14:59:29 <h01ger> #startmeeting reproducible-builds.org general monthly irc meeting 14:59:29 <MeetBot> Meeting started Tue Oct 26 14:59:29 2021 UTC. The chair is h01ger. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:59:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:59:46 <h01ger> hi. todays agenda is at https://pad.riseup.net/p/rb-irc-meetings-keep 15:00:00 <h01ger> welcome to this monthly meeting, please briefly introduce yourself or update us on recent or planned projects 15:00:24 * h01ger = Holger Levsen, working on reproducible Debian and tests.r-b.o 15:00:34 <h01ger> #topic introductions 15:00:46 <h01ger> also feel free to edit the agenda.. 15:00:52 <rclobus> rclobus = Roland Clobus, working on images based on live-build 15:02:04 <rgdd> hello! rgdd = Rasmus Dahlberg, working on transparency logs and their applications! 15:03:04 * lamby -> Chris Lamb 15:03:07 * vagrantc = Vagrant Cascadian, reproducible Debian with a hint of reproducible Guix 15:03:33 * lamby -> Chris Lamb: reproducible Debian, diffoscope and upstream-ish toolchain issues 15:04:34 * h01ger will wait a few more minutes for others to join in before really starting with the meeting.. 15:06:44 <h01ger> alright, lets start 15:06:47 * bmwiedemann = Bernhard M. Wiedemann - openSUSE & SUSE reproducible builds 15:07:04 <h01ger> oh hi :) 15:07:06 <lamby> o/ 15:07:10 <bmwiedemann> o/ 15:07:18 <h01ger> #topic short time slot for checkins from various projects 15:07:38 <h01ger> #topic short time slots: Alpine Linux: status update 15:07:54 <h01ger> Ariadne: are you here? or anyone else to report? 15:08:18 * h01ger pings kpcyrd already for the next topic ;) 15:08:40 <Ariadne> nothing to report, we are working on the 3.15 release. the current plan is to hit the ground running on reproducible builds again in 3.16 development cycle in few weeks 15:08:48 <lamby> (hey Ariadne) 15:09:07 <h01ger> Ariadne: hi & thanks for the update! and good luck with 3.15 :) 15:09:26 <h01ger> #topic short time slots: Arch Linux: rebuilder status update 15:09:32 <h01ger> kpcyrd: ^ 15:09:35 <h01ger> ? 15:09:51 <h01ger> #save 15:10:21 <h01ger> rabajaj_: hi. log up until you joined is at http://meetbot.debian.net/reproducible-builds/2021/ :) 15:10:55 <rabajaj_> h01ger, thank you :) 15:11:40 <h01ger> #topic short time slots: snapshot.d.o mirror status update 15:12:32 <h01ger> fepitre apologized himself but i can report that snapshot.r-b.o has been set up as a system (ssh works, 16tb xfs fs set up), and fepitre & myself have started discussing how to best setup the service.. 15:12:57 <vagrantc> \o/ 15:13:01 <rclobus> fepitre: Was there a short interruption of your server last Sunday around 16:36? 15:13:13 <lamby> very precise, haha 15:13:20 <h01ger> rclobus: quite possible i suppose 15:13:48 <h01ger> https://debian.notset.fr/snapshot/ is that other server for those not yet following along :) 15:13:52 <rabajaj_> what do the labels ftbr and ftbfs mean, can i read more about it? 15:14:06 <rclobus> I noticed that 2 of the live-build Jenkins jobs turned red and one minute later the next job was green already. 15:14:12 <h01ger> rabajaj_: ftbts = 'fails to build from source' a debian term 15:14:24 <vagrantc> ftbfs :) 15:14:28 <h01ger> ftbr=fails to build reproducible, a term coined here :) 15:14:33 <h01ger> what vagrantc says :) 15:15:04 <rabajaj_> when we say that a build was reproducible, which tool do we use to check debain packages? 15:15:37 <h01ger> rabajaj_: those are very basic questions which might best be answered after the meeting 15:16:17 <h01ger> (the answer here is /usr/bin/diff or /usr/bin/$somehashsum) 15:16:20 <rabajaj_> h01ger, got it. 15:16:38 <h01ger> happy to continue later :) 15:16:51 <h01ger> #topic short time slots: rebuilder status update 15:17:29 <h01ger> no updates here, or was beta.tests.reproducible-builds.org a thing already last month? (its just a dns entry but still ;) 15:17:53 <h01ger> #info https://beta.tests.reproducible-builds.org 15:19:10 <h01ger> #topic short time slots: Debian live-builds status update 15:19:15 <h01ger> rclobus: ^ 15:19:39 <rclobus> Hi, I was offline for the large part, due a late 'summer' holiday break. 