diff options
Diffstat (limited to 'userContent/presentations/2017-08-07-DebConf17/index.html')
| -rw-r--r-- | userContent/presentations/2017-08-07-DebConf17/index.html | 562 |
1 files changed, 562 insertions, 0 deletions
diff --git a/userContent/presentations/2017-08-07-DebConf17/index.html b/userContent/presentations/2017-08-07-DebConf17/index.html new file mode 100644 index 00000000..a180da67 --- /dev/null +++ b/userContent/presentations/2017-08-07-DebConf17/index.html @@ -0,0 +1,562 @@ +<!doctype html> +<html lang="en"> + +<head> + <meta charset="utf-8"> + <title>jenkins.debian.net or what is Debian doing with all these resources</title> + <meta name="apple-mobile-web-app-capable" content="yes"> + <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> + + <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui"> + + <link rel="stylesheet" href="css/reveal.css"> + <link rel="stylesheet" href="css/theme/black.css" id="theme"> + + <style type="text/css"> + li { + margin-top: 28px !important; + } + ul ul li { + margin-top: 16px !important; + } + * { + text-transform: none !important; + } + a { + color: inherit !important; + } + code { + font-size: 90% !important; + } + table { + width: 100%; + } + .reveal table td { + border-bottom: none; + } + .reveal section img { + border: none; + box-shadow: none; + } + </style> + + <!--[if lt IE 9]> + <script src="lib/js/html5shiv.js"></script> + <![endif]--> + + <script> + var link = document.createElement('link'); + link.rel = 'stylesheet'; + link.type = 'text/css'; + link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css'; + document.getElementsByTagName('head')[0].appendChild( link ); +</script> +</head> + +<!-- + +42min :) + +who are you? + who knows about Debian? ;-) + who knows about jenkins.debian.net? + +torbrowser-launcher + + +--> + + +<body> + <div class="reveal"> + <div class="slides" style="text-align: left;"> + <section data-background="images/debian_logo.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + about <code>jenkins.debian.net</code> - or what Holger / Debian is doing with all these resources + </h2> + <p>(Automating all the tests!)</p> + <h4> + <br> + Holger Levsen <holger@debian.org> + </h4> + <p><small>Profitbricks Office, 2016-11-30, Berlin, Germany</small></p> + </section> + + <section data-background="images/h01ger.png" data-background-size="15%" data-background-color="black"> + <h2>about me</h2> + <ul class="fragment"> + <li>Debian user since 1995, contributing since 2001</li> + <li>Debian-Edu (Debian for Education), since 2003</li> + <li>DebConf organizer, founded the DebConf video team in 2005</li> + <li>Debian developer since 2007, <code>holger@debian.og</code></li> + <li>Freelancer since 2004, <code>holgerlevsen.de</code></li> + <li>Freelancer at Profitbricks from 2011-2013 and 2015</li> + </ul> + </section> + + <section data-background="images/h01ger.png" data-background-size="15%" data-background-color="black"> + <h2>more about Debian QA and me</h2> + <ul class="fragment"> + <li class="fragment"><code>https://piuparts.debian.org</code> since 2009 - today juggling with 648988 logs from 53158 packages in 28 suites with Andreas Beckmann</li> + <li class="fragment"><code>https://jenkins.debian.net</code> since 2012</li> + <li class="fragment"><code>https://reproducible.debian.net</code> since 2014</li> + <li class="fragment">since 2015 funded by the Linux Foundation for working on <code>https://reproducible-builds.org</code></li> + </ul> + </section> + + <section data-background="images/debian.jpg" data-background-color="black"> + <h2>other Debian QA efforts elsewhere</h2> + <ul> + <li><code>lintian.debian.org</code></li> + <li><code>ci.debian.net</code></li> + <li>periodic full archive rebuilds (amd64 only)</li> + </ul> + </section> + + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + about jenkins.debian.net + </h2> + <ul> + <li>resources sponsored by Profitbricks since 2012</li> + <li>first request on August 2nd 2012: 2-4 cores, 2GB RAM, 1 TB storage</li> + </ul> + </section> + + <section data-background="images/jenkins_jobs-year.png" data-background-size="65%"> + + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + Profitbricks resources used by jenkins.debian.net + </h2> + <ul> + <li>17 machines (16*Debian, 1*FreeBSD, 13*64bit, 4*32bit)<br /> + in 2 datacenters (FKB + FRA)</li> + <li>168 cores (148 AMD, 20 Intel) with 498/503 GB RAM</li> + <li>2.9/3.1 TB HDD and 1.9/2 TB SDD storage</li> + <li>no static IP addresses, no idea about traffic (500gb/month?)</li> + <li class="fragment">2 DCD users: Mattia Rizzolo and me</li> + </ul> + </section> + + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + jenkins.debian.net contributors: + </h2> + <ul> + <li>Mattia Rizzolo, Valerie Young and others: reproducible Debian</li> + <li>Helmut Grohne: rebootstrap</li> + <li>Samuel Thibault: hurd + accessibility</li> + <li>Steven Chamberlain: kfreebsd</li> + <li>Phil Hands: lvc</li> + <li>Tomasz Nitecki: jenkins java support</li> + <li class="fragment">36 contributors to <code>jenkins.debian.net.git</code> in total</li> + </ul> + </section> + + + <section data-background="images/debian.jpg" data-background-color="black"> + <h2> + A quick detour about Debian release names + </h2> + <ul class="fragment"> + <li>wheezy (Debian 7) = oldstable</li> + <li>jessie (8) = stable</li> + <li>stretch (9 = testing</li> + <li>sid = unstable</li> + <li>experimental</li> + </ul> + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + Benefits for debian + </h2> + <ul class="fragment"> + <li> + IRC / mail notifications, #debian-qa IRC channel and 11 other channels, more mailinglists + </li> + <li> + Early notifications of problems - though bugs still need to be filed manually + </li> + <li> + Countless bug reports, ie 2670 done ftbfs via reproducible… (and 500 open…) + </li> + <li> + <code>jenkins.debian.net</code> will become an offical service, <code>jenkins.debian.org</code> + </li> + </ul> + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + chroot-installation tests + </h2> + <ul> + <li>338 jobs basically running <code>apt install $metapackages</code><br /> + (gnome, kde, cinnamon, lxde, xfce, qt4, qt5, haskell, developer, debconf-video, debian-edu)</li> + <li>new installations and upgrades tested in <br /> + wheezy (98), jessie (147), stretch (153), sid (98)</li> + <li>wheezy monthly, jessie weekly, stretch every other day, sid daily</li> + </ul> + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + g-i-installation tests + </h2> + <ul> + <li>tests Debian Installer (d-i) in graphical mode ("g-i") and text mode</li> + <li>creates videos and screenshots</li> + <li>plain Debian (installations and rescue mode) and Debian Edu</li> + <li>jessie, stretch and sid</li> + <li>linux, kfreebsd and hurd</li> + <li>finally almost deprecated today, will be replaced by lvc tests (libvirt-cucumber) maintained by Phil Hands</li> + </ul> + </section> + + <section data-background="images/g-i.png" data-background-size="100%"> + + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + more debian-installer related jobs: + </h2> + <ul> + <li>97 packages (building udebs) triggered by commits to their git master branches</li> + <li>manual in 24 languages, also git triggered</li> + <li>lvc and d-i from proposed branches planned</li> + </ul> + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + 37 debian-edu jobs: + </h2> + <ul> + <li> + 28 g-i tests for jessie and stretch + </li> + <li> + 8 debian-edu packages build triggerd by commits on their git master branches + </li> + <li> + very useful for debian-edu-doc which is published for 7 languages in HTML, PDF & EPUB format. + </li> + </ul> + </section> + + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + rebootstrap: + </h2> + <ul> + <li>Cross bootstrap Debian from scratch… </li> + <li> alpha arm64 arm64ilp32 armel armhf hppa hurd-amd64 hurd-i386 i386 kfreebsd-amd64 kfreebsd-armhf kfreebsd-i386 m68k mips mips64el mips64r6el mipsel mipsr6el musl-linux-arm64 musl-linux-armhf musl-linux-i386 musl-linux-mips musl-linux-mipsel nios2 powerpc powerpcel powerpcspe ppc64 ppc64el s390x sh4 sparc sparc64 tilegx x32</li> + <li> Helmut Grohne files lots of cross-building and bootstrapping bugs.</li> + </ul> + </section> + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + more debian-qa related jobs: + </h2> + <li>orphaned packages without bug</li> + <li>dpkg trigger cycles</li> + <li>debhelper, debsums, lintian and piuparts are build on git commits in jessie, stretch and unstable</li> + <li>multiarch versionskew</li> + <li> + reproducible-builds.org - "btw": over 2600 'FTBFS' bugs found and fixed so far, ~400 open… + </li> + </ul> + </section> + + + <section data-background="images/debian-jenkins.png" data-background-size="10%" data-background-position="90% 10%"> + <h2> + reproducible.debian.net / tests.reproducible-builds.org/debian/ + </h2> + <ul> + <li>created by 379 / ~350 jobs on jenkins.debian.net</li> + <li class="fragment">it's not only about Debian anymore…</li> + </ul> + </section> + + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>The problem: Can we trust the build process?</h2> + <ul> + <li class="fragment">One can inspect the source code of free software for flaws</li> + <li class="fragment">But distributions provide binary/compiled packages</li> + </ul> + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>The problem: nobody can trust any binary built anywhere anymore</h2> + + <ul> + <li class="fragment">To get users, go after the developers</li> + <li class="fragment">Financial incentives to crack developer machines / build infrastructure</li> + <li class="fragment"><code>CVE-2002-0083</code>: Remote root exploit in OpenSSH (single bit difference in binary)</li> + <li class="fragment">Kernel module modifying source code when "viewed" by GCC only (see <code>media.ccc.de</code>)</li> + <li class="fragment">Compromised Apple iOS SDK, <em>Xcodeghost</em>, etc.</li> + </ul> + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>Our solution</h2> + <ul class="fragment"><small>(we are still at step 1 here)</small> + <li class="fragment">Ensure compilation of the same source always has bit by bit identical results</li> + <li class="fragment">Multiple parties compare compilation results</li> + <li class="fragment">Attacker needs to infect everybody simultaneously (or they are detected)</li> + </ul> + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>We call this <em>Reproducible Builds</em>.</h2> + + <ul class="fragment"> + <li class="fragment">We think this should become the norm for free software.</li> + </ul> + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2 style="line-height: 130%;"> + The motivation behind "reproducible" builds is to allow verification + that no flaws have been introduced during the compilation process. + </h2> + </section> + + + <section data-background="images/debian.jpg" data-background-color="black"> + <h2>Reproducible builds in Debian</h2> + + <p>Continuously build every package twice, varying:</p> + + <ul> + <ul> + <li>Time & date</li> + <li>Hostname & domain name</li> + <li>Filesystem (<code><strike>disorderfs</strike></code>)</li> + <li>Timezone & locale</li> + <li><code>uid</code> & <code>gid</code></li> + <li>GECOS information, the shell & a bunch of environment variables </li> + <li>Kernel & CPU type</li> + <li>and more…</li> + </ul> + </ul> + </section> + + <section data-background="images/diffoscope.png" data-background-size="75%" data-background-position="50% 50%"> + <p><!-- worked for me but this is horrible… --> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + <h2><code>https://try.diffoscope.org</code></h2> + </p> + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>Challenges</h2> + <ul> + <ul> + <li>Timestamps</li> + <li>Timezones & locales</li> + <li>Non-deterministic file ordering</li> + <li>Dictionary/hash key ordering</li> + <li>Users, groups, <code>umask</code>, environment variables</li> + <li>Build paths</li> + <li>Specifying the environment</li> + </ul> + </ul> + </section> + + <section data-background="images/unstable_status.png" data-background-size="100%"> + + </section> + + <section data-background="images/testing_status.png" data-background-size="100%"> + + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>Other technical benefits</h2> + + <ul> + <ul> + <li>Faster to build; saves time, money & the environment</li> + <li>Easier to test changes/revisions</li> + <li>Unsafe behaviour (eg. internet access)</li> + <li>Unreliable / non-deterministic behaviours (eg. timing)</li> + <li>Finds bugs in uncommon timezones or locales</li> + <li>Detect corrupted build environments</li> + <li>Find future build failures (eg. expired certificates)</li> + </ul> + </ul> + </section> + + + <section data-background="images/stats_bugs_sin_ftbfs_state.png" data-background-size="100%"> + + </section> + + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>Future work</h2> + + <ul> + <li><code>.buildinfo</code> files distribution unsolved <small>(step 2)</small></li> + <li>How to make it meaningful for end-users <small>(step 3)</small></li> + <li class="fragment">Source code still vulnerable</li> + </ul> + </section> + + <section> + <h2>Beyond Debian…</h2> + <p> + <img src="images/logos/archlinux.png"> + <!