-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stdenv: begin work on 256b bootstrap i.e. Trusting Trust #227914
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for looking into this.
pkgs/os-specific/linux/trusting-trust/stage0-posix/mescc-tools/build.kaem
Outdated
Show resolved
Hide resolved
pkgs/os-specific/linux/trusting-trust/stage0-posix/mescc-tools/build.kaem
Outdated
Show resolved
Hide resolved
pkgs/os-specific/linux/trusting-trust/stage0-posix/stage0-posix-x86.nix
Outdated
Show resolved
Hide resolved
The biggest problem I see with this is, that we must make it maintainable. There need to be good comments explaining why things were done like they were done and helping others fix future problems. |
I made an attempt at refactoring the meta attribute checking/augmentation so it can be reused outside EDIT: scratch that ofborg eval fails :( |
Hi. I happen to have been working on this same project last week. I've hastily put together a repo so you folks can view my work. See https://github.com/roconnor/nixpkgs-bootstrap. So far I've gone as far as building I wasn't really ready to showcase this yet, so it is still unpolished and has no documentation. My packages for tinycc and lower are not as refined as yours. In particular, I wasn't really aware of your Another difference is that my project is deliberately designed to be independent of nixpkgs, though with the idea that it could be integrated into nixpkgs without difficulty. |
Fixes #123095 ? |
pkgs/os-specific/linux/minimal-bootstrap/stage0-posix/default.nix
Outdated
Show resolved
Hide resolved
pkgs/os-specific/linux/minimal-bootstrap/stage0-posix/default.nix
Outdated
Show resolved
Hide resolved
Split out |
Is there a 1-pager that explains what the end state of bootstrap should look like for I have a few idle questions that might steer writing a short overview:
|
https://man.sr.ht/~oriansj/bootstrappable/live-bootstrap.md illustrates a 100 step process to get to gcc 4.7.4. I've been working through it, and it doesn't seem that bad. Certainly the live-bootstrap folks have already done all the hard work. The live-bootstrap project does actually all the way to gcc 12, but Nixpkg's bootstrap-tools currently starts at gcc 8.3, so arguably that is as far as we need to go (along with gernerating other tooling in bootstrap-tools). |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345/5 |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345/8 |
Hi. Just curious. What are the remaining steps before this can replace bootstrap-files? Also, how easy or hard is it to extend this to x86_64? From what I understand, guix is already able to do that? |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Btw @emilytrau if there's anything we can help you with getting full-source bootstrap over the finish line, let us know! |
Yeah it would be really cool to have this for 24.05! |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/aux-foundational-packages/46707/4 |
Description of changes
This starts work on building a bootstrap toolchain from a 256-byte binary seed. The aim is to build up to, and hopefully replace, stdenv's trusted bootstrap-tools bundle. It would also have the advantage of reducing the need for manual action by maintainers whenever a bootstrap update is required.
By building the new toolchain from-the-bottom-up it should be quicker to incrementally build, review, and merge smaller additions without mass rebuilds.
This PR implements packages for
stage0-posix
,mes
, andtinycc
. I've decided to limit the scope here to not make it too large for review.Only
i686-linux
has been implemented for now. To testnix-build --system i686-linux . -A trusting-trust.tinycc-with-mes-libc
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)