15:20:05 <rclobus> Before I went away, I updated the live-build tool to use the proxy settings properly. 15:20:42 <rclobus> Now live-build will use the proxy for every http connection it makes (some parts of the installer previously were not redirected to the proxy) 15:20:43 * h01ger nods 15:20:52 <h01ger> holiday break sounds great! 15:21:03 <h01ger> & proxy always too :) 15:21:16 <rclobus> Jenkins has been updated already by h01ger. 15:21:25 <vagrantc> how are the live build builders holding up? they seem to be down a lot lately 15:21:31 <vagrantc> on tests.r-b.org 15:21:55 <rclobus> Next steps for me: discuss with h01ger how to proceed, e.g. for bookworm, and other variants. 15:22:20 <h01ger> rclobus: ping me anytime.. 15:22:23 <rclobus> The tests in Jenkins currently run once a week, and last Sunday, there was this hiccup. Otherwise, it's pretty stable. 15:22:44 <lamby> Neat. 15:22:55 <vagrantc> rclobus: ah, i seem to check at bad times i guess :/ :) 15:23:03 * h01ger just triggered the two builds that had ssh probs.. 15:23:38 <rclobus> vagrantc: Yes, the timing (e.g. with DebConf21) was slightly unfortunate. 15:23:47 <rclobus> Well, that's it from my side. 15:24:04 <h01ger> thanks for these updates! 15:24:21 <h01ger> #topic short time slots: F-Droid status update 15:24:46 <h01ger> obfusk: are you here? anyone else F-Droid? 15:26:46 <h01ger> i suppose not 15:27:22 <h01ger> next short slot is about rebuilderd from kpcyrd who's not here today, so lets skip that too 15:27:36 <h01ger> #topic r-b summit 2022 15:28:08 <h01ger> https://lists.reproducible-builds.org/pipermail/rb-general/2021-October/002404.html is the mail mapreri sent about this last week 15:29:14 * h01ger can add another data point: easterhegg 2022 has been canceled/moved online. easterhegg is one of the bigger ccc events with roughly 2000 people attending. a bit bigger event than our summit ;) 15:29:52 <lamby> Slightly bigger yep, lol 15:30:02 <h01ger> mapreri: did you get more private replies? 15:31:52 <h01ger> i had hoped for some discussion about this topic at least but i guess that was naive :) 15:32:42 <lamby> Did you have a specific question you wanted to raise here? It felt more of an 'informational' email to me. :) 15:32:43 <vagrantc> r-b summit 2019+N 15:32:53 <lamby> vagrantc: haha 15:33:08 <jelle> nooooo :( 15:34:09 <h01ger> well, we could discuss online sessions or do other plans or just wait til covid is over. (there are more options but) 15:34:30 <vagrantc> i have a feeling if somehow it actually seems a reasonable thing to do in X months, we'll see it coming :) 15:36:08 <h01ger> i actually feel the opposite, or maybe not the opposite, but i do think it will take a long time until we all see it, so i'm starting to becoming more open to the idea of having limited meetings 15:37:19 <vagrantc> fair ... i don't forsee getting on a plane anytime soon, personally ... 15:37:56 <vagrantc> not sure how to make good use of an online event ... we might want to define fairly targeted goals or something in advance or something 15:39:40 * h01ger presses the unsnooze button (or the snooze one?) 15:40:01 <h01ger> there's no update on the next topic and the following topic is any other business 15:40:05 <vagrantc> we already can piggyback on various conference talks and have a little bit of online stuff 15:40:49 <h01ger> vagrantc: or wait and work on actual r-b topics instead of working on an online event? 15:41:50 <vagrantc> h01ger: i guess i'm more talking about ad-hoc informal meetings, rather than trying to make an "event" 15:42:01 <h01ger> ic 15:42:18 <vagrantc> e.g. people all go to an r-b talk and heckle one another :) 15:42:43 <vagrantc> well, mostly people just seem to be supportive, but a little playful heckling can be fun :) 15:43:23 <bmwiedemann> are devil's advocates mandatory? 15:45:52 * h01ger can see himself taking a place again in 2022, btw 15:46:02 <h01ger> #topic any other business 15:46:18 <h01ger> rabajaj_: now is also a good time for your questions :) 15:46:26 <rgdd> i could add a short aob update that is rb-related, although not strictly "just rb" 15:46:37 <h01ger> rgdd: please go ahead! 