2021-02-25 05:48:21 +00:00
|
|
|
|
.. SPDX-FileCopyrightText: 2021 Andrius Štikonas <andrius@stikonas.eu>
|
|
|
|
|
.. SPDX-FileCopyrightText: 2021 Paul Dersey <pdersey@gmail.com>
|
|
|
|
|
.. SPDX-FileCopyrightText: 2021 fosslinux <fosslinux@aussies.space>
|
|
|
|
|
|
|
|
|
|
.. SPDX-License-Identifier: CC-BY-SA-4.0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
live-bootstrap
|
|
|
|
|
==============
|
|
|
|
|
|
|
|
|
|
An attempt to provide a reproducible, automatic, complete end-to-end
|
|
|
|
|
bootstrap from a minimal number of binary seeds to a supported fully
|
|
|
|
|
functioning operating system.
|
|
|
|
|
|
|
|
|
|
Get me started!
|
|
|
|
|
---------------
|
|
|
|
|
|
|
|
|
|
1. ``git clone https://github.com/fosslinux/live-bootstrap``
|
|
|
|
|
2. ``git submodule update --init --recursive``
|
2022-06-11 12:11:46 +01:00
|
|
|
|
3. Provide a kernel (vmlinuz file) as the name ``kernel`` in the root of the
|
2021-10-09 08:04:00 +01:00
|
|
|
|
repository. **This must be a 32-bit kernel.**
|
2021-10-13 18:01:31 +01:00
|
|
|
|
4. ``./rootfs.py --qemu`` - ensure your account has kvm privileges and qemu
|
2021-02-25 05:48:21 +00:00
|
|
|
|
installed.
|
|
|
|
|
|
2021-04-10 12:38:37 +01:00
|
|
|
|
a. Alternatively, run ``./rootfs.py --chroot`` to run it in a chroot.
|
2021-12-25 18:19:01 +00:00
|
|
|
|
b. Alternatively, run ``./rootfs.py --bwrap`` to run it in a bubblewrap
|
|
|
|
|
sandbox. When user namespaces are supported, this mode is rootless.
|
|
|
|
|
c. Alternatively, run ``./rootfs.py`` but don’t run the actual
|
2021-04-10 12:38:37 +01:00
|
|
|
|
virtualization and instead copy sysa/tmp/initramfs to a USB or
|
2021-08-05 13:16:19 +01:00
|
|
|
|
some other device and boot from bare metal. NOTE: we now require
|
|
|
|
|
a hard drive. This is currently hardcoded as sda. You also need
|
|
|
|
|
to put ``sysc/tmp/disk.img`` onto your sda on the bootstrapping
|
|
|
|
|
machine.
|
2021-12-25 18:19:01 +00:00
|
|
|
|
d. Alternatively, do not use python at all, see "Python-less build"
|
2022-05-04 01:09:24 +01:00
|
|
|
|
below.
|
2021-02-25 05:48:21 +00:00
|
|
|
|
|
|
|
|
|
5. Wait.
|
2021-11-28 01:40:35 +00:00
|
|
|
|
6. If you can, observe the many binaries in ``/usr/bin``! When the
|
2021-02-25 19:52:05 +00:00
|
|
|
|
bootstrap is completed ``bash`` is launched providing a shell to
|
|
|
|
|
explore the system.
|
2021-02-25 05:48:21 +00:00
|
|
|
|
|
2022-05-04 01:09:24 +01:00
|
|
|
|
|
2021-02-25 05:48:21 +00:00
|
|
|
|
Background
|
|
|
|
|
----------
|
|
|
|
|
|
|
|
|
|
This project is a part of the bootstrappable project, a project that
|
|
|
|
|
aims to be able to build complete computing platforms through the use of
|
|
|
|
|
source code. When you build a compiler like GCC, you need another C
|
|
|
|
|
compiler to compile the compiler - turtles all the way down. Even the
|
|
|
|
|
first GCC compiler was written in C. There has to be a way to break the
|
|
|
|
|
chain…
|
|
|
|
|
|
|
|
|
|
There has been significant work on this over the last 5 years, from
|
|
|
|
|
Jeremiah Orians’ stage0, hex2 and M2-Planet to janneke’s Mes. We have a
|
|
|
|
|
currently, fully-functioning chain of bootstrapping from the 357-byte
|
|
|
|
|
hex0 seed to a complete GCC compiler and hence a full Linux operating
|
|
|
|
|
system. From there, it is trivial to move to other UNIXes. However,
|
|
|
|
|
there is only currently one vector through which this can be
|
|
|
|
|
automatically done, GNU Guix.
|
|
|
|
|
|
|
|
|
|
While the primary author of this project does not believe Guix is a bad
|
|
|
|
|
project, the great reliance on Guile, the complexity of many of the
|
|
|
|
|
scripts and the rather steep learning curve to install and run Guix make
|
|
|
|
|
it a very non plug-and-play solution. Furthermore, there is currently
|
|
|
|
|
(Jan 2021) no possible way to run the bootstrap from outside of a
|
|
|
|
|
pre-existing Linux environment. Additionally, Guix uses many scripts and
|
|
|
|
|
distributed files that cannot be considered source code.
|
|
|
|
|
|
|
|
|
|
(NOTE: Guix is working on a Full Source Bootstrap, but I’m not
|
|
|
|
|
completely sure what that entails).
|
|
|
|
|
|
|
|
|
|
Furthermore, having an alternative bootstrap automation tool allows
|
|
|
|
|
people to have greater trust in the bootstrap procedure.
|
|
|
|
|
|
|
|
|
|
Comparison between GNU Guix and live-bootstrap
|
|
|
|
|
----------------------------------------------
|
|
|
|
|
|
|
|
|
|
+----------------------+----------------------+----------------------+
|
|
|
|
|
| Item | Guix | live-bootstrap |
|
|
|
|
|
+======================+======================+======================+
|
|
|
|
|
| Total size of seeds | ~30MB (Reduced | ~1KB |
|
|
|
|
|
| [1] | Source Bootstrap) | |
|
|
|
|
|
| | [2] | |
|
|
|
|
|
+----------------------+----------------------+----------------------+
|
|
|
|
|
| Use of kernel | Linux-Libre Kernel | Any Linux Kernel |
|
|
|
|
|
| | | (2.6+) [3] |
|
|
|
|
|
+----------------------+----------------------+----------------------+
|
|
|
|
|
| Implementation | Yes | No (in development) |
|
|
|
|
|
| complete | | |
|
|
|
|
|
+----------------------+----------------------+----------------------+
|
|
|
|
|
| Automation | Almost fully | Optional user |
|
|
|
|
|
| | automatic | customization |
|
|
|
|
|
+----------------------+----------------------+----------------------+
|
|
|
|
|
|
|
|
|
|
[1]: Both projects only use software licensed under a FSF-approved
|
2022-05-04 01:09:24 +01:00
|
|
|
|
free software license. Kernel is excluded from seed.
|
2021-02-25 05:48:21 +00:00
|
|
|
|
[2]: Reiterating that Guix is working on a full source bootstrap,
|
|
|
|
|
although that still uses guile (~12 MB). [3]: Work is ongoing to use
|
|
|
|
|
other, smaller POSIX kernels.
|
|
|
|
|
|
|
|
|
|
Why would I want bootstrapping?
|
|
|
|
|
-------------------------------
|
|
|
|
|
|
|
|
|
|
That is outside of the scope of this README. Here’s a few things you can
|
|
|
|
|
look at:
|
|
|
|
|
|
|
|
|
|
- https://bootstrappable.org
|
|
|
|
|
- Trusting Trust Attack (as described by Ken Thompson)
|
|
|
|
|
- https://guix.gnu.org/manual/en/html_node/Bootstrapping.html
|
|
|
|
|
- Collapse of the Internet (eg CollapseOS)
|
|
|
|
|
|
|
|
|
|
Specific things to be bootstrapped
|
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
|
|
GNU Guix is currently the furthest along project to automate
|
|
|
|
|
bootstrapping. However, there are a number of non-auditable files used
|
|
|
|
|
in many of their packages. Here is a list of file types that we deem
|
|
|
|
|
unsuitable for bootstrapping.
|
|
|
|
|
|
|
|
|
|
1. Binaries (apart from seed hex0, kaem, kernel).
|
|
|
|
|
2. Any pre-generated configure scripts, or Makefile.in’s from autotools.
|
|
|
|
|
3. Pre-generated bison/flex parsers (identifiable through a ``.y``
|
|
|
|
|
file).
|
|
|
|
|
4. Any source code/binaries downloaded within a software’s build system
|
|
|
|
|
that is outside of our control to verify before use in the build
|
|
|
|
|
system.
|
|
|
|
|
5. Any non-free software. (Must be FSF-approved license).
|
|
|
|
|
|
|
|
|
|
How does this work?
|
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
|
|
**For a more in-depth discussion, see parts.rst.**
|
|
|
|
|
|
|
|
|
|
sysa
|
|
|
|
|
~~~~
|
|
|
|
|
|
|
|
|
|
sysa is the first ‘system’ used in live-bootstrap. We move to a new
|
|
|
|
|
system after a reboot, which often occurs after the movement to a new
|
|
|
|
|
kernel. It is run by the seed Linux kernel provided by the user. It
|
2021-08-05 13:16:19 +01:00
|
|
|
|
compiles everything we need to be able to compile our own Linux kernel.
|
|
|
|
|
It runs fully in an initramfs and does not rely on disk support in the
|
|
|
|
|
seed Linux kernel.
|
|
|
|
|
|
|
|
|
|
sysb
|
|
|
|
|
~~~~
|
|
|
|
|
|
|
|
|
|
sysb is the second 'system' of live-bootstrap. This uses the Linux 4.9.10
|
|
|
|
|
kernel compiled within sysa. As we do not rely on disk support in sysa, we
|
|
|
|
|
need this intermediate system to be able to add the missing binaries to sysc
|
|
|
|
|
before moving into it. This is executed through kexec from sysa. At this point,
|
|
|
|
|
a SATA disk IS required.
|
|
|
|
|
|
|
|
|
|
sysc
|
|
|
|
|
~~~~
|
|
|
|
|
|
|
|
|
|
sysc is the (current) last 'system' of live-bootstrap. This is a continuation
|
|
|
|
|
from sysb, executed through util-linux's ``switch_root`` command which moves
|
|
|
|
|
the entire rootfs without a reboot. Every package from here on out is compiled
|
2023-01-13 08:39:52 +00:00
|
|
|
|
under this system, taking binaries from sysa. Chroot and bubblewrap modes skip
|
|
|
|
|
sysb, as it is obviously irrelevant to them.
|
2022-05-04 01:09:24 +01:00
|
|
|
|
|
|
|
|
|
Python-less build
|
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
|
|
Python is no longer a requirement to set up the build system. The
|
|
|
|
|
repository is almost completely in a form where it can be used as the
|
|
|
|
|
source of a build.
|
|
|
|
|
|
2022-06-02 21:04:25 +01:00
|
|
|
|
1. Download required tarballs into ``sysa/distfiles`` and ``sysc/distfiles``.
|
2022-11-27 19:51:52 +00:00
|
|
|
|
You can use the ``download-distfiles.sh`` script.
|
2022-06-02 21:04:25 +01:00
|
|
|
|
2. Copy sysa/stage0-posix/src/* to the root of the repository.
|
|
|
|
|
3. Copy sysa/stage0-posix/src/bootstrap-seeds/POSIX/x86/kaem-optional-seed
|
2022-05-04 01:09:24 +01:00
|
|
|
|
to init in the root of the repository.
|
2022-06-02 21:04:25 +01:00
|
|
|
|
4. Copy sysa/after.kaem to after.kaem
|
|
|
|
|
5. Create a CPIO archive (eg, ``cpio --format newc --create --directory . > ../initramfs``).
|
|
|
|
|
6. Boot your initramfs and kernel.
|
|
|
|
|
|
|
|
|
|
chroot builds
|
|
|
|
|
~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
For chroot based bootstraps you can skip creation of initramfs and instead start bootstrap with
|
|
|
|
|
|
|
|
|
|
``sudo chroot . bootstrap-seeds/POSIX/x86/kaem-optional-seed``
|
|
|
|
|
|
|
|
|
|
It is also recommended to copy everything to a new directory as bootstrapping messes up with files
|
|
|
|
|
in git repository and cannot be re-run again.
|