🔥 Burn Fat Fast. Discover How! 💪

Successfully downloaded in-toto metadata 'rebuild.8deb0bef.lin | Qubes OS📢

Successfully downloaded in-toto metadata 'rebuild.8deb0bef.link' from rebuilder 'https://mirror.notset.fr/qubes/rebuild/yum/r4.1/vm/'
Copy final product to verification directory
Load in-toto layout '/home/user/dnf-transport-in-toto/data/root.layout' (DNF global_info)
Load in-toto layout key(s) '['9fa64b92f95e706bf28e2ca6484010b5cdc576e2']' (DNF global_info)
Use gpg keyring '/home/user/dnf-transport-in-toto/data/gnupg' (DNF global_info)
Run in-toto verification
In-toto verification for 'qubes-u2f-1.2.8-1.fc33.noarch' passed! :)
Dependencies resolved.
=======================================================================================
Package Arch Version Repository Size
=======================================================================================
Installing:
qubes-u2f noarch 1.2.8-1.fc33 qubes-vm-r4.1-current-testing 264 k
Installing dependencies:
hidapi x86_64 0.9.0-4.fc33 fedora 45 k
python3-cryptography x86_64 3.2.1-2.fc33 updates 546 k
python3-hidapi x86_64 0.9.0.post2-2.fc33 fedora 50 k
python3-u2flib-host noarch 3.0.3-9.fc33 qubes-vm-r4.1-current-testing 49 k

Transaction Summary
=======================================================================================
Install 5 Packages

Total download size: 954 k
Installed size: 3.6 M


Next steps

As explained above, some parts still need finishing, as well as cleanups and proper documentation. But we are very close to the point where every Debian package we build can be independently verified. The very same tooling we’ve made can be used to verify native Debian packages, too, which should also be helpful for non-Qubes Debian users. Similar progress has already been made for Fedora, although some more work is needed on the Fedora side to allow reproducing native (not only Qubes-related) packages.

In the broader future, our ultimate goal is to make all parts of Qubes OS reproducible, including templates and the installation image. Reproducible packages are the first step toward this goal, which incidentally is also the most valuable step to our users and the broader community.

Acknowledgements

This work is possible thanks to generous support (https://www.qubes-os.org/news/2020/05/22/moss-mission-partners-award/) from Mozilla Open Source Support (MOSS) (https://www.mozilla.org/en-US/moss/).

I’d like also to thank GitLab for granting us a free GitLab Gold license, which enabled much higher service quotas.
Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.