From: Mark H Weaver <mhw@netris.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org, Jeremiah@pdp10.guru
Subject: Re: Preparing the reduced bootstrap tarballs
Date: Fri, 16 Nov 2018 22:49:04 -0500 [thread overview]
Message-ID: <87h8ggxt10.fsf@netris.org> (raw)
In-Reply-To: <87ftw0ubby.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 16 Nov 2018 19:27:45 +0100")
ludo@gnu.org (Ludovic Courtès) writes:
> Jeremiah@pdp10.guru skribis:
>
>>> So if you like, please make that change. There is only one little
>>> thing: I have no (scripted) recipe to create mescc-tools-seed-XYZ. But
>>> wait: I have a great excuse for that...I was too lazy or too sloppy.
>>
>> I do, in mescc-tools-seed; the script bootstrap.sh when run with the
>> option "sin" will build the mescc-tools-seed binaries using mescc-tools.
>> The .M1 files are always generated by cc_x86.s using the C source files.
>
> I saw this script but it’s not entirely clear to me how to package the
> whole thing. We don’t have a “stage0” package for instance in Guix, do
> we?
>
>>> WDYT?
>> I think we will end up having several versions of mescc-tools-seed; as
>> each architecture guix supports will end up needing a variant if we plan
>> on keeping them small. (I also have no idea how to make a multi-arch fat
>> elf binary)
>
> For now let’s focus on x86_64/i686. :-)
>
> IMO we should change the seeds as rarely as possible because they are
> managed “out-of-band” and verifying them is difficult (you need to fetch
> the right Guix commit, run “guix build bootstrap-tarballs”, and compare
> the result—assuming this is all bit-reproducible.)
>
> The one we’re using today in Guix date back to 2013.
I think it's important that the new bootstrap-tarballs be
bit-reproducible, such that they can be independently verified by anyone
who wishes to do so.
In particular, *I* would like to independently verify them, on my own
laptops where I have avoided using binary substitutes for a long time,
and which I keep with me at all times.
My hope until now is that when we generated our existing bootstrap
binaries in 2013, Guix was too marginal a project to attract the
attention of hackers who might wish to compromise our bootstrap. In
2018, as Guix has become more popular, we might well be considered a
worthy target of such efforts.
Mark
next prev parent reply other threads:[~2018-11-17 3:49 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-15 20:39 Preparing the reduced bootstrap tarballs Jeremiah
2018-11-16 18:27 ` Ludovic Courtès
2018-11-16 20:44 ` Jan Nieuwenhuizen
2018-11-17 14:05 ` Ludovic Courtès
2018-11-18 7:32 ` Jan Nieuwenhuizen
2018-11-18 10:02 ` Jan Nieuwenhuizen
2018-11-21 15:20 ` Preparing the reduced bootstrap tarballs, take 2 Jan Nieuwenhuizen
2018-11-24 7:36 ` Preparing the reduced bootstrap tarballs, take 3 Jan Nieuwenhuizen
2018-12-03 8:38 ` Ludovic Courtès
2018-12-03 17:25 ` Jan Nieuwenhuizen
2018-12-03 17:44 ` Jan Nieuwenhuizen
2018-12-09 14:07 ` Ludovic Courtès
2018-12-09 14:07 ` Ludovic Courtès
2018-12-09 14:21 ` Ludovic Courtès
2018-12-09 18:10 ` Jan Nieuwenhuizen
2018-12-11 17:36 ` Ludovic Courtès
2018-12-12 7:30 ` Jan Nieuwenhuizen
2018-12-12 23:31 ` Mark H Weaver
2018-12-14 10:51 ` Ludovic Courtès
2018-12-14 11:48 ` Jan Nieuwenhuizen
2018-12-14 21:13 ` Mark H Weaver
2018-12-15 18:12 ` Ludovic Courtès
2018-12-16 8:54 ` Mark H Weaver
2018-11-17 3:49 ` Mark H Weaver [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-11-21 3:36 Preparing the reduced bootstrap tarballs Jeremiah
2018-11-20 0:26 jeremiah
2018-11-20 8:28 ` Ricardo Wurmus
2018-11-18 12:56 Jeremiah
2018-11-18 18:27 ` Mark H Weaver
2018-11-18 18:39 ` Jan Nieuwenhuizen
2018-11-20 15:45 ` Timothy Sample
2018-11-21 20:32 ` Jan Nieuwenhuizen
2018-11-26 18:49 ` Timothy Sample
2018-11-17 14:27 Jeremiah
2018-11-17 23:14 ` Mark H Weaver
2018-11-19 18:54 ` Giovanni Biscuolo
[not found] <20181014085857.3863-1-janneke@gnu.org>
[not found] ` <20181014085857.3863-3-janneke@gnu.org>
[not found] ` <87r2gld3nt.fsf@gnu.org>
[not found] ` <875zxxax4f.fsf@gnu.org>
[not found] ` <87sh0z6m83.fsf@gnu.org>
[not found] ` <87ftwz9e9y.fsf@gnu.org>
[not found] ` <874ldccr9f.fsf@gnu.org>
2018-11-15 9:06 ` Ludovic Courtès
2018-11-15 15:44 ` Jan Nieuwenhuizen
2018-11-16 18:22 ` Ludovic Courtès
2018-11-16 20:52 ` Jan Nieuwenhuizen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h8ggxt10.fsf@netris.org \
--to=mhw@netris.org \
--cc=Jeremiah@pdp10.guru \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).