reproducible builds in debian and everywhere
play

Reproducible builds in Debian and everywhere Lunar - PowerPoint PPT Presentation

Dec 25, 2023 •133 likes •1.46k views

Reproducible builds in Debian and everywhere Lunar lunar@debian.org Libre Software Meeting 2015-06-07 Lunar (Debian) Reproducible builds LSM2015 1 / 126 What? Lunar (Debian) Reproducible builds LSM2015 2 / 126 What are reproducible

  1. Test (and test again) Lunar (Debian) Reproducible builds LSM2015 34 / 126

  2. Finding variations Build the package Re build the package Compare the results Lunar (Debian) Reproducible builds LSM2015 35 / 126

  3. reproducible.debian.net Continuous test system driven by Jenkins Bad ass hardware sponsored by ProfitBricks Tests about 1300 source packages each day on average Results are visible on a website Recent additions: Coreboot and OpenWrt Lunar (Debian) Reproducible builds LSM2015 36 / 126

  4. Variations for Debian packages The second build differs by: time timezone file ordering process ordering cores used for the build Lunar (Debian) Reproducible builds LSM2015 37 / 126

  5. Variations for Debian packages hostname, domainname username, uid, gid umask language ( LANG ) and locale ( LC_ALL ) kernel version (using linux64 --uname-2.6 ) PATH Lunar (Debian) Reproducible builds LSM2015 38 / 126

  6. Still the same for now date ( but we cheat with timezone ) /proc/cpuinfo rebuilds on different filesystems (currently tmpfs only) Are we forgetting something? Lunar (Debian) Reproducible builds LSM2015 39 / 126

  7. Findings Lunar (Debian) Reproducible builds LSM2015 40 / 126

  8. Identified issues Timestamps (recording current time) File order (Pseudo-)randomness: Lunar (Debian) Reproducible builds LSM2015 41 / 126 ◮ Temporary file paths ◮ UUID ◮ Protection against complexity attacks

  9. Identified issues (cont.) CPU and memory related: Build-path Others, eg. locale settings Lunar (Debian) Reproducible builds LSM2015 42 / 126 ◮ Code optimizations for current CPU class ◮ Recording of memory addresses

  10. Identified issues (cont.) Examples Timestamps added by build systems Lunar (Debian) Reproducible builds LSM2015 43 / 126

