[..] fixing unreproducible build issues poses a set of challenges [..], among which we consider the localization granularity and the historical knowledge utilization as the most significant ones. To tackle these challenges, we propose a novel approach [called] RepFix that combines tracing-based fine-grained localization with history-based patch generation mechanisms.The paper (PDF, 3.5MB) uses the Debian
mylvmbackup
package as an example to show how RepFix can automatically generate patches to make software build reproducibly. As it happens, Reiner Herrmann submitted a patch for the mylvmbackup
package which has remained unapplied by the Debian package maintainer for over seven years, thus this paper inadvertently underscores that achieving reproducible builds will require both technical and social solutions.
_m
led to unreproducible .pyc
files. In particular, the types
module in Python 3.10 requires the following patch to make it reproducible:
--- a/Lib/types.py
+++ b/Lib/types.py
@@ -37,8 +37,8 @@ _ag = _ag()
AsyncGeneratorType = type(_ag)
class _C:
- def _m(self): pass
-MethodType = type(_C()._m)
+ def _b(self): pass
+MethodType = type(_C()._b)
Simply renaming the dummy method from _m
to _b
was enough to workaround the problem. Johannes bug report first led to a number of improvements in diffoscope to aid in dissecting .pyc
files, but upstream identified this as caused by an issue surrounding interned strings and is being tracked in CPython bug #78274.
foreach
package let their personal email domain expire, so they bought it and now controls foreach
on NPM and the 36,826 projects that depend on it . Shortly afterwards, Drew DeVault published a related blog post titled When will we learn? that offers a brief timeline of major incidents in this area and, not uncontroversially, suggests that the correct way to ship packages is with your distribution s package manager .
There s some bugs open with the Rust maintainers to address reproducible builds, but with the number of issues they have to deal with in the language, I am not optimistic that this problem will be resolved anytime soon. Assuming the only driver of the unreproducibility is the inclusion of OS paths in the binary, one fix to this would be to re-configure our build system to run in some sort of a chroot environment or a virtual machine that fixes the paths in a way that almost anyone else could reproduce. I say almost anyone else because this fix would be OS-dependent, so we d be able to get reproducible builds under, for example, Linux, but it would not help Windows users where chroot environments are not a thing.(Full post)
#reproducible-builds
on the OFTC network.
PKGBUILDs
provide authentication in the context of signed Git tags (i.e. the ability to verify the Git tag was signed by one of the two trusted keys ), they do not support pinning, ie. that upstream could create a new signed Git tag with an identical name, and arbitrarily change the source code without the [maintainer] noticing . Conversely, other PKGBUILD
s support pinning but not authentication. The new tool, auth-tarball-from-git, fixes both problems, as nearly outlined in kpcyrd s original blog post.
212
, 213
and 214
to Debian unstable.
Chris also made the following changes:
zipinfo
and zipinfo -v
. [ ]assert_diff
in test_zip
over calling get_data
with a separate assert
. [ ]re.compile
and then call .sub
on the result; just call re.sub
directly. [ ]--usage
and --help
. [ ]xb-tool
for GNU Guix [ ] as well as updated the diffoscope package in GNU Guix itself [ ][ ][ ].
nondeterministic_ordering_in_deprecated_items_collected_by_doxygen
toolchain issue [ ] as well as ones for mono_mastersummary_xml_files_inherit_filesystem_ordering
[ ], extended_attributes_in_jar_file_created_without_manifest
[ ] and apxs_captures_build_path
[ ].
Vagrant Cascadian performed a rough check of the reproducibility of core package sets in GNU Guix, and in openSUSE, Bernhard M. Wiedemann posted his usual monthly reproducible builds status report.
gtkmm-documentation
(merged; sorting issue)librespot
(merged; random BuildID
issue)lirc
(merged)lsof
(uname
/hostname
problem)solanum
(merged, possibly a race condition)mtink
.fceux
.glob2
.coinor-cgl
.metapixel
.ragel
.gdome2
.sgml-base-doc
.xarclock
.xgammon
.lwatch
.bbrun
.gscanbus
.libnss-gw-name
.pidgin-blinklight
.dvbtune
.efax
.quelcom
.xine-lib-1.2
.fusesmb
.mailfront
.convlit
.bitstormlite
.coinor-osi
.razor
.autoclass
.cdbackup
.dds2tar
.transcalc
.libapache2-mod-authz-unixgroup
.mgdiff
.scsitools
.fstrcmp
.libxsettings-client
.tamil-gtk2im
.tdfsb
.stymulator
.wiipdf
.gdigi
.getstream
.freecdb
.modglue
.nwall
.parprouted
.imagination
.tuxcmd-modules
.libapache2-mod-authn-yubikey
.libapache2-mod-auth-plain
.arm64
binaries to build reproducibly for the Debian systemd
package.
