Guix Reduces Bootstrap Seed by 50%

https://guix.gnu.org/blog/2019/guix-reduces-bootstrap-seed-by-50/

4 Likes

The new Reduced Binary Seed bootstrap removes Binutils, GCC, and glibc and replaces them by GNU Mes and MesCC Tools. This reduces the trusted binary seed by ~120MB - half of it!

For some reason, this is so heartwarming to read. :slight_smile:

Can this effort be somehow reused in Nixpkgs?

2 Likes

I don’t have any domain knowledge here (feel free to correct me!), but if so I further wonder if it has any bearing on issues with the hard-coded /bin/sh in glibc (see https://github.com/NixOS/nixpkgs/issues/1424, among others).

For some reason, this is so heartwarming to read. :slight_smile:

Can this effort be somehow reused in Nixpkgs?

It definitely could be – I’m pretty sure recall seeing @edolstra
talking about it on IRC at one point. But it would still be substantial
changes to Nixpkgs.

Another thing related thing Guix has that I’d love for Nixpkgs to have
as well is that they bootstrap Rust from mrustc (a basic Rust compiler
written in C++), and then compile every version of Rust in a chain
starting from the old version that mrustc can compile until they get to
the current version. Our approach is to download a binary from Mozilla
and then use that to recompile. Their approach eliminates that trust in
Mozilla.

5 Likes

Who do we trust to provide C compiler binaries?

1 Like

Right now? Our past selves. In future, once Guix gets the seed down enough, it’s conceivable that there would be no need for trusted C compiler binaries — perhaps there could be a tiny compiler that could be hand compiled.

But the point is, Mozilla is a party we currently trust that we don’t need to. We do have to trust the bootstrap binaries, but that’s no reason to trust any more code than we absolutely need to.

But the point is, Mozilla is a party we currently trust that we don’t need to. We do have to trust the bootstrap binaries, but that’s no reason to trust any more code than we absolutely need to.

I guess it’s better to say «binary» code, as the tricks actually increase the trusted source code base.