summaryrefslogtreecommitdiff
path: root/website
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-12-17 12:13:32 +0100
committerLudovic Courtès <ludo@gnu.org>2016-12-17 12:41:06 +0100
commit07e18bf6d985be1a2d42a5f0d33758954bedfc43 (patch)
tree023269a16f57cf9e3cb780fcfbf8c0c40be97fe9 /website
parent30f13df13575e16ba185e2877333ab6b53fdbd62 (diff)
downloadguix-artwork-07e18bf6d985be1a2d42a5f0d33758954bedfc43.tar
guix-artwork-07e18bf6d985be1a2d42a5f0d33758954bedfc43.tar.gz
website: Add post about the repro build summit.
* website/posts/reproducible-build-summit.html: New file.
Diffstat (limited to 'website')
-rw-r--r--website/posts/reproducible-build-summit.html166
1 files changed, 166 insertions, 0 deletions
diff --git a/website/posts/reproducible-build-summit.html b/website/posts/reproducible-build-summit.html
new file mode 100644
index 0000000..18315c6
--- /dev/null
+++ b/website/posts/reproducible-build-summit.html
@@ -0,0 +1,166 @@
+title: Reproducible Build Summit, 2nd Edition
+date: 2016-12-16 18:00
+author: Ludovic Courtès, John Darrington, Ricardo Wurmus
+---
+<div> <!-- needed to placate Haunt's 'html-reader' -->
+ <p>
+ GNU Guix was present this week at
+ the <a href="https://reproducible-builds.org/events/berlin2016/">second
+ Reproducible Build Summit</a> in Berlin. Three of us were there.
+ We happily joined a dozen of other free software projects, mostly
+ distros, to discuss cross-cutting reproducibility issues going from
+ outreach to hacking on a specific piece of software. This attempts
+ to summarize important points that were discussed in some of the
+ sessions we attended, and how Guix fits into that.
+ </p>
+
+ <h4>On reproducibility</h4>
+ <p>
+ What does it mean for a build process to be <i>reproducible</i>?
+ That sounded obvious to many attendants, but experience has shown
+ that many outside of the community needed clarifications. A group
+ led by Ed Maste of FreeBSD worked hard to come up with a definition
+ that is both concise, accurate, and generic. Impressive and useful
+ work!
+ </p>
+ <p>
+ At the same time, another group worked on the other thankless task
+ that consists in
+ improving <a href="https://reproducible-builds.org/docs/">the
+ reproducible build documentation</a>. A big thanks to them!
+ </p>
+
+ <h4>Testing reproducibility</h4>
+ <p>
+ For a couple of years, Debian has had
+ a <a href="https://tests.reproducible-builds.org/debian/reproducible.html">
+ dashboard</a> that shows the progress that has been made. The
+ result is impressive: 92% of its binary packages are now bit-for-bit
+ reproducible! During the meeting, Eelco Dolstra reported first
+ results for NixOS, obtained thanks to an extension to
+ the <a href="https://nixos.org/hydra/">Hydra</a> continuous
+ integration tool:
+ <a href="http://permalink.gmane.org/gmane.linux.distributions.nixos/22247">77%
+ of the packages</a> are currently reproducible.
+ </p>
+ <p>
+ Our build farm in Guix doesn't yet have the resources to perform
+ independent rebuilds of packages. We plan to use the shared
+ resources
+ at <a href="https://tests.reproducible-builds.org/">tests.reproducible-builds.org</a>
+ to achieve that soon. Since last year's summit,
+ our <a href="https://www.gnu.org/software/guix/manual/html_node/Submitting-Patches.html">patch
+ submission guidelines</a> require submitters to check for
+ reproducibility issues using <tt>guix build --rounds=<i>N</i></tt>.
+ This has already allowed us to fix lots of reproducibility issues in
+ packages.
+ </p>
+
+ <h4>User-facing interfaces to reproducible builds</h4>
+ <p>
+ Reproducible builds should allow users to verify builds, and
+ distributors to no longer be single points of failure. But how
+ can we actually <emph>empower</emph> users with reproducible builds?
+ Last
+ year, <a href="https://www.gnu.org/software/guix/news/reproducible-builds-a-means-to-an-end.html">we
+ outlined</a> that reproducible builds are a means to user
+ empowerment. Thus it was great to brainstorm these issues with
+ brilliant minds!
+ </p>
+ <p>
+ dkg of Debian and ACLU led a couple of sessions on this topic.
