[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/03: packaging-con: Update.
From: |
Ludovic Courtès |
Subject: |
02/03: packaging-con: Update. |
Date: |
Wed, 10 Nov 2021 12:47:20 -0500 (EST) |
civodul pushed a commit to branch master
in repository maintenance.
commit 39fcff6472047dad4deecd950ce3f841687b17e8
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Wed Nov 10 18:33:29 2021 +0100
packaging-con: Update.
* talks/packaging-con-2021/grail: Update.
---
.gitignore | 4 +
.../grail/images/1f641-worried-face.png | Bin 0 -> 978 bytes
.../grail/images/1f642-smiling-face.png | Bin 0 -> 1067 bytes
.../packaging-con-2021/grail/images/Guix-white.pdf | 1 +
.../grail/images/deniable-compiler-backdoors.png | Bin 0 -> 155291 bytes
.../grail/images/executive-order-1.png | Bin 0 -> 65200 bytes
.../grail/images/executive-order-2.png | Bin 0 -> 226958 bytes
.../packaging-con-2021/grail/images/lastpymile.png | Bin 0 -> 66615 bytes
.../grail/images/message-in-a-bottle.jpg | Bin 0 -> 117058 bytes
.../grail/images/microsoft-supply-chain.png | Bin 0 -> 63436 bytes
.../grail/images/npm-curl-bash.png | Bin 0 -> 113741 bytes
.../grail/images/npm-left-pad-2016.png | Bin 0 -> 89747 bytes
.../grail/images/npm-ua-parser.png | Bin 0 -> 86273 bytes
.../grail/images/pytorch-graph.fdp | 60 +++
.../grail/images/pytorch-logo-dark.pdf | Bin 0 -> 2133 bytes
.../grail/images/pytorch-logo-dark.svg | 33 ++
.../grail/images/rusting-trust.png | Bin 0 -> 215664 bytes
.../grail/images/snap-crypto-miner.png | 1 +
.../packaging-con-2021/grail/package-breakdown.scm | 89 +++++
talks/packaging-con-2021/grail/rules.ini | 16 +
talks/packaging-con-2021/grail/talk.tex | 420 +++++++++++++++++++--
21 files changed, 600 insertions(+), 24 deletions(-)
diff --git a/.gitignore b/.gitignore
index 4b6aa40..5b4c628 100644
--- a/.gitignore
+++ b/.gitignore
@@ -215,3 +215,7 @@ talk.toc
talk.vrb
/talks/ust4hpc-2021/images/hwloc-graph.pdf
/talks/ust4hpc-2021/images/hwloc-runtime-graph.pdf
+/talks/packaging-con-2021/grail/images/bootstrap-graph-further-reduced.pdf
+/talks/packaging-con-2021/grail/images/bootstrap-graph-reduced.pdf
+/talks/packaging-con-2021/grail/images/bootstrap-graph.pdf
+/talks/packaging-con-2021/grail/images/pytorch-graph.pdf
diff --git a/talks/packaging-con-2021/grail/images/1f641-worried-face.png
b/talks/packaging-con-2021/grail/images/1f641-worried-face.png
new file mode 100644
index 0000000..885d84c
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/1f641-worried-face.png differ
diff --git a/talks/packaging-con-2021/grail/images/1f642-smiling-face.png
b/talks/packaging-con-2021/grail/images/1f642-smiling-face.png
new file mode 100644
index 0000000..0482ba0
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/1f642-smiling-face.png differ
diff --git a/talks/packaging-con-2021/grail/images/Guix-white.pdf
b/talks/packaging-con-2021/grail/images/Guix-white.pdf
new file mode 120000
index 0000000..4459767
--- /dev/null
+++ b/talks/packaging-con-2021/grail/images/Guix-white.pdf
@@ -0,0 +1 @@
+../../../fosdem-2021/declaratively/images/Guix-white.pdf
\ No newline at end of file
diff --git
a/talks/packaging-con-2021/grail/images/deniable-compiler-backdoors.png
b/talks/packaging-con-2021/grail/images/deniable-compiler-backdoors.png
new file mode 100644
index 0000000..5ee0058
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/deniable-compiler-backdoors.png differ
diff --git a/talks/packaging-con-2021/grail/images/executive-order-1.png
b/talks/packaging-con-2021/grail/images/executive-order-1.png
new file mode 100644
index 0000000..214fd22
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/executive-order-1.png differ
diff --git a/talks/packaging-con-2021/grail/images/executive-order-2.png
b/talks/packaging-con-2021/grail/images/executive-order-2.png
new file mode 100644
index 0000000..6ed7613
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/executive-order-2.png differ
diff --git a/talks/packaging-con-2021/grail/images/lastpymile.png
b/talks/packaging-con-2021/grail/images/lastpymile.png
new file mode 100644
index 0000000..76ace76
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/lastpymile.png differ
diff --git a/talks/packaging-con-2021/grail/images/message-in-a-bottle.jpg
b/talks/packaging-con-2021/grail/images/message-in-a-bottle.jpg
new file mode 100644
index 0000000..eac26c0
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/message-in-a-bottle.jpg differ
