Debating Full Source Bootstrap

Fabian Keil fk at fabiankeil.de
Wed Nov 15 12:23:00 UTC 2023


Vagrant Cascadian <vagrant at reproducible-builds.org> wrote on 2023-11-14 at 15:00:29:

> On 2023-11-14, ahojlm at 0w.se wrote:

> > Moreover, some of this work (to bootstrap on diverse and protected
> > systems) has already been done by yours truly. VSOBFS itself consists
> > only of source code and you can easily test that the result of your
> > VSOBFS-bootstrap corresponds to the announced one. Then you can be
> > sure about the source provenance of the resulting OS, regardless which
> > hard- and software you have used.
> 
> These are great properties! But... not what I would call a full source
> bootstrap. So perhaps we just disagree on terms. I would call VSOBFS
> something like "Diversely Verifiable Bootstrap" based on the description.
> 
> I mean, most open source projects are built from source, with an
> existing toolchain. The fact that VSOBFS builds the toolchain to build
> the toolchain to build VSOBFS is part of a source based bootstrap
> process... not quite what I would call a full source bootstrap.

JFTR, I'd like to point out that ElectroBSD had some kind of
"bootstrap support" from the beginning and this was mostly
inherited from FreeBSD and other BSDs could do the same so
there was already "prior art" at the time (apparently the
first ElectroBSD patch set was uploaded to the website at
2016-02-04 [0]).

"Nowadays" ElectroBSD even comes with an reproduce-electrobsd.sh
script which builds ElectroBSD once using a jail on an existing
ElectroBSD (or FreeBSD) system and then a second time using the
previously build ElectroBSD userland. The oldest version published
on the website seems to be 2017-01-16-4076de35031 [1].

At least in theory building ElectroBSD once should be enough
as the tool chain is "nearly" always built but there is an
optimisation bug that I haven't tracked down yet that can
cause an incomplete toolchain-boostrapping if the host
toolchain is very close to the toolchain in ElectroBSD.

The ElectroBSD amd64 binaries that are build in the second
build step are expected to be reproducible, though.

I never tested it, but supposedly FreeBSD can nowadays be
boostrapped from macOS and some GNU/Linux derivates (most
of the time) so it should be possible to start from there
to get an ElectroBSD system as well.

Happy hacking
Fabian

[0] <https://www.fabiankeil.de/gehacktes/electrobsd/#downloads>
[1] <https://www.fabiankeil.de/sourcecode/electrobsd/ElectroBSD-r295083-0c7f4d6.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20231115/59e4282b/attachment.sig>


More information about the rb-general mailing list