebuild
- reach 100% r.b. for Debian pkg-pal packages
- how do debian bulid profiles and reproducibility fit together?
- how do debian build profiles and reproducibility fit together?
- question/Debian: building pkgs in contrib[?] reproducibly? Why do we not do it? :)
- collect remaining infrastructure issues for reprod. Debian
- how to make reproducible Debian chroot (get rid of non-deterministic post-installation stuff)? (2)
......
......@@ -87,7 +87,7 @@ this works
:actionitem:
### proposal: document examples of projects that have worked on RB.
- storytelling. What's the expected reponse: See that something is
- storytelling. What's the expected response: See that something is
happening? Gives a sense of the scale of RB.
- There should be talks and slides linked. Vagrant, Lunar, Torproject
etc. :actionitem:
......
......@@ -28,7 +28,7 @@ Ximin explains what diffoscope is, and shows us a demo.
Ximin shows us the code of reprotest. It's quite straight-forward.
reprotest can work using different virtual enviroments (ssh, qemu, lxc).
reprotest can work using different virtual environments (ssh, qemu, lxc).
automatic detection to build packages is only supported for Debian. More distro
build systems need to be included.
......
......@@ -37,14 +37,14 @@ permalink: /events/berlin2016/testinfrastructure/
6. other people doing reproducible tests and reporting back
* Holger wants them to provide yaml files
* lynxis thinks kernelci.org is cool -- has an API for accepting results of kernal builds and boots
* lynxis thinks kernelci.org is cool -- has an API for accepting results of kernel builds and boots
## raw minutes
* the other project problems using jenkins test set up
* cannot reproduce the test set up?
* simplier to replicate the jenkins test environment -- too many debian dependencies?
* simpler to replicate the jenkins test environment -- too many debian dependencies?
* bash scripts long and complicated -- maybe break out important parts so less intimidating to other potential contributors?
* debian test.reproducible-builds.org
......@@ -62,7 +62,7 @@ permalink: /events/berlin2016/testinfrastructure/
* lots and lots of talk about wanting to test jenkins
* what can we do right now:
* external test set up to feed to postgres
* jernalci project? linux kernal testing? hardware set up for reporting things back? make can use similar style api?
* jernalci project? linux kernel testing? hardware set up for reporting things back? make can use similar style api?
* other job: maybe create yaml and send tests.r-b.org to display. like tails? tails is builing iso twice and producing diffoscope result
### TAILS:
......@@ -73,7 +73,7 @@ permalink: /events/berlin2016/testinfrastructure/
* NOTES / YAML file
* want: cross distro notes
* currently SOME notes are debian specific
* CPE -- match names of packages accross distros -- unique idenfier of a package.
* CPE -- match names of packages across distros -- unique idenfier of a package.
......
......@@ -24,7 +24,7 @@ We assumed that for each distribution there would be a number of separate indepe
A re-builder would attempt to build new releases and determine whether they were truly reproducible.
A re-builder would need to have daemon that noticed new releases and built them and published signed build info
We assumed that by default each distrobution would publish a list of known re-builders.
We assumed that by default each distribution would publish a list of known re-builders.
Builders will be identified by their public key.
This list should be in the reproducible-only package.
......@@ -101,7 +101,7 @@ However, a lax implementation may decide that a low number,e.g 2 or 3 is suffici
The value depends how paranoid you are that the builders are not independent.
Rebuilders will take time to issue their signed buildinfos.
The higher the number, the longer the wait before sufficent signatures have been issued.
The higher the number, the longer the wait before sufficient signatures have been issued.
----
......
......@@ -10,7 +10,7 @@ permalink: /events/berlin2017/ReproducibleSummitIIIEventDocumentation/
### Event documentation
This is work in progress: currently this very document still contains notes, which shall all be moved to seperate pages at which point this URL will vanish and everything will be accessable via the **Agenda**
This is work in progress: currently this very document still contains notes, which shall all be moved to separate pages at which point this URL will vanish and everything will be accessible via the **Agenda**
#### Session Notes
#### Day 1
......@@ -129,7 +129,7 @@ Agenda brainstormin
- Have build scripts that are fully specified about versions of compilers, etc to use in a boostrap-chain.
**Note:** Trust is not transitive **(unlike a=b=c meaning a=c)** so if the sister of a friend knows someone who verified this it is not as much trust as **“I verified this”**. Possibly also beacause trusting someone very much translates to a factor of 0.9x thus for every level of indirection you lose some trust.
**Note:** Trust is not transitive **(unlike a=b=c meaning a=c)** so if the sister of a friend knows someone who verified this it is not as much trust as **“I verified this”**. Possibly also because trusting someone very much translates to a factor of 0.9x thus for every level of indirection you lose some trust.