diff --git a/talks/packaging-con-2021/grail/images/microsoft-supply-chain.png
b/talks/packaging-con-2021/grail/images/microsoft-supply-chain.png
new file mode 100644
index 0000000..fe49ad0
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/microsoft-supply-chain.png differ
diff --git a/talks/packaging-con-2021/grail/images/npm-curl-bash.png
b/talks/packaging-con-2021/grail/images/npm-curl-bash.png
new file mode 100644
index 0000000..a6baaa3
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/npm-curl-bash.png differ
diff --git a/talks/packaging-con-2021/grail/images/npm-left-pad-2016.png
b/talks/packaging-con-2021/grail/images/npm-left-pad-2016.png
new file mode 100644
index 0000000..f1ead4a
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/npm-left-pad-2016.png differ
diff --git a/talks/packaging-con-2021/grail/images/npm-ua-parser.png
b/talks/packaging-con-2021/grail/images/npm-ua-parser.png
new file mode 100644
index 0000000..89d6a28
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/npm-ua-parser.png differ
diff --git a/talks/packaging-con-2021/grail/images/pytorch-graph.fdp
b/talks/packaging-con-2021/grail/images/pytorch-graph.fdp
new file mode 100644
index 0000000..369900d
--- /dev/null
+++ b/talks/packaging-con-2021/grail/images/pytorch-graph.fdp
@@ -0,0 +1,60 @@
+digraph "Guix package" {
+ "139943951392016" [label = "python-pytorch@1.9.0", shape = box, fontname =
sans];
+ "139943951392016" -> "139943940568976" [color = cyan3];
+ "139943951392016" -> "139943988510496" [color = cyan3];
+ "139943951392016" -> "139943988181760" [color = cyan3];
+ "139943951392016" -> "139943934275008" [color = cyan3];
+ "139943951392016" -> "139943988282928" [color = cyan3];
+ "139943951392016" -> "139943952884592" [color = cyan3];
+ "139943951392016" -> "139943952884240" [color = cyan3];
+ "139943951392016" -> "139943988359168" [color = cyan3];
+ "139943951392016" -> "139943951392368" [color = cyan3];
+ "139943951392016" -> "139943934187232" [color = cyan3];
+ "139943951392016" -> "139943991997472" [color = cyan3];
+ "139943951392016" -> "139943991998352" [color = cyan3];
+ "139943951392016" -> "139943989150928" [color = cyan3];
+ "139943951392016" -> "139943939983776" [color = cyan3];
+ "139943951392016" -> "139943934083600" [color = cyan3];
+ "139943951392016" -> "139943951392192" [color = cyan3];
+ "139943951392016" -> "139943952810688" [color = cyan3];
+ "139943951392016" -> "139943940037904" [color = cyan3];
+ "139943951392016" -> "139943939003072" [color = cyan3];
+ "139943951392016" -> "139943938929872" [color = cyan3];
+ "139943951392016" -> "139943940178096" [color = cyan3];
+ "139943951392016" -> "139943939972720" [color = cyan3];
+ "139943951392016" -> "139943939537840" [color = cyan3];
+ "139943951392016" -> "139943938828000" [color = cyan3];
+ "139943951392016" -> "139943935691344" [color = cyan3];
+ "139943951392016" -> "139943988283632" [color = cyan3];
+ "139943951392016" -> "139943988283280" [color = cyan3];
+ "139943951392016" -> "139943991998176" [color = cyan3];
+ "139943940568976" [label = "cmake@3.21.1", shape = box, fontname = sans];
+ "139943988510496" [label = "ninja@1.10.0", shape = box, fontname = sans];
+ "139943988181760" [label = "eigen@3.3.8", shape = box, fontname = sans];
+ "139943934275008" [label = "fp16@0.0-1.0a92994", shape = box, fontname =
sans];
+ "139943988282928" [label = "gemmlowp@0.1-1.f995960", shape = box, fontname =
sans];
+ "139943952884592" [label = "googletest@1.10.0", shape = box, fontname =
sans];
+ "139943952884240" [label = "googlebenchmark@1.5.3", shape = box, fontname =
sans];
+ "139943988359168" [label = "gloo@0.0.0-1.c22a5cf", shape = box, fontname =
sans];
+ "139943951392368" [label = "nnpack@0.0-1.c07e3a0", shape = box, fontname =
sans];
+ "139943934187232" [label = "openblas@0.3.9", shape = box, fontname = sans];
+ "139943991997472" [label = "openmpi@4.1.1", shape = box, fontname = sans];
+ "139943991998352" [label = "pthreadpool@0.1-1.1787867", shape = box,
fontname = sans];
+ "139943989150928" [label = "protobuf@3.17.3", shape = box, fontname = sans];
+ "139943939983776" [label = "pybind11@2.6.2", shape = box, fontname = sans];
+ "139943934083600" [label = "sleef@3.5.1", shape = box, fontname = sans];
+ "139943951392192" [label = "xnnpack@0.0-1.bbe8824", shape = box, fontname =
sans];
+ "139943952810688" [label = "zstd@1.4.4", shape = box, fontname = sans];
