Back to the talks Previous by time: New in hyperdrive.el: org-transclusion, easy installation, and more! Next by time: Emacs Writing Studio Track: Development - Watch

Reproducibly building Emacs: “Hey your checksum is the same as mine!”

Aaron Grothe (he/him) - Pronunciation: Err-In Growth-e, https://www.grothe.us LinkedIn: https://www.linkedin.com/in/aaron-grothe/, ajgrothe@yahoo.com

The following image shows where the talk is in the schedule for Sat 2024-12-07. Solid lines show talks with Q&A via BigBlueButton. Dashed lines show talks with Q&A via IRC or Etherpad.

Format: 20-min talk; Q&A: BigBlueButton conference room https://media.emacsconf.org/2024/current/bbb-repro.html
Discuss on IRC: #emacsconf
Status: Waiting for video from speaker

Times in different time zones:
Saturday, Dec 7 2024, ~3:45 PM - 4:05 PM EST (US/Eastern)
which is the same as:
Saturday, Dec 7 2024, ~2:45 PM - 3:05 PM CST (US/Central)
Saturday, Dec 7 2024, ~1:45 PM - 2:05 PM MST (US/Mountain)
Saturday, Dec 7 2024, ~12:45 PM - 1:05 PM PST (US/Pacific)
Saturday, Dec 7 2024, ~8:45 PM - 9:05 PM UTC
Saturday, Dec 7 2024, ~9:45 PM - 10:05 PM CET (Europe/Paris)
Saturday, Dec 7 2024, ~10:45 PM - 11:05 PM EET (Europe/Athens)
Sunday, Dec 8 2024, ~2:15 AM - 2:35 AM IST (Asia/Kolkata)
Sunday, Dec 8 2024, ~4:45 AM - 5:05 AM +08 (Asia/Singapore)
Sunday, Dec 8 2024, ~5:45 AM - 6:05 AM JST (Asia/Tokyo)
Find out how to watch and participate

Description

The idea of a reproducible build is that you can build a package and I can build a package and we both produce the same executable.  There are security benefits to being able to create a reproducible build ensuring the integrity and reliability of the build.  There are also benefits in the world of debugging/testing as you can confirm that the end user has the same executable as the developer.

The Debian project has been making huge strides with this.  With a goal to have the next Debian release “Trixie” only having 256 non-reproducible packages.  Unfortunately as of September 19, 2024 GNU Emacs is one of them.  GNU Emacs is currently in the dreaded FTBFS (Fails To Build From Source) section for reproducible builds.   Other Linux distributions including Arch and NixOS are working towards the same goal.

This talk will be an overview of what is/was preventing us from producing a reproducible build for GNU Emacs and what it will take to get GNU Emacs to join this August club.   

The talk will also contrast the difference between reproducible builds and the OpenBSD projects approach of randomized executables.

We’ll be doing a high level overview of the Reproducible Builds - https://reproducible-builds.org/ project and the tools, procedures, techniques they’ve put together for making the entire procedure reproducible 🙂

About the speaker:

Aaron Grothe has been a developer for many years. He is a two-time winner of the International Obfuscated C Code Contest https://www.ioccc.org and has a couple of small pieces of code in the Linux kernel. He has been published several times in 2600 magazine.  He is interested in code correctness and how we can write safer code as we head into the future. 

Currently (September 19, 2024) GNU Emacs is not generating a reproducible build for GNU Debian.  This talk is a quick introduction to reproducible builds and what it will take to get GNU Emacs to generate a reproducible build.

Questions or comments? Please e-mail ajgrothe@yahoo.com

Back to the talks Previous by time: New in hyperdrive.el: org-transclusion, easy installation, and more! Next by time: Emacs Writing Studio Track: Development - Watch