**F-Droid:** using Debian binaries as much as possible because they are built from source and thus more trustworthy.
......@@ -154,7 +154,7 @@ Agenda brainstormin
- GHC (Haskell)
- Tust
- Trust
- Maven
......@@ -288,7 +288,7 @@ groovy -> gradle
###### Gradle depends on over 300 previous versions of itself.
- Try to go the if we can compile ourself corretly after skipping trough several steps. Git tags seems to be good indicators.
- Try to go the if we can compile ourself correctly after skipping trough several steps. Git tags seems to be good indicators.
Bootstrapping: Mapping the problem space
......@@ -339,7 +339,7 @@ Bootstrapping: Mapping the problem space
- Rest of the session was about constructing the build-dependency graph between compilers
- Partial dependecy graph of a GHC bootstrap path, early boostsrapping information at: <https://elephly.net/posts/2017-01-09-bootstrapping-haskell-part-1.html>
- Partial dependency graph of a GHC bootstrap path, early boostsrapping information at: <https://elephly.net/posts/2017-01-09-bootstrapping-haskell-part-1.html>
- 8.2.1
- 8.0.1
......@@ -379,7 +379,7 @@ Bootstrapping: Mapping the problem space
- 3 nodes are marked in red (indicating **"not cool"**): ocamls requires gcc-5 *and* ocaml,
- GHC requires GHC itself to build, Rust requrest clang, LLVM, Python interpreter *and* Rust itself.
- GHC requires GHC itself to build, Rust request clang, LLVM, Python interpreter *and* Rust itself.
- For GHC there is incoming edge from hugs, marked with a quesiton mark.
......@@ -511,7 +511,7 @@ slow simple lisp -> mes -> guile -> nyac + mescc.]
- What is the range of reasonable policies?.
- How can we communicate these policies to machine adminstrators?.
- How can we communicate these policies to machine administrators?.
- How can we implement this in the backend.
......@@ -569,7 +569,7 @@ This is what we would need to define in the policy.
- Backup mechanism for policies.
- There is a time when packages would appear as being unreproducible, for ex. when security updates are published, tthe rebuild will take time.
- There is a time when packages would appear as being unreproducible, for ex. when security updates are published, the rebuild will take time.
- Have an admin specified rebuilder, for example a local rebuilder.
......@@ -988,7 +988,7 @@ We identified four clusters that marketing relates to: users, developers, manage
+ We need more "management buy-in"
+ We should be able to aquire resources more easily if we are r-b ...: build farm
+ We should be able to acquire resources more easily if we are r-b ...: build farm
+ Publicity can provide a "professional" context to motivate projects dedicated to RB (e.g. academic publications)
......@@ -1532,7 +1532,7 @@ rebuilder publishes diffoscope output for non-matching builds.
- Debian wiki pages are obsolete
- Easy to answer **"where was this binary built"**from, by whom, how?
(souce code, build environment)
(source code, build environment)
- change of paradign of the **"free software"** definition → software is
only free if it can be rebuilt reproducibly
......@@ -1555,7 +1555,7 @@ without binary blobs
- a commercial interest in reproduciblity builds (expressed as
requirement for procurements)
- reproduciblity non-free sofware?
- reproduciblity non-free software?
- expand reproduciblity builds to more distros and systems, more
adoption, reproduciblity packages are the default, being
......@@ -1702,7 +1702,7 @@ News blog under Debian.org instead of r-b.org, news on r-b.o is not updated, can
- Here is my software, it build reproducibly, and I am proud of it.
- Higer quality, interest of the user and interest of other developers. User pressure is a good makreting value point.
- Higher quality, interest of the user and interest of other developers. User pressure is a good makreting value point.
- I am a dev I didn't know how to prove that my work is rb. With reprotest I can achieve that.
......@@ -2191,7 +2191,7 @@ and the source package
source package
- Cross distro comparision? "Is the upstream source of
- Cross distro comparison? "Is the upstream source of
XYZ version ABC the same as that in all other distros"
only trust keys that have been around some time (new
keys a cheap, so people can always restart a new identity
......@@ -2333,7 +2333,7 @@ buildinfo query
- RPM should create `.buildinfo`.
- There is a starting point at <https://github.com/woju/RPMbuildinfo> as shell script which produce similiar files than Debian.
- There is a starting point at <https://github.com/woju/RPMbuildinfo> as shell script which produce similar files than Debian.
- Debian `.buildinfo` can be found at <https://manpages.Debian.org/unstable/dpkg-dev/deb-buildinfo.5.en.html>
......@@ -2342,7 +2342,7 @@ buildinfo query
**Task:** show RPM `.buildinfo`.Add checksums (sha256) of the inputs into the `.buildinfo` files.
- We discussed about where to put `.buildinfo` file. We suggest to have a seperate file, but it could be controversal for the RPM project.
- We discussed about where to put `.buildinfo` file. We suggest to have a separate file, but it could be controversial for the RPM project.