+ "139943940037904" [label = "python-astunparse@1.6.2", shape = box, fontname
= sans];
+ "139943939003072" [label = "python-numpy@1.17.3", shape = box, fontname =
sans];
+ "139943938929872" [label = "python-pyyaml@5.4.1", shape = box, fontname =
sans];
+ "139943940178096" [label = "python-cffi@1.14.4", shape = box, fontname =
sans];
+ "139943939972720" [label = "python-typing-extensions@3.7.4.3", shape = box,
fontname = sans];
+ "139943939537840" [label = "python-future@0.18.2", shape = box, fontname =
sans];
+ "139943938828000" [label = "python-six@1.14.0", shape = box, fontname =
sans];
+ "139943935691344" [label = "python-requests@2.25.0", shape = box, fontname =
sans];
+ "139943988283632" [label = "onnx@1.9.0", shape = box, fontname = sans];
+ "139943988283280" [label = "onnx-optimizer@0.2.6", shape = box, fontname =
sans];
+ "139943991998176" [label = "cpuinfo@0.0-1.866ae6e", shape = box, fontname =
sans];
+
+}
diff --git a/talks/packaging-con-2021/grail/images/pytorch-logo-dark.pdf
b/talks/packaging-con-2021/grail/images/pytorch-logo-dark.pdf
new file mode 100644
index 0000000..c478a20
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/pytorch-logo-dark.pdf differ
diff --git a/talks/packaging-con-2021/grail/images/pytorch-logo-dark.svg
b/talks/packaging-con-2021/grail/images/pytorch-logo-dark.svg
new file mode 100644
index 0000000..5e53000
--- /dev/null
+++ b/talks/packaging-con-2021/grail/images/pytorch-logo-dark.svg
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version:
6.00 Build 0) -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+ viewBox="0 0 199.7 40.2" style="enable-background:new 0 0 199.7 40.2;"
xml:space="preserve">
+<style type="text/css">
+ .st0{fill:#EE4C2C;}
+ .st1{fill:#252525;}
+</style>
+<g>
+ <path class="st0"
d="M40.8,9.3l-2.1,2.1c3.5,3.5,3.5,9.2,0,12.7c-3.5,3.5-9.2,3.5-12.7,0c-3.5-3.5-3.5-9.2,0-12.7l0,0l5.6-5.6
+
L32.3,5l0,0V0.8l-8.5,8.5c-4.7,4.7-4.7,12.2,0,16.9s12.2,4.7,16.9,0C45.5,21.5,45.5,13.9,40.8,9.3z"/>
+ <circle class="st0" cx="36.6" cy="7.1" r="1.6"/>
+</g>
+<g>
+ <g>
+ <path class="st1"
d="M62.6,20l-3.6,0v9.3h-2.7V2.9c0,0,6.3,0,6.6,0c7,0,10.3,3.4,10.3,8.3C73.2,17,69.1,19.9,62.6,20z
M62.8,5.4
+
c-0.3,0-3.9,0-3.9,0v12.1l3.8-0.1c5-0.1,7.7-2.1,7.7-6.2C70.4,7.5,67.8,5.4,62.8,5.4z"/>
+ <path class="st1"
d="M85.4,29.2l-1.6,4.2c-1.8,4.7-3.6,6.1-6.3,6.1c-1.5,0-2.6-0.4-3.8-0.9l0.8-2.4c0.9,0.5,1.9,0.8,3,0.8
+
c1.5,0,2.6-0.8,4-4.5l1.3-3.4L75.3,10h2.8l6.1,16l6-16h2.7L85.4,29.2z"/>
+ <path class="st1"
d="M101.9,5.5v23.9h-2.7V5.5h-9.3V2.9h21.3v2.5H101.9z"/>
+ <path class="st1"
d="M118.8,29.9c-5.4,0-9.4-4-9.4-10.2c0-6.2,4.1-10.3,9.6-10.3c5.4,0,9.3,4,9.3,10.2
+ C128.3,25.8,124.2,29.9,118.8,29.9z
M118.9,11.8c-4.1,0-6.8,3.3-6.8,7.8c0,4.7,2.8,7.9,6.9,7.9s6.8-3.3,6.8-7.8
+ C125.8,15,123,11.8,118.9,11.8z"/>
+ <path class="st1"
d="M135,29.4h-2.6V10l2.6-0.5v4.1c1.3-2.5,3.2-4.1,5.7-4.1c1.3,0,2.5,0.4,3.4,0.9l-0.7,2.5
+ c-0.8-0.5-1.9-0.8-3-0.8c-2,0-3.9,1.5-5.5,5V29.4z"/>
+ <path class="st1"
d="M154.4,29.9c-5.8,0-9.5-4.2-9.5-10.2c0-6.1,4-10.3,9.5-10.3c2.4,0,4.4,0.6,6.1,1.7l-0.7,2.4
+
c-1.5-1-3.3-1.6-5.4-1.6c-4.2,0-6.8,3.1-6.8,7.7c0,4.7,2.8,7.8,6.9,7.8c1.9,0,3.9-0.6,5.4-1.6l0.5,2.4
+ C158.7,29.3,156.6,29.9,154.4,29.9z"/>
+ <path class="st1"
d="M176.7,29.4V16.9c0-3.4-1.4-4.9-4.1-4.9c-2.2,0-4.4,1.1-6,2.8v14.7h-2.6V0.9l2.6-0.5c0,0,0,12.1,0,12.2
+
c2-2,4.6-3.1,6.7-3.1c3.8,0,6.1,2.4,6.1,6.6v13.3H176.7z"/>
+ </g>
+</g>
+</svg>
diff --git a/talks/packaging-con-2021/grail/images/rusting-trust.png
b/talks/packaging-con-2021/grail/images/rusting-trust.png
new file mode 100644
index 0000000..d06b08b
Binary files /dev/null and
b/talks/packaging-con-2021/grail/images/rusting-trust.png differ
diff --git a/talks/packaging-con-2021/grail/images/snap-crypto-miner.png
b/talks/packaging-con-2021/grail/images/snap-crypto-miner.png
new file mode 120000
index 0000000..814ced4
--- /dev/null
+++ b/talks/packaging-con-2021/grail/images/snap-crypto-miner.png
@@ -0,0 +1 @@
+../../../sif-2021/images/snap-crypto-miner.png
\ No newline at end of file
diff --git a/talks/packaging-con-2021/grail/package-breakdown.scm
b/talks/packaging-con-2021/grail/package-breakdown.scm
new file mode 100755
index 0000000..be002f0
--- /dev/null
+++ b/talks/packaging-con-2021/grail/package-breakdown.scm
@@ -0,0 +1,89 @@
+#!/usr/bin/env -S guix repl --
+!#
+;;; Released under the GNU GPLv3 or any later version.
+;;; Copyright © 2021 Ludovic Courtès <ludo@gnu.org>
+
+(use-modules (gnu) (guix)
+ (guix describe)
+ (guix channels)
+ ((guix build utils) #:select (alist-replace))
+ (srfi srfi-1)
+ (srfi srfi-26)
+ (ice-9 match))
+
+(define (all-packages)
+ (fold-packages cons '()))
+
+(define (categorize packages)
+ "Return an alist that categorizes PACKAGES, a list of packages."
+ (define (increment key alist)
+ (match (assoc-ref alist key)
+ (#f (alist-cons key 1 alist))
+ (n (alist-replace key (+ n 1) alist))))
+
+ (fold (lambda (package categories)
+ (letrec-syntax ((match-package-name
+ (syntax-rules ()
+ ((_ name (prefix category) ...)
+ (let ((x name))
+ (cond ((string-prefix? prefix x)
+ (increment category categories))
+ ...
+ (else (increment 'other
categories))))))))
+ (match-package-name (package-name package)
+ ("rust-" 'rust)
+ ("r-" 'r)
+ ("python-" 'python)
+ ("python2-" 'python)
+ ("ruby-" 'ruby)
+ ("emacs-" 'emacs-lisp)
+ ("perl-" 'perl)
+ ("ghc-" 'haskell)
+ ("go-" 'go)
+ ("texlive-" 'texlive)
+ ("julia-" 'julia)
+ ("ocaml-" 'ocaml)
+ ("ocaml4.07-" 'ocaml)
+ ("ocaml4.09-" 'ocaml)
+ ("coq-" 'ocaml))))
+ '()
+ packages))
+
+(define (category-name key)
+ (match key
+ ('rust "Rust (Crates)")
+ ('r "R (CRAN, Bioconductor)")
+ ('python "Python (PyPI)")
+ ('ruby "Ruby (Gems)")
+ ('emacs-lisp "Emacs Lisp (ELPA, MELPA)")
+ ('perl "Perl (CPAN)")
+ ('haskell "Haskell (Hackage, Stackage)")
+ ('go "Go")
+ ('texlive "\\TeX{} Live")
+ ('julia "Julia")
+ ('ocaml "OCaml + Coq (OPAM)")
+ ('other "other")))
+
+(define (packages->latex packages port)
+ (let ((total (length packages))
+ (categories (categorize packages)))
+ (format port " % Generated by package-breakdown.scm.\n")
+ (format port " \\begin{tabular}{lrr}\n")
+ (format port " \\textbf{Guix packages} (commit ~a) & ~h & \\\\\n\\\\\n"
+ (and=> (find guix-channel? (current-channels))
+ (compose (cut string-take <> 7) channel-commit))
+ total)
+ (for-each (match-lambda
+ ((category . count)
+ (format port " ~a & ~h & ~d\\% \\\\\n"
+ (category-name category) count
+ (inexact->exact
+ (round (* 100. (/ count total)))))))
+ (sort categories
+ (match-lambda*
+ (((_ . n1) (_ . n2))
+ (> n1 n2)))))
+ (format port " \\end{tabular}\n\n")))
+
+(packages->latex (all-packages) (current-output-port))
+
diff --git a/talks/packaging-con-2021/grail/rules.ini
b/talks/packaging-con-2021/grail/rules.ini
index 5a74423..0509310 100644
--- a/talks/packaging-con-2021/grail/rules.ini
+++ b/talks/packaging-con-2021/grail/rules.ini
@@ -7,3 +7,19 @@ rule = shell
cost = 0
command = dot -Tpdf -Gratio=.78 -o $target $source
message = rendering $source into $target
+
+[fdp-pdf]
+target = (.*)\.pdf
+source = \1.fdp
+rule = shell
+cost = 0
+command = fdp -Tpdf -Gratio=.78 -o $target $source
+message = rendering $source into $target (FDP)
+
+[svg-pdf]
+target = (.*)\.pdf
+source = \1.svg
+rule = shell
+cost = 1
+command = inkscape --export-pdf=$target $source
+message = converting $source to $target
diff --git a/talks/packaging-con-2021/grail/talk.tex
b/talks/packaging-con-2021/grail/talk.tex
index a18fdc7..8fc0b06 100644
--- a/talks/packaging-con-2021/grail/talk.tex
+++ b/talks/packaging-con-2021/grail/talk.tex
@@ -145,6 +145,26 @@
\end{tikzpicture}
\end{frame}
+\begin{frame}[fragile]
+ \begin{tikzpicture}[overlay]
+ \node<1> at (current page.center) [anchor=center,
+ inner sep=0mm, shape=star,
+ fill=guixorange1, text=white] {
+ \LARGE{\textbf{Free!}}
+ };
+ \node<2> at (current page.center) [anchor=center,
+ inner sep=0mm, shape=star,
+ fill=guixorange2, text=white] {
+ \LARGE{\textbf{Universal!}}
+ };
+ \node<3> at (current page.center) [anchor=center,
+ inner sep=0mm, shape=star,
+ fill=guixred1, text=white] {
+ \LARGE{\textbf{Transparent!}}
+ };
+ \end{tikzpicture}
+\end{frame}
+
\setbeamercolor{normal text}{bg=white}
\begin{frame}[plain, fragile]
\begin{tikzpicture}[overlay]
@@ -156,15 +176,26 @@
};
\end{tikzpicture}
\end{frame}
-\setbeamercolor{normal text}{bg=black}
-% TODO: Add snap bitcoin miner
+%% \begin{frame}[fragile]
+%% \vspace{2.5cm}
+%% \begin{tikzpicture}[remember picture, overlay]
+%% \node [at=(current page.center), inner sep=0pt, rotate=4,
+%% drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+%% {\includegraphics[width=0.9\paperwidth]{images/snap-crypto-miner}};
+%% \node<1> [at=(current page.south), anchor=south, color=guixgrey,
+%% fill=white, opacity=.5, text opacity=1]
+%% {\url{https://github.com/canonical-websites/snapcraft.io/issues/651}};
