gnu-misc-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Risks of deterministic builds


From: Jean Louis
Subject: Re: Risks of deterministic builds
Date: Wed, 14 Apr 2021 13:57:09 +0300
User-agent: Mutt/2.0.6 (2021-03-06)

* Jan Nieuwenhuizen <janneke@gnu.org> [2021-04-14 11:27]:
> Jean Louis writes:
> 
> > * Jan Nieuwenhuizen <janneke@gnu.org> [2021-04-08 16:43]:
> >> Martin writes:
> >> 
> >> > Maybe freedom in "free software" shouldn't require from the code to be
> >> > open neither. Let's just blindly trust some saint developers who
> >> > cannot even control their own binaries. Actually today we are closer
> >> > and closer to that sad scenario like never before in the history,
> >> > because in fact most of the open-source and GNU "free software"
> >> > nowadays base on blackboxed binary seeds that cannot be verified by
> >> > the users not even by the core developers.
> >> 
> >> The bootstrappable project, GNU Mes and GNU Guix are working to fix that
> >> 
> >>     
> >> https://guix.gnu.org/en/blog/2020/guix-further-reduces-bootstrap-seed-to-25/
> >>     https://fosdem.org/2021/schedule/event/gnumes/
> >
> > Jan, in regards to this, how to start with first stage, how are you
> > entering it?
> > Will you use for example Emacs and hexl-mode to enter bytes?
> 
> I am not, I'm downloading the initial 357-byte binary from
> 'bootstrap-seeds'
> 
>     
> https://raw.githubusercontent.com/oriansj/bootstrap-seeds/master/POSIX/x86/hex0-seed

Thank you, it becomes clearer.

> and then run this script
> 
>     
> https://github.com/oriansj/stage0-posix/blob/master/x86/mescc-tools-seed-kaem.kaem

Thank you, now this below also makes sense somehow.

    ###############################################  
    # Phase-0 Build hex0 from bootstrapped binary #  
    ###############################################  
    ../bootstrap-seeds/POSIX/x86/hex0-seed hex0_x86.hex0 hex0  
    # hex0 should have the exact same checksum as hex0-seed as they are both 
supposed  
    # to be built from hex0_x86.hex0 and by definition must be identical  

How I understand it, seed is downloaded as a binary, but then the
source code of hex0 is used to make a binary of hex0 again, for
verification that seed was alright?

I have to study the explanation in full and especially the first 2-3
stages.

Jean



reply via email to

[Prev in Thread] Current Thread [Next in Thread]