###### iso
......
......@@ -52,7 +52,7 @@ Participants individually wrote questions of their interest on pieces of paper,
- Develop user-interface to check for reproducibility **** green
- other usertools than "do you really want to install that unreproducible package" * green
- can users configure their system to only install verified reproducible pacakges? if not, what do we need? * green
- can users configure their system to only install verified reproducible packages? if not, what do we need? * green
- What INTERFACES to build reproducibility info do we give to USERS? ** green
- What tools can we provide to _users_ to help them verify their software? **** green
- End-user "prompts" re. unreproducible packages, interfaces, etc
......@@ -94,7 +94,7 @@ Participants individually wrote questions of their interest on pieces of paper,
- can we do something about communities that cannot build dependencies from source? (npm, java, compiler builders?) : 1 green
- if we make an image by deterministically composing snapshots of unreproducibly built data... do we call that image reproducible? : 1 green
- how can we ensure the term "reproducible builds" is used consistantly across the internet
- how can we ensure the term "reproducible builds" is used consistently across the internet
### Portability
......@@ -200,7 +200,7 @@ Participants individually wrote questions of their interest on pieces of paper,
### Bootstrap 1
- how acceptable is a not fully from source bootstrappable GCC
- what do we call black boxes in boostrap?
- what do we call black boxes in bootstrap?
- how far are we from diverse dual compilation?
- find a way to bootstrap the Haskell compiler GHC without using a binary GHC. * green
- find a complete bootstrap path for GCC. *** green
......
......@@ -36,7 +36,7 @@ backdoors in built source code are out of scope of bootstrappable builds
* obsolete hardware needs to be emulated and the emulator becomes part of the binaries we need to trust.
* Have build scripts that are fully specified about versions of compilers, etc to use in a boostrap-chain.
Note: Trust is not transitive (unlike a=b=c meaning a=c) so if the sister of a friend knows someone who verified this it is not as much trust as "I verified this". Possibly also beacause trusting someone very much translates to a factor of 0.9x thus for every level of indirection you lose some trust.
Note: Trust is not transitive (unlike a=b=c meaning a=c) so if the sister of a friend knows someone who verified this it is not as much trust as "I verified this". Possibly also because trusting someone very much translates to a factor of 0.9x thus for every level of indirection you lose some trust.
f-droid: using debian binaries as much as possible because they are built from source and thus more trustworthy.
......
......@@ -8,7 +8,7 @@ permalink: /events/berlin2017/buildpathprefixmap/
Problem: build paths get injected during compilation.
* one commmon scenario is embedding debugging information in C.
* one common scenario is embedding debugging information in C.
* next most common are __FILE__ macros and assert()
* gcc's -fdebug-prefix-map is almost a solution, but…
* command line options used were also embedded in the debugging information, so the use of -fdebug-prefix-map with a path-specific string itself introduced a variation.
......@@ -34,7 +34,7 @@ We had some brief discussion around the similarity of the BUILD_PATH_PREFIX_MAP
* they both have clearly established semantics of how we want build systems to transform/stabilize certain forms of ephemeral data
* in many situations, the goal is for the build system to not need either env var, because the ephemeral data in question simply isn't a part of the build process at all.
We currently have patches oustanding for gcc and golang. We don't think that anyone has even asked clang for support yet.
We currently have patches outstanding for gcc and golang. We don't think that anyone has even asked clang for support yet.
R (and some other compilers?) doesn't need BUILD_PATH_PREFIX_MAP because it already has a notion of the root of the source tree.
gcc is reluctant to accept the patches for the environment variable -- they apparently don't want magic options to change the build! so their concerns align with ours in some way, but the thinking about how to address the concerns are different.
......
......@@ -56,7 +56,7 @@ reprotest
---------
- tool to run the a build run twice
- can use container
- reprotest `make` will run it twice. but changing the environemnt like TZ
- reprotest `make` will run it twice. but changing the environment like TZ
tests.reproducible-builds.org
-----------------------------
......
......@@ -26,7 +26,7 @@ what might the user want to know, what problem they want solve?
is it helpful to show that a software is unreproducible to the user? is that meaningful information?
the user wants to set a policy on their device: only reproducible software. they dont care much about individiual unreproducible software…
the user wants to set a policy on their device: only reproducible software. they don't care much about individiual unreproducible software…
there will be different policies: (incomplete list)
- only install reproducible software which all rebuilders agreed on
......@@ -43,7 +43,7 @@ could be opt-in, people who are not interested in reproducible builds (who have
because cavevat:
- warning fatigue. too many warnings can scare users away.
users dont care about reproducbility, its a technical detail. they care that they run the "right" software.
users don't care about reproducbility, its a technical detail. they care that they run the "right" software.
denial of service by malicious rebuilder
unrelated
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment