14:59:29 <h01ger> #startmeeting reproducible-builds.org general monthly irc meeting
14:59:29 <MeetBot> Meeting started Tue Oct 26 14:59:29 2021 UTC.  The chair is h01ger. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:29 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:59:46 <h01ger> hi. todays agenda is at https://pad.riseup.net/p/rb-irc-meetings-keep
15:00:00 <h01ger> welcome to this monthly meeting, please briefly introduce yourself or update us on recent or planned projects
15:00:24 * h01ger = Holger Levsen, working on reproducible Debian and tests.r-b.o
15:00:34 <h01ger> #topic introductions
15:00:46 <h01ger> also feel free to edit the agenda..
15:00:52 <rclobus> rclobus = Roland Clobus, working on images based on live-build
15:02:04 <rgdd> hello! rgdd = Rasmus Dahlberg, working on transparency logs and their applications!
15:03:04 * lamby -> Chris Lamb
15:03:07 * vagrantc = Vagrant Cascadian, reproducible Debian with a hint of reproducible Guix
15:03:33 * lamby -> Chris Lamb: reproducible Debian, diffoscope and upstream-ish toolchain issues
15:04:34 * h01ger will wait a few more minutes for others to join in before really starting with the meeting..
15:06:44 <h01ger> alright, lets start
15:06:47 * bmwiedemann = Bernhard M. Wiedemann - openSUSE & SUSE reproducible builds
15:07:04 <h01ger> oh hi :)
15:07:06 <lamby> o/
15:07:10 <bmwiedemann> o/
15:07:18 <h01ger> #topic short time slot for checkins from various projects
15:07:38 <h01ger> #topic short time slots: Alpine Linux: status update
15:07:54 <h01ger> Ariadne: are you here? or anyone else to report?
15:08:18 * h01ger pings kpcyrd already for the next topic ;)
15:08:40 <Ariadne> nothing to report, we are working on the 3.15 release.  the current plan is to hit the ground running on reproducible builds again in 3.16 development cycle in few weeks
15:08:48 <lamby> (hey Ariadne)
15:09:07 <h01ger> Ariadne: hi & thanks for the update! and good luck with 3.15 :)
15:09:26 <h01ger> #topic short time slots: Arch Linux: rebuilder status update
15:09:32 <h01ger> kpcyrd: ^
15:09:35 <h01ger> ?
15:09:51 <h01ger> #save
15:10:21 <h01ger> rabajaj_: hi. log up until you joined is at http://meetbot.debian.net/reproducible-builds/2021/ :)
15:10:55 <rabajaj_> h01ger, thank you :)
15:11:40 <h01ger> #topic short time slots: snapshot.d.o mirror status update
15:12:32 <h01ger> fepitre apologized himself but i can report that snapshot.r-b.o has been set up as a system (ssh works, 16tb xfs fs set up), and fepitre & myself have started discussing how to best setup the service..
15:12:57 <vagrantc> \o/
15:13:01 <rclobus> fepitre: Was there a short interruption of your server last Sunday around 16:36?
15:13:13 <lamby> very precise, haha
15:13:20 <h01ger> rclobus: quite possible i suppose
15:13:48 <h01ger> https://debian.notset.fr/snapshot/ is that other server for those not yet following along :)
15:13:52 <rabajaj_> what do the labels ftbr and ftbfs mean, can i read more about it?
15:14:06 <rclobus> I noticed that 2 of the live-build Jenkins jobs turned red and one minute later the next job was green already.
15:14:12 <h01ger> rabajaj_: ftbts = 'fails to build from source' a debian term
15:14:24 <vagrantc> ftbfs :)
15:14:28 <h01ger> ftbr=fails to build reproducible, a term coined here :)
15:14:33 <h01ger> what vagrantc says :)
15:15:04 <rabajaj_> when we say that a build was reproducible, which tool do we use to check debain packages?
15:15:37 <h01ger> rabajaj_: those are very basic questions which might best be answered after the meeting
15:16:17 <h01ger> (the answer here is /usr/bin/diff or /usr/bin/$somehashsum)
15:16:20 <rabajaj_> h01ger, got it.
15:16:38 <h01ger> happy to continue later :)
15:16:51 <h01ger> #topic short time slots: rebuilder status update
15:17:29 <h01ger> no updates here, or was beta.tests.reproducible-builds.org a thing already last month? (its just a dns entry but still ;)
15:17:53 <h01ger> #info https://beta.tests.reproducible-builds.org
15:19:10 <h01ger> #topic short time slots: Debian live-builds status update
15:19:15 <h01ger> rclobus: ^
15:19:39 <rclobus> Hi, I was offline for the large part, due a late 'summer' holiday break.
15:20:05 <rclobus> Before I went away, I updated the live-build tool to use the proxy settings properly.
15:20:42 <rclobus> Now live-build will use the proxy for every http connection it makes (some parts of the installer previously were not redirected to the proxy)
15:20:43 * h01ger nods
15:20:52 <h01ger> holiday break sounds great!
15:21:03 <h01ger> & proxy always too :)
15:21:16 <rclobus> Jenkins has been updated already by h01ger.
15:21:25 <vagrantc> how are the live build builders holding up? they seem to be down a lot lately
15:21:31 <vagrantc> on tests.r-b.org
15:21:55 <rclobus> Next steps for me: discuss with h01ger how to proceed, e.g. for bookworm, and other variants.
15:22:20 <h01ger> rclobus: ping me anytime..
15:22:23 <rclobus> The tests in Jenkins currently run once a week, and last Sunday, there was this hiccup. Otherwise, it's pretty stable.
15:22:44 <lamby> Neat.
15:22:55 <vagrantc> rclobus: ah, i seem to check at bad times i guess :/ :)
15:23:03 * h01ger just triggered the two builds that had ssh probs..
15:23:38 <rclobus> vagrantc: Yes, the timing (e.g. with DebConf21) was slightly unfortunate.
15:23:47 <rclobus> Well, that's it from my side.
15:24:04 <h01ger> thanks for these updates!
15:24:21 <h01ger> #topic short time slots: F-Droid status update
15:24:46 <h01ger> obfusk: are you here? anyone else F-Droid?
15:26:46 <h01ger> i suppose not
15:27:22 <h01ger> next short slot is about rebuilderd from kpcyrd who's not here today, so lets skip that too
15:27:36 <h01ger> #topic r-b summit 2022
15:28:08 <h01ger> https://lists.reproducible-builds.org/pipermail/rb-general/2021-October/002404.html is the mail mapreri sent about this last week
15:29:14 * h01ger can add another data point: easterhegg 2022 has been canceled/moved online. easterhegg is one of the bigger ccc events with roughly 2000 people attending. a bit bigger event than our summit ;)
15:29:52 <lamby> Slightly bigger yep, lol
15:30:02 <h01ger> mapreri: did you get more private replies?
15:31:52 <h01ger> i had hoped for some discussion about this topic at least but i guess that was naive :)
15:32:42 <lamby> Did you have a specific question you wanted to raise here?  It felt more of an 'informational' email to me. :)
15:32:43 <vagrantc> r-b summit 2019+N
15:32:53 <lamby> vagrantc: haha
15:33:08 <jelle> nooooo :(
15:34:09 <h01ger> well, we could discuss online sessions or do other plans or just wait til covid is over. (there are more options but)
15:34:30 <vagrantc> i have a feeling if somehow it actually seems a reasonable thing to do in X months, we'll see it coming :)
15:36:08 <h01ger> i actually feel the opposite, or maybe not the opposite, but i do think it will take a long time until we all see it, so i'm starting to becoming more open to the idea of having limited meetings
15:37:19 <vagrantc> fair ... i don't forsee getting on a plane anytime soon, personally ...
15:37:56 <vagrantc> not sure how to make good use of an online event ... we might want to define fairly targeted goals or something in advance or something
15:39:40 * h01ger presses the unsnooze button (or the snooze one?)
15:40:01 <h01ger> there's no update on the next topic and the following topic is any other business
15:40:05 <vagrantc> we already can piggyback on various conference talks and have a little bit of online stuff
15:40:49 <h01ger> vagrantc: or wait and work on actual r-b topics instead of working on an online event?
15:41:50 <vagrantc> h01ger: i guess i'm more talking about ad-hoc informal meetings, rather than trying to make an "event"
15:42:01 <h01ger> ic
15:42:18 <vagrantc> e.g. people all go to an r-b talk and heckle one another :)
15:42:43 <vagrantc> well, mostly people just seem to be supportive, but a little playful heckling can be fun :)
15:43:23 <bmwiedemann> are devil's advocates mandatory?
15:45:52 * h01ger can see himself taking a place again in 2022, btw
15:46:02 <h01ger> #topic any other business
15:46:18 <h01ger> rabajaj_: now is also a good time for your questions :)
15:46:26 <rgdd> i could add a short aob update that is rb-related, although not strictly "just rb"
15:46:37 <h01ger> rgdd: please go ahead!
15:46:47 <rgdd> as my colleague Fredrik mentioned on the rb-general list, we launched a transparency log project named sigsum
15:46:56 <rgdd> it has applications to r-b, e.g., to facilitate verification of claims like "everyone gets the same reproducible binaries"
15:47:05 <rgdd> we would love feedback on our v0 design and api, and/or talk transparency logs and applications in general
15:47:15 <rgdd> for more information, see https://lists.sigsum.org/sigsum-general/msg00001.html
15:48:51 <h01ger> #info feedback wanted: https://lists.sigsum.org/sigsum-general/msg00001.html
15:48:59 <rgdd> thanks!
15:49:19 <h01ger> rgdd: are you already Debian packages? (from debian.org)
15:49:50 <rgdd> if we are logging Debian packages you mean?
15:49:56 <h01ger> yes
15:50:10 <rgdd> not yet, but that is something that could definitely be done
15:50:22 <rgdd> strictly speaking what you would be logging is a checksum of a debian package
15:50:44 <rgdd> then the actual debian package continues to be stored at its current location
15:51:01 <rgdd> so the log helps you ensure that everyone sees the same signed statements and that is it
15:51:08 <h01ger> sure (checksum :)
15:51:29 <h01ger> yes. its super useful, also/esp for non reproducible builds :)
15:51:45 <rgdd> yeah, i think its useful both for reproducible and non-repro builds!
15:51:49 <vagrantc> seems like for debian, you'd actually want to track the Packages files and such
15:52:07 <vagrantc> to see if package_x.y.z.deb changed checksum unexpectedly
15:52:57 <rgdd> yeah, and more generally its useful to discover that a certain package_x.y.z.deb exits
15:53:07 * h01ger joined #sigsum on oftc
15:54:18 <vagrantc> in theory, the checksum of an artifact (e.g. .deb) in debian's repository should never change once introduced
15:54:26 <h01ger> also in practice
15:54:47 <h01ger> however, do we have any other business?
15:54:49 <vagrantc> well, but that's the point of logging
15:55:01 <vagrantc> to check for things that shouldn't be that, surprise, happened
15:55:05 <h01ger> sure
15:55:56 <vagrantc> i just wanted to say i was really happy to finally see a meaningful chart of the reproducibility status for bullseye
15:56:29 <h01ger> though, i do recall packages_x.y.z.deb to vanish, but not to change. (on ftp.d.o) - so i think its more significant to detect different hashes for package_x.y.z.deb for different users..
15:56:30 <vagrantc> seems like it's hovering around 92% reproducible for debian bullseye
15:56:43 <h01ger> oh
15:57:02 <h01ger> speaking of bullseye, seems we found 570 binary packages without .buildinfo files in bullseye :/
15:57:11 <vagrantc> ah
15:57:19 <h01ger> only 540 in bookworm though
15:57:20 <vagrantc> that would explain some discrepancies in numbers, then
15:57:24 <h01ger> no
15:57:28 <h01ger> not only
15:58:11 <vagrantc> how were they discovered, relative to previous efforts? :)
15:58:47 <h01ger> bremner found some bug in his builtin-pho db thing and i could confirm these numbers then on jenkins.d.n
15:59:41 <vagrantc> 570 out of ~30k is not terrible
15:59:47 <h01ger> but the difference between those 92% for debian rebuilds compared 94% for debian ci-builds is bigger than just 570 packages
15:59:48 <vagrantc> are they mostly leaf packages?
15:59:53 <h01ger> i dunno
16:00:47 <h01ger> hah.
16:00:50 <vagrantc> there seemed to be about a difference of ~2k packages that the old-school tests.r-b.org and the beta.tests.r-b.org
16:01:17 <h01ger> but the difference between those 92% for debian rebuilds compared *96%* for debian ci-builds is bigger than just 570 packages - 2% is roughly 520 packages..
16:01:49 <h01ger> i think we should close the meeting here and discuss those details after the meeting..
16:01:54 <vagrantc> yes, but 2k package difference would explain it
16:01:56 <vagrantc> sure
16:01:58 <h01ger> any other business?
16:02:49 <lamby> None here..
16:02:54 <rgdd> none here as well!
16:03:43 <rclobus> None here.
16:04:16 <h01ger> so, lets wrap up now
16:04:21 <h01ger> thank you all for attending
16:04:27 <lamby> thank h01ger
16:04:53 <rgdd> thanks!
16:04:57 <h01ger> #info the next meeting will be again on the last tuesday of the month at 15 UTC, however, this will very probably be a different hour in your timezone due to you know what! :)
16:05:12 <h01ger> #endmeeting