From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id gP78JHw9Z2fstAAA62LTzQ:P1 (envelope-from ) for ; Sat, 21 Dec 2024 22:13:16 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id gP78JHw9Z2fstAAA62LTzQ (envelope-from ) for ; Sat, 21 Dec 2024 23:13:16 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=vodafonemail.de header.s=vfde-mb-mr2-23sep header.b=IFHEjked; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=vodafonemail.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1734819196; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=/xNP/0VH6x5YRvEljvDGpOOUtMzhPRecdWQse+7abkQ=; b=AHYrwJyqfUUBujy83FYag5tKUew3YGKbx6UkFUX0ke/6LKkAycJdrfpQ9p2PX6rVj7Ui2W jtSv2mRILA5tQsEeJNi5QcJ/y2wAIaZ1xO4XQwFaz+J9iQcK8VECLguBUepTi3njCdPUoE wo6xglAhYXbUCBrNDKMiigRa0Zz9XKp3XXRnF3UVQMyHy9tue0cZ5fQxcyVdWuiStac1eu +zIaQ888j9vUDsB6dGudLm1cx7v0kuXKzvXXYsuYhQbf7/ub9+xoitU58w93LPhveqKqY7 sBbwE1vdmxu0JtDieOWZfY45vPrENyfm4+vgvf+ppABk1mT7pe9rA+kNHy2yPQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=vodafonemail.de header.s=vfde-mb-mr2-23sep header.b=IFHEjked; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=vodafonemail.de ARC-Seal: i=1; s=key1; d=yhetil.org; t=1734819196; a=rsa-sha256; cv=none; b=BHF8TvsZaPJzfA9tDA5YL29COw2adu2acbn9ZNAhJjh9d0uqEZ4ZnKbhqPdoWJsSqz7ExN wKhLNEPiHGqrVH0e7HLFguWBLPAgVX58IeRwkEMUaDxBZtG5ueB6GvPgzZrj6a8CWqcQbK 3FRfsqmMeC0jTzwB4vtaR/314jJO5tu6JeI7rNkspWPtqLpUKstkSHv96PULoM1A/i2HRA MrdmDuZ9h5fjWUa2+lVeJDCJPIBeUHvBtBQk6SA+7HTGdc0PTNjOpYQDvwtGC3kakt8mBm Ao/pvxmfokQpjLztssnhOWeKetgcEKfkFU8YqCQhpd8DY6gB4LF1bn7spXsNng== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6B2AD85E9D for ; Sat, 21 Dec 2024 23:13:16 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tP7iA-0002NT-MC; Sat, 21 Dec 2024 17:12:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tP7i8-0002NJ-SQ for guix-devel@gnu.org; Sat, 21 Dec 2024 17:12:36 -0500 Received: from mr5.vodafonemail.de ([145.253.228.165]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tP7i6-0005cH-Lm; Sat, 21 Dec 2024 17:12:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vodafonemail.de; s=vfde-mb-mr2-23sep; t=1734819145; bh=/xNP/0VH6x5YRvEljvDGpOOUtMzhPRecdWQse+7abkQ=; h=Message-ID:Date:User-Agent:Content-Language:From:Subject:To: Content-Type:From; b=IFHEjkedrNT0QL86eys3suXFQNNE7IJE3RAv6iflaDTKnBTG4QHy66gZLiHq1oSiy h48bPAEgWrbPb3+8gOV1kleVewxEJvZR8OEtsE4Z+sm5STSRWF4ezq/BePdJ/yqEYu kB6p+LJP/6m6riRKDyfPZzKBj/tpwcSxkre06FMI= Received: from smtp.vodafone.de (unknown [10.0.0.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mr5.vodafonemail.de (Postfix) with ESMTPS id 4YFz6c5ccjz1yJ8; Sat, 21 Dec 2024 22:12:24 +0000 (UTC) Received: from [10.11.12.13] (aftr-62-216-210-246.dynamic.mnet-online.de [62.216.210.246]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4YFz6M1wTGz92kJ; Sat, 21 Dec 2024 22:12:08 +0000 (UTC) Message-ID: Date: Sat, 21 Dec 2024 23:11:53 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US From: Stefan Subject: Bootstrap binaries To: guix-devel@gnu.org, janneke@gnu.org, Ekaitz Zarraga , Efraim Flashner Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-purgate-type: clean X-purgate: clean X-purgate-size: 2603 X-purgate-ID: 155817::1734819140-5DFFA462-FB7078CF/0/0 Received-SPF: pass client-ip=145.253.228.165; envelope-from=stefan-guix@vodafonemail.de; helo=mr5.vodafonemail.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -7.42 X-Spam-Score: -7.42 X-Migadu-Queue-Id: 6B2AD85E9D X-Migadu-Scanner: mx10.migadu.com X-TUID: TOZPLsExU954 Hi! I'm playing around with the bootstrapping of Guix. I figured out that at the very beginning executables for bash, mkdir, xz, tar, get downloaded into the store, which is done by some Guile, I think it is (default-guile). Then a guile-*.tar.xz file is downloaded and extracted into the store by a crafted shell script using the former bash as shebang and the other executables for creation of the directory in the store and extraction. This way we get the %bootstrap-guile and this is all in (gnu packages bootstrap). Then the story continues in (gnu packages commencement), which uses %bootstrap-guile to build bootar, gash-boot, gash-utils-boot and stage0-posix. The surprising part is that stage0-posix contains a kaem-optional-seed per architecture, which is a minimal shell implementation as another binary executable! So up to this point these seven binary blobs are needed: (default-guile), bash, mkdir, xz, tar, %bootstrap-guile, kaem-optional-seed. And up to this point three shell implementations are in use: bash, gash, kaem-optional-seed. While playing around with all this I found a possibility to avoid five of these binary blobs, but it comes at the cost of using (default-guile) twice on the build-side. • Build bootar-dirty with (default-guile), make use of #:allowed-references (list (default-guile) "out"). • Build %bootstrap-guile with (default-guile) and bootar-dirty, make use of #:allowed-references '(). • Build another bootar with %bootstrap-guile, make use of #:allowed-references (list %bootstrap-guile "out"). From here on only %bootstrap-guile and bootar will be used. • Build gash-boot. • Build gash-utils-boot. • Build STAGE0-POSIX-bootstrap, but deleting kaem-optional-seed and using gash-boot instead. So at the cost of using (default-guile) twice on the build-side, the only remaining binary blobs are (default-guile) and guile-*.tar.xz. The only shell implementation in use is gash. Is this a possible and welcome alternative? What are the implications of using (default-guile) on the build side? Is this a bad idea? Won't it (or some other Guile) be used anyway in future, if the guix-daemon is rewritten in Guile? Is there a better Guile than (default-guile) to use? Which is the Guile used by Guix itself? Finally, I'm not clear about the advantage of trusting %bootstrap-guile alongside (default-guile). Why should it be better to trust both than only one of them? Well, the hash of %bootstrap-guile is checked. But it is checked by (default-guile). Bye Stefan