reproducible builds in debian and everywhere
play

Reproducible builds in Debian and everywhere Lunar - PowerPoint PPT Presentation

Dec 25, 2023 •133 likes •1.46k views

Reproducible builds in Debian and everywhere Lunar lunar@debian.org Libre Software Meeting 2015-06-07 Lunar (Debian) Reproducible builds LSM2015 1 / 126 What? Lunar (Debian) Reproducible builds LSM2015 2 / 126 What are reproducible

  1. Test (and test again) Lunar (Debian) Reproducible builds LSM2015 34 / 126

  2. Finding variations Build the package Re build the package Compare the results Lunar (Debian) Reproducible builds LSM2015 35 / 126

  3. reproducible.debian.net Continuous test system driven by Jenkins Bad ass hardware sponsored by ProfitBricks Tests about 1300 source packages each day on average Results are visible on a website Recent additions: Coreboot and OpenWrt Lunar (Debian) Reproducible builds LSM2015 36 / 126

  4. Variations for Debian packages The second build differs by: time timezone file ordering process ordering cores used for the build Lunar (Debian) Reproducible builds LSM2015 37 / 126

  5. Variations for Debian packages hostname, domainname username, uid, gid umask language ( LANG ) and locale ( LC_ALL ) kernel version (using linux64 --uname-2.6 ) PATH Lunar (Debian) Reproducible builds LSM2015 38 / 126

  6. Still the same for now date ( but we cheat with timezone ) /proc/cpuinfo rebuilds on different filesystems (currently tmpfs only) Are we forgetting something? Lunar (Debian) Reproducible builds LSM2015 39 / 126

  7. Findings Lunar (Debian) Reproducible builds LSM2015 40 / 126

  8. Identified issues Timestamps (recording current time) File order (Pseudo-)randomness: Lunar (Debian) Reproducible builds LSM2015 41 / 126 ◮ Temporary file paths ◮ UUID ◮ Protection against complexity attacks

  9. Identified issues (cont.) CPU and memory related: Build-path Others, eg. locale settings Lunar (Debian) Reproducible builds LSM2015 42 / 126 ◮ Code optimizations for current CPU class ◮ Recording of memory addresses

  10. Identified issues (cont.) Examples Timestamps added by build systems Lunar (Debian) Reproducible builds LSM2015 43 / 126

