The blog post discusses the author's updates on Guix Container Images for GitLab CI/CD, emphasizing their role in ensuring reproducibility of software artifacts. It details the challenges faced after Guix was removed from Debian s...
About:
Simon Josefsson is the author of a personal blog and can be contacted via email or social platforms.
Website:
Incoming Links:
Subscribe to RSS:
Debian Taco is a project focused on creating a GitSecDevOps version of Debian GNU/Linux, ensuring identicality with official releases while publishing rebuilt packages and addressing bugs.
The blog post discusses the process and importance of creating reproducible git bundles for the gnulib project. It highlights the potential use cases for these bundles, such as establishing provenance in case of attacks on the hos...
The author shares a comprehensive guide on using rsnapshot for reliable backups of S3 objects, emphasizing the importance of self-hosting and custom configurations.
The blog post discusses the 'debian-with-guix-container' project, which builds and publishes container images of Debian GNU/Linux stable with GNU Guix installed. It details the supported architectures, how to access the images via...
The blog post discusses the release of Guix container images for Trisquel and Ubuntu, detailing the available images and their configurations. It explains the importance of having multiple container images for reproducibility in s...
The Debian Libre Live Images project offers a way to run and install Debian GNU/Linux without relying on non-free software, addressing concerns raised by the inclusion of non-free firmware in official Debian images. These Live ISO...
The release of Debian Libre Live 13.3.0 brings minor improvements and expanded hardware support, while still being in beta pending a logo design.
The author discusses the process of rebuilding Debian packages and the challenges of trusting the binaries. They describe their project debdistbuild, a GitLab CI/CD pipeline, and the efforts to create a trustworthy build environme...
The author discusses setting up a GitLab Runner on a riscv64 CPU architecture, using a HiFive Premier P550 machine. They provide detailed instructions for installing the GitLab Runner on the pre-installed Ubuntu 24.04, configuring...
The text discusses the issue of poor auditing of release tarballs for differences compared to the Git version controlled source code, and the need for better ways to address this concern. The author has launched a project to set u...
The author discusses the Reproduce.Debian.net effort and the concept of Idempotent Rebuilds, aiming to achieve 100% reproducibility of Debian packages. The author highlights the challenges and implications of rebuilding older pack...
The text discusses the challenges of making software release archives reproducible. It addresses concerns with tools and the need for translations to be included in the minimal source tarball. The author also discusses the challen...
0OpenSSH and Git on a Post-Quantum SPHINCS+
2024-12-23 •
The text discusses the use of OpenSSH and Git to sign Git commits and tags, and the potential risks of using algorithms that may not be safe if someone builds a post-quantum computer. It also talks about the implementation of SPHI...
0Guix Container Images for GitLab CI/CD
2024-12-18 •
The author discusses the use of Guix container images for GitLab CI/CD pipelines and the challenges faced in testing on GNU Guix. The article outlines the process of building Debian from Guix and the creation of a reproducible and...
0Towards Idempotent Rebuilds?
2024-07-09 •
The author discusses the challenges of rebuilding official binary packages identically and the efforts to track reproducibility bugs in Debian. They introduce a new project called debdistrebuild, which aims to rebuild packages fro...
0Reproducible and minimal source-only tarballs
2024-04-13 •
The article discusses the release of Libntlm version 1.8 and the reproducibility of the release tarballs on various distributions. It explains the process of preparing a release, the risks associated with pre-generated content in ...
The author discusses the idea of reproducible tarballs and minimal source tarballs without generated vendor files. He suggests a new tarball format with specific properties and addresses potential counter-arguments.
0Apt archive mirrors in Git-LFS
2024-03-18 •
The author discusses their efforts to improve transparency and confidence in public apt archives by working on the debdistget project, which mirrors index files for public apt archives. They track Trisquel, PureOS, Gnuinos, Ubuntu...
0Trisquel on arm64: Ampere Altra
2024-01-10 •
The author shares their experience of running Trisquel on an arm64 machine, specifically the Ampere Altra Developer Platform from ADLINK. They encountered some issues during installation but managed to get the machine running and ...
0Validating debian/copyright: licenserecon
2023-12-28 •
The text discusses a new tool called licenserecon, which is used to reconcile licenses from debian/copyright against the output from licensecheck. The author helped get licenserecon into Debian and discusses its potential to disco...
0Classic McEliece goes to IETF and OpenSSH
2023-12-09 •
The author discusses the progress of his work on Streamlined NTRU Prime and the uncertainty around lattice-based post-quantum algorithms. He mentions the addition of sntrup761 to various implementations and the publication of Clas...
0Trisquel on ppc64el: Talos II
2023-09-01 •
The release notes for Trisquel 11.0 mention support for POWER and ARM architectures, however the download area only contains links for x86. The author has been busy migrating x86 machines from Debian to Trisquel. Rabbit holes all ...
0Enforcing wrap-and-sort -satb
2023-08-16 •
The text discusses the wrap-and-sort tool for Debian package maintainers, the desire to automate its use, and a method to ensure it is run regularly. The author also mentions the desire for a non-obtrusive way to automate the tool...