> We are happy to announce the release of GNU Mes 0.26.1.
Great work everyone ^_^
-Jeremiah
> I have apparently become blacklisted there as a reaction to my letter
> pointing out the contentious phrase in the Guix blog.
Nope.
-Jeremiah
rties unsubscribe from the list.
> Inflating the emotional tone of the discussion is not constructive toward
> the community discovering whatever contemporaneous truths may be
> findable behind the various claims.
Not exactly, it belongs on the bootstrappable list; not to clog up the
reproducible
builds list with unneeded noise, about what the definition of full source
bootstrap
should be.
-Jeremiah
ly right way
Stilling waiting on your formal proof, builder-hex0 and live-bootstrap speaks
for themselves.
> which is the one you shall be allowed to choose.
> Good that you have opened my eyes.
No, that is obviously a bad idea.
-Jeremiah
e. Bootstrappable builds ensures we do have a trusted suite of
compilers. So, unless you
have proof of one of those, you have not in any way contributed to solving the
problem.
-Jeremiah
> Now that the core-updates development branch has been merged, the Full-Source
> Bootstrap has come to GNU Guix!
> This means we're building packages from source all the way down. Read all
> about it in this new post:
Great work ^_^
-Jeremiah
> my expenses. Enough said.
Why would anyone take you to court over a simple clarification on intent
on meaning?
-Jeremiah
mean something else when you say bootstrappable and verifiable
builds; then perhaps you could be correct.
But as I understand the term bootstrappable, you are starting on done
and taking a step backwards and claiming to have gotten there first;
which doesn't seem fair to the dozens of people who spent the last 5
years actually bootstrapping everything.
-Jeremiah
way up from hex0 to modern GCC+Linux+Guile and include
all of the tools needed by a modern Linux Distro.
and you seem to depend upon a POSIX kernel written in C that requires
TCC to compile it.
-Jeremiah
use a separate signature to validate a separate file; that was
distributed as a single file in a format
that doesn't not contain any logic or condition beyond the null split.
Now the only dangers exist in your signature itself, chain of trust, etc and
I'm not solving that.
-Jeremiah
e signatures are valid, reproduce the item
> being signed, and so on.
>
> If you have to understand the nuances of the ELF or PE format to determine if
> a signature is valid, you've already failed.
Exactly correct.
Be it zipped or just tar'd (or an ar archive like Debian debs are)
- Jeremiah
ftware but go straight
into the metal and the processes and reveal all the magic to anyone who
wishes to know.
-Jeremiah
https://gist.github.com/rick-masters/54204c0b6b369748b4a1aaf2a4da22cf )
But it is a reasonable amount of effort we can certainly do.
After that, we will solve the hardware problem too ^_^
-Jeremiah
choosing to make our work reproducible and having a clear bootstrapping
path, is a way of showing we care about others. Giving those engaging in
risky behaviors a better chance of not catching anything they don't want
or didn't opt into.
But that is just my biased (as fuck) view on this.
-Jeremiah
7;t even preserve the ability to be built from source
code, what gives you faith that
these optimizations wouldn't bring similar problems going forward?
-Jeremiah
which are hard to
audit... >.<
I wish there was a manner of producing handwritten human information which
could be used
Instead of these generated files (or could be used to generate them in a
reproducible fashion).
- Jeremiah
r all after that you can leverage sha256sums and chains of
trust to do the rest
> I saw a project a while ago with an interesting approach that looks very
> interesting for tackling this problem: crowd-sourced, social code
> review:
> https://github.com/crev-dev/crev
Looks interesting
-Jeremiah
n bare metal: https://github.com/oriansj/stage0
or starting off a POSIX kernel you trust:
https://github.com/oriansj/stage0-posix
-Jeremiah
age0-posix
Those wishing to see the pieces leading up to GCC, Gnu Guile (we solved
the psyntax bootstrap problem thanks to Michael Schierl and his amazing
work: https://github.com/schierlm/guile-psyntax-bootstrapping )
Can find them here:
https://github.com/fosslinux/live-bootstrap
- Jeremiah
the Marrakesh retreat and (due to recent exposure) I was thinking about
> ways to use uboot as another stage to bootstrapping a full Linux system.
Well bare metal cross-platform bootstrapping is as low as one can go before we
just start making our own hardware.
-Jeremiah
ss (which involves
hand written filesystems).
So lots of fun for anyone who wants to help and lots of working pieces for
those who wish to leverage the work we have already done.
-Jeremiah
/oriansj/talk-notes/blob/master/live-bootstrap.dot )
https://github.com/oriansj/talk-notes/blob/master/live-bootstrap.pdf
-Jeremiah
ap-from-a-357byte-hex0-to-hello
Would be a just a touch too technical.
-Jeremiah
otstraps on 4 different architectures able to
reproduce each other.
And that we bootstrapped a Haskell compiler from hex0
-Jeremiah
(nothing outside of a POSIX kernel
required)
Oh and we have been making fabulous progress on bootstrapping a rather complete
subset of Haskell (using M2-Planet)
https://github.com/oriansj/blynn-compiler
-Jeremiah
> I’ve published a post about the second big reduction of the Guix bootstrap
> binaries
> Thanks to the recent merge of ‘core-updates’ some weeks days ago, the set of
> bootstrap binaries now weighs in at approximately 60 MiB; about 25% of what
> it used to be.