+ Tools
+ like <a href="https://www.gnu.org/software/guix/manual/html_node/Invoking-guix-challenge.html"><tt>guix
+ challenge</tt></a> are one way to help users check whether their
+ binaries are trustworthy, provided independent package builds are
+ available. Some suggested that this could be used as an input for a
+ more general kind of “system health” monitoring tool.
+ </p>
+ <p>
+ A large part of the discussion then focused on <emph>policies</emph>
+ that users could select. For example, assuming several independent
+ organizations provide binaries for a given distro, users could
+ disallow installation of binaries for which providers disagree on
+ the output. Worded like this, the policy could easily lead to
+ denial of service should one of the providers be unavailable. A
+ refinement of this policy is to install only packages for
+ which <i>k</i> out of <i>n</i> known builders “agree” on what
+ the package contents are.
+ </p>
+ <p>
+ Guix currently allows users to specify multiple binary providers
+ through
+ the <a href="https://www.gnu.org/software/guix/manual/html_node/Substitutes.html"><tt>--substitute-urls</tt></a> option.
+ We hope we can extend it to support this “<i>k</i> out of <i>n</i>”
+ policy by the next Reproducible Build Summit!
+ </p>
+
+ <h4>Bootstrapping</h4>
+ <p>
+ The Summit focuses on reproducible <emph>builds</emph>, but
+ unfortunately, there are more and more situations where software is
+ not built from source. In most cases, this is due
+ to <emph>bootstrapping issues</emph>: a compiler is written in the
+ language it compiles, and thus distributors have no choice but to
+ start from an opaque pre-built binary provided by upstream. The
+ problem also comes up
+ when <a href="https://www.gnu.org/software/guix/manual/html_node/Bootstrapping.html">building
+ a complete system “from nothing”</a>. This situation prevents users
+ from knowing what code they’re running, and it makes them vulnerable
+ to <a href="https://www.win.tue.nl/~aeb/linux/hh/thompson/trust.html"><i>trusting
+ trust</i> attacks</a>.
+ </p>
+ <p>
+ In Guix, the debate came up every time we added one of these
+ self-hosted compilers—Rust, OCaml, GHC, etc. This is not a
+ comfortable situation. We led sessions on this topic with two
+ goals: to try and make a specific package “bootstrappable”, and to
+ raise awareness and come up with guidelines for compiler and tool
+ writers. Together with other hackers, we drafted a manifesto that
+ we hope to publish soon. Stay tuned!
+ </p>
+
+ <h4>Hacks!</h4>
+ <p>
+ During the hacking sessions, while Ricardo was busy working on the
+ bootstrapping manifesto, John together with Pierre Pronchery of NetBSD
+ tackled <a href="https://savannah.gnu.org/bugs/?49654">gettext reproducibility issues</a>, and
+ Ludovic picked up the work of others on fixing
+ a <a href="https://debbugs.gnu.org/cgi/bugreport.cgi?bug=20272">longstanding
+ reproducibility issue in Guile</a>, the Scheme implementation used
+ by Guix—“the shoemaker’s child always goes barefoot”, they say.
+ </p>
+
+ <h4>Thanks!</h4>
+ <p>
+ We would like to thank the sponsors who helped make the Reproducible
+ Build Summit possible: Debian, Google, Linux Foundation, and Open
+ Tech Fund. Special thanks to Beatrice and Gunner of Aspiration and
+ to Holger of Debian for the perfect organization, and for the
+ productive and friendly atmosphere they created!
+ </p>
+
+ <h4>About GNU Guix</h4>
+ <p>
+ <a href="https://www.gnu.org/software/guix">GNU Guix</a> is a
+ transactional package manager for the GNU system. The Guix System
+ Distribution or GuixSD is an advanced distribution of the GNU system
+ that relies on GNU Guix
+ and <a href="https://www.gnu.org/distros/free-system-distribution-guidelines.html">respects
+ the user's freedom</a>.<br /></p><p>In addition to standard package
+ management features, Guix supports transactional upgrades and
+ roll-backs, unprivileged package management, per-user profiles, and
+ garbage collection. Guix uses low-level mechanisms from the Nix
+ package manager, except that packages are defined as
+ native <a href="https://www.gnu.org/software/guile">Guile</a> modules,
+ using extensions to the <a href="http://schemers.org">Scheme</a>
+ language. GuixSD offers a declarative approach to operating system
+ configuration management, and is highly customizable and
+ hackable.<br />
+ </p>
+ <p>
+ GuixSD can be used on an i686 or x86_64 machine. It is also possible
+ to use Guix on top of an already installed GNU/Linux system, including
+ on mips64el and armv7.
+ </p>
+</div>