GNU Mes' Full Source Bootstrap fixes "Trusting Trust -- No one can fix this"?

Janneke Nieuwenhuizen janneke at gnu.org
Sun Oct 12 07:58:16 UTC 2025 

Hi Laurie,

GNU Mes[0] author here!

It was brought to my attention[1] that you have an amazing talk on
youtube "The Original Sin of Computing...that no one can fix"[2] which
has over 500K views.  And so you have, wow, congratulations!  And kudos
for giving such a transparent and clear talk on the "Trusting Trust"
issue, that until some 10y ago, everyone seems to ignore.  Or worse,
thought impossible to fix.

So, I "hate" to break it to you that 10y ago, at the third Reproducible
Builds summit in 2015[3], a couple of GNU Guix[4] hackers started the
#bootstrappable initiative[5], with the aim to fix Trusting Trust once
and for all (aim for the stars, right?).  In case you haven't heard of
it, Guix is a next-generation GNU/Linux distribution and a functional
package manager, much like (or a sister of) NixOS[6].

While I cannot yet fully claim that using Mes in Guix we actually fully
fixed something "that no one can fix" just yet, I dare say we're at
least exictingly close, and our #bootstrappable community is growing.

So it's almost equally amazing to me how you could have missed our
efforts of bootstrapping the GNU Guix Linux distribution fully from
source?  I started working on Mes in 2016 and there have been at least
four talks on FOSDEM[6,7,8,9] and several blog posts on this[10,11,12].
Bitcoin-core has been using our solution for over five years now:
There's also an amazing talk "Bitcoin Build System Security" at the
Breaking Bitcoin conference in Amsterdam in 2019[13,14].

Mes is a mutually self-hosting minimalist Guile-compatible Scheme
interpreter written in very simple (sub-)C, and a and a C99 compiler
written in Scheme (MesCC).  The interpreter written in sub-C can be
bootstrapped by the much simpler sub-C compiler: M2-Planet from the
Stage0 project[15].  Which can be built by yet an even simpler compiler,
etc... The initial binary that needs to be trusted (called hex0), is
currently at 181 bytes for x86[16].  MesCC then compiles bootstrappable
TinyCC, which compiles an ancient GCC.

Our current solution uses ancient softwares in its bootstrap path such
as gcc-2.95.3 and glibc-2.2.5.  We wanted to get something to work as
soon as possible, cutting many corners because, as you might imagine,
people told us this couldn't be done :-) For several years now we have
been working to build a recent, unpatched, TinyCC, and then jump
straight to gcc-4.6[17].  If it hadn't been for the early sponsoring by
NlNet[18], this would have taken us much, much longer.

There's also a very active re-implementation effort of the Full Source
bootstrap: the live-bootstrap[19], that now goes beyond what we
currently do in Guix, and there's the Boot2now[20] and Fiwix[21]
projects that provide a minimalistic POSIX kernel to run the Full Source
bootstrap on, removing even the Linux binary from the trusted base.
Linux Weekly News (LWN) also wrote about this[22,23].

Anyway, thought you might like this and many thanks again for
introducing this interesting, mind-boggling, and important(!) problem to
so many people!

Greetings,
Janneke

[0] https://gnu.org/s/mes
[1] https://todon.nl/@regtur@mastodon.social/115348673305631101
[2] https://www.youtube.com/watch?v=Fu3laL5VYdM
[3] https://reproducible-builds.org/events/athens2015/
[4] https://guix.gnu.org
[5] https://bootstrappable.org
[6] https://nixos.org
[7] https://archive.fosdem.org/2019/schedule/event/gnumes/
[8] https://archive.fosdem.org/2020/schedule/event/gnumes/
[9] https://archive.fosdem.org/2021/schedule/event/gnumes/
[10] https://guix.gnu.org/en/blog/2019/guix-reduces-bootstrap-seed-by-50/
[11] https://guix.gnu.org/en/blog/2020/guix-further-reduces-bootstrap-seed-to-25/
[12] https://archive.fosdem.org/2024/schedule/event/fosdem-2024-1755-risc-v-bootstrapping-in-guix-and-live-bootstrap/
[13] https://diyhpl.us/wiki/transcripts/breaking-bitcoin/2019/bitcoin-build-system/
[14] https://www.youtube.com/watch?v=I2iShmUTEl8
[15] https://github.com/oriansj/stage0-posix
[16] https://github.com/oriansj/bootstrap-seeds/blob/master/POSIX/x86/hex0-seed
[17] https://gitlab.com/janneke/commencement.scm/-/commits/embedded-channel
[18] https://nlnet.nl/
[19] https://github.com/fosslinux/live-bootstrap
[20] https://github.com/ironmeld/boot2now
[21] https://www.fiwix.org/
[22] https://lwn.net/Articles/841797/
[23] https://lwn.net/Articles/983340/

-- 
Janneke Nieuwenhuizen <janneke at gnu.org>  | GNU LilyPond https://LilyPond.org
Freelance IT https://www.JoyOfSource.com | https://reasonable-sourcery.coop

More information about the rb-general mailing list