Title of the project
Description of the project: How can we assess than a given binary package was indeed produced by the source it claims to be coming from? By enabling independent parties to create a byte-for-byte identical packages from the same source, the ReproducibleBuilds project will enhance trust in Debian, and free software in general. Very good progress has been made over the course of the past year, but several general and particular problems remain. Some issues can be fixed at the toolchain level and will help thousands of packages at once. Others require careful examination, getting deep down the rabbit hole to understand the source of variations, and ingenuity to come up with fixes.
Confirmed Mentor: Lunar
How to contact the mentor: lunar@debian.org, Lunar^ on IRC.
Confirmed co-mentors: Holger Levsen (h01ger), Reiner Herrmann (deki)
Deliverables of the project:
- - Patches for many Debian packages! - Documentation of common issues, and their solutions.
- Improvements to our experimental toolchain, including Pkgstrip-nondeterminism. - Improvements to the debbindiff package comparator.
- - Patches for many Debian packages! - Documentation of common issues, and their solutions.
Desirable skills: There's a small team and we are all learning together as we make progress. Basic understanding of Debian packages. Python for those who wants to improve debbindiff. Perl for those who wants to improve strip-nondeterminism. A thrill for investigations. A taste for fun hacks.
What the student will learn:
- - A lot about the many different ways software can be built. - How to make build systems reproducible. - Many details (that you might regret learning) about how our plumbing tools work. - How to interact with other Debian developers and research suitable solutions with them.