Move forward reproducible builds
Description of the project: How can we assess that a given binary package was indeed produced by the source it claims to be coming from? By enabling independent parties to create a byte-for-byte identical packages from the same source, the ReproducibleBuilds project will enhance trust in Debian, and free software in general. Very good progress has been made over the course of the past year, but several general and particular problems remain. Some issues require careful examination, getting deep down the rabbit hole to understand the source of variations, and ingenuity to come up with fixes. If possible the issues should be fixed at the toolchain level and thus will a lot of packages at once.
Confirmed Mentor: Lunar
How to contact the mentor: lunar@debian.org, Lunar^ on IRC.
Confirmed co-mentors: Holger Levsen (h01ger), Reiner Herrmann (deki), Mattia Rizzolo (mapreri)
Deliverables of the project:
- Patches for many Debian packages!
- Documentation of common issues, and their solutions.
Improvements to our experimental toolchain, including strip-nondeterminism.
Improvements to the debbindiff package comparator.
Desirable skills: There's a small team and we are all learning together as we make progress.
- Basic understanding of Debian packages.
- Python for those who want to improve debbindiff.
- Perl for those who want to improve strip-nondeterminism.
- A thrill for investigations.
- A taste for fun hacks.
What the student will learn:
- A lot about the many different ways software can be built.
- How to make build systems reproducible.
- Many details (that you might regret learning) about how our plumbing tools work.
- How to interact with other Debian developers and research suitable solutions with them.