  11. Timestamps in gzip headers Lunar (Debian) Reproducible builds LSM2015 44 / 126

  12. Timestamps written by Maven Lunar (Debian) Reproducible builds LSM2015 45 / 126

  13. Timestamps in generated Makefiles Lunar (Debian) Reproducible builds LSM2015 46 / 126

  14. Timestamps in header files Lunar (Debian) Reproducible builds LSM2015 47 / 126

  15. Timestamps written by PyQt4 Lunar (Debian) Reproducible builds LSM2015 48 / 126

  16. Timestamps written by Erlang compiler Lunar (Debian) Reproducible builds LSM2015 49 / 126

  17. Timestamps in PE binaries Windows, UEFI, Mono… Lunar (Debian) Reproducible builds LSM2015 50 / 126

  18. Timestamps in ADA library information Lunar (Debian) Reproducible builds LSM2015 51 / 126

  19. Timestamps in Ruby gemspec files Lunar (Debian) Reproducible builds LSM2015 52 / 126

  20. Timestamps in PHP registry Lunar (Debian) Reproducible builds LSM2015 53 / 126

  21. Timestamps by a template engine Lunar (Debian) Reproducible builds LSM2015 54 / 126

  22. Timestamps in Python version Lunar (Debian) Reproducible builds LSM2015 55 / 126

  23. Identified issues (cont.) Examples Archives Lunar (Debian) Reproducible builds LSM2015 56 / 126

  24. Timestamps in static libraries Lunar (Debian) Reproducible builds LSM2015 57 / 126

  25. Timestamps in static libraries (cont.) Lunar (Debian) Reproducible builds LSM2015 58 / 126

  26. Timestamps in ZIP archives Lunar (Debian) Reproducible builds LSM2015 59 / 126

  27. Timestamps in Java jar They are actually ZIP archives. Lunar (Debian) Reproducible builds LSM2015 60 / 126

  28. Timestamps in tarballs Lunar (Debian) Reproducible builds LSM2015 61 / 126

  29. Users and groups in tarballs Lunar (Debian) Reproducible builds LSM2015 62 / 126

  30. Random order in tarballs Lunar (Debian) Reproducible builds LSM2015 63 / 126

  31. Identified issues (cont.) Examples Timestamps in documentation Lunar (Debian) Reproducible builds LSM2015 64 / 126

  32. Timestamps written by Doxygen Lunar (Debian) Reproducible builds LSM2015 65 / 126

  33. Timestamps written by docbook-to-man Lunar (Debian) Reproducible builds LSM2015 66 / 126

  34. Timestamps written by Groovydoc Lunar (Debian) Reproducible builds LSM2015 67 / 126

  35. Timestamps written by Epydoc Lunar (Debian) Reproducible builds LSM2015 68 / 126

  36. Timestamps written by Sphinx Lunar (Debian) Reproducible builds LSM2015 69 / 126

  37. Timestamps written by Ghostscript Lunar (Debian) Reproducible builds LSM2015 70 / 126

  38. Timestamps written by LaTeX Lunar (Debian) Reproducible builds LSM2015 71 / 126

  39. Timestamps written by texi2html Lunar (Debian) Reproducible builds LSM2015 72 / 126

  40. Timestamps written by texi2html (cont.) Lunar (Debian) Reproducible builds LSM2015 73 / 126

  41. Timestamps written by help2man Lunar (Debian) Reproducible builds LSM2015 74 / 126

  42. Timestamps written by GNU groff Lunar (Debian) Reproducible builds LSM2015 75 / 126

  43. Timestamps written by Javadoc Lunar (Debian) Reproducible builds LSM2015 76 / 126

  44. Timestamps written by man2html Lunar (Debian) Reproducible builds LSM2015 77 / 126

  45. Timestamps in TeX output (.dvi) Lunar (Debian) Reproducible builds LSM2015 78 / 126

  46. Identified issues (cont.) Examples “Compiled at/on/by” Lunar (Debian) Reproducible builds LSM2015 79 / 126

  47. Build time via C preprocessor macros Lunar (Debian) Reproducible builds LSM2015 80 / 126

  48. Build time via C preprocessor macros Lunar (Debian) Reproducible builds LSM2015 81 / 126

  49. Build time recorded via Makefile Lunar (Debian) Reproducible builds LSM2015 82 / 126

  50. Hostname recorded via ./configure Lunar (Debian) Reproducible builds LSM2015 83 / 126

  51. Build time recorded via ./configure Lunar (Debian) Reproducible builds LSM2015 84 / 126

  52. m4 macros for autoconf (build time) Lunar (Debian) Reproducible builds LSM2015 85 / 126

  53. m4 macros for autoconf (username) Lunar (Debian) Reproducible builds LSM2015 86 / 126

  54. m4 macros for autoconf (hostname) Lunar (Debian) Reproducible builds LSM2015 87 / 126

  55. Recorded kernel version Lunar (Debian) Reproducible builds LSM2015 88 / 126

  56. Bonus points for programmers Lunar (Debian) Reproducible builds LSM2015 89 / 126

  57. Identified issues (cont.) Examples File ordering Lunar (Debian) Reproducible builds LSM2015 90 / 126

  58. File ordering in python-support files Lunar (Debian) Reproducible builds LSM2015 91 / 126

  59. Identified issues (cont.) Examples Randomness Lunar (Debian) Reproducible builds LSM2015 92 / 126

  60. Random Perl hash order See Algorithmic complexity attacks in perlsec(1). Lunar (Debian) Reproducible builds LSM2015 93 / 126

  61. Random serial numbers in Ogg streams Lunar (Debian) Reproducible builds LSM2015 94 / 126

  62. Random import order in Python code Lunar (Debian) Reproducible builds LSM2015 95 / 126

Recommend

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds What if you could always compile free software? Valerie Young (spectranaut) Linux Conf Australia 2016 Valerie Young F96E 6B8E FF5D 372F FDD1 DA43

743 views • 60 slides
Improving Trust in Software through Diverse Double Compilation and Reproducible Builds Yrjan

Improving Trust in Software through Diverse Double Compilation and Reproducible Builds Yrjan

Improving Trust in Software through Diverse Double Compilation and Reproducible Builds Yrjan Skrimstad 10th September 2018 University of Oslo Introduction Trust is the belief that someone or something is good, honest, safe or reliable.

673 views • 32 slides
Android SDK Tools in Debian Kai-Chung Yan <seamlikok@gmail.com> Why Android SDK in Debian?

Android SDK Tools in Debian Kai-Chung Yan <seamlikok@gmail.com> Why Android SDK in Debian?

