Re: Hardened toolchain

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hardened toolchain

From:	zimoun
Subject:	Re: Hardened toolchain
Date:	Sun, 27 Mar 2022 22:06:33 +0200

Hi,

On Sat, 26 Mar 2022 at 20:33, kiasoc5@tutanota.com wrote:

> Just so I understand, in other (imperative) words:
>
> gcc-hardened-1 = gcc-hardened built with regular gcc
> gcc-hardened-2 = gcc-hardened built with gcc-hardened-1
> n = 1
> while checksum(gcc-hardened-{n}) != checksum(gcc-hardened-{n+1}):
>    gcc-hardened-{n+1} = gcc-hardened built with gcc-hardened-{n}
>    n++
> define the new toolchain with gcc-hardened-{n+1}

To be totally correct:

binary gcc-hardened-1 = source gcc-hardened built with binary gcc
binary gcc-hardened-2 = source gcc-hardened built with binary gcc-hardened-1

where ’binary gcc’ is the binary seed of the bootstrap.

>> Guix is not auto-magically resolving the fixed-point, i.e., it does not
>> unroll the cycle by magic. :-) You have to do it manually or write code
>> for automatise the process; described above.
>>
> Thanks, are there any examples in the code base that would be a good
> reference?

(gnu packages commencement), I guess.

On Sat, 26 Mar 2022 at 23:02, kiasoc5@tutanota.com wrote:

> Here's a smaller example that has the same error:
>
> ===the file===
> (use-modules (gnu)
>              (guix)
>              (guix packages))
>
> (use-package-modules gcc base commencement)
>
> (package-with-c-toolchain gcc `(("toolchain" ,(make-gcc-toolchain gcc))))
> ===the file===

[...]

> The gcc package already exists! Why can't I build gcc with itself?

Well, the symbol ’gcc’ can refer to 3 things:

 - source
 - recipe for building the source
 - binary

Maybe I misunderstand you, but it appears to me that you want:

    binary1 = recipe built with binary0

but because ’package-with-c-toolchain’ is recursive, it reads, instead:

    binary0 = recipe built with binary0

so, it is a cycle.  You cannot build binary0 using this very same
binary0.

Therefore, you have to tweak and manually write the chain, i.e., unroll
the cycle.  For example, gcc-hardened-boot build with gcc (seed), then
gcc-hardened built with gcc-hardened-boot.  Once you have this binary
gcc-hardened, you can use it with package-with-c-toolchain; however, not
for rebuilding gcc-hardened-boot or gcc-hardened, otherwise you are
introducing a cycle.

Hope that helps.

Cheers,
simon

[Prev in Thread]

Current Thread

[Next in Thread]

Hardened toolchain, kiasoc5, 2022/03/21
- Hardened toolchain, zimoun, 2022/03/21
  - Message not available
    - Re: Hardened toolchain, zimoun, 2022/03/22
    - Re: Hardened toolchain, kiasoc5, 2022/03/22
    - Re: Hardened toolchain, kiasoc5, 2022/03/25
    - Re: Hardened toolchain, zimoun, 2022/03/25
    - Re: Hardened toolchain, kiasoc5, 2022/03/26
    - Re: Hardened toolchain, kiasoc5, 2022/03/26
    - Re: Hardened toolchain, zimoun <=
  - Re: Hardened toolchain, Maxime Devos, 2022/03/27
    - Re: Hardened toolchain, Maxim Cournoyer, 2022/03/27
    - Re: Hardened toolchain, zimoun, 2022/03/28
    - Re: Hardened toolchain, kiasoc5, 2022/03/28
    - Re: Hardened toolchain, Ludovic Courtès, 2022/03/29

Prev by Date: singpolyma presents on writing guix packages with js
Next by Date: Re: Hardened toolchain
Previous by thread: Re: Hardened toolchain
Next by thread: Re: Hardened toolchain
Index(es):
- Date
- Thread