Debating Full Source Bootstrap

ahojlm at 0w.se ahojlm at 0w.se
Wed Nov 15 15:57:39 UTC 2023


On Wed, Nov 15, 2023 at 01:23:00PM +0100, Fabian Keil wrote:
> JFTR, I'd like to point out that ElectroBSD had some kind of
> "bootstrap support" from the beginning and this was mostly
> inherited from FreeBSD and other BSDs could do the same so
> there was already "prior art" at the time (apparently the
> first ElectroBSD patch set was uploaded to the website at
> 2016-02-04 [0]).

Indeed, BSDs deserve credit for caring about bootstrappability.

Not least NetBSD (and possibly ElectroBSD?) would not probably need
much work to specify the corresponding requirements and the checksums
of the result of a reproducible and verifiable-by-diversity bootstrap
from source.

For the academic purpose of a full-source bootstrap per se the
prerequisites of f.i. NetBSD build.sh are quite heavy, but for a short
path to a modern Unix-like (and nowadays practically beneficially
"Linux-like") OS it can be useful.

> "Nowadays" ElectroBSD even comes with an reproduce-electrobsd.sh
> script which builds ElectroBSD once using a jail on an existing
> ElectroBSD (or FreeBSD) system and then a second time using the
> previously build ElectroBSD userland. The oldest version published
> on the website seems to be 2017-01-16-4076de35031 [1].

As long as all traces of starting tools can be excluded, say by multiple
diverse bootstrapping, an installation of some "untrusted" BSD to
use its jail is not a very hard prerequisite to fulfil. Fortunately,
there is at least some diversity (in this case it is crucially needed)
among BSDs, to rely upon.

> I never tested it, but supposedly FreeBSD can nowadays be
> boostrapped from macOS and some GNU/Linux derivates (most
> of the time) so it should be possible to start from there
> to get an ElectroBSD system as well.

This looks promising.

I guess there are multiple usage niches with varying expectations of
integrity guarantees vs simplicity vs resource heaviness vs life span
(verifiability limited with time by hardware changes or something else).

BSD(s)-from-source can possibly fit well in some practical ranges in
that spectrum.

> Happy hacking
> Fabian

Cheers
 an



More information about the rb-general mailing list