mes/doc/talks/fosdem20/intro.org

Bootstrapping Intro \smaller[2]{– Current status}

• Bootstrapping Guix v1.0
  • Guix v1.0: The First Package
  • Guix Graph
  • Guix v1.0: The First GCC
  • Guix bootstrap tarballs
  • Guix v1.0 bootstrap binary seed
  • Reduce binary seeds to bare minimum
  • Guix Reduced Binary Seed
  • Guix Scheme-only bootstrap
  • Scheme-only bootstrap: Gash Core Utils
• Aim for the Stars: Full Source Bootstrap
  • Full Source Bootstrap
  • Full Source Bootstrap: Stage 0
  • Full Source Bootstrap: Stage 1
  • Full Source Bootstrap: Stage 2
  • Full Source Bootstrap: Stage mes
  • Full Source Bootstrap: Stage mesboot
• legalese

#+DATE:2020-01-30

#+LATEX_HEADER:∈stitute{GNU Guix Days @FOSDEM'20} #+LATEX_HEADER:\def\ahref#1#2{\htmladdnormallink{#2}{#1}}

Bootstrapping Guix v1.0

Guix v1.0: The First Package

#+LATEX:∈cludegraphics[width=1.0\textwidth]{gnu-make-boot0.png}

Guix Graph

$ guix graph make
$ guix graph make | dot -T png > make.png
$ guix graph -e '(@@ (gnu packages commencement) gnu-make-boot0)'

Guix v1.0: The First GCC

#+LATEX:∈cludegraphics[width=1.3\textwidth]{gcc-boot0-black.png}

Guix bootstrap tarballs

$ guix build bootstrap-tarballs

Guix v1.0 bootstrap binary seed

$ du -schx $(readlink $(guix build bootstrap-tarballs)/*)
2.1M	/gnu/store/9623n4bq6iq5c8cwwdq99qb7d0xj93ym-binutils-static-stripped-tarball-2.28.1/binutils-static-stripped-2.28.1-x86_64-linux.tar.xz
18M	/gnu/store/437xwygmmwwpkddcyy1qvjcv4hak89pb-gcc-stripped-tarball-5.5.0/gcc-stripped-5.5.0-x86_64-linux.tar.xz
1.8M	/gnu/store/55ccx18a0d1x5y6a575jf1yr0ywizvdg-glibc-stripped-tarball-2.26.105-g0890d5379c/glibc-stripped-2.26.105-g0890d5379c-x86_64-linux.tar.xz
5.7M	/gnu/store/bqf0ajclbvnbm0a46819f30804y3ilx0-guile-static-stripped-tarball-2.2.3/guile-static-stripped-2.2.3-x86_64-linux.tar.xz
5.8M	/gnu/store/j8yzjmh9sy4gbdfwjrhw46zca43aah6x-static-binaries-tarball-0/static-binaries-0-x86_64-linux.tar.xz
33M	total
$ for i in $(readlink $(guix build bootstrap-tarballs)/*);\
  do sudo tar xf $i; done
$ du -schx *
130M	bin
13M	include
54M	lib
51M	libexec
5.2M	share
252M	total

Reduce binary seeds to bare minimum

These big chunks of binary code are practically non-auditable which breaks the source to binary transparency that we get in the rest of the package dependency graph.

Every unauditable binary leaves us vulnerable to compiler backdoors as described by Ken Thompson in the 1984 paper Reflections on Trusting Trust.

