[bootstrappable] Re: diverse double-compilation

[Andrius Štikonas]

Hi Martin,

Diverse double-compilation kind of doesn't make sense (or is superseeded) in the context of full source bootstrap.

DDC works in the following way: you start with a "trusted" compiler A and "unknown" compiler B
Then A->B->B and B->B should produce identical hashes in the last stage, which would mean B is trusted.

What is a "trusted" compiler in the bootstrapping context?  We can define "trusted" compiler to be the one that is bootstrapped from a
tiny binary seed, say compiler A was built from hex0, so it is trusted.

If you start doing 1st DDC chain A->B, you have just bootstrapped B and now B is automatically trusted, so there is no more need
to do another step and compare with just B->B.

By the way, live-bootstrap [1] might be the package pipeline that you are looking for (that is readily usable for applications).
It produces fully reproducible (mostly static) binaries that are needed for modern system (including GCC13) and is also used as a starting point in
building Freedesktop SDK (that is then used for most Flatpaks).

[1] https://github.com/fosslinux/live-bootstrap/

Kind regards,
Andrius

2023 m. lapkričio 13 d., pirmadienis 06:27:02 GMT Martin Monperrus rašė:
> Hi Vagrant,
> > For example, I look forward (with a long view) to a bootstrap path that
> > embeds diverse double-compilation as part of the bootstrap
> This resonates here! We're also looking for DDC of GCC in a package pipeline, that is readily usable 
> for applications.
> 
> Should anybody have pointers, thanks a lot 🙏
> 
> --Martin
> 
> 
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20231114/175d92fb/attachment.sig>