Great job Janneke ^_^
-Jeremiah
con-cache file shipped in an arch: all package? libmagic just identifies
> them as "data"
There is no magic in IT; only sweat, blood and tears.
-Jeremiah
https://github.com/oriansj/mes-m2/blob/master/mes_posix.c#L31
Changing the 12 to 13 works around that subtle difference between the 2
architectures.
- Jeremiah
7;ve added them to the February report and look
> forward to more such nice reports in future!
Well you'll probably be more excited when this:
https://github.com/oriansj/mes-m2
hits version 1.0
(hint it'll be bootstrappable from mescc-tools-seed and will be able to
bootstrap MesCC)
^_^
-Jeremiah
memory 10M && meld foo1 tape_02
If you need further clarification, I am more than happy to help
Plus there are some wonderful people on #bootstrappable who are able to help
you work through ugly details
-Jeremiah
___
rb-general@lists.reproduci
anyway)
So you'll have to clone https://github.com/oriansj/bootstrap-seeds if you want
a generated 357byte hex0 binary
- Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
to mention:
major enhancements to kaem thanks to fosslinux
Reproducible friendly tarball generation thanks to Janneke
Andrius Štikonas fixing a lot of my typos
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your
> We are pleased to announce the release of GNU Mes 0.22, representing
> 57 commits over 8 weeks.
Great job as always Janneke, stage0's 0.3.0 release last week was far less
impressive.
-Jeremiah
___
rb-general@lists.reproducible-builds.
s able to run MesCC and guix directly (not to mention solve the
guile bootstrap problem)
The bootstrap will be complete.
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
https://lists.reprodu
ility is about, well, being able to reproducibly build software.
Bootstrappablility is about building digital provenance for our software
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
https
pable.org/
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
https://lists.reproducible-builds.org/listinfo/rb-general.
To unsubscribe, send an email to
rb-general-unsubscr...@lists.rep
FULL version of Gnu MES, which will result
in a full bootstrap from a 357byte bootstrap binary all the way to GCC
With 2 separate bootstraps already completed (x86 and AMD64) with more on the
way (ARMv7l+aarch64)
-Jeremiah
___
rb-general
e and human
culture at a deep level as a core story element
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
https://lists.reproducible-builds.org/listinfo/rb-general.
To unsubscribe, send an email to
rb-general-unsubscr...@lists.reproducible-builds.org.
default
> - or, we could put a "remove Python addresses" post-processor in
> strip-nondeterminism.
Aka, just another band-aid on this class of problems
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your sub
0 about Reproducible Builds in a practical way,
Did you want to share any of the content from your session in Mexico
City beforehand on this list? You might find some helpful experts
willing to assist?
Such a prospect can be daunting, but this is a friendly list
once this piece is done we will have a full bootstrap from hex to GCC
https://github.com/oriansj/mes-m2
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
https://lists.reproducible-builds.org
lse from the software root of trust.
(No Operating system or runtime or Microcode or Firmware)
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options, visit
https://lists.reproducible-builds.org/listinfo
> neato & thanks for sharing. what are those 5 architectures? looking *very
> briefly* add the above two URLs I couldnt figure it out...
Knight-native
Knight-Posix
ARM (v6+v7)
X86
AMD64
-Jeremiah
___
rb-general@lists.reproducible-builds.o
Today I am pleased to announce the release of M2-Planet v1.3.0 and 0.6.1
https://github.com/oriansj/M2-Planet
https://savannah.nongnu.org/projects/mescc-tools
Which includes a self-hosting port to its Fifth Architecture.
For those who are not aware M2-Planet is a self-hosting C compiler written i
I am pleased to announce the release which includes ports to ARM and a hand
written hex0 to M0 bootstrap for AMD64
https://github.com/oriansj/M2-Planet
https://savannah.nongnu.org/projects/mescc-tools
-Jeremiah
___
rb-general@lists.reproducible
t of `date +%b\ %d` gives a complete
> explanation.
Adding export PS1="Login: " to one's .bashrc would be more effective
-Jeremiah
___
rb-general@lists.reproducible-builds.org mailing list
To change your subscription options,
Convention on copyright law to make this sort of
> auditing legal.
> I'll start by sending a patch to the Berne guys; anybody knows what their
> mailing list's address is?
Complete and utter waste of time
-Jeremiah
___
r
c binaries like those M2-Planet creates.
https://github.com/oriansj/M2-Planet
Where there is no possible input that could possibly create non-deterministic
output.
Build directories, paths, timestamps, library paths, host instruction set or
any other of that nonsense, just doesn't matte
> I'm not sure what you mean by 'not possible to collide' here. Hashes are
> typically smaller than the allowed inputs, which means there must exist
> different input files that produce the
> same output hash. A cryptographic hash just makes those collisions hard to
> find/create, it cannot pre
> While I agree that you can certainly find collisions when you do
> crc16(H(a),H(b))
> or
> H(crc16(a),crc16(b))
> I fail to see how that would be possible with cryptographic hash functions
> like SHA-256, so
> H(H(a),H(b))
> especially since the hash functions internally usually work in rounds
50 matches
Mail list logo
