Reproducible builds for Debian and free software
Description of the project: We want to provide Debian users with a verifiable path between the binaries we ship and their source code. With “reproducible builds” independent parties should be able to create byte-for-byte identical packages from the same source. ReproducibleBuilds are about trust, quality assurance, and having free software up to its promises. Good progress has been made over the course of the past year, but a good amount of work remain on individual packages, toolchain issues, infrastructure, debugging tools, and documentation.
Confirmed Mentor: Lunar
How to contact the mentor: lunar@debian.org, Lunar on IRC.
Confirmed co-mentors: Holger Levsen (h01ger), Reiner Herrmann (deki), Mattia Rizzolo (mapreri)
There is room for more than one intern, probably we can mentor up to three people, as they are small and bigger tasks to work on:
Improving reproducibility of Debian packages: Analyzing why packages are not reproducible.
Fixes for identified issues: both their root cause and easy to use work-arounds—e.g. through strip-nondeterminism.
- Patches for individual Debian packages.
- Improving Debian infrastructure:
Implement support for .buildinfo files in dak
- Improve general documentation:
Document problems and known solutions for tools involved in building software. Other areas of reproducible-builds.org could also be improved. (This can only be a main project for Outreachy as GSoC requires code.)
- Improve test and debugging tools:
Improve diffoscope. Examples: allow users to ignore arbitrary differences, perform fuzzy-matching accross archives, finish parallel processing
Implement reprotest: a simple and easy way for anyone to test if a build give the same result in different environments.
Improve tests.reproducible-builds.org: allow more distributions to be tested easily, create web pages for all distros from the same codebased in conjuction with a db, improve the web design and user experience
- Help collaboration accross distributions
Design and implement a shared database for package status and common issues.
Desirable skills: We are a diverse team, ready to help with knowledge in many different areas. The following list of skills is both incomplete and too long, but anyway, useful skills are:
- To improve Debian packages: basic understanding of how packages are made, a thrill for investigations, a taste for fun hacks.
- Python for diffoscope and reprotest.
- Perl for strip-nondeterminism.
- Shell for tests.reproducible-builds.org.
- Web design to enhance tests.reproducible-builds.org.
- Basic web editing (Markdown, HTML) for documentation.
What the intern will learn:
- A lot about the many different ways software can be built.
- How to make build systems reproducible.
- Many details (that you might regret learning) about how our plumbing tools work.
- How to interact with other Debian developers and research suitable solutions with them.
- How to design easy-to-use development tools.
Related projects: https://reproducible-builds.org/