HOME

TheInfoList



Click Here for Items Related To - Bootstrappable Builds
OR:
Bootstrappable Builds on:   [Wikipedia]   [Google]   [Amazon]

Bootstrappable builds, a process of
compiling In computing, a compiler is a computer program that translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primarily used for programs tha ...
software that doesn't depend on (compiler) binaries that aren't built from source by this process. This process can protect against compiler backdoors: if the build process doesn't depend on binary code that is difficult to audit, then a compiler backdoor cannot be hidden in compiler binaries anymore.


Methods

A way to tackle the issue for a
Software distribution Software distribution is the process of delivering software to the end user. Free software distribution tools GNU Autotools are widely used for which consist of source files written in C++ and the C programming language, but are not limited t ...
s is to reduce the size of the binaries used to bootstrap the distribution until there are not needed anymore or that the size is small enough to be easily reviewed by humans. Many compilers for various programming languages are written in the language they target. For instance the official Go compiler(gc) is written in Go. So without alternatives compilers compiler like GCC that are written in another programming language (here in C and C++) the go compiler would require a binary of a previous version of the go compiler binary to be built. To have bootstrappable builds, it is often possible to find an older versions of the compiler that could be built from sources, and from that, write code to automatically build the next version of the compilers until having a recent version. Identifying which version can build which versions is often not trivial and that often result in very long compilation times for the bootstrap procedure. Sometimes this also require to maintain older compiler versions and to backport support for newer CPU architectures on older compilers versions to be able to bootstrap these architectures. GCC 4.7 for example is the last version that can be compiled using tcc but can then go on to compile newer versions of GCC. This process can also be replaced or combined with other ways to bootstrap compilers. For instance it is also possible to write a new compiler for a language, that is written in another language. These techniques can be used to reduce the size of the binaries used to bootstrap a distribution. As for building the first compiler that can build the subsequent compilers, it is possible to reduce the size to a single binary that is 357 bytes and from that use multiple stages in the bootstrapping procedure to be able to build a C compiler, and from that build the other compilers or software.


Challenges

Software can depend on itself for compiling and the first version could've been compiled in a way that isn't bootstrappable.
Gradle Gradle is a build automation tool for multi-language software development. It manages tasks like compilation, packaging, testing, deployment, and publishing. Supported languages include Java (as well as JDK-based languages Kotlin, Groovy, Sc ...
is one such case as it depends on Scala, which had a proprietary dependency in its first release, and Kotlin, which depends on itself and Gradle to be compiled.https://www.bootstrappable.org/projects/java-tools.html


History

The Bootstrappable Builds project was started in 2016 as a spin-off of the Reproducible Builds project. In 2022, Guix gained the ability to be built from the aforementioned 357 bytes binary.


See also

* Reproducible builds


References


External links


bootstrappable.org
Compiling tools {{Compu-prog-stub