« Previous 1 2 3
Verifying packages with Debian's ReproducibleBuilds
Identical Build
Conclusions
Thus far Debian's ReproducibleBuilds project is a success story: As of February 13, 2015, reproducible builds worked for 83.5 percent of all packages (Figure 2) [20]. The new build type will probably also be a release target for Debian 9 – all designed to make Debian that little bit more secure.
Figure 2: In February 2015, the number of packages that could be reproducibly built reached an interim high.
Infos
- ReproducibleBuilds in Debian: https://wiki.debian.org/ReproducibleBuilds
- OpenSSH bug: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0083
- Move on ReproducibleBuilds from 31C3: https://www.youtube.com/watch?v=5pAen7beYNc
- Origins of ReproducibleBuilds: https://lists.debian.org/debian-devel/2007/09/msg00746.html
- Tor using ReproducibleBuilds: https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
- Problems with ReproducibleBuilds: https://reproducible.debian.net/index_issues.html
- Doxygen: http://www.stack.nl/~dimitri/doxygen/
- Latex: http://www.latex-project.org
- Problems with preprocessor macros in C++: https://wiki.debian.org/Reproducible-Builds/TimestampsFromCPPMacros
- Enhanced toolchain: http://reproducible.alioth.debian.org/debian
- Buildinfo specification: https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification
- Debian's Snapshot package archive: http://snapshot.debian.org
- Pbuilder: http://pbuilder.alioth.debian.org
- debbindiff: https://tracker.debian.org/pkg/debbindiff
- Continuous integration platform: https://jenkins.debian.net/
- Jenkins statistics: https://reproducible.debian.net/reproducible.html
- Buildd: http://buildd.debian.org
- Keynote at FOSDEM: http://ftp.heanet.ie/mirrors/fosdem-video/2015/main_track-miscellaneous/Stretching_out_for_trustworthy_reproducible_builds_by_Holger_and_Lunar.mp4
- Trusting-Trust attacks: https://www.schneier.com/blog/archives/2006/01/countering_trus.html
- Project status update from February 2015: https://lists.debian.org/debian-devel-announce/2015/02/msg00007.html
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Debian's quest for reproducible builds
Debian's reproducible builds project tries to meet strict security requirements for binary packages from its archives through the creation of bitwise identical binary packages. -
HPC Container Maker
Building HPC applications for production systems is never easy, especially when containers are involved, but with Python and HPC Container Maker, you can describe the container you want quickly and easily without having to worry about the details.
-
Opportunities and risks: Containers for DevOps
Containers are an essential ingredient for various DevOps concepts, but used incorrectly, they do more harm than good. - Rocky Linux 9 Now Available
-
Digital signatures in package management
Serious distributions try to protect their repositories cryptographically against tampering and transmission errors. Arch Linux, Debian, Fedora, openSUSE, and Ubuntu all take different, complex, but conceptually similar approaches.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
