| 2 Dec 2022 |
 cbwang | Hi all, is it possible for nixos to build gcc through https://github.com/oriansj/stage0-posix in order to mitigate the Ken Thompson hack? | 17:48:27 |
 Rick (Mindavi) | It is possible, but there is no ready-to-use solution | 17:53:31 |
| cbwang | Thanks! I'm basically naively wondering if it is possible to build an ENTIRE minimum NixOS iso completely from source code of free software and with COMPLETELY no binaries (except stage0) involved at all. | 18:08:13 |
| cbwang | And, if the above procedure is possible, then the next goal would be make this process reproducible 😆 | 18:08:54 |
| cbwang | * And, if the above procedure is possible, then the next goal would be making this process reproducible 😆 | 18:09:24 |
| Rick (Mindavi) | Technically it should be, yeah | 18:10:42 |
| Rick (Mindavi) | But by default the bootstrap binaries are used | 18:10:54 |
| Rick (Mindavi) | And your host kernel | 18:10:59 |
| cbwang | In reply to @rick:matrix.ciphernetics.nl
And your host kernel But if this process can be reproducible no matter what host OS is, no matter what CPU is, then the host kernel is not required to be trusted | 18:12:42 |
| Rick (Mindavi) | Ah yes | 18:12:57 |
| Rick (Mindavi) | True :) | 18:12:59 |
| Rick (Mindavi) | I always wonder where one would start... | 18:14:26 |
| cbwang | Besides, if we really can achieve that, then we are going to have the first host OS that all the binaries are free | 18:14:22 |
| cbwang | In reply to @rick:matrix.ciphernetics.nl
I always wonder where one would start... A 256-byte assembler "hex0" from https://github.com/oriansj/bootstrap-seeds | 18:15:41 |
| cbwang | * A 256-byte assembler "hex0" from https://github.com/oriansj/bootstrap-seeds/blob/master/POSIX/x86/hex0-seed | 18:16:23 |
| Rick (Mindavi) | I mean | 18:16:45 |
| Rick (Mindavi) | Do you burn that on a usb stick and boot from it? | 18:16:56 |
| Rick (Mindavi) | 🧐 | 18:17:01 |
| Rick (Mindavi) | Or do you start with a host os and a statically linked nix or so? | 18:17:35 |
| cbwang | In reply to @rick:matrix.ciphernetics.nl
Do you burn that on a usb stick and boot from it? I would prefer to burn it on a DVD | 18:17:45 |
| Rick (Mindavi) | Or whatever nix | 18:17:50 |
| cbwang | In reply to @rick:matrix.ciphernetics.nl
Or do you start with a host os and a statically linked nix or so? Start with a nix that is built from a gcc bootstrapped from stage0 | 18:18:38 |
| Rick (Mindavi) | And that you can build on whatever host I guess? | 18:20:23 |
| cbwang | Yeah, and the nix binary should be reproducible on any x86 compatible hardware. | 18:21:00 |
