Changes

intrigeri · a5d53a93
--- a/reproducible_builds.md
+++ b/reproducible_builds.md
-[[!tag archived]]

-This is about [[!tails_ticket 5630]].

-[[!toc levels=2]]
+This is about tails/tails#5630.
+
+
+[[_TOC_]]
+

 <a id="why"></a>

@@ -87,16 +89,16 @@ that some of these advantages are incompatible with each other.
  - decreases the risk that our build systems are all affected by the
    same architecture — or platform — specific security issue;
  - may allow us to support more architectures (e.g.
-    [[!tails_ticket 10972 desc="ARM"]]), because we could do most our
+    ARM (tails/tails#10972)), because we could do most our
    CI and QA on the fastest one.

 * Detect bugs, for example the ones provided on the
  [reproducible builds project's buy-in page](https://reproducible-builds.org/docs/buy-in/)
  (retrieved on 2015-02-16):
-  "[[!debbug 773916 desc="a library had a different application binary interface for every build"]],
-  [[!debbug 801855 desc="garbled strings due to encoding mismatch"]],
-  [[!debbug 778486 desc="missing translations"]],
-  or [[!debbug 778707 desc="changing dependencies"]]".
+  "[a library had a different application binary interface for every build](https://bugs.debian.org/773916),
+  [garbled strings due to encoding mismatch](https://bugs.debian.org/801855),
+  [missing translations](https://bugs.debian.org/778486),
+  or [changing dependencies](https://bugs.debian.org/778707)".

 * "The constraint of having to reflect about the build environment
  also helps developers to think about the relationship with external
@@ -115,7 +117,7 @@ that some of these advantages are incompatible with each other.
 This draft needs to be updated. It was written in 2014, way before we
 came up with the previous list of advantages, or discussed this topic
 much. It was primarily meant to explain why we needed
-a [[!tails_ticket 5926 desc="freezable APT repository"]], as a first
+a freezable APT repository (tails/tails#5926), as a first
 step towards reproducible builds.

 </div>
@@ -235,12 +237,12 @@ following implementation for our first iteration:
 * To freeze the build environment, we use APT snapshots in the same way
  we do in the Tails build system, by storing the serials for the various
  APT repositories in
-  [[!tails_gitweb_dir vagrant/definitions/tails-builder/config/APT_snapshots.d/]].
+  [vagrant/definitions/tails-builder/config/APT snapshots.d/](https://gitlab.tails.boum.org/tails/tails/-/tree/master/vagrant/definitions/tails-builder/config/APT_snapshots.d/).
 * Only the debian-security APT source uses Debian's APT repository, so
  that we get security fixes. This will probably not influence the
  reproducibility of the ISO. This is done in the
-  [[!tails_gitweb vagrant/provision/setup-tails-builder desc="Vagrant provisioning
-  script"]].
+  [Vagrant provisioning
+  script](https://gitlab.tails.boum.org/tails/tails/-/blob/master/vagrant/provision/setup-tails-builder).
 * To ensure that changes in the Vagrant build system are still taken into account when
  using a basebox, we dynamically set the name of the basebox by
  including the short ID of the last commit in the `vagrant` directory in
@@ -248,7 +250,7 @@ following implementation for our first iteration:
 * We update the basebox APT snapshots serials when preparing a new Tails
  major release.
 * A new VM is created from the basebox for each build. After the build,
-  the VM is destroyed ([[!tails_ticket 11980]] and [[!tails_ticket 11981]]).
+  the VM is destroyed (tails/tails#11980 and tails/tails#11981).
 * The `keeprunning` build option can be used so that the VM is kept running
  and reused for subsequent builds of the same branch.
 * The VM encodes (in `/var/lib/vagrant_box_build_from`) the branch for
@@ -261,7 +263,7 @@ following implementation for our first iteration:
  build VM.
  In our Jenkins setup we instead use an existing, external
  `apt-cacher-ng` in order to share the APT cache between build VMs
-  and save disk space ([[!tails_ticket 11979]]).
+  and save disk space (tails/tails#11979).

 So we don't publish Vagrant baseboxes anymore: everyone building
 a Tails ISO image will instead build their own. Their resulting
@@ -270,7 +272,7 @@ similar enough to produce ISO images that are identical to the ones
 published by the Tails project.