+%% \end{tikzpicture}
+%% \end{frame}
+
\setbeamercolor{normal text}{bg=guixblue2}
\begin{frame}[fragile]
\begin{semiverbatim}
-$ \alert{guix challenge} --substitute-urls="https://ci.guix.gnu.org
https://example.org"
-\alert{/gnu/store/\dots{}-openssl-1.0.2d contents differ}:
+$ \alert{guix challenge} \\
+ --substitute-urls="https://ci.guix.gnu.org https://example.org"
+\uncover<2->{\alert{/gnu/store/\dots{}-openssl-1.0.2d contents differ}:
local hash: 0725l22\dots{}
http://ci.guix.gnu.org/\dots{}-openssl-1.0.2d: 0725l22\dots{}
http://example.org/\dots{}-openssl-1.0.2d: 1zy4fma\dots{}
@@ -175,7 +206,7 @@ $ \alert{guix challenge}
--substitute-urls="https://ci.guix.gnu.org https://exam
\alert{/gnu/store/\dots{}-pius-2.1.1 contents differ}:
local hash: 0k4v3m9\dots{}
http://ci.guix.gnu.org/\dots{}-pius-2.1.1: 0k4v3m9\dots{}
- http://example.org/\dots{}-pius-2.1.1: 1cy25x1\dots{}
+ http://example.org/\dots{}-pius-2.1.1: 1cy25x1\dots{}}
\end{semiverbatim}
\end{frame}
\setbeamercolor{normal text}{bg=black}
@@ -218,7 +249,7 @@ $ \alert{guix challenge}
--substitute-urls="https://ci.guix.gnu.org https://exam
%% };
%% \end{tikzpicture}
%% \end{frame}
-\setbeamercolor{normal text}{bg=black}
+%% \setbeamercolor{normal text}{bg=black}
\begin{frame}[fragile]
%% \frametitle{Bit-Reproducible Builds$^*$}
@@ -283,6 +314,24 @@ $ \alert{guix challenge}
--substitute-urls="https://ci.guix.gnu.org https://exam
\node [at=(current page.center), inner sep=0pt, rotate=8,
drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
{\includegraphics[width=0.9\paperwidth]{images/strawhorse-attack}};
+ \node<1> [at=(current page.south), anchor=south, color=guixgrey,
+ fill=white, opacity=.5, text opacity=1]
+
{\url{https://theintercept.com/2015/03/10/ispy-cia-campaign-steal-apples-secrets/}};
+ %
https://theintercept.com/document/2015/03/10/strawhorse-attacking-macos-ios-software-development-kit/
+
+ \node<2-> [at=(current page.center), inner sep=0pt, rotate=-4,
+ drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+ {\includegraphics[width=0.8\paperwidth]{images/rusting-trust}};
+ \node<2> [at=(current page.south), anchor=south, color=guixgrey,
+ fill=white, opacity=.5, text opacity=1]
+
{\url{https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/}};
+
+ \node<3-> [at=(current page.center), inner sep=0pt, rotate=2,
+ drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+
{\includegraphics[width=0.9\paperwidth]{images/deniable-compiler-backdoors}};
+ \node<3> [at=(current page.south), anchor=south, color=guixgrey,
+ fill=white, opacity=.5, text opacity=1]
+ {\url{https://www.alchemistowl.org/pocorgtfo/pocorgtfo08.pdf}};
% TODO: SolarWinds
\end{tikzpicture}
\end{frame}
@@ -325,29 +374,357 @@ $ \alert{guix challenge}
--substitute-urls="https://ci.guix.gnu.org https://exam
\end{tikzpicture}
\end{frame}
-\setbeamercolor{normal text}{fg=white,bg=black}
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture, overlay]
+ \node [at=(current page.center), fill=guixorange1, rounded corners=10pt,
+ inner sep=10pt, opacity=.8, text opacity=1]
+ {\Large{\textbf{60 MiB $\rightarrow$ 0.5 MiB of binary blobs?}}};
+ \node [at=(current page.south), anchor=south,
+ inner sep=2mm, outer sep=3mm, rounded corners,
+ fill=white, opacity=.7, text opacity=1, text=black]
+ {\url{https://archive.fosdem.org/2021/schedule/event/gnumes/}};
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}[plain]
+ \center{\includegraphics[height=.9\paperheight]{images/1f642-smiling-face}};
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Part 2: The mess we're in
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture, overlay]
+ %
https://raw.githubusercontent.com/pytorch/pytorch/master/docs/source/_static/img/pytorch-logo-dark.svg
+ \node<2-> [at=(current page.center), text width=\paperwidth, text
+ height=\paperheight, fill=red] {};
+ \node [at=(current page.center), shape=star, star points=9, fill=white,
inner sep=-35pt]
+ {\includegraphics[width=.4\paperwidth]{images/pytorch-logo-dark}};
+ \node<3> [at=(current page.center), text width=\paperwidth, text
+ height=\paperheight, fill=black, opacity=.6] {};
+ \end{tikzpicture}
+
+ \LARGE{
+ \begin{itemize}
+ \item<3-> on PyPI but \textbf{mostly C++ code}
+ \item<3-> \textbf{41 bundled dependencies}
+ \item<3-> build system makes \textbf{``unbundling'' hard}
+ \item<3-> some builds \textbf{non-deterministic}
+ \item<3-> key dependencies have \textbf{no releases, no tags}
+ \item<3-> ...
+ \end{itemize}
+ }
+\end{frame}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture, overlay]
+ \node [at=(current page.west), anchor=north, inner sep=10pt, rotate=90,
text=guixdarkgrey]{
+ \texttt{guix install python-pytorch}
+ };
+ \end{tikzpicture}
+ \center{\includegraphics[height=\paperheight]{images/pytorch-graph}}
+\end{frame}
+
\setbeamercolor{normal text}{fg=white,bg=black}
-% pytorch (image with logo; first white background, then red one)
-% link to https://hpc.guix.info/blog/2021/09/whats-in-a-package/
-% dependency graph
-% pip install screenshot ("went to my colleague next door: they use pip")
-% unzip -l ...
+\begin{frame}[plain, fragile]
+ \begin{semiverbatim}
+$ \alert{pip install torch}
+\uncover<2->{Collecting torch
+ Downloading
https://files.pythonhosted.org/packages/69/f2/2c0114a3ba44445de3e6a45c4a2bf33c7f6711774adece8627746380780c/torch-1.9.0-cp38-cp38-manylinux1_x86_64.whl
(831.4MB)
+ |################################| 831.4MB 91kB/s
+Collecting typing-extensions (from torch)
+ Downloading
https://files.pythonhosted.org/packages/74/60/18783336cc7fcdd95dae91d73477830aa53f5d3181ae4fe20491d7fc3199/typing_extensions-3.10.0.2-py3-none-any.whl
+Installing collected packages: typing-extensions, torch}
+ \end{semiverbatim}
+\end{frame}
\begin{frame}[plain, fragile]
- \Huge{curated → ``community (mis)managed''}
+ \begin{semiverbatim}
+$ \alert{wget} -qO /tmp/pytorch.zip \\
+
https://files.pythonhosted.org/packages/69/f2/2c\textrm{\dots{}}/torch-1.9.0-cp38-cp38-manylinux1_x86_64.whl
+$ \alert{unzip} -l /tmp/pytorch.zip | grep '\\.so'
+ 29832 06-12-2021 00:37 torch/_dl.cpython-38-x86_64-linux-gnu.so
+ 29296 06-12-2021 00:37 torch/_C.cpython-38-x86_64-linux-gnu.so
+372539384 06-12-2021 00:37 torch/lib/libtorch_cpu.so
+ 43520 06-12-2021 00:37 torch/lib/\alert<2>{libnvToolsExt}-3965bdd0.so.1
+ 28964064 06-12-2021 00:37 torch/lib/libtorch_python.so
+ 46351784 06-12-2021 00:37 torch/lib/libcaffe2_detectron_ops_gpu.so
+1159370040 06-12-2021 00:37 torch/lib/libtorch_\alert<2>{cuda}.so
+ 4862944 06-12-2021 00:37 torch/lib/libnvrtc-builtins.so
+ 168720 06-12-2021 00:37 torch/lib/\alert<2>{libgomp}-a34b3233.so.1
+\textrm{\dots{}}
+ \end{semiverbatim}
+\end{frame}
+
+\setbeamercolor{normal text}{fg=white,bg=guixred3}
+\begin{frame}[plain]
+ \Large{
+ \begin{itemize}
+ \item includes \textbf{non-free software} without telling you
+ \item ``\textbf{random binaries}'': non-verifiable
+ \item \textbf{no ``Corresponding Source''} as required by libgomp's LGPLv3
+ \item \textbf{developer-uploaded binaries}
+ \item \textbf{brittle} (ABI? RUNPATHs? FHS assumptions?)