15:46:47 <rgdd> as my colleague Fredrik mentioned on the rb-general list, we launched a transparency log project named sigsum 15:46:56 <rgdd> it has applications to r-b, e.g., to facilitate verification of claims like "everyone gets the same reproducible binaries" 15:47:05 <rgdd> we would love feedback on our v0 design and api, and/or talk transparency logs and applications in general 15:47:15 <rgdd> for more information, see https://lists.sigsum.org/sigsum-general/msg00001.html 15:48:51 <h01ger> #info feedback wanted: https://lists.sigsum.org/sigsum-general/msg00001.html 15:48:59 <rgdd> thanks! 15:49:19 <h01ger> rgdd: are you already Debian packages? (from debian.org) 15:49:50 <rgdd> if we are logging Debian packages you mean? 15:49:56 <h01ger> yes 15:50:10 <rgdd> not yet, but that is something that could definitely be done 15:50:22 <rgdd> strictly speaking what you would be logging is a checksum of a debian package 15:50:44 <rgdd> then the actual debian package continues to be stored at its current location 15:51:01 <rgdd> so the log helps you ensure that everyone sees the same signed statements and that is it 15:51:08 <h01ger> sure (checksum :) 15:51:29 <h01ger> yes. its super useful, also/esp for non reproducible builds :) 15:51:45 <rgdd> yeah, i think its useful both for reproducible and non-repro builds! 15:51:49 <vagrantc> seems like for debian, you'd actually want to track the Packages files and such 15:52:07 <vagrantc> to see if package_x.y.z.deb changed checksum unexpectedly 15:52:57 <rgdd> yeah, and more generally its useful to discover that a certain package_x.y.z.deb exits 15:53:07 * h01ger joined #sigsum on oftc 15:54:18 <vagrantc> in theory, the checksum of an artifact (e.g. .deb) in debian's repository should never change once introduced 15:54:26 <h01ger> also in practice 15:54:47 <h01ger> however, do we have any other business? 15:54:49 <vagrantc> well, but that's the point of logging 15:55:01 <vagrantc> to check for things that shouldn't be that, surprise, happened 15:55:05 <h01ger> sure 15:55:56 <vagrantc> i just wanted to say i was really happy to finally see a meaningful chart of the reproducibility status for bullseye 15:56:29 <h01ger> though, i do recall packages_x.y.z.deb to vanish, but not to change. (on ftp.d.o) - so i think its more significant to detect different hashes for package_x.y.z.deb for different users.. 15:56:30 <vagrantc> seems like it's hovering around 92% reproducible for debian bullseye 15:56:43 <h01ger> oh 15:57:02 <h01ger> speaking of bullseye, seems we found 570 binary packages without .buildinfo files in bullseye :/ 15:57:11 <vagrantc> ah 15:57:19 <h01ger> only 540 in bookworm though 15:57:20 <vagrantc> that would explain some discrepancies in numbers, then 15:57:24 <h01ger> no 15:57:28 <h01ger> not only 15:58:11 <vagrantc> how were they discovered, relative to previous efforts? :) 15:58:47 <h01ger> bremner found some bug in his builtin-pho db thing and i could confirm these numbers then on jenkins.d.n 15:59:41 <vagrantc> 570 out of ~30k is not terrible 15:59:47 <h01ger> but the difference between those 92% for debian rebuilds compared 94% for debian ci-builds is bigger than just 570 packages 15:59:48 <vagrantc> are they mostly leaf packages? 15:59:53 <h01ger> i dunno 16:00:47 <h01ger> hah. 16:00:50 <vagrantc> there seemed to be about a difference of ~2k packages that the old-school tests.r-b.org and the beta.tests.r-b.org 16:01:17 <h01ger> but the difference between those 92% for debian rebuilds compared *96%* for debian ci-builds is bigger than just 570 packages - 2% is roughly 520 packages.. 16:01:49 <h01ger> i think we should close the meeting here and discuss those details after the meeting.. 16:01:54 <vagrantc> yes, but 2k package difference would explain it 16:01:56 <vagrantc> sure 16:01:58 <h01ger> any other business? 16:02:49 <lamby> None here.. 16:02:54 <rgdd> none here as well! 16:03:43 <rclobus> None here. 16:04:16 <h01ger> so, lets wrap up now 16:04:21 <h01ger> thank you all for attending 16:04:27 <lamby> thank h01ger 16:04:53 <rgdd> thanks! 16:04:57 <h01ger> #info the next meeting will be again on the last tuesday of the month at 15 UTC, however, this will very probably be a different hour in your timezone due to you know what! :) 16:05:12 <h01ger> #endmeeting