Can your diff(1) do this?! Can your diff(1) do this?! Improving - - PowerPoint PPT Presentation

▶

Jan 11, 2023 190 likes •866 views

Can your diff(1) do this?! Can your diff(1) do this?! Improving soware review & QA with diffoscope Improving soware review & QA with diffoscope Chris Lamb Chris Lamb foss-north.se foss-north.se @lolamby @lolamby April 2018

SLIDE 1

Can your diff(1) do this?! Can your diff(1) do this?!

Improving soware review & QA with diffoscope Improving soware review & QA with diffoscope Chris Lamb Chris Lamb @lolamby @lolamby Debian Project Leader Debian Project Leader foss-north.se foss-north.se April 2018 April 2018 Gothenburg, Sweden Gothenburg, Sweden

SLIDE 2

Hallå! Hallå!

SLIDE 3

Open source developer for 10+ years Debian Project Leader

pensource.org board member

Freelance soware developer

SLIDE 4

SLIDE 5

SLIDE 6

SLIDE 7

Why? Why?

SLIDE 8

Source code available for free soware… … everyone runs binaries Do they correspond?

SLIDE 9

Build farms Developer's machines Blackmail, law-enforcement…

SLIDE 10

1. Ensure build have identical results
2. Multiple parties compare results
3. Attacker must infect everybody simultaneously

SLIDE 11

Identical results? Identical results?

SLIDE 12

SLIDE 13

SLIDE 14

SLIDE 15

SLIDE 16

SLIDE 17

SLIDE 18

SLIDE 19

SLIDE 20

SLIDE 21

Archive formats Archive formats

SLIDE 22

Compressed formats Compressed formats

SLIDE 23

Recursive Recursive

SLIDE 24

Line ordering Line ordering

SLIDE 25

HTML output HTML output

SLIDE 26

Android boot ROMs, Android APKs, ar archives, bzip2 files, Coreboot cbfs, CPIO archives, Dalvik dex file, Debian packages, device (mknod), device tree globs, directories, docx, ELF binaries, ext filesystem images, fontconfig cache dirs, fonts, gettext catalogues, GIF images, Git repositories, GZip files, Haskell binaries, ICC colour profiles, ISO images, Java, bytecode, Javascript, JSON, LLVM binaries, Macho binaries, Mono executables, odt documentens, Ogg borbis, OpenSSH keys, Pascal binaries, PDF files, PGP/GPG keys, PNG images, PostScript, RPM images, R statistical data, Rust binaries, SQLite databases, squashfs images, symlinks, tar archives, tcpdump dumps, text files, XML documents, XZ files, ZIP archives …

SLIDE 27

Android images Android images

SLIDE 28

Berkeley DB databases Berkeley DB databases

SLIDE 29

SLIDE 30

Microso Word Microso Word .docx .docx

SLIDE 31

Ebooks Ebooks

SLIDE 32

SLIDE 33

Mono binaries Mono binaries

SLIDE 34

git(1) git(1) repositories

repositories

SLIDE 35

Gnumeric spreadsheets Gnumeric spreadsheets

SLIDE 36

ISO images ISO images

SLIDE 37

SLIDE 38

SLIDE 39

SLIDE 40

JSON JSON

SLIDE 41

OpenDocument text documents OpenDocument text documents

SLIDE 42

Ogg audio files Ogg audio files

SLIDE 43

SLIDE 44

tcpdump(1) tcpdump(1) capture files

capture files

SLIDE 45

SLIDE 46

PDF PDF

SLIDE 47

SLIDE 48

XML documents XML documents

SLIDE 49

Using diffoscope for QA Using diffoscope for QA

SLIDE 50

Just see changes you expect Just see changes you expect

SLIDE 51

Seeing "no" changes Seeing "no" changes

SLIDE 52

Security releases Security releases

SLIDE 53

SLIDE 54

Security "releases" Security "releases"

SLIDE 55

SLIDE 56

Getting started Getting started

SLIDE 57

try.diffoscope.org try.diffoscope.org

SLIDE 58

SLIDE 59

Current status Current status

SLIDE 60

SLIDE 61

SLIDE 62

SLIDE 63

Parallel processing Parallel processing

Multiple previous attempts… … Juliana Oliveira working on this now

SLIDE 64

diffoscope.org diffoscope.org

SLIDE 65

Tack! Tack!

@lolamby @lolamby lamby@debian.org lamby@debian.org diffoscope.org diffoscope.org chris-lamb.co.uk chris-lamb.co.uk

SLIDE 66

@lolamby @lolamby lamby@debian.org lamby@debian.org diffoscope.org diffoscope.org chris-lamb.co.uk chris-lamb.co.uk