| 28 May 2025 |
 emily | until minimal bootstrap at least :) | 12:00:27 |
 raboof | I could see building an 'evil 25.05 image' that'd insert malware when I'd build the ISO on it. It's much harder to see someone in 2020 building an 'evil 20.03 image' that inserts malware when I build the ISO on it in 2025 | 12:00:30 |
| raboof | not theoretically impossible, of course, which is why bootstrappable builds are still also important, but given the choice building on an 'old' image seems slightly safer than building on a recent image. | 12:02:51 |
| 29 May 2025 |
|  ch joined the room. | 17:26:44 |
| 30 May 2025 |
 fricklerhandwerk | Minimal bootstrap is one cross-compilation of gcc-i686 -> gcc-x86_64 away | 08:05:37 |
| fricklerhandwerk | Anyone up to the task? | 08:05:46 |
| 7 Jun 2025 |
|  Grimmauld (any/all) joined the room. | 11:25:17 |
|  matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) left the room. | 22:44:09 |
| matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms) joined the room. | 22:56:10 |
| 9 Jun 2025 |
| raboof | Is there an issue to read up on that somewhere? (not that I have time to start digging into that, but good to have the reference) | 10:00:38 |
| raboof | might make sense to explicitly make bootstrappable builds on-topic here as well, https://github.com/NixOS/reproducible.nixos.org/pull/8 | 10:01:30 |
| Grimmauld (any/all) | Btw currently taking a look at the lambda ordering issue in https://github.com/NixOS/nixpkgs/issues/230290, trying to repro and diff the generated c code instead of diffing the binary, in a minimal repro. | 10:09:43 |
| Grimmauld (any/all) | no guarantees, but i have time and this looks like "fun" | 10:10:31 |
| raboof | oh cool | 10:15:02 |
| raboof | that's the most long-standing issue for the graphical installer (https://github.com/orgs/NixOS/projects/30) and indeed looks like an interesting rabbithole :) | 10:16:00 |
| Grimmauld (any/all) | I just tested the naive way:
delegate void SumLambdaType (int a);
void main () {
SumLambdaType sum0 = (a) => { print("%d\n", a + 0); };
SumLambdaType sum1 = (a) => { print("%d\n", a + 1); };
SumLambdaType sum2 = (a) => { print("%d\n", a + 2); };
SumLambdaType sum3 = (a) => { print("%d\n", a + 3); };
SumLambdaType sum4 = (a) => { print("%d\n", a + 4); };
SumLambdaType sum5 = (a) => { print("%d\n", a + 5); };
SumLambdaType sum6 = (a) => { print("%d\n", a + 6); };
SumLambdaType sum7 = (a) => { print("%d\n", a + 7); };
SumLambdaType sum8 = (a) => { print("%d\n", a + 8); };
SumLambdaType sum9 = (a) => { print("%d\n", a + 9); };
sum0(42);
sum1(42);
sum2(42);
sum3(42);
sum4(42);
sum5(42);
sum6(42);
sum7(42);
sum8(42);
sum9(42);
}
Sadly that is still fully deterministic.... It might be because multiple files? not sure yet.
| 10:36:13 |
| Grimmauld (any/all) | it might also be because inline, so names are not clear thus sorting is unreliable? Not sure yet. | 10:40:45 |
| raboof | IIRC it was also not super easy to trigger | 10:50:07 |
| Grimmauld (any/all) | i mean, ibus triggers it | 10:51:28 |
| Grimmauld (any/all) | the goal is to find something minimal that triggers it | 10:51:40 |
| Grimmauld (any/all) | and this was just a naive blind guess to see if it was easy, and turns out that no it isn't | 10:52:00 |
| raboof | right, but iirc ibus needs a fair number of rebuilds to actually hit the problem | 11:15:47 |
| fricklerhandwerk | The main chunk of work happened in 2023 here: https://github.com/NixOS/nixpkgs/pull/227914
All of this stuff works now except cross-compiling GCC to 64 bit, which should merely involve setting the right flags | 11:39:05 |
| raboof | I'll admit it's not clear to me how all that works in practice ;) - would that allow us to create, say, a qemu disk image with only sources (and those 256b) on it that'd when 'booted' bootstrap itself to a functional shell? or is that not the idea? | 13:42:14 |
 Julien | I think the assumptions are: Nix + a running kernel + those 256b allows you to build all nixpkgs | 13:53:23 |
| Julien | Obviously the assumptions are broken at multiple places in nixpkgs when other binary blobs are downloaded | 13:53:50 |
| emily | in particular I believe the goal is to produce a bootstrap tools tarball from those | 13:59:01 |
| emily | that can replace the current "mystery meat" one | 13:59:11 |
| emily | so that the bootstrap tools could be audited more easily | 13:59:22 |
| raboof | wrt 'other binary blobs', ideally allowNonSource = false should help with that (assuming all such cases are properly marked, which is probably not fully the case ;) ) | 14:00:09 |
