mescc-tools-seed
nixpkgs
Our great sponsors
mescc-tools-seed | nixpkgs | |
---|---|---|
8 | 974 | |
85 | 15,656 | |
- | 5.3% | |
6.6 | 10.0 | |
2 months ago | 4 days ago | |
C | Nix | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mescc-tools-seed
- Running the "Reflections on Trusting Trust" Compiler
- stage0 x86 seed reduced from 357 Bytes to 256 Bytes
-
test
From here I found a reference to the Gash, Mes-M2 and stage0 projects, who's README.org references a nice wiki for stage0. The Wiki references a more expansive stage0-posix repo. From here, I finally got all the pieces to fit togeather.
-
How reproducible are Guix packages?
Of course, reproducible builds will only give you security if you trust the compiler you're using to verify. Unlike traditional distributions, Guix packages are rigorously defined in terms of their dependencies all the way down to ~60 MB of bootstrap binaries. There has been a lot of cool work to reduce the initial binary seed size, and they are working to reduce this even further to a "full source" bootstrap which will make use of the stage0 project to bootstrap the entire OS from a small, auditable ASCII Hex -> binary program.
-
stage0-posix was ported to RISC-V
stage0-posix just gained initial support for RISC-V (64-bit). It starts with 392 byte hex assembler, 361 byte "shell" and bootstraps simple linker (hex2), macro assembler (M0). Then it builds cc_riscv64 RISC-V compiler written in RISC-V assembly and uses it to build simple C compiler written in C (M2-Planet). Then it builds a few extra utilities (cp, mkdir, untar, ungz, sha256sum, chmod)
-
Bootstrapping from Hex to Bison to GCC
I wonder if Brainfuck could be used for https://github.com/oriansj/stage0-posix ? It would not surprise me if there is no other language for which there are so many interpreters written in so many different programming languages. It is even possible to write a Brainfuck interpreter in Brainfuck, which can be verified. And there is also a Brainfuck interpreter written in x86-64: https://github.com/316k/brainfuck-x86-64 . It is a little larger than hex0_x86.hex0 , but not too much to make it hard to verify.
-
A Brief Introduction to Forth (1993)
I'd argue the easiest to implement language is macro-assembly then the C subset known as cc_x86
https://github.com/oriansj/mescc-tools-seed
nixpkgs
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
-
GitHub Disabled the Xz Repo
True, but irrelevant -- _some packages_, _somewhere_, do depend on xz, which, if built, requires pulling the source from GitHub (see the default.nix: https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/tools...)
It's not the vulnerability that's a problem right now (NixOS was protected by a couple of factors) but rather GitHub's hamfisted response.
That is the problem.
What are some alternatives?
live-bootstrap - Use of a Linux initramfs to fully automate the bootstrapping process
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
mes-m2 - Making Mes.c M2-Planet friendly
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
archlinux-installer-script - Arch Linux install script. Only performs the minimal steps for booting into arch. 75 lines of script with full progress messages and tutorial.
git-lfs - Git extension for versioning large files
neat - The Neat Language compiler. Early beta?
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
c4 - C in four functions
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
stage0 - A set of minimal dependency bootstrap binaries
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.