 **Edit:** It has now been released and is documented in the page about Tails
-[[Vagrant setup|contribute/build/vagrant-setup]].
+[Vagrant setup](https://tails.boum.org/contribute/build/vagrant-setup).

 ## Make Tails ISO build in a reproducible manner

@@ -400,14 +402,14 @@ through a few additional steps, such as:
   throughput, we might have to purchase and allocate more hardware
   to them.

-For estimates on hardware cost for Lizard ([[!tails_ticket 12002]]), see [[the
-dedicated page|blueprint/reproducible_builds/hardware]].
+For estimates on hardware cost for Lizard (tails/tails#12002), see [the
+dedicated page](reproducible_builds/hardware).

 **Edit:** We already adapted our server infrastructure to support this project,
-integrating it in our [[Vagrant setup|contribute/build/vagrant-setup]]
+integrating it in our [Vagrant setup](https://tails.boum.org/contribute/build/vagrant-setup)
 mentioned above. Specifics about how we deployed that in our Jenkins infra are
-[[documented
-here|contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins]].
+[documented
+here](https://tails.boum.org/contribute/working_together/roles/sysadmins/automated_builds_in_Jenkins).

 # Various ideas

@@ -490,7 +492,7 @@ See "Adjust our infrastructure accordingly" above.

 * <https://wiki.debian.org/ReproducibleInstalls>

-* [[!tor_bug 3688]]
+* [bug #3688 on Tor Project's Trac](https://bugs.torproject.org/3688)

 * Making POT files more stable: debconf 1.5.58's changelog entry reads
  "Don't update po/debconf.pot unless doing so changes something other than
@@ -501,16 +503,16 @@ See "Adjust our infrastructure accordingly" above.
  - see commits authored by "lamby" in
    [Webconverger's Debian live configuration](https://github.com/Webconverger/Debian-Live-config/commits/master),
    that include a script to clamp mtimes
-  - [[!debbug 832998]] / [[!debbug 833118]]
+  - [Debian bug #832998](https://bugs.debian.org/832998) / [Debian bug #833118](https://bugs.debian.org/833118)

 * Making ISO filesystem reproducible:
  - ask Chris Lamb <lamby@debian.org> (keywords: libisofs,
    libisoburn, xorriso)
-  - [[!debbug 831379]] / [[!debbug 832689]]
+  - [Debian bug #831379](https://bugs.debian.org/831379) / [Debian bug #832689](https://bugs.debian.org/832689)

 # Progress

-See [[our May report|news/report_2017_05]].
+See [our May report](https://tails.boum.org/news/report_2017_05).

 # Future work

@@ -519,7 +521,7 @@ See [[our May report|news/report_2017_05]].
 ## Integrate custom Debian package builds in the automated ISO builds

 <div class="note">
-See discussion on [[!tails_ticket 6220]].
+See discussion on tails/tails#6220.
 </div>

 In our first iteration of reproducible ISO builds, we treat the
@@ -533,7 +535,7 @@ process as trusted input. These repositories are of two kinds:
   improved later, and is outside of the scope of the work described
   in this section;

- * our [[custom APT repository|contribute/APT_repository/custom]],
+ * our [custom APT repository](https://tails.boum.org/contribute/APT_repository/custom),
   that stores our custom Debian packages; in addition to the people
   listed above (system administrators, successful attackers), Tails
   developers with commit rights can modify the content of this
@@ -552,7 +554,7 @@ Debian packages:
   different developers' systems. So, one can't reproduce the build of
   a given ISO unless they use the exact packages that were uploaded
   to our custom APT repository. This brings the same
-   [[set of problems|reproducible_builds#why]] that lead us to make
+   [set of problems](reproducible_builds#why) that lead us to make
   our ISO image build reproducibly. For example, the state of our Git
   tree does not fully define what an ISO built from it will be, which
   makes reviewing and auditing harder than it should be.
@@ -593,3 +595,4 @@ There are a number of open questions:
 Part of this project will therefore be to research and discuss these
 topics with the affected parties, and come up with user stories and
 with a fitting design.
+