From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeremiah@pdp10.guru Subject: Re: Preparing the reduced bootstrap tarballs Date: Sat, 17 Nov 2018 14:27:29 +0000 Message-ID: <87d0r322zy.fsf@ITSx01.pdp10.guru> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56733) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gO1ZO-0008KK-Qz for guix-devel@gnu.org; Sat, 17 Nov 2018 09:27:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gO1ZL-0005vC-Nm for guix-devel@gnu.org; Sat, 17 Nov 2018 09:27:34 -0500 Received: from itsx01.pdp10.guru ([74.207.247.251]:38476 helo=itsx01) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gO1ZL-0005ug-I4 for guix-devel@gnu.org; Sat, 17 Nov 2018 09:27:31 -0500 Received: from auennplxrtxfoohp by itsx01 with local (Exim 4.89) (envelope-from ) id 1gO1ZJ-00076G-Bx for guix-devel@gnu.org; Sat, 17 Nov 2018 14:27:29 +0000 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org > I think it's important that the new bootstrap-tarballs be > bit-reproducible, such that they can be independently verified by anyone > who wishes to do so. Every Piece below M2-Planet has always been bit-reproducible. In fact, each piece is designed in a way that you could by hand predict what the resulting binary must be after any change. and once I finally complete stage0; you would also have the blueprints for making the virtual machine in hardware, hand toggle in the bits for the hex0-monitor and have absolute proof that no trusting trust or Nexus Intruder Class attacks have occurred in the creation of the binaries. Every issue anyone is willing to bring, I will publicly address until all bootstrap roots (even on arbitrary hardware) lead to the proof that these binaries are perfectly reproducible and that they only behave in the manner explicitly specified by the standards to which they conform. > In particular, *I* would like to independently verify them, on my own > laptops where I have avoided using binary substitutes for a long time, > and which I keep with me at all times. Already done; here are the steps currently for bootstrapping the mescc-tools-seed and M2-Planet seed.M1: git clone 'https://git.savannah.nongnu.org/git/stage0.git' cd stage0 make test cd .. git clone 'https://git.savannah.nongnu.org/git/mescc-tools.git' cd mescc-tools make test cd .. git clone 'https://github.com/oriansj/mescc-tools-seed.git' cd mescc-tools-seed ./bootstrap.sh sin To generate the M2-Planet seed.M1 you need to either export mescc-tools-seed's blood-elf, M1 and hex2 or mescc-tools (via copying into your path or doing make install) then the steps to generate are as follows: git clone 'https://github.com/oriansj/M2-Planet.git' cd M2-Planet ./bootstrap.sh refresh Now you are done > My hope until now is that when we generated our existing bootstrap > binaries in 2013, Guix was too marginal a project to attract the > attention of hackers who might wish to compromise our bootstrap. In > 2018, as Guix has become more popular, we might well be considered a > worthy target of such efforts. I like to go with the assumption that every binary is already compromised; but by going back to the basics we can find and rip out every single hook until we are finally secure. I don't trust any hardware I can't or didn't make myself. And the only root of trust we have is the ability to work as a community, giving every member the ability to independently check our assumptions and point out our mistakes. We will have false starts and failures of imagination but we by working together will make us all a dream that is too hard to achieve alone but easy now that we have each other helping us all strive to a brighter future. -Jeremiah