Group: Software/FSDG distributions/CrossDistroBootstrap

From LibrePlanet
Jump to: navigation, search

Introduction

In some cases, users and developers might need to install an FSDG distribution from another one.

This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution.

The criteria for being OK / green are very subjective:

  • The installation needs to be somehow automated (debootstrap / pacstrap)
  • Signature needs to be checked

Use cases

  • Using software not available in the distribution you use, while making sure it doesn't bundle nonfree software, depend on it, etc, by reusing all the work that went into packaging it in other FSDG distributions.
  • Build Replicant (it needs specific versions of GNU/Linux distributions)
  • Getting FSDG compliant environments packaged by Debian (like Freedombox, or the Android SDK) by getting it from PureOS.
  • Supporting more distributions (through semi-automatic installations) in an FSDG hosting environment (where administrators can maintain their own VM with the FSDG distribution of their choice)

Cross bootstrap distros table

Hosts
Guix for x86_64-linux Hyperbola i686 Hyperbola x86_64 Parabola armv7h Parabola i686 Parabola x86_64 PureOS 10.0 (byzantium) aarch64 PureOS 10.0 (byzantium) x86_64 Trisquel 10 (Nabia) x86_64 Trisquel 11 (Aramo) amd64 Trisquel 11 (Aramo) arm64 Trisquel 11 (Aramo) armhf Trisquel 11 (Aramo) ppc64el
Targets Guix for x86_64-linux

guix package

Manual install only Manual install only

guix 1.4.0 and

guix-installer 1.4.0 packages

guix 1.4.0 and

guix-installer 1.4.0 packages

guix 1.4.0 and

guix-installer 1.4.0 packages

guix package[1] guix 1.2.0 package[1] Manual install only

guix 1.3.0 package

guix 1.3.0 package

guix 1.3.0 package

guix 1.3.0 package

Hyperbola i686 missing pacstrap pacstrap pacstrap missing qemu-user-static pacstrap + hyperbola-* packages pacstrap + hyperbola-* packages missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Hyperbola x86_64 missing pacstrap missing qemu-user-static pacstrap missing qemu-user-static pacstrap + hyperbola-* packages + qemu-user-static pacstrap + hyperbola-* packages missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola armv7h missing pacstrap missing qemu-user-static + keyring + configs missing qemu-user-static + keyring + configs pacstrap pacstrap + archlinux-arm-keyring + qemu-user-static pacstrap + archlinux-arm-keyring + qemu-user-static missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola i686 missing pacstrap manual with pacstrap: missing keyring + configs manual with pacstrap: missing keyring + configs missing qemu-user-static pacstrap pacstrap + archlinux32-keyring missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola x86_64 missing pacstrap missing qemu-user-static + keyring + configs manual with pacstrap: missing keyring + configs missing qemu-user-static pacstrap + qemu-user-static pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
PureOS 9.0 (amber) aarch64 Needs testing (with debootstrap and qemu:static) missing debootstrap missing debootstrap Can't run --second-stage: missing qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static debootstrap debootstrap --foreign + qemu-user-static missing support in debootstrap + missing keyring? missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring
PureOS 9.0 (amber) x86_64 Needs testing (with debootstrap).[2] missing debootstrap missing debootstrap Can't run --second-stage: missing qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static deboostrap + pureos-archive-keyring debootstrap --foreign + qemu-user-static debootstrap missing support in debootstrap + missing keyring? missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring
PureOS 10 (byzantium) aarch64 Needs testing (with debootstrap and qemu:static) debootstrap --foreign + qemu-user-static[3]
PureOS 10.0 (byzantium) x86_64 debootstrap[2] deboostrap + pureos-archive-keyring[4] deboostrap + pureos-archive-keyring[5]
Trisquel 10 (Nabia) x86_64 Needs testing (with debootstrap).[6] missing debootstrap missing debootstrap debootstrap + trisquel-keyring[7] missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring debootstrap (+ some keyring?) debootstrap + trisquel-keyring
Trisquel 11 (Aramo) amd64 debootstrap[6] debootstrap + trisquel-keyring[8] debootstrap + trisquel-keyring
Trisquel 11 (Aramo) arm64 Needs testing (with debootstrap and qemu:static) deboostrap --foreign + trisquel-keyring + qemu-user-static[9]
Trisquel 11 (Aramo) armhf debootstrap + qemu:static + small tweaks[10] deboostrap --foreign + trisquel-keyring + qemu-user-static[11]
Trisquel 11 (Aramo) ppc64el Needs testing (with debootstrap and qemu:static) missing qemu-ppc64el-static[12]
Guix for x86_64-linux Hyperbola i686 Hyperbola x86_64 Parabola armv7h Parabola i686 Parabola x86_64 PureOS 10.0 (byzantium) aarch64 PureOS 10.0 (byzantium) x86_64 Trisquel 10 (Nabia) x86_64 Trisquel 11 (Aramo) aarch64 Trisquel 11 (Aramo) x86_64 Trisquel 11 (Aramo) armhf Trisquel 11 (Aramo) ppc64el
Hosts

More precise guix status

Distribution Package / installation method Default substitute server provided by the package Security fixes /etc/guix/acl permissions
ci.guix.gnu.org bordeaux.guix.gnu.org Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297) Build User Takeover Vulnerability
guix system -r--r--r-- 1 root root
guix-install.sh User setting during installation -rw------- 1 root root
Parabola None Vulnerable[13] Vulnerable[13]
PureOS 10.0 (byzantium) Yes No Safe Vulnerable -rw-r--r-- 1 root root
Trisquel 11.0 (nabia) Yes No Safe Safe -rw------- 1 root root

References

  1. 1.01.1 PureOS 10.0 (byzantium) and Trisquel 11 (aramo) now have a guix package
  2. 2.02.1 debootstrap now supports PureOS and automatically pulls the pureos-archive-keyring dependency. Tested with PureOS byzantium when sending the patch for that in Guix.
  3. Tested on Parabola x86_64.
  4. Tested on Parabola x86_64.
  5. Tested inside a byzantium chroot inside Parabola x86_64.
  6. 6.06.1 debootstrap now supports Trisquel and automatically pulls the trisquel-keyring dependency. Tested with Trisquel 11 when sending the patch for that in Guix.
  7. Tested with debootstrap nabia rootfs https://archive.trisquel.info/trisquel on Parabola x86_64.
  8. Tested with debootstrap aramo trisquel-11 https://archive.trisquel.info/trisquel on Parabola x86_64
  9. Tested under Parabola x86_64 by running 'debootstrap --foreign --arch arm64 aramo rootfs' and 'cp /usr/bin/qemu-aarch64-static rootfs' and 'LANG=C.UTF-8 chroot trisquel-11-arm64 qemu-aarch64-static /bin/bash' and '/debootstrap/debootstrap --second-stage' inside the chroot
  10. Tested with the Hardware/FSDG_distributions/Trisquel tutorial with 'etiona' replaced by 'aramo', up to the '/debootstrap/debootstrