Skip to content
GitLab

Search

Showing 10 code results for  installation image 
in
of Reproducible Builds / reproducible-website
_blog/posts/163.md
20 
----------------
21
22 
* Chris Lamb [submitted a merge request to the Debian Installer](https://salsa.debian.org/installer-team/debian-installer/merge_requests/3) to make the installation images (ISO, hd-media, netboot, etc,) bit-for-bit reproducible. It currently requires a rebuild of the [GNU mtools](https://www.gnu.org/software/mtools/) that has patches from Debian bugs [#900409](https://bugs.debian.org/900409) & [#900410](https://bugs.debian.org/900410) applied. A tracking bug for this feature was filed in the BTS as [#900918](https://bugs.debian.org/900918).
23
24 
* Bernhard M. Wiedemann:
_blog/posts/170.md
7 
* [Ludovic Courtès](http://web.fdn.fr/~lcourtes/) wrote a blog post titled "[Multi-dimensional transactions and rollbacks](https://www.gnu.org/software/guix/blog/2018/multi-dimensional-transactions-and-rollbacks-oh-my/)" which promotes the functional aspects of the [GNU Guix](https://www.gnu.org/software/guix/) package manager as well as its "very strong guarantees in terms of reproducibility and provenance tracking."
8
9 
* Chris Lamb performed a [Non Maintainer Upload](https://wiki.debian.org/NonMaintainerUpload) (NMU) in Debian of the [GNU mtools](https://www.gnu.org/software/mtools/) package in order to address two reproducibility-related bugs ([#900409](https://bugs.debian.org/900409) & [#900410](https://bugs.debian.org/900410)) that were blocking the inclusion of [his previous merge request to the Debian Installer](https://salsa.debian.org/installer-team/debian-installer/merge_requests/3) to make the installation images bit-for-bit reproducible.
10
11 
* [NetBSD announced their 8.0 release](http://www.netbsd.org/releases/formal-8/NetBSD-8.0.html) which touts stability improvements and many other features including reproducible builds via `MKREPRO`.
_blog/posts/171.md
11 
  However, this week Vagrant Cascadian worked with Guillem Jover on an update to [dpkg](https://wiki.debian.org/dpkg) to pass a different set of build flags to GCC which Holger installed in our testing framework and re-enabled testing.
12
13 
* Last week, Chris Lamb performed a [Non Maintainer Upload](https://wiki.debian.org/NonMaintainerUpload) (NMU) in Debian of the [GNU mtools](https://www.gnu.org/software/mtools/) package in order to address two reproducibility-related bugs ([#900409](https://bugs.debian.org/900409) & [#900410](https://bugs.debian.org/900410)) that were blocking work on making the installation images bit-for-bit reproducible. This week, the [DELAYED](https://lists.debian.org/debian-devel/2004/02/msg00887.html) upload was finally [accepted into the archive](https://tracker.debian.org/news/977829/accepted-mtools-4018-21-source-amd64-into-unstable/) and the [corresponding merge request](https://salsa.debian.org/installer-team/debian-installer/merge_requests/3) was updated.
14
15 
* A number of Reproducible Builds team were presenting at [DebConf18](https://debconf18.debconf.org/) the annual Debian Developers conference. Benjamin Hof gave a talk titled [Software transparency: package security beyond signatures and reproducible builds](https://debconf18.debconf.org/talks/104-software-transparency-package-security-beyond-signatures-and-reproducible-builds/)" and there was also a status update from the team entitled "[Reproducible Buster and beyond](https://debconf18.debconf.org/talks/80-reproducible-buster-and-beyond/)". These, and many more talks, are available [Resources](https://reproducible-builds.org/resources/) section of our website.
_events/athens2015/where_from_here.md
183 
 - Don't forget to invite Apple folks
184 
 - Don't forget to invite Microsoft folks
185 
 - Don't forget about addressing installation images creation reprod.
186 
 - Don't forget to define a clear threat model for reproducible builds so we can articulate by how much they raise the bar
187 
 - Don't forget to invite more people from industry (FB, Intel?, Twitter) and possibly academia
_events/berlin2017/ReproducibleSummitIIIEventDocumentation.md
1522 
- We are recognized as a trusted organization by official projects
1523
1524 
- OS installation images are reproducible
1525
1526 
- Qubes OS is reproducible
_reports/2020-08.md
275 
[![]({{ "/images/reports/2020-08/tails.png#right" | relative_url }})](https://tails.boum.org/)
276
277 
Lastly, Chris Lamb responded at length to a query regarding the status of reproducible builds for Debian ISO or installation images. He noted that most of the technical work has been performed but "there are at least four issues until they can be generally advertised as such". He pointed that the privacy-oriented [Tails](https://tails.boum.org/) operation system, which is based directly on Debian, has had reproducible builds for a number of years now. [[...](https://lists.reproducible-builds.org/pipermail/rb-general/2020-August/002018.html)]
278
279 
<br>
_reports/2021-12.md
85 
[![]({{ "/images/reports/2021-02/nixos.png#right" | relative_url }})](https://nixos.org/)
86
87 
In [NixOS](https://nixos.org), work towards the longer-term goal of [making the graphical installation image reproducible](https://r13y.com/iso_gnome/index.html) is ongoing. For example, Artturin [made the `gnome-desktop` package reproducible](https://github.com/NixOS/nixpkgs/pull/151356).
88
89 
<br>
contribute/debian.md
256
257 
In Debian, [#900918](https://bugs.debian.org/900918) is being used to track the
258 
progress of reproducible installation images. There is an
259 
[analyze_image](https://github.com/adrelanos/Whonix/blob/master/help-steps/analyze_image)
260 
Bash script that creates sha512 hashes of all files included within an image,
po/_pages.de.po
2145 
#. type: Plain text
2146 
#: contribute/index.md
2147 
msgid "In Debian, [#900918](https://bugs.debian.org/900918) is being used to track the progress of reproducible installation images. There is an [analyze_image](https://github.com/adrelanos/Whonix/blob/master/help-steps/analyze_image)  Bash script that creates sha512 hashes of all files included within an image, access rights, symlinks, partition table, bootloader and more. Doing this with two images that should match and comparing the reports the script creates can help to identify sources of non-determinism in images. It does not have iso support yet. The author (Patrick Schleizer) is interested to generalize the script for more generic, Debian use cases"
2148 
msgstr ""
2149
po/_pages.pot
2355 
#: contribute/index.md
2356 
#, markdown-text
2357 
msgid "In Debian, [#900918](https://bugs.debian.org/900918) is being used to track the progress of reproducible installation images. There is an [analyze_image](https://github.com/adrelanos/Whonix/blob/master/help-steps/analyze_image)  Bash script that creates sha512 hashes of all files included within an image, access rights, symlinks, partition table, bootloader and more. Doing this with two images that should match and comparing the reports the script creates can help to identify sources of non-determinism in images. It does not have iso support yet. The author (Patrick Schleizer) is interested to generalize the script for more generic, Debian use cases"
2358 
msgstr ""
2359