  11. Timestamps in gzip headers Lunar (Debian) Reproducible builds LSM2015 44 / 126

  12. Timestamps written by Maven Lunar (Debian) Reproducible builds LSM2015 45 / 126

  13. Timestamps in generated Makefiles Lunar (Debian) Reproducible builds LSM2015 46 / 126

  14. Timestamps in header files Lunar (Debian) Reproducible builds LSM2015 47 / 126

  15. Timestamps written by PyQt4 Lunar (Debian) Reproducible builds LSM2015 48 / 126

  16. Timestamps written by Erlang compiler Lunar (Debian) Reproducible builds LSM2015 49 / 126

  17. Timestamps in PE binaries Windows, UEFI, Mono… Lunar (Debian) Reproducible builds LSM2015 50 / 126

  18. Timestamps in ADA library information Lunar (Debian) Reproducible builds LSM2015 51 / 126

  19. Timestamps in Ruby gemspec files Lunar (Debian) Reproducible builds LSM2015 52 / 126

  20. Timestamps in PHP registry Lunar (Debian) Reproducible builds LSM2015 53 / 126

  21. Timestamps by a template engine Lunar (Debian) Reproducible builds LSM2015 54 / 126

  22. Timestamps in Python version Lunar (Debian) Reproducible builds LSM2015 55 / 126

  23. Identified issues (cont.) Examples Archives Lunar (Debian) Reproducible builds LSM2015 56 / 126

  24. Timestamps in static libraries Lunar (Debian) Reproducible builds LSM2015 57 / 126

  25. Timestamps in static libraries (cont.) Lunar (Debian) Reproducible builds LSM2015 58 / 126

  26. Timestamps in ZIP archives Lunar (Debian) Reproducible builds LSM2015 59 / 126

  27. Timestamps in Java jar They are actually ZIP archives. Lunar (Debian) Reproducible builds LSM2015 60 / 126

  28. Timestamps in tarballs Lunar (Debian) Reproducible builds LSM2015 61 / 126

  29. Users and groups in tarballs Lunar (Debian) Reproducible builds LSM2015 62 / 126

  30. Random order in tarballs Lunar (Debian) Reproducible builds LSM2015 63 / 126

  31. Identified issues (cont.) Examples Timestamps in documentation Lunar (Debian) Reproducible builds LSM2015 64 / 126

  32. Timestamps written by Doxygen Lunar (Debian) Reproducible builds LSM2015 65 / 126

  33. Timestamps written by docbook-to-man Lunar (Debian) Reproducible builds LSM2015 66 / 126

  34. Timestamps written by Groovydoc Lunar (Debian) Reproducible builds LSM2015 67 / 126

  35. Timestamps written by Epydoc Lunar (Debian) Reproducible builds LSM2015 68 / 126

  36. Timestamps written by Sphinx Lunar (Debian) Reproducible builds LSM2015 69 / 126

  37. Timestamps written by Ghostscript Lunar (Debian) Reproducible builds LSM2015 70 / 126

  38. Timestamps written by LaTeX Lunar (Debian) Reproducible builds LSM2015 71 / 126

  39. Timestamps written by texi2html Lunar (Debian) Reproducible builds LSM2015 72 / 126

  40. Timestamps written by texi2html (cont.) Lunar (Debian) Reproducible builds LSM2015 73 / 126

  41. Timestamps written by help2man Lunar (Debian) Reproducible builds LSM2015 74 / 126

  42. Timestamps written by GNU groff Lunar (Debian) Reproducible builds LSM2015 75 / 126

  43. Timestamps written by Javadoc Lunar (Debian) Reproducible builds LSM2015 76 / 126

  44. Timestamps written by man2html Lunar (Debian) Reproducible builds LSM2015 77 / 126

  45. Timestamps in TeX output (.dvi) Lunar (Debian) Reproducible builds LSM2015 78 / 126

  46. Identified issues (cont.) Examples “Compiled at/on/by” Lunar (Debian) Reproducible builds LSM2015 79 / 126

  47. Build time via C preprocessor macros Lunar (Debian) Reproducible builds LSM2015 80 / 126

  48. Build time via C preprocessor macros Lunar (Debian) Reproducible builds LSM2015 81 / 126

  49. Build time recorded via Makefile Lunar (Debian) Reproducible builds LSM2015 82 / 126

  50. Hostname recorded via ./configure Lunar (Debian) Reproducible builds LSM2015 83 / 126

  51. Build time recorded via ./configure Lunar (Debian) Reproducible builds LSM2015 84 / 126

  52. m4 macros for autoconf (build time) Lunar (Debian) Reproducible builds LSM2015 85 / 126

  53. m4 macros for autoconf (username) Lunar (Debian) Reproducible builds LSM2015 86 / 126

  54. m4 macros for autoconf (hostname) Lunar (Debian) Reproducible builds LSM2015 87 / 126

  55. Recorded kernel version Lunar (Debian) Reproducible builds LSM2015 88 / 126

  56. Bonus points for programmers Lunar (Debian) Reproducible builds LSM2015 89 / 126

  57. Identified issues (cont.) Examples File ordering Lunar (Debian) Reproducible builds LSM2015 90 / 126

  58. File ordering in python-support files Lunar (Debian) Reproducible builds LSM2015 91 / 126

  59. Identified issues (cont.) Examples Randomness Lunar (Debian) Reproducible builds LSM2015 92 / 126

  60. Random Perl hash order See Algorithmic complexity attacks in perlsec(1). Lunar (Debian) Reproducible builds LSM2015 93 / 126

  61. Random serial numbers in Ogg streams Lunar (Debian) Reproducible builds LSM2015 94 / 126

  62. Random import order in Python code Lunar (Debian) Reproducible builds LSM2015 95 / 126

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds

Reproducible Builds Valerie Young (spectranaut) Linux Conf Australia 2016 Reproducible Builds What if you could always compile free software? Valerie Young (spectranaut) Linux Conf Australia 2016 Valerie Young F96E 6B8E FF5D 372F FDD1 DA43

743 views • 60 slides
Improving Trust in Software through Diverse Double Compilation and Reproducible Builds Yrjan

Improving Trust in Software through Diverse Double Compilation and Reproducible Builds Yrjan

Improving Trust in Software through Diverse Double Compilation and Reproducible Builds Yrjan Skrimstad 10th September 2018 University of Oslo Introduction Trust is the belief that someone or something is good, honest, safe or reliable.

673 views • 32 slides
Android SDK Tools in Debian Kai-Chung Yan <seamlikok@gmail.com> Why Android SDK in Debian?

Android SDK Tools in Debian Kai-Chung Yan <seamlikok@gmail.com> Why Android SDK in Debian?

Android SDK Tools in Debian Kai-Chung Yan <seamlikok@gmail.com> Why Android SDK in Debian? The SDK from Google is non-free [1] Why Android SDK in Debian? The SDK from Google is non-free [1] Reproducible SDK & APKs

519 views • 29 slides
Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008

The long road to aka Debian Edu in Debian Lenny main Holger Levsen, February 24 th 2008 Outline Some bits about me Project goals, design & features Debian and Debian Edu Development model and tools Debian Edu Etch

582 views • 36 slides
Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day

Custom Debian distributions and Debian derivatives Aigars Mahinovs Debconf 5 Debian Day Definitions Distribution a set of OS kernel and supporting software in a defined format with the possibility of some integration by adjusting

134 views • 12 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org,

Conte udo Como criar um Distribui c ao Personalizada Debian Debian-BR-CDD Distribui c oes Personalizadas Debian Otavio Salvador Enrico Zini otavio@debian.org, enrico@debian.org Congreso Internacional de Software Livre - 2 Edi

532 views • 25 slides
Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos

apoikos@debian.org Running an SME on Debian or Managing Debian across the whole fleet Apollon Oikonomopoulos DebConf16 - Cape Town 2016-07-04 Outline Introduction Installation Configuration management Package management People 2/26

