zig bootstrap: some updates

This commit is contained in:
Motiejus Jakštys 2024-11-12 23:49:30 +02:00
parent 6f435ec11d
commit 23e0f39506

View File

@ -7,13 +7,10 @@ draft: true
I decided to bootstrap zig without using binaries that are [checked in the I decided to bootstrap zig without using binaries that are [checked in the
repository](https://github.com/ziglang/zig/blob/0.13.0/stage1/zig1.wasm) and repository](https://github.com/ziglang/zig/blob/0.13.0/stage1/zig1.wasm) and
see if the resulting `zig1.wasm` in the latest zig release (0.13.0) is the same answer if the resulting `zig1.wasm` in the latest zig release (0.13.0) is the
the one bootstrapped without those binaries. same the one bootstrapped without those binaries.
TLDR: `zig1.wasm` of the official 0.13.0 and our-hard-bootstrapped one are the TLDR: yes, they are the same:
same. Whoof, Zig is clean from [this famous attack vector][2], or at least
there is nothing hiding in `zig1.wasm` that hasn't been in the checked-in
sources:
``` ```
$ sha256sum code/zig{,2}/stage1/zig1.wasm $ sha256sum code/zig{,2}/stage1/zig1.wasm
@ -21,8 +18,12 @@ $ sha256sum code/zig{,2}/stage1/zig1.wasm
127909fb8c9610ce3f296d8a48014546c0f85055115002fb3aba4d865dcdbb27 code/zig2/stage1/zig1.wasm 127909fb8c9610ce3f296d8a48014546c0f85055115002fb3aba4d865dcdbb27 code/zig2/stage1/zig1.wasm
``` ```
I can now confidently say (and you can also check, you don't need to [trust
me][2]) that there is nothing hiding in `zig1.wasm` that hasn't been
checked-in.
Many, many thanks to [Hilton Chain][1] for reasons I that will become clear Many, many thanks to [Hilton Chain][1] for reasons I that will become clear
later. later. The rest of this post walks through how I arrived to this claim.
# Official zig1.wasm # Official zig1.wasm
@ -98,7 +99,7 @@ compiler.
Andrew suggests a motivated third-party to implement a [Zig Andrew suggests a motivated third-party to implement a [Zig
interpreter][zig-interpreter] in non-zig that could break this chain. While interpreter][zig-interpreter] in non-zig that could break this chain. While
that would be certainly be ideal, but nobody has built it yet 🤷. that would be certainly be ideal, nobody has built it yet 🤷.
The steps to build "trusted"[^3] zig are roughly: The steps to build "trusted"[^3] zig are roughly:
@ -115,14 +116,29 @@ work on bootstrapping Zig!`, where they took my PoC, [re-created all of it in
Guix DSL][6] and ran all the way to 0.13.0[^2]. This made me flabbergasted. Guix DSL][6] and ran all the way to 0.13.0[^2]. This made me flabbergasted.
I audited their script to see if it really deletes `zig1.wasm` at every I audited their script to see if it really deletes `zig1.wasm` at every
checkout, ran it to produce `zig1.wasm` of `0.13.0` myself. Once I had checkout, ran it to produce `zig1.wasm` of `0.13.0` myself:
`zig1.wasm` of 0.13.0, I did the same as I did in the official `zig1.wasm`:
built zig3, used it to build `zig1.wasm`, and voilà, the hashes of the official
`zig1.wasm` and the one built by myself and Hilton match.
I am looking forward to Hilton landing his Zig work to Guix, so anyone can ```
audit the build script and reproduce this exercise by themselves with an $ ./pre-inst-env guix build zig@0.13
otherwise [bootstrappable][7] system. ;;; note: source file /home/motiejus/code/guix/gnu/packages/zig.scm
;;; newer than compiled /home/motiejus/code/guix/gnu/packages/zig.go
;;; note: source file /home/motiejus/code/guix/gnu/packages/zig.scm
;;; newer than compiled /nix/store/gp8nnfibhz63f61cxrnjhm4wb2r9np8h-guix-1.4.0/lib/guile/3.0/site-ccache/gnu/packages/zig.go
/gnu/store/mz95707dd7qmycpr1f0ndxhkmx3vdy1c-zig-0.13.0
/gnu/store/kqwq8sjgwi561sp78vfi6xkgm9i3wysk-zig-0.13.0-zig1
$ ls -lh /gnu/store/kqwq8sjgwi561sp78vfi6xkgm9i3wysk-zig-0.13.0-zig1/bin/zig1.wasm
-r--r--r-- 5 root root 2.6M Jan 1 1970 /gnu/store/kqwq8sjgwi561sp78vfi6xkgm9i3wysk-zig-0.13.0-zig1/bin/zig1.wasm
```
Once I had `zig1.wasm` of 0.13.0, I did the same as I did in the official
`zig1.wasm`: built zig3, used it to build `zig1.wasm`, and voilà, the hashes of
the official `zig1.wasm` and the one built here match.
# Conclusion
I am looking forward to Hilton landing this to Guix, so anyone can audit the
build script and reproduce this exercise by themselves with an otherwise
[bootstrappable][7] system. If you don't trust Guix, whom do you trust?
If anyone can trace origins of `zig1.wasm` and produce an identical version If anyone can trace origins of `zig1.wasm` and produce an identical version
themselves, perhaps it's not too bad to have it checked in? themselves, perhaps it's not too bad to have it checked in?
@ -134,7 +150,7 @@ themselves, perhaps it's not too bad to have it checked in?
title. I will not link it here, as it will be removed when it lands, but it title. I will not link it here, as it will be removed when it lands, but it
should be easy to find for determined readers before it does. should be easy to find for determined readers before it does.
[^3]: We trust no-one except ourselves. [^3]: We trust no-one except ourselves and our little machine on our desk.
[1]: https://ultrarare.space/ [1]: https://ultrarare.space/
[2]: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf [2]: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf