stage0
nixpkgs
stage0 | nixpkgs | |
---|---|---|
22 | 975 | |
888 | 15,753 | |
- | 2.2% | |
3.9 | 10.0 | |
3 months ago | about 8 hours ago | |
Assembly | Nix | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
stage0
- Running the "Reflections on Trusting Trust" Compiler
- Stage0: A minimal bootstrapping path to a C compiler capable of compiling GCC
- Goodbye to the C++ Implementation of Zig
- Stage0 – A set of minimal dependency bootstrap binaries
-
Nixpacks takes a source directory and produces an OCI compliant image
Somewhat tangential, but I'm curious how big the bootstrap seed for Nix is. That is, if you wanted to build the entire world, what's a minimum set of binaries you'd need?
Guix has put quite a bit of work into this, AFAIU, and it's getting close to being bootstrappable all the way from stage0 [0]. Curious if some group is also working on similar things for Nix.
[0]:https://github.com/oriansj/stage0
-
"Do you believe that every upstream project... is examined by an expert who can accurately identify whether said project contains malware...?"
https://www.bootstrappable.org/ has some good info. Reading the source of https://github.com/oriansj/stage0 is also very enlightening. It's set its goal to be understandable by 70% of programmers.
- Stage0 - A set of minimal dependency bootstrap binaries
-
Common libraries and data structures for C
Even if they aren't, people absolutely should be able to bootstrap new platforms from scratch. It's important to have confidence in our tools, in our ability to rebuild from scratch, and to be safe against the "trusting trust" attack among other things.
Lately I've been catching up on the state of the art in bootstrapping. Check out the live-bootstrap project. stage0 starts with a seed "compiler" of a couple hundred bytes that basically turns hex codes into bytes while stripping comments. A series of such text files per architecture work their way up to a full macro assembler, which is then used to write a mostly architecture-independent minimal C compiler, which then builds a larger compiler written in this subset of C. This then bootstraps a Scheme in which a full C compiler (mescc) is written, which then builds TinyCC, which then builds GCC 4, which works its way up to modern GCC for C++... It's a fascinating read:
https://github.com/oriansj/stage0
https://github.com/fosslinux/live-bootstrap/blob/master/part...
Even if no one is "using" this it should still be a primary motivator for keeping C simple.
-
How To Build an Evil Compiler
One countermeasure not mentioned here is bootstrapping a compiler with a program small enough to be manually verified. The stage0 project is under 1KB (small enough that the binary can be, and has been, manually checked against the hand written assembly), and GNU Guix (a system for reproducible, isolated builds) is currently working on moving it's bootstrap speed to stage0. That means that, fairly soon, there will be a large set of software that doesn't have a connection to an original C compiler.
- A minimal C compiler in x86 assembly
nixpkgs
-
Nix: The Breaking Point
I don't think so. The article is probably intended for the Nix community, so the author doesn't need to convince HN that something is going on. If as an outsider you are interested then you need to look into it yourself, the community has no obligation to make their internal conflicts legible to the outside world.
As an outsider myself, it certainly looks like something is going on as more than 20 Nixpkg maintainers left in a week: https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3...
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
What are some alternatives?
rizin - UNIX-like reverse engineering framework and command-line toolset.
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
arocc - A C compiler written in Zig.
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
chibicc - A small C compiler
git-lfs - Git extension for versioning large files
libcperciva - BSD-licensed C99/POSIX library code shared between tarsnap, scrypt, kivaloo, spiped, and bsdiff.
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
bug - Scala 2 bug reports only. Please, no questions — proper bug reports only.
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
c4 - C in four functions
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.