Bootstrappable builds: Difference between revisions
m Arthomnix moved page Bootstrapable builds to Bootstrappable builds: Misspelled |
m correct spelling (bootstrapable -> bootstrappable) |
||
| Line 1: | Line 1: | ||
''' |
'''Bootstrappable builds''', a process of [[compiling]] software that doesn't depend on (compiler) binaries that aren't build from source by this process.<ref>{{cite web | url=https://guix.gnu.org/en/blog/2020/guix-further-reduces-bootstrap-seed-to-25/ | title=Guix Further Reduces Bootstrap Seed to 25% — 2020 — Blog — GNU Guix }}</ref><ref>{{cite web|url=https://bootstrappable.org/ |title=Bootstrappable builds |publisher=Bootstrappable.org |date= |accessdate=2022-12-16}}</ref><ref name="bootstrappable1">{{cite web | url=https://lwn.net/Articles/841797/ | title=Bootstrappable builds [LWN.net] }}</ref> |
||
This process can protect against [[compiler backdoors]]: if the build process doesn't depend on binary code that is difficult to audit, then a compiler backdoor cannot be hidden in compiler binaries anymore. |
This process can protect against [[compiler backdoors]]: if the build process doesn't depend on binary code that is difficult to audit, then a compiler backdoor cannot be hidden in compiler binaries anymore. |
||
| Line 10: | Line 10: | ||
So without alternatives compilers compiler like [[GNU Compiler Collection|GCC]] that are written in another programming language (here in C and C++) the go compiler would require a binary of a previous version of the go compiler binary to be built. |
So without alternatives compilers compiler like [[GNU Compiler Collection|GCC]] that are written in another programming language (here in C and C++) the go compiler would require a binary of a previous version of the go compiler binary to be built. |
||
To have |
To have bootstrappable builds, it is often possible to find an older versions of the compiler that could be built from sources, and from that, write code to automatically build the next version of the compilers until having a recent version. Identifying which version can build which versions is often not trivial and that often result in very long compilation times for the bootstrap procedure. Sometimes this also require to maintain older compiler versions and to backport support for newer CPU architectures on older compilers versions to be able to bootstrap these architectures. |
||
This process can also be replaced or combined with other ways to bootstrap compilers. |
This process can also be replaced or combined with other ways to bootstrap compilers. |
||
| Line 21: | Line 21: | ||
== History == |
== History == |
||
Bootstrappable builds was started in 2016 as a spin-off of the reproducible builds project.<ref name="bootstrappable1"/> |
|||
== See also == |
== See also == |
||
Revision as of 18:17, 26 September 2023
Bootstrappable builds, a process of compiling software that doesn't depend on (compiler) binaries that aren't build from source by this process.[1][2][3]
This process can protect against compiler backdoors: if the build process doesn't depend on binary code that is difficult to audit, then a compiler backdoor cannot be hidden in compiler binaries anymore.
Methods
A way to tackle the issue for a Software distributions is to reduce the size of the binaries used to bootstrap the distribution until there are not needed anymore or that the size is small enough to be easily reviewed by humans.[4]
Many compilers for various programming languages are written in the language they target. For instance the official Go compiler(gc) is written in Go.
So without alternatives compilers compiler like GCC that are written in another programming language (here in C and C++) the go compiler would require a binary of a previous version of the go compiler binary to be built.
To have bootstrappable builds, it is often possible to find an older versions of the compiler that could be built from sources, and from that, write code to automatically build the next version of the compilers until having a recent version. Identifying which version can build which versions is often not trivial and that often result in very long compilation times for the bootstrap procedure. Sometimes this also require to maintain older compiler versions and to backport support for newer CPU architectures on older compilers versions to be able to bootstrap these architectures.
This process can also be replaced or combined with other ways to bootstrap compilers.
For instance it is also possible to write a new compiler for a language, that is written in another language.
These techniques can be used to reduce the size of the binaries used to bootstrap a distribution.
As for building the first compiler that can build the subsequent compilers, it is possible to reduce the size to a single binary that is less than 1 Kilobyte[5] and from that use multiple stages in the bootstrapping procedure to be able to build a C compiler, and from that build the other compilers or software.[6]
History
Bootstrappable builds was started in 2016 as a spin-off of the reproducible builds project.[3]
See also
References
- ^ "Guix Further Reduces Bootstrap Seed to 25% — 2020 — Blog — GNU Guix".
- ^ "Bootstrappable builds". Bootstrappable.org. Retrieved 2022-12-16.
- ^ a b "Bootstrappable builds [LWN.net]".
- ^ "NLnet; GNU Mes: Full Source bootstrap".
- ^ "[PATCH core-updates 0/8] the Full Source Bootstrap".
- ^ https://reproducible-builds.org/news/2022/05/18/jan-nieuwenhuizen-on-bootrappable-builds-gnu-mes-and-gnu-guix/
External links
 | This computer security article is a stub. You can help Wikipedia by expanding it. |
 | This computer-programming-related article is a stub. You can help Wikipedia by expanding it. |