.dsc
files using reprepro.
#reproducible-builds
on irc.oftc.net
.
rb-general@lists.reproducible-builds.org
Do not add further complexity when it can be avoided. We are generally happy with the feature set of i3 and instead focus on fixing bugs and maintaining it for stability. New features will therefore only be considered if the benefit outweighs the additional complexity, and we encourage users to implement features using the IPC whenever possible. Introduction to the i3 window managerWhile this is not as powerful as an embedded language, it is enough for many cases. Moreover, as high-level features may be opinionated, delegating them to small, loosely coupled pieces of code keeps them more maintainable. Libraries exist for this purpose in several languages. Users have published many scripts to extend i3: automatic layout and window promotion to mimic the behavior of other tiling window managers, window swallowing to put a new app on top of the terminal launching it, and cycling between windows with Alt+Tab. Instead of maintaining a script for each feature, I have centralized everything into a single Python process,
i3-companion
using asyncio and the
i3ipc-python library. Each feature is self-contained into a
function. It implements the following components:
workspace_exclusive()
function monitors new windows and moves them
if needed to an empty workspace or to one with the same application
already running.quake_console()
function implements a drop-down console
available from any workspace. It can be toggled with
Mod+ . This is implemented as a scratchpad
window.workspace back_and_forth
command, we can ask i3 to
switch to the previous workspace. However, this feature is not
restricted to the current output. I prefer to have one keybinding to
switch to the workspace on the next output and one keybinding to
switch to the previous workspace on the same output. This behavior
is implemented in the previous_workspace()
function by keeping a
per-output history of the focused workspaces.workspace number
4
or move container to workspace number 4
. The new_workspace()
function finds a free number and use it as the target workspace.output_update()
function also takes an extra step to
coalesce multiple consecutive events and to check if there is a real
change with the low-level library xcffib.@on(CommandEvent("previous-workspace"), I3Event.WORKSPACE_FOCUS) async def previous_workspace(i3, event): """Go to previous workspace on the same output."""
CommandEvent()
event class is my way to send a command to the
companion, using either i3-msg -t send_tick
or binding a key to a
nop
command. The latter is used to avoid spawning a shell and a
i3-msg
process just to send a message. The companion listens to
binding events and checks if this is a nop
command.
bindsym $mod+Tab nop "previous-workspace"
@debounce()
to
coalesce multiple consecutive calls, @static()
to define a static
variable, and @retry()
to retry a function on failure. The whole
script is a bit more than 1000 lines. I think this is
worth a read as I am quite happy with the result.
notify()
, to send notifications using DBus. container_info()
and
workspace_info()
uses it to display information about the container
or the tree for a workspace.
workspace_rename()
function. The icons are from
the Font Awesome project. I maintain a mapping between applications
and icons. This is a bit cumbersome but it looks great.
For CPU, memory, brightness, battery, disk, and audio volume, I am
relying on the built-in modules. Polybar s wrapper script generates the list of filesystems to monitor and they get only
displayed when available space is low. The battery widget turns red
and blinks slowly when running out of power. Check my Polybar
configuration for more details.
For Bluetooh, network, and notification statuses, I am using Polybar s
ipc
module: the next version of Polybar can receive
an arbitrary text on an IPC socket. The module is defined with a
single hook to be executed at the start to restore the latest status.
[module/network] type = custom/ipc hook-0 = cat $XDG_RUNTIME_DIR/i3/network.txt 2> /dev/null initial = 1
polybar-msg action "#network.send.XXXX"
. In
the i3 companion, the @polybar()
decorator takes the string
returned by a function and pushes the update through the IPC socket.
The i3 companion reacts to DBus signals to update the Bluetooth and
network icons. The @on()
decorator accepts a DBusSignal()
object:
@on( StartEvent, DBusSignal( path="/org/bluez", interface="org.freedesktop.DBus.Properties", member="PropertiesChanged", signature="sa sv as", onlyif=lambda args: ( args[0] == "org.bluez.Device1" and "Connected" in args[1] or args[0] == "org.bluez.Adapter1" and "Powered" in args[1] ), ), ) @retry(2) @debounce(0.2) @polybar("bluetooth") async def bluetooth_status(i3, event, *args): """Update bluetooth status for Polybar."""
~/.xsession-errors
file.3
I am using a two-stage setup: i3.service
depends on
xsession.target
to start services before
i3:
[Unit] Description=X session BindsTo=graphical-session.target Wants=autorandr.service Wants=dunst.socket Wants=inputplug.service Wants=picom.service Wants=pulseaudio.socket Wants=policykit-agent.service Wants=redshift.service Wants=spotify-clean.timer Wants=ssh-agent.service Wants=xiccd.service Wants=xsettingsd.service Wants=xss-lock.service
i3-session.target
:
[Unit] Description=i3 session BindsTo=graphical-session.target Wants=wallpaper.service Wants=wallpaper.timer Wants=polybar-weather.service Wants=polybar-weather.timer Wants=polybar.service Wants=i3-companion.service Wants=misc-x.service
xset s
command. The locker can be invoked immediately with xset s activate
.
X11 applications know how to prevent the screen saver from running. I
have also developed a small dimmer application that is executed 20
seconds before the locker to give me a chance to move the mouse if I
am not away.4 Have a look at my configuration
script.
xrandr
.
:0
and :1
. In the first implementation, I did try to
parametrize each service with the associated display, but this is
useless: there is only one DBus user session and many services
rely on it. For example, you cannot run two notification daemons.
A song for Debconf21 ["What shall we do with the drunken sailor"]
What shall we do with the online Debconf?What shall we do with the online Debconf?What shall we do with the online Debconf?
Earl-y in the morning
Close it up as we agreed it
Save each script in case we need it
Work out how we best live-feed itNext year s Debconf s dawning
Next year s Kosovo and Pristina
This virtual Debconf needs no cleaner
Hope when COVID s gone we re keener
To meet up every morning
Thanks to the Debconf orga team
Thanks to those who Loopy meme
Things are not always as they seeem
In virtual Debconf s morning
Bullseye s out its share is rising
Debconf s fun and quite surprising
Linux 30 :)
Yours and my thing - Debian s 28
Thanks to all who video d sessions
Debconf T-shirts - prized possessions
Debcamp bug-fixed some regressions
Now onto next year!
A closing song for Debconf 21 [Frere Jacques/Brueder Martin]
DebConf21
Virtual DebConf s
Now all through
Closed for you
Kosovo is next year
See you in Pristina!!
DebConf 22
Twenty twenty-two
I have an early model Raspberry Pi 4. I wanted to install Debian on an SSD connected via a cable to a USB3 port. It turned out that the version of the software in the EEPROM would not boot reliably so the first task was to update this with the latest stable EEPROM available from the Raspberry Pi downloads.
The easiest way to do this was to boot an SD card with Raspbian on. Once that was done, I had a Pi that would boot from an SSD.
Untar the files
A tarball of UEFI from Pete's Github repository at https://github.com/pftf/RPi4/releases - latest is v 1.29 as at 20210814.
Plugging in the SSD to another machine to format the drive: msdos format, one ESP partition in FAT32 and marked bootable and the rest of the drive blank.
One aarch64 DVD image from the usual place.
https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-11.0.0-arm64-DVD-1.iso
Untar the UEFI tarball into the ESP partition you've just made
Plug the SSD into a USB3 port on the RPi using a USB -> SATA cable
Write the aarch image to a USB stick using dd and place that into one of the other USB ports. Add a keyboard.
Install
Power up the RPi4, hit Esc and work your way through UEFI to select a boot device and go, save the settings and go.
The install is almost identical to any Debian d-i install.
There is a setting in UEFI to reclaim the 1G of memory that was masked out, there's a setting for control of the fan shim if you have that style of fan.
End result - happiness
Done the other day and sitting next to me on the desktop.
Next.