From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: Re: Preparing the reduced bootstrap tarballs Date: Fri, 16 Nov 2018 22:49:04 -0500 Message-ID: <87h8ggxt10.fsf@netris.org> References: <87ftw213dw.fsf@ITSx01.pdp10.guru> <87ftw0ubby.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41114) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gNrcF-0007m3-78 for guix-devel@gnu.org; Fri, 16 Nov 2018 22:49:52 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gNrcC-0000nu-38 for guix-devel@gnu.org; Fri, 16 Nov 2018 22:49:51 -0500 In-Reply-To: <87ftw0ubby.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 16 Nov 2018 19:27:45 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org, Jeremiah@pdp10.guru ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Jeremiah@pdp10.guru skribis: > >>> So if you like, please make that change. There is only one little >>> thing: I have no (scripted) recipe to create mescc-tools-seed-XYZ. But >>> wait: I have a great excuse for that...I was too lazy or too sloppy. >> >> I do, in mescc-tools-seed; the script bootstrap.sh when run with the >> option "sin" will build the mescc-tools-seed binaries using mescc-tools. >> The .M1 files are always generated by cc_x86.s using the C source files. > > I saw this script but it=E2=80=99s not entirely clear to me how to packag= e the > whole thing. We don=E2=80=99t have a =E2=80=9Cstage0=E2=80=9D package fo= r instance in Guix, do > we? > >>> WDYT? >> I think we will end up having several versions of mescc-tools-seed; as >> each architecture guix supports will end up needing a variant if we plan >> on keeping them small. (I also have no idea how to make a multi-arch fat >> elf binary) > > For now let=E2=80=99s focus on x86_64/i686. :-) > > IMO we should change the seeds as rarely as possible because they are > managed =E2=80=9Cout-of-band=E2=80=9D and verifying them is difficult (yo= u need to fetch > the right Guix commit, run =E2=80=9Cguix build bootstrap-tarballs=E2=80= =9D, and compare > the result=E2=80=94assuming this is all bit-reproducible.) > > The one we=E2=80=99re using today in Guix date back to 2013. I think it's important that the new bootstrap-tarballs be bit-reproducible, such that they can be independently verified by anyone who wishes to do so. In particular, *I* would like to independently verify them, on my own laptops where I have avoided using binary substitutes for a long time, and which I keep with me at all times. My hope until now is that when we generated our existing bootstrap binaries in 2013, Guix was too marginal a project to attract the attention of hackers who might wish to compromise our bootstrap. In 2018, as Guix has become more popular, we might well be considered a worthy target of such efforts. Mark