697 views • 27 slides
Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C

Debian Derivatives P r e s e n t a t i o n / B o F D e b C o n f 1 6 , C a p e T o w n Debian Derivatives Hctor Orn Martnez <hector.oron@collabora.co.uk> <zumbi@debian.org> Works for Collabora

511 views • 15 slides
Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini

Secret Debian Internals Enrico Zini enrico@debian.org 25 February 2007 Enrico Zini enrico@debian.org Secret Debian Internals BTS Where to find it Source code: bzr branch http://bugs.debian.org/debbugs-source/mainline/ Data on merkel at

370 views • 16 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net

Experiences made with the DebConf video-team or the making of http://debian-meetings.debian.net /pub/debian-meetings/ by Holger Levsen Sydney Linux User Group, January 22 nd 2007 Outline whoami project aims and features software

472 views • 19 slides
Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org

Debian Data Export A standard for publishing Debian information. Enrico Zini enrico@debian.org Feb 7, 2009 15 slides Enrico Zini (enrico@debian.org) Fosdem, Brussels, February 7, 2009 - 09:43:46 AM 1/15 Debian Data Export Debian: the data

343 views • 15 slides
Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st

Debian Hamradio Blend Iain R. Learmonth < irl@debian.org > Debian Hamradio Maintainers 31st April 2016 Iain R. Learmonth (Debian Hams) Debian Hamradio Blend 31st April 2016 1 / 13 Pure Blends A collection of tasks (metapackages) Iain

783 views • 13 slides
Algorithm Efficiency & Sorting Algorithm efficiency Big-O notation Searching

Algorithm Efficiency & Sorting Algorithm efficiency Big-O notation Searching

Algorithm Efficiency & Sorting Algorithm efficiency Big-O notation Searching algorithms Sorting algorithms EECS 268 Programming II 1 Overview Writing programs to solve problem consists of a large number of decisions

953 views • 57 slides
Algorithms for Evolving Data Sets Mohammad Mahdian Google Research Based on joint work with

Algorithms for Evolving Data Sets Mohammad Mahdian Google Research Based on joint work with

Algorithms for Evolving Data Sets Mohammad Mahdian Google Research Based on joint work with Aris Anagnostopoulos, Bahman Bahmani, Ravi Kumar, Eli Upfal, and Fabio Vandin Algorithm Design Paradigms Traditional paradigm: stationary data

515 views • 39 slides
Sorting Library Xiaoming Li, Mara Jess Garzarn, and David Padua 2004 The Sorting Library

Sorting Library Xiaoming Li, Mara Jess Garzarn, and David Padua 2004 The Sorting Library

Software Engineering Seminar Stephan Semmler A Dynamically Tuned Sorting Library Xiaoming Li, Mara Jess Garzarn, and David Padua 2004 The Sorting Library Installation Runtime Hardware Input data Empirical Machine Sorting

465 views • 29 slides
Sorting Carola Wenk Slides courtesy of Charles Leiserson with changes and additions by Carola

Sorting Carola Wenk Slides courtesy of Charles Leiserson with changes and additions by Carola

CMPS 2200 Fall 2017 Sorting Carola Wenk Slides courtesy of Charles Leiserson with changes and additions by Carola Wenk 11/17/17 1 CMPS 2200 Intro. to Algorithms How fast can we sort? All the sorting algorithms we have seen so far are

823 views • 57 slides
Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Chapter 4 Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March 31, 2015 1 /

131 views • 10 slides
Lab Overview Review lab 8 Prep for lab 9 March 20, 2018 Sprenkle - CSCI111 1 Lab 8:

Lab Overview Review lab 8 Prep for lab 9 March 20, 2018 Sprenkle - CSCI111 1 Lab 8:

Lab Overview Review lab 8 Prep for lab 9 March 20, 2018 Sprenkle - CSCI111 1 Lab 8: Pair Programming Findley Joseph Joseph Findley Jordan Margaret Margaret Jordan Ryan Anna Chas Anna Lizzie Alison Alison Lizzie Olivia Chase

381 views • 14 slides
Project Lambda: To Multicore and Beyond Brian Goetz Java Language Architect, Oracle Corporation

Project Lambda: To Multicore and Beyond Brian Goetz Java Language Architect, Oracle Corporation

<Insert Picture Here> Project Lambda: To Multicore and Beyond Brian Goetz Java Language Architect, Oracle Corporation The following is intended to outline our general product direction. It is intended for information purposes only, and

919 views • 64 slides
Lazy beats Smart & Fast Julian Hyde | DataEngConf SF 2018/04/17 @julianhyde SQL Query

Lazy beats Smart & Fast Julian Hyde | DataEngConf SF 2018/04/17 @julianhyde SQL Query

Lazy beats Smart & Fast Julian Hyde | DataEngConf SF 2018/04/17 @julianhyde SQL Query planning Query federation OLAP Streaming Hadoop ASF member Original author of Apache Calcite PMC Apache Arrow, Calcite, Drill, Eagle, Kylin

987 views • 51 slides

More recommend