Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Satyam Zode: > Yes! I'm looking at those issues but it seems those issues are more in > number. Frankly speaking, I'm not completely aware about many of those. > Hence, I'm requesting you all to give some suggestions (and may be list of > issues) so that I can start working on it further. > Or maybe we can just categorize available issues :) > What I'm saying is that, in case people don't reply much, or give replies with jargon that you don't yet understand, is that there are things you can do yourself (without any input from others) to form some of your own starting ideas on what would be best. Some of the suggestions so far are easy (skip specific sections in the input) whereas other suggestions are hard (hide categories of diff, hide sections specified in a buildinfo). To be able to judge this better, you can try attempting some reproductions yourself of existing packages (instructions on how to do this are on the wiki) - try maybe 7-8 and imagine how you might do this quicker if diffoscope supported extra options. (Sorry if you know or are already doing this - I just wanted to make sure, so that nobody is "blocked" waiting on other people unnecessarily.) Anyway, hopefully other people will also add further suggestions. :) X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
On Fri, May 13, 2016 at 12:44:11PM +0200, Ximin Luo wrote: > Concretely I have some suggestions: > > 1. instead of calling this "ignore" we call it "hide". and instead of > "irrelevant" we say "common"/"minor"/"known" strong ACK. I really really like "--hide-timestamps" much better than "--ignore-timestamps", because the latter somewhat implies that ignoring this is ok, while hiding clearly conveys there is something, hidden. > 2. diffoscope --ignore-* (or --hide-*) MUST NOT return 0 or otherwise give > the impression that two non-identical files are the same, even if all > differences are "hidden". It should report "n differences hidden". hm. maybe it would be ok to exit with 0 when using --hide options if one also adds _another_ option, like --hide-error-on-exit or --pretend-clean-if-hidden-well or such? -- cheers, Holger signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Jérémy Bobbio: > Ximin Luo: >> This is quite an open-ended problem and there is no single "correct" >> answer. I don't even know myself what would be best, at this stage. > > I think what we need to come up with now is a list of use cases. Then we > can decide which one we want to support and how easy it should be. > > Is anyone willing to share examples where being able to ignore stuff > would have made their life easier? > > The last one I spotted that could go on the list, ignoring irrelevant > differences in two Android App packages: > https://github.com/WhisperSystems/Signal-Android/blob/master/apkdiff/apkdiff.py > For a start, there's the list of already-known issues. https://tests.reproducible-builds.org/index_issues.html and I'd imagine people analysing diffs would want an easy way to distinguish "issues that someone else has already solved" vs "issues nobody has seen before". (This is why I suggested looking through the existing data: if this mailing list discussion only produces 2 or 3 use-cases, this not immensely helpful to build a lasting tool with. But we already have a lot of data to go through as inspiration for use-cases.) On a side note, the terminology should be more be precise. I know that you know this, but in a public context it's a bit dangerous to say "irrelevant" since it gives the impression (to an uncritical reader) that it actually is 100% irrelevant. But it's not, see my previous email. The purpose of --ignore-profiles is to make it easier to achieve bitwise reproducibility and anything less than that is still unsafe. I'm worried about the scenario where (e.g.) someone might market reproducibility as "do this build then run apkdiff.py, you can see it's the same (ignoring "irrelevant" differences)". Concretely I have some suggestions: 1. instead of calling this "ignore" we call it "hide". and instead of "irrelevant" we say "common"/"minor"/"known" 2. diffoscope --ignore-* (or --hide-*) MUST NOT return 0 or otherwise give the impression that two non-identical files are the same, even if all differences are "hidden". It should report "n differences hidden". X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git signature.asc Description: OpenPGP digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Ximin Luo: > This is quite an open-ended problem and there is no single "correct" > answer. I don't even know myself what would be best, at this stage. I think what we need to come up with now is a list of use cases. Then we can decide which one we want to support and how easy it should be. Is anyone willing to share examples where being able to ignore stuff would have made their life easier? The last one I spotted that could go on the list, ignoring irrelevant differences in two Android App packages: https://github.com/WhisperSystems/Signal-Android/blob/master/apkdiff/apkdiff.py -- Lunar.''`. lu...@debian.org: :Ⓐ : # apt-get install anarchism `. `'` `- signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: [Reproducible-builds] Support for --ignore-profile flag in diffoscope
Hi Satyam, On Wed, May 11, 2016 at 05:49:12PM +0530, Satyam Zode wrote: > I have started thinking about the solution of this problem and for that, I > want to know as a diffoscope user, what kind of stuff would you like to > ignore ? Such as any irrelevant differences which are just making noise and > useless. I think some users are interested in ignoring metadata and want to see only differences in the actual content. A related bug to this is #814057. As Mattia already mentioned on IRC, being able to ignore specific sections in .buildinfo files would also be nice. Regards, Reiner signature.asc Description: Digital signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
[Reproducible-builds] Support for --ignore-profile flag in diffoscope
Hi, all ! I am Satyam Zode, I am GSoC student intern (http://satyamz.github.io /blog/2016/05/08/google-summer-of-code-2016-with-debian -reproducible-builds-introduction/). I am trying to understand the problem "Allow users to ignore arbitrary differences" ( --ignore-profiles flag) in which diffoscope users will be able to ignore arbitrary differences. This problem is also described in diffoscope wishlist (https://reproducible-builds.org/events/athens2015/ diffoscope-wishlist/). I have started thinking about the solution of this problem and for that, I want to know as a diffoscope user, what kind of stuff would you like to ignore ? Such as any irrelevant differences which are just making noise and useless. Currently, I am looking at pkg-diff (provided by OBS) code because it's able to ignore some kind of stuff (Lunar has suggested me to have a look at pkg-diff to get an idea about this problem) . I kindly request you all to express your views and expectations regarding this particular problem :) Thanking you! *Satyam Zode* ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds