Group: Software/FSDG distributions/CrossDistroBootstrap

From LibrePlanet
Jump to: navigation, search

Introduction

In some cases, users and developers might need to install an FSDG distribution from another one.

This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution.

The criteria for being OK / green are very subjective:

  • The installation needs to be somehow automated (debootstrap / pacstrap)
  • Signature needs to be checked

Use cases

  • Using software not available in the distribution you use, while making sure it doesn't bundle nonfree software, depend on it, etc, by reusing all the work that went into packaging it in other FSDG distributions.
  • Build Replicant (it needs specific versions of GNU/Linux distributions)
  • Getting FSDG compliant environments packaged by Debian (like Freedombox, or the Android SDK) by getting it from PureOS.
  • Supporting more distributions (through semi-automatic installations) in an FSDG hosting environment (where administrators can maintain their own VM with the FSDG distribution of their choice)

Cross bootstrap distros table

Hosts
Guix for x86_64-linux Hyperbola i686 Hyperbola x86_64 Parabola armv7h Parabola i686 Parabola x86_64 PureOS 10.0 (byzantium) aarch64 PureOS 10.0 (byzantium) x86_64 Trisquel 10 (Nabia) x86_64 Trisquel 11 (Aramo) amd64 Trisquel 11 (Aramo) arm64 Trisquel 11 (Aramo) armhf Trisquel 11 (Aramo) ppc64el
Targets Guix for x86_64-linux

guix package

Manual install only Manual install only

guix 1.4.0 and

guix-installer 1.4.0 packages

guix 1.4.0 and

guix-installer 1.4.0 packages

guix 1.4.0 and

guix-installer 1.4.0 packages

guix package[1] guix 1.2.0 package[1] Manual install only

guix 1.3.0 package

guix 1.3.0 package

guix 1.3.0 package

guix 1.3.0 package

Hyperbola i686 missing pacstrap pacstrap pacstrap missing qemu-user-static pacstrap + hyperbola-* packages pacstrap + hyperbola-* packages missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Hyperbola x86_64 missing pacstrap missing qemu-user-static pacstrap missing qemu-user-static pacstrap + hyperbola-* packages + qemu-user-static pacstrap + hyperbola-* packages missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola armv7h missing pacstrap missing qemu-user-static + keyring + configs missing qemu-user-static + keyring + configs pacstrap pacstrap + archlinux-arm-keyring + qemu-user-static pacstrap + archlinux-arm-keyring + qemu-user-static missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola i686 missing pacstrap manual with pacstrap: missing keyring + configs manual with pacstrap: missing keyring + configs missing qemu-user-static pacstrap pacstrap + archlinux32-keyring missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola x86_64 missing pacstrap missing qemu-user-static + keyring + configs manual with pacstrap: missing keyring + configs missing qemu-user-static pacstrap + qemu-user-static pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
PureOS 9.0 (amber) aarch64 Needs testing (with debootstrap and qemu:static) missing debootstrap missing debootstrap Can't run --second-stage: missing qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static debootstrap debootstrap --foreign + qemu-user-static missing support in debootstrap + missing keyring? missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring
PureOS 9.0 (amber) x86_64 Needs testing (with debootstrap).[2] missing debootstrap missing debootstrap Can't run --second-stage: missing qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static deboostrap + pureos-archive-keyring debootstrap --foreign + qemu-user-static debootstrap missing support in debootstrap + missing keyring? missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring
PureOS 10 (byzantium) aarch64 Needs testing (with debootstrap and qemu:static) debootstrap --foreign + qemu-user-static[3]
PureOS 10.0 (byzantium) x86_64 debootstrap[2] deboostrap + pureos-archive-keyring[4] deboostrap + pureos-archive-keyring[5]
Trisquel 10 (Nabia) x86_64 Needs testing (with debootstrap).[6] missing debootstrap missing debootstrap debootstrap + trisquel-keyring[7] missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring debootstrap (+ some keyring?) debootstrap + trisquel-keyring
Trisquel 11 (Aramo) amd64 debootstrap[6] debootstrap + trisquel-keyring[8] debootstrap + trisquel-keyring
Trisquel 11 (Aramo) arm64 Needs testing (with debootstrap and qemu:static) deboostrap --foreign + trisquel-keyring + qemu-user-static[9]
Trisquel 11 (Aramo) armhf debootstrap + qemu:static + small tweaks[10] deboostrap --foreign + trisquel-keyring + qemu-user-static[11]
Trisquel 11 (Aramo) ppc64el Needs testing (with debootstrap and qemu:static) missing qemu-ppc64el-static[12]
Guix for x86_64-linux Hyperbola i686 Hyperbola x86_64 Parabola armv7h Parabola i686 Parabola x86_64 PureOS 10.0 (byzantium) aarch64 PureOS 10.0 (byzantium) x86_64 Trisquel 10 (Nabia) x86_64 Trisquel 11 (Aramo) aarch64 Trisquel 11 (Aramo) x86_64 Trisquel 11 (Aramo) armhf Trisquel 11 (Aramo) ppc64el
Hosts

More precise guix status

Distribution Package / installation method Version Default substitute server provided by the package Security fixes /etc/guix/acl permissions
ci.guix.gnu.org bordeaux.guix.gnu.org Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297) Build User Takeover Vulnerability
Latest guix system latest Yes Yes Safe Safe -r--r--r-- 1 root root
guix-install.sh 1.4.0[13] User setting during installation -rw------- 1 root root
Parabola 1.4.0 Yes Yes Safe Safe -rw-r--r-- root root
PureOS 10.0 (byzantium) 1.2.0 Yes No Safe Safe -rw-r--r-- 1 root root
Trisquel 11.0 (nabia) 1.3.0 Yes No Safe Safe -rw------- 1 root root

Also if the Guix package on distributions like Parabola, PureOS, Trisquel has security issues, you don't need to wait for your distribution to fix them, you can fix them youself by making Guix update itself. See upgrading the Guix daemon, on a foreign distro for more details.

Guix on FSDG distributions without Guix package

Since it is possible to install Guix manually or with guix-install.sh, below we can see various status information.

Distribution Can Guix work? guix-install.sh support guix-install.sh init system integration guix-install.sh packaged
Dragora Yes Yes No No
Dynebolic Guix requires Internet to be useful [14] ? ? ?
Hyperbola ? ? ? No
LibreCMC ? ? ? No
Parabola Yes Yes Yes Yes
ProteanOS ? ? ? ?
PureOS Yes Yes Yes No
Replicant 6.0 no: outdated kernel[15] no: Android needs special care[16] No No
Trisquel 11 Yes Yes Yes No
Ututo ? ? ? ?

More precise status for Debian based distributions

While debootstrap is the standard for being able to create rootfs for Debian based distributions like PureOS or Trisquel, it might be interesting to also look in more detail in the available tooling that reuses or replaces it.

The table below adds such details.

Tool PureOS target support Trisquel target support Works without root once installed? Guix package Hyperbola package Parabola package PureOS 10.0 (byzantium) package Trisquel 11 (Aramo) package Packages for non-FSF certified distributions
consfigurator for creating rootfs Some features are tied to Debian but with some code they can be made to work with other distros (like Trisquel) ? No No No No Yes Some:[17]
  • Debian
  • Kali
  • Parrot
  • Raspbian
  • Ubuntu

But we don't know if it works or not as 'disk:raw-image-built-for' might depend on debootstrap somehow.

debootstrap Yes Yes ?[18] Yes No Yes Yes Yes Requires Trisquel and PureOS keyrings to be used securely, and there are not packaged.
debuerreotype Yes Yes No[19] No No Yes Yes Yes Requires Trisquel and PureOS keyrings to be used securely, and there are not packaged.
debspawn ? ? Yes No No No Yes Yes ?

This page was a featured resource in February 2025.


References

  1. Jump up to: 1.01.1 PureOS 10.0 (byzantium) and Trisquel 11 (aramo) now have a guix package
  2. Jump up to: 2.02.1 debootstrap now supports PureOS and automatically pulls the pureos-archive-keyring dependency. Tested with PureOS byzantium when sending the patch for that in Guix.
  3. Jump up Tested on Parabola x86_64.
  4. Jump up Tested on Parabola x86_64.
  5. Jump up Tested inside a byzantium chroot inside Parabola x86_64.
  6. Jump up to: 6.06.1 debootstrap now supports Trisquel and automatically pulls the trisquel-keyring dependency. Tested with Trisquel 11 when sending the patch for that in Guix.
  7. Jump up Tested with debootstrap nabia rootfs https://archive.trisquel.info/trisquel on Parabola x86_64.
  8. Jump up Tested with debootstrap aramo trisquel-11 https://archive.trisquel.info/trisquel on Parabola x86_64
  9. Jump up Tested under Parabola x86_64 by running 'debootstrap --foreign --arch arm64 aramo rootfs' and 'cp /usr/bin/qemu-aarch64-static rootfs' and 'LANG=C.UTF-8 chroot trisquel-11-arm64 qemu-aarch64-static /bin/bash' and '/debootstrap/debootstrap --second-stage' inside the chroot
  10. Jump up Tested with the Hardware/FSDG_distributions/Trisquel tutorial with 'etiona' replaced by 'aramo', up to the '/debootstrap/debootstrap --second-stage' (included). The tweaks are mentioned in the tutorial.
  11. Jump up Tested on Parabola x86_64 by following Group:Hardware/FSDG_distributions/Trisquel#How_to_install_Trisquel_10_.28etiona.29_on_32bit_ARM_SBCs with aramo instead of etiona. Only the first and second stage deboostrap were done though (I didn't create a loop device, etc).
  12. Jump up Parabola has qemu-ppc64le-static, qemu-ppc64-static, qemu-ppc-static but none of them work for chrooting inside the ppc64el chroot.
  13. Jump up The install script will, at runtime, download a list of guix releases and determine the latest version. At the time of writing the latest release 1.4.0.
  14. Jump up According to https://www.gnu.org/distros/free-distros.html, Dynebolic is meant to run offline, and Guix doesn't work well offline.
  15. Jump up Replicant 6.0 uses a 3.0 kernel and Guix binaries requires a much more recent kernel to run. I tried to downgrade the kernel headers to make Guix rebuild everything but it didn't work at the time.
  16. Jump up See https://lepiller.eu/en/guix-on-android.html for more details. The easiest way would be to upstream modifications to the Android distribution for making it easier to support Guix, and once done, adding support for Android in guix-install.sh and shipping guix-install.sh as part of the Android distribution.
  17. Jump up https://repology.org/project/consfigurator/versions
  18. Jump up There was an issue upstream that was fixed by the commits '39b8069 scripts/robur: fix fakechroot.' and '38eb1ed scripts/amber: fix fakechroot.'.
  19. Jump up uses the unshare Linux system call which requires root