+ \item \dots{}
+ \item ... but very convenient
+ \end{itemize}
+ }
+
+ \begin{tikzpicture}[remember picture, overlay]
+ \node [at=(current page.south), anchor=south, text=white] {
+ \url{https://hpc.guix.info/blog/2021/09/whats-in-a-package/}
+ };
+
+ \end{tikzpicture}
+\end{frame}
+
+\setbeamercolor{normal text}{fg=white,bg=white}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[overlay]
+ \node<1> [at=(current page.center)]{
+ \includegraphics[width=.9\paperwidth]{images/lastpymile}
+ };
+ \node<1> [at=(current page.south), anchor=south, text=guixdarkgrey]{
+ \url{https://doi.org/10.5281/zenodo.4899935}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[remember picture, overlay]
+ \node [at=(current page.center), inner sep=0pt, rotate=8,
+ drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+ {\includegraphics[width=0.9\paperwidth]{images/npm-left-pad-2016}};
+ \node<1> [at=(current page.south), anchor=south, color=guixgrey,
+ fill=white, opacity=.5, text opacity=1]
+ {\url{https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos}};
+
+ \node<2-> [at=(current page.center), inner sep=0pt, rotate=-2,
+ drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+ {\includegraphics[width=0.9\paperwidth]{images/npm-ua-parser}};
+ \node<2> [at=(current page.south), anchor=south, color=guixgrey,
+ fill=white, opacity=.5, text opacity=1]
+ {\url{https://github.com/faisalman/ua-parser-js/issues/536}};
+
+ \node<3-> [at=(current page.center), inner sep=0pt, rotate=0,
+ drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+ {\includegraphics[width=0.9\paperwidth]{images/npm-curl-bash}};
+ \node<3> [at=(current page.south), anchor=south, color=guixgrey,
+ fill=white, opacity=.5, text opacity=1]
+ {\url{https://btao.org/2021/09/09/npm-install-is-curl-bash/}};
+
+ %% \node [at=(current page.center), inner sep=0pt, rotate=0,
+ %% drop shadow={opacity=0.5}, draw, color=guixgrey, line width=1pt]
+ %% {\includegraphics[width=0.9\paperwidth]{images/
+ %% \node<3> [at=(current page.south), anchor=south, color=guixgrey,
+ %% fill=white, opacity=.5, text opacity=1]
+ %% {\url{https://btao.org/2021/09/09/npm-install-is-curl-bash/}};
+
+ \node<4> [at=(current page.center)] {
+ {\includegraphics[height=.9\paperheight]{images/1f641-worried-face}}
+ };
+
+ \end{tikzpicture}
+\end{frame}
+
+% TODO: Kubernetes
+% TODO: npm
+%
+%
+
+\setbeamercolor{normal text}{fg=white,bg=guixred3}
+\begin{frame}[plain, fragile]
+ \LARGE{Thesis: \\
+ \highlight{packaging practices mirror isolation.}
+ \\[10mm]
+ (Corollary of Conway's law.)}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Part 3: The way forward
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\setbeamercolor{normal text}{fg=blue,bg=guixblue1}
+\begin{frame}[plain]
+ \Huge{\textbf{From isolated islands \\ to archipelagos?}}
+\end{frame}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[overlay]
+ %
https://upload.wikimedia.org/wikipedia/commons/d/d5/%27The_Children_of_Captain_Grant%27_by_%C3%89douard_Riou_004.jpg
+ \node [at=(current page.center)]{
+ \includegraphics[width=1\paperwidth]{images/message-in-a-bottle}
+ };
+ \node [at=(current page.center), text width=\paperwidth, text
+ height=\paperheight, fill=white, opacity=.3]{};
+ \node [at=(current page.south), color=guixred2, anchor=south, inner
sep=5mm]{
+ \Huge{\textbf{Message to repository maintainers.}}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\setbeamercolor{normal text}{fg=black,bg=guixdarkgrey}
+
+\begin{frame}
+ \LARGE{\textbf{Wish list for repo maintainers:}}
+
+ \begin{enumerate}
+ \item (re)move \textbf{non-free software}
+ \item \textbf{always provide source}
+ \item disallow \textbf{developer-uploaded binaries} % Debian's dirtiest
secrets
+ \item ensure \textbf{reproducible/verifiable builds}
+ \item<2-> \textit{anything else?} :-)
+ \end{enumerate}
+\end{frame}
+
+\begin{frame}[plain, fragile]
+
+ \large{
+ % Generated by package-breakdown.scm.
+ \begin{tabular}{lrr}
+ \textbf{Guix packages} (commit bd41e59) & 19,291 & \\
+\\
+ other & 8,491 & 44\% \\
+ Rust (Crates) & 2,608 & 14\% \\
+ Python (PyPI) & 2,280 & 12\% \\
+ R (CRAN, Bioconductor) & 1,860 & 10\% \\
+ Emacs Lisp (ELPA, MELPA) & 1,084 & 6\% \\
+ Perl (CPAN) & 778 & 4\% \\
+ Haskell (Hackage, Stackage) & 683 & 4\% \\
+ Ruby (Gems) & 413 & 2\% \\
+ Go & 337 & 2\% \\
+ \TeX{} Live & 288 & 1\% \\
+ Julia & 248 & 1\% \\
+ OCaml + Coq (OPAM) & 221 & 1\% \\
+ \end{tabular}
+
+ }
+\end{frame}
+
+\begin{frame}[plain, fragile]
+ \begin{semiverbatim}
+\uncover<1-2>{$ \alert{guix import pypi} webasset}
+\uncover<2->{(\alert{package}
+ (name "python-webassets")
+ (version "2.0")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (pypi-uri "webassets" version))
+ (sha256
+ (base32 "1kc1042jydgk54xpgcp0r1ib4gys91nhy285jzfcxj3pfqrk4w8n"))))
+ (build-system python-build-system)
+ (home-page "http://github.com/miracle2k/webassets/")\only<3->{
+ (\alert{native-inputs} (list python-jinja2 python-mock
+ python-nose python-pytest))
+ (\alert{arguments} \textrm{\dots{}}) ;\textit{actually run tests}}
+ (synopsis
+ "Media asset management for Python, with glue code for various web
frameworks")
+ (description
+ "Media asset management for Python, with glue code for various web
frameworks")
+ (license license:bsd-3))}
+ \end{semiverbatim}
+\end{frame}
+
+\setbeamercolor{normal text}{fg=blue,bg=guixblue1}
+\begin{frame}[plain]
+ \Huge{\textbf{How ``good''\\is package repository data?}}
+\end{frame}
+\setbeamercolor{normal text}{fg=blue,bg=guixdarkgrey}
+
+\begin{frame}[plain]
+ \begin{tikzpicture}[overlay]
+ \node (url) [at=(current page.south), anchor=south, text=white]{
+ \url{https://lists.gnu.org/archive/html/guix-devel/2021-10/msg00297.html}
+ };
+ \node [at=(url.north), anchor=south, text=white]{
+ $^*$ obtained by re-running \texttt{guix import} and comparing the output
+ };
+ \end{tikzpicture}
+
+ \Large{
+ \begin{tabular}{lr}
+ \textbf{Repository} & \textbf{Accurate} package data \\
+ \\
+ CRAN & 85\%$^*$ \\
+ Crates & 81\%$^*$ \\
+ PyPI & 31\%$^*$ \\
+ \textit{ELPA} & \textit{(80\%?)} \\
+ \end{tabular}
+ }
+\end{frame}
+
+\begin{frame}
+ \LARGE{\textbf{Common repository issues:}}
+
+ \begin{itemize}
+ \item \textbf{hosted source differs} from upstream source
+ \item \textbf{missing foreign-language dependencies}
+ \item \textbf{missing test dependencies} (PyTest, etc.)
+ \item \textbf{unknown test procedure} (\texttt{pytest xyz},
+ etc.)
+ \item ...
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \LARGE{\textbf{Wish list for repo maintainers:}}
+
+ \begin{enumerate}
+ \item (re)move \textbf{non-free software}
+ \item \textbf{always provide source}
+ \item disallow \textbf{developer-uploaded binaries} % Debian's dirtiest
secrets
+ \item ensure \textbf{reproducible/verifiable builds}
+ \item<2-> \textbf{accurate} package data (dependencies, etc.)
+ \item<3-> accurate \textbf{licensing info}
+ \item<3-> nice descriptions/synopses :-)
+ \end{enumerate}
+\end{frame}
+
+\setbeamercolor{normal text}{bg=white}
+\begin{frame}[plain]
+ \begin{tikzpicture}[overlay]
+ \node<1> [at=(current page.center)]{
+ \includegraphics[width=.8\paperwidth]{images/microsoft-supply-chain}
+ };
+ \node<1> [at=(current page.south), anchor=south, text=guixdarkgrey]{
+ \url{https://github.com/microsoft/Secure-Supply-Chain}
+ };
+
+ \node<2> [at=(current page.center)]{
+ \includegraphics[width=.8\paperwidth]{images/executive-order-1}
+ };
+ \node<3> [at=(current page.center)]{
+ \includegraphics[height=.8\paperheight]{images/executive-order-2}
+ };
+ \node<2-3> [at=(current page.south), anchor=south,
+ text=guixdarkgrey, text width=0.9\paperwidth]{
+
\url{https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/}
+ };
+ \end{tikzpicture}
+\end{frame}
+
+\setbeamercolor{normal text}{fg=blue,bg=guixblue1}
+\begin{frame}[plain]
+ \Huge{\textbf{Package managers \\
+ are the source \emph{and} solution \\
+ to supply chain issues.}}
+\end{frame}
+
+\setbeamercolor{normal text}{bg=black}
+\begin{frame}[plain]
+
+\vfill{
+ \vspace{1.5cm}
+ \center{\includegraphics[width=0.3\textwidth]{images/Guix-white}}\\[1.0cm]
+ {\alert{\url{https://guix.gnu.org/}}}\hfill{\texttt{ludo@gnu.org}}
+}
+
+\end{frame}
\begin{frame}{}
\begin{textblock}{12}(2, 6)
@@ -355,17 +732,12 @@ $ \alert{guix challenge}
--substitute-urls="https://ci.guix.gnu.org https://exam
Copyright \copyright{} 2010, 2012--2021 Ludovic Courtès
\texttt{ludo@gnu.org}.\\[3.0mm]
GNU Guix logo, CC-BY-SA 4.0, \url{https://gnu.org/s/guix/graphics}.
\\[1.5mm]
- Smoothie image and hexagon image \copyright{} 2019 Ricardo Wurmus,
- CC-BY-SA 4.0.
- \\[1.5mm]
- Hand-drawn arrows by Freepik from flaticon.com.
- \\[1.5mm]
- DeLorean time machine picture \copyright{} 2014 Oto Godfrey and
- Justin Morton, CC-BY-SA 4.0,
-
\url{https://commons.wikimedia.org/wiki/File:TeamTimeCar.com-BTTF_DeLorean_Time_Machine-OtoGodfrey.com-JMortonPhoto.com-07.jpg}.
+ Parcel image from
+
\url{https://thumbs.dreamstime.com/z/parcel-illustration-drawing-engraving-ink-line-art-vector-what-made-pencil-paper-then-was-digitalized-143335396.jpg}
\\[1.5mm]
- Whale engraving in the public domain,
-
\url{https://publicdomainreview.org/essay/a-bestiary-of-sir-thomas-browne}
+ %
https://commons.wikimedia.org/wiki/File:%27The_Children_of_Captain_Grant%27_by_%C3%89douard_Riou_004.jpg
+ Message-in-a-bottle picture by Édouard Riou, public domain
+ (Wikimedia Commons).
\\[1.5mm]
Copyright of other images included in this document is held by
their respective owners.
@@ -398,7 +770,7 @@ $ \alert{guix challenge}
--substitute-urls="https://ci.guix.gnu.org https://exam
% comment-start: "%"
% comment-end: ""
% ispell-local-dictionary: "francais"
-% compile-command: "guix time-machine
--commit=c81457a5883ea43950eb2ecdcbb58a5b144bcd11 -- environment --ad-hoc
texlive rubber -- rubber --pdf talk.pdf"
+% compile-command: "guix time-machine
--commit=c81457a5883ea43950eb2ecdcbb58a5b144bcd11 -- environment --ad-hoc
texlive rubber -- rubber --pdf talk.tex"
% End:
%% LocalWords: Reproducibility