On 18/04/2024 15.45, Chris Lamb wrote:
To that end, what conferences are folks on this list still going to,
and, hopefully, still getting something from? I mean, there must be
some exceptions other than FOSDEM… :)
My list has become rather short:
rb conf (if within Europe)
openSUSE conf,
Hi,
today I want to share with you two successes on our path to total
reproducibility in openSUSE:
Through the persistence of my colleague Jan Zerebecki and the help of
mls (SUSE's rpm maintainer) we made nice progress on
https://bugzilla.opensuse.org/show_bug.cgi?id=1148824
to finally
On 21/03/2024 21.38, kpcyrd wrote:
- libjpeg-turbo: this package contains a .jar file that is built by
CMake and contains timestamps of the buildtime, but there's no way in
CMake to pass --date to the jar executable to normalize this
You could use strip-nondeterminism for post-processing
On 14/02/2024 16.19, Santiago Torres-Arias wrote:
1. can we study the conflicting interestes (i.e., above) that stop
reproducibility from happening.
Yes, that should be possible. The above summarized my experience from
the 1000 patches and bug-reports I did and the interactions with
On 19/01/2024 21.03, Chris Lamb wrote:
Was there any reason to reject >ULONG_MAX? I'm touching this code,
and don't see a reason for it; it looks very arbitrary; especially
since some systems can have 32-bit long, but 64-bit time_t. Should I
just drop that check, or keep it? And why?
There
Sometimes people wonder:
Why is not everything reproducible yet?
And the general reason is that there are other interests that result in
added non-determinism.
I collected some with examples
Performance (PGO, benchmarking, -march=native, parallelism/races)
On 23/11/2023 17.53, Ludovic Courtès wrote:
The implementations are also very different: for instance, Chez
implements a native ahead-of-time compiler whereas Guile has bytecode
compilation plus just-in-time compilation. Thus problems and solutions
for one implementation are unlikely to
Hi,
in openSUSE there are some packages that so far refuse to build
reproducibly. The common theme around them is that they use scheme or
lisp to produce binaries with a 'dump' command.
e.g. for scheme48 I extracted this reproducer:
pushd ~/rpmbuild/BUILD/scheme48-*/ps-compiler
../go -h
On 08/11/2023 16.38, Pol Dellaiera wrote:
you define functions doing I/O as Impure functions.
But without I/O, no build output can be written, so all builds must use
impure functions.
In practice we see non-determinism from approx 10 sources, such as
documented in
Dear fellow R-B-ings
Just 2 weeks ago, when I re-reviewed the remaining ~120 major issues in
openSUSE, I pretty much skipped over LibreOffice (and only this one),
noting it down as "various issues", because some years ago, when I had
previously taken a closer look, there had been so many
On 11/09/2023 09.25, Helmut Grohne wrote:
It also
is unclear how it affects reproducible builds since such builds depend
on the performance characteristics of the system performing the build.
It is worth noting that the performance (execution time) of a
build-system does not matter for
On 25/08/2023 06.56, kpcyrd wrote:
It seems the order for this has an impact on the elf binary.
```
find . -type f -perm -u+w -print0 2>/dev/null | while IFS= read -rd ''
binary ; do
This should be trivial to fix with
find . -type f -perm -u+w -print0 2>/dev/null |
sort -z |
while IFS=
On 02/08/2023 11.26, Carles Pina i Estany wrote:
Hi,
This is Debian specific but I cannot find a reproducible builds Debian
specific mailing list. Let me know if I should ask elsewhere. Feel free
to send me some pointers to read it myself.
TL;DR: I'm trying to build hello-traditional from
On 29/05/2023 06.10, Vagrant Cascadian wrote:
Do such tools actually exist, or are we talking about something
theoretical here?
https://github.com/openSUSE/build-compare/ is in use for 13 years.
And strip-nondeterminism can be used to build another such tool.
They will only ever be able to
On 29/05/2023 05.25, David A. Wheeler wrote:
If you have tips on common likely errors, please post, I think
that would be of interest to many.
https://github.com/openSUSE/build-compare/issues/53
https://github.com/openSUSE/build-compare/issues/33
I agree, that it is good to give it a name (I have called it
semi-reproducible before), but we should be clear on communicating the
disadvantages.
In openSUSE we have been working towards repeatable semantically
reproducible builds for over a decade [1] using our open-build-service
and a
On 06/04/2023 10.28, Larry Doolittle wrote:
I'm trying to make a process to generate byte-for-byte reproducible zip files.
Try adding the -X option to the zip call.
It will suppress adding of extended attributes (atime/ctime).
And with
On 09/03/2023 23.34, Vagrant Cascadian wrote:
On 2023-03-08, aho...@0w.se wrote:
We seem to be the first project offering bootstrappable and verifiable
builds without any binary seeds.
The project's website is at [1]
...
[1] the site is available through the Tor/onion network
(for the
On 25/02/2023 16.56, Anthony Harrison wrote:
More tools are in the pipeline, including one to generate an SBOM from
an installed platform distribution or package (currently works for
Debian systems, work in progress for RPM based systems) and an audit
tool. I hope to publish these in the
On 18/12/2022 02.09, Martin via rb-general wrote:
Controlling hardware is essential
https://www.bunniestudios.com/blog/?p=5706
Covers the topic of why open-source hardware is not enough to build
trustable devices.
TLDR: there are ways to subvert silicon that cannot be detected, even
Hi,
a colleague of mine is rather skeptic towards bootstrapping and
reproducible-builds.
E.g. he wrote
https://fy.blackhats.net.au/blog/html/2021/05/12/compiler_bootstrapping_can_we_trust_rust.html
and the effect can also be seen in his packaging such as
Hi,
there is an interesting rb-related argument in a PR, but I want to avoid
that too many rb-people hop in there and instead would appreciate, if
you could contribute to a cohesive argument at
https://etherpad.opensuse.org/p/scons-rb-argument
that then gets posted there by 1 representative.
Muhammad Hassan wrote:
> Do you feel there is potential for detecting build unreproducibility
> statically (without executing adversarial rebuilds)?
Yes, there are a number of potentially troublesome strings listed in
https://github.com/bmwiedemann/reproducibleopensuse/blob/master/howtodebug#L31
On 17/06/2022 11.12, Chris Lamb wrote:
> Hi Roland,
>
>> would enabling LTO cause reproducible issues?
>> If I remember correctly, Bernhard mentioned some issues, which got
>> 'solved' by using less parallel builds (-j1 or -j4?).
>
> Good question. There was definitely at least one
On 10/03/2022 04.23, Bernhard M. Wiedemann wrote:
> Hi,
>
> I submitted a rb workshop session proposal for
> https://events.opensuse.org/conferences/oSC22
>
> Even if that is not accepted, this conf would be an opportunity for a
> small meetup of rb people.
>
> Who would be interested to
On 06/05/2022 22.48, John Neffenger wrote:
> Starting yesterday, for the first time, the JDK can create reproducible
> builds of the JDK!
That is great news. Thank you John, Magnus and Andrew for taking care of
this.
I tried to get a double-build test working on openSUSE with
26 matches
Mail list logo