Guix---like other GNU/Linux distributions---is traditionally
bootstrapped from a set of bootstrap binaries: Bourne shell,
command-line tools provided by GNU Coreutils, Awk, Findutils,
grep and Guile, GCC, Binutils, and the GNU C Library. Usually,
these bootstrap binaries are "taken for granted."
Taking these binaries for granted means that we consider them to be a
correct and trustworthy
seed for building the complete system.
Therein lies a problem: the current combined size of these bootstrap
binaries is about 250MB . Auditing or even inspecting these is next
x86_64-linux, GuixSD now features a "Reduced
Binary Seed" bootstrap (see the
branch). We would like to say: "Full Source Bootstrap" and while we
are working towards that goal it would be hyperbole to use that term
for what we do now.
The Reduced Binary Seed bootstrap removes the most critical tools---from a
trust perspective---from the bootstrap binaries: GCC, Binutils and the GNU C
Library are replaced by:
mescc-tools-seed (a tiny assembler and linker)
mes-seed (a small Scheme Interpreter and a C compiler writen in Scheme)
tinycc-seed (the Mes C Library, built for TinyCC). Using these new
binary seeds and a new set of
the "missing" Binutils, GCC, and the GNU C Library are built from source.
From here on the more traditional bootstrap process resumes. This approach
has reduced the bootstrap binaries in size to about 130MB. Work is ongoing to
reduce this further. If you are interested, join us on
on the Freenode IRC network.
Below is the generated dependency graph for
gcc-mesboot, the bootstrap
compiler used to build the rest of GuixSD.