Android SDK Tools in Debian Kai-Chung Yan <seamlikok@gmail.com> Why Android SDK in Debian? The SDK from Google is non-free [1] Why Android SDK in Debian? The SDK from Google is non-free [1] Reproducible SDK & APKs

519 views • 29 slides
Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008 Outline Some bits about me Project goals, design & features Debian and Debian Edu Development model and tools Debian Edu Etch

582 views • 36 slides
Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day Definitions Distribution a set of OS kernel and supporting software in a defined format with the possibility of some integration by adjusting

134 views • 12 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Conte udo Como criar um Distribui c ao Personalizada Debian Debian-BR-CDD Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org, enrico@debian.org Congreso Internacional de Software Livre - 2 Edi

532 views • 25 slides
Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

apoikos@debian.org Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos DebConf16 - Cape Town 2016-07-04 Outline Introduction Installation Configuration management Package management People 2/26

697 views • 27 slides
Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C a p e T o w n Debian Derivatives Hctor Orn Martnez <hector.oron@collabora.co.uk> <zumbi@debian.org> Works for Collabora

511 views • 15 slides
Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini enrico@debian.org Secret Debian Internals BTS Where to find it Source code: bzr branch http://bugs.debian.org/debbugs-source/mainline/ Data on merkel at

370 views • 16 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net /pub/debian-meetings/ by Holger Levsen Sydney Linux User Group, January 22 nd 2007 Outline whoami project aims and features software

472 views • 19 slides
Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org Feb 7, 2009 15 slides Enrico Zini (enrico@debian.org) Fosdem, Brussels, February 7, 2009 - 09:43:46 AM 1/15 Debian Data Export Debian: the data

343 views • 15 slides
Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st April 2016 Iain R. Learmonth (Debian Hams) Debian Hamradio Blend 31st April 2016 1 / 13 Pure Blends A collection of tasks (metapackages) Iain

783 views • 13 slides
Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov.

Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov.

Reproducible Research with Stata Reproducible Research with Stata using version control, GitHub, and MarkDoc E. F. Haghish Nov. 17th, 2016 Reproducible Research with Stata Reproducible Analysis Overview Definition Figure 1: Reproducible

1.25k views • 42 slides
Mayfly Reproducible Research in Minutes Reproducible Research is

Mayfly Reproducible Research in Minutes Reproducible Research is

Mayfly Reproducible Research in Minutes Reproducible Research is the new paradigm Step 1: Configure Environment And more graphics should be interac@ve

329 views • 5 slides
Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org

Lernstick A Debian derivative for Schools in Switzerland Gaudenz Steinlin gaudenz@debian.org DebConf 15 22. Aug 2015 k c i t s n r e l Outline Lernstick Overview 1 2 How to help - Improve collaboration with Debian Questions 3 k

551 views • 29 slides
Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian

Debian Med A service for scientists in medicine and biomedical research Andreas Tille Debian Brussels, 02. February 2013 Andreas Tille (Debian) Debian Med Brussels, 02. February 2013 1 / 12 What is Debian Med? practice management system

610 views • 39 slides
Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about

Rethinking of the Rethinking of the debian/watch debian/watch With thought experiments about uscan Kentaro Hayashi DebConf18 in T aiwan 2018-08-03 ClearCode Inc. Digest of this talk Current d/watch fi le is sometimes complicated Update

800 views • 77 slides
Customizing Debian Benjamin Mako Hill mako@canonical.com mako@debian.org

Customizing Debian Benjamin Mako Hill mako@canonical.com mako@debian.org

Customizing Debian Benjamin Mako Hill mako@canonical.com mako@debian.org http://mako.yukidoke.org Based on a talk given at: Ubuntu New York Linux Use Group 2004-11-17 Debian GNU/Linux Project Benjamin Mako Hill Barcelona LUG:

263 views • 15 slides
Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1

Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1

Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1 / 15 Debian: the data hell A lot of different sources of data in Debian With different data formats: text files, BerkeleyDB, SQL databases, JSON,

200 views • 17 slides
debtags.debian.net reloaded! Enrico Zini enrico@debian.org Feb 5, 2012 Enrico Zini

debtags.debian.net reloaded! Enrico Zini enrico@debian.org Feb 5, 2012 Enrico Zini

debtags.debian.net reloaded! Enrico Zini enrico@debian.org Feb 5, 2012 Enrico Zini (enrico@debian.org) Fosdem, Bruxelles, Feb 5, 2012 debtags.debian.net reloaded! Introduction: debtags Debtags is the category system for Debian packages. It

319 views • 14 slides

More recommend