-- img src="images/logos/baserock.png" --> + <img src="images/logos/bitcoin.png"> + <img src="images/logos/coreboot.png"> + <img src="images/logos/debian.png"> + <img src="images/logos/electrobsd.png"> + <img src="images/logos/f-droid.png"> + <img src="images/logos/fedora.png"> + <img src="images/logos/freebsd.png"> + <img src="images/logos/google.png"> + <img src="images/logos/guix.png"> + <img src="images/logos/lede.png"> + <img src="images/logos/netbsd.png"> + <img src="images/logos/nixos.png"> + <img src="images/logos/openSUSE.png"> + <img src="images/logos/openwrt.png"> + <img src="images/logos/tails.png"> + <img src="images/logos/tor.png"> + <img src="images/logos/webconverger.png"> + <div class="fragment">Reproducible Builds summits (Athens 2015, Berlin 2016)</li> + </div> + </p> + </section> + + <section> + <h2>Projects using Profitbricks resources via jenkins.debian.net</h2> + <p>works: + <img src="images/logos/coreboot.png"> + <img src="images/logos/debian.png"> + <img src="images/logos/freebsd.png"> + <img src="images/logos/lede.png"> + <img src="images/logos/netbsd.png"> + <img src="images/logos/openwrt.png"> + </p> + <p>worked: + <img src="images/logos/archlinux.png"> + <img src="images/logos/fedora.png"> + </p> + <p>work in progress: + <img src="images/logos/f-droid.png"> + <img src="images/logos/guix.png"> + </p> + </section> + + <section data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2> + Resources used for reproducibility testing on jenkins.debian.net, by architecture & sponsor + </h2> + <ul> + <li>13 amd64 systems, sponsored by Profitbricks</li> + <li>4 i386 systems, sponsored by Profitbricks</li> + <li>22 armhf systems, sponsored by vagrant@d.o, Debian & other donations</li> + <li>soon: 8 arm64 systems, sponsored by codethink.co.uk</li> + </ul> + </section> + + + <section data-background-color="white" data-background="images/rbo.png" data-background-size="25%" data-background-position="90% 10%"> + <h2>Usually I thank:</h2> + <p style="text-align: center;"> + <img src="images/cii.png"> + <br> + <img src="images/lf.png"> + <br> + <img src="images/profitbricks.jpg"> + <br> + <img src="images/debian_logo.png"> + </p> + </section> + + <section data-background="images/wholeworld.jpg" data-background-size="28%" data-background-position="99% 2%"> + <h2>Todays special thanks:</h2> + <p style="text-align: center;"> + <img src="images/profitbricks.jpg"> + <ul> + <li>from Debian, <code>jenkins.debian.net</code> would not have been possible like this without <em>your support!</em></li> + <li>from many many folks interested in Reproducible Builds!</li><!-- thanks to <em>you</em> <code>reproducible.debian.net</code> + could grow into <code>tests.reproducible-builds.org</code> so smoothly!</li> --> + </ul> + </p> + </section> + + <section data-background="images/debian.jpg" data-background-color="black"> + <h2 style="text-align: center;">Questions?</h2> + + <br /> + <br /> + + <table> + <tr> + <td> + <a href="mailto:holger@debian.org">holger@debian.org</a> + </td> + <td style="text-align: right;"> + <code>B8BF 5413 7B09 D35C F026<br />FE9D 091A B856 069A AA1C</code> + </td> + </tr> + </table> + + <br> + + <p style="text-align: center;"> + <a href="https://jenkins.debian.net/"><code>https://jenkins.debian.net</code></a> + <br> + <a href="https://reproducible-builds.org/"><code>https://reproducible-builds.org</code></a> + <br /> + <br /> + <br /> + <br /> + <br /> + <br /> + </p> + <p style="text-align: center;"> + <small> …and many thanks to Chris Lamb for the nice slide design!</small> + </p> + </section> + </div> + </div> + + <script src="lib/js/head.min.js"></script> + <script src="js/reveal.js"></script> + <script> + Reveal.initialize({ + controls: false, + progress: false, + history: true + }); + </script> +</body> +</html> |