| 9 Jun 2025 |
 emily | btw, there is non-Nix work on solving the "running kernel" part that goes through tiny bare metal kernels and something called "Fiwix" :) https://lwn.net/Articles/983340/ | 14:00:15 |
 Julien | interesting thanks ! | 14:00:32 |
| emily | (which makes me happy, since I always felt like the "running kernel" part made the whole exercise a little absurd) | 14:00:35 |
| emily | ("an existing Nix binary" has the same problem for our minimal bootstrap. it's still an improvement over the bootstrap status quo though, don't get me wrong) | 14:01:05 |
| emily | (but a true bootstrap starts before you have any fancy build coordinator to hand) | 14:01:20 |
| emily | (ofc ideally you get Nix going as soon as possible in that process :) ) | 14:01:29 |
| emily | anyway, yeah, the fundamental idea is that you have a tiny and auditable trusted binary seed, and then you can reproduce anything by "only" auditing that binary seed and a few millions of lines of code | 14:02:06 |
| emily | including, like, several patched old versions of GCC and stuff like that | 14:02:14 |
| emily | and really the distinction between 256 bytes of hand-written machine code and the next stage where they get to write it in hex with comments instead is not very "source vs. binary" IMO | 14:02:42 |
| emily | but the general principle is good, even if the bootstrap chain needs heavily trimming down to be practically auditable | 14:02:56 |
 raboof | I see guix similarly requires an existing kernel and guile for their bootstrap, so no opportunity to build nix from their bootstrap 😆 | 14:05:17 |
| emily | yeah, though the Guix community has a lot of overlap with the work on things like ^ I think | 14:05:55 |
| emily | IMO, the ideal is that you get a nice purely-functional package manager running on something "simple" – say that Fiwix kernel | 14:06:18 |
| emily | that way you can optimize the more manual chain to get to Nix/Guix/whatever as short as possible and then the rest of the way you get to use the nice tool | 14:06:39 |