Thus, our goal is to reduce the set of bootstrap binaries to the bare minimum. – Ludovic Courtès (GNU Guix documentation, December 2017)

Guix Reduced Binary Seed

$ du -schx $(readlink $(guix build bootstrap-tarballs)/*)
5.7M	/gnu/store/9f8gi8raqfx9j3l9d00qrrc0jg3r1kyj-guile-static-stripped-tarball-2.2.6/guile-static-stripped-2.2.6-x86_64-linux.tar.xz
80K	/gnu/store/b6rjl52hibhmvyw4dg8678pwryhla0h2-linux-libre-headers-stripped-tarball-4.19.56/linux-libre-headers-stripped-4.19.56-x86_64-linux.tar.xz
12K	/gnu/store/d7zlxsjcnqilmvqwx7scija9x9bjw8cw-mescc-tools-static-stripped-tarball-0.5.2-0.bb062b0/mescc-tools-static-stripped-0.5.2-0.bb062b0-x86_64-linux.tar.xz
428K	/gnu/store/n7zc4kpi8ny6jlfaikkzxlwhc5fvr1vr-mes-minimal-stripped-tarball-0.19/mes-minimal-stripped-0.19-x86_64-linux.tar.xz
6.0M	/gnu/store/nv4djwlrljfqmynqr2cqvfwz0ydx7kxb-static-binaries-tarball-0/static-binaries-0-x86_64-linux.tar.xz
13M	total
$ for i in $(readlink $(guix build bootstrap-tarballs)/*);\
  do sudo tar xf $i; done
Password:
$ du -schx *
93M	bin
700K	include
38M	lib
14M	share
145M	total

Guix Scheme-only bootstrap

$ du -schx $(readlink $(~/src/guix/wip-bootstrap/pre-inst-env guix build bootstrap-tarballs)/*)
5.7M	/gnu/store/1mq2pcd2h7g54xpi2jrgj6ibbi4lgi3c-guile-static-stripped-tarball-2.2.6/guile-static-stripped-2.2.6-x86_64-linux.tar.xz
80K	/gnu/store/bl1r2bpk6fam8r2gjvr5mvr48i3dm2hn-linux-libre-headers-stripped-tarball-4.19.56/linux-libre-headers-stripped-4.19.56-x86_64-linux.tar.xz
12K	/gnu/store/w0dlz486dhb8aiq8pxm5akllz628fqin-mescc-tools-static-stripped-tarball-0.5.2-0.bb062b0/mescc-tools-static-stripped-0.5.2-0.bb062b0-x86_64-linux.tar.xz
428K	/gnu/store/15j6l18q44ymlrh1cfp4s4hc9835xic5-mes-minimal-stripped-tarball-0.19/mes-minimal-stripped-0.19-x86_64-linux.tar.xz
6.2M	total
$ for i in $(readlink $(~/src/guix/wip-bootstrap/pre-inst-env guix build bootstrap-tarballs)/*);\
  do sudo tar xf $i; done
$ du -schx *
4.9M	bin
700K	include
38M	lib
14M	share
57M	total

Scheme-only bootstrap: Gash Core Utils

awk       cp       gash   mv      sleep  uname
basename  cut      grep   pwd     sort   uniq
bash      diff     gzip   reboot  tar    wc
cat       dirname  head   rm      test   which
chmod     expr     ln     rmdir   touch
cmp       false    ls     sed     tr
compress  find     mkdir  sh      true

Aim for the Stars: Full Source Bootstrap

Full Source Bootstrap

#+LATEX:∈cludegraphics[width=0.6\textwidth]{fsb-logo-guile-guix-mes.png}

Full Source Bootstrap: Stage 0

#+LATEX:\rightskip=2cm∈cludegraphics[width=0.8\textwidth]{stage-0.png}

Full Source Bootstrap: Stage 1

#+LATEX:\rightskip=2cm∈cludegraphics[width=0.85\textwidth]{stage-1.png}

Full Source Bootstrap: Stage 2

#+LATEX:\rightskip=2cm∈cludegraphics[width=0.75\textwidth]{stage-2.png}

Full Source Bootstrap: Stage mes

#+LATEX:\rightskip=2cm∈cludegraphics[width=0.75\textwidth]{stage-mes.png}

Full Source Bootstrap: Stage mesboot

#+LATEX:\rightskip=2cm∈cludegraphics[width=1.0\textwidth]{stage-mesboot.png}

legalese

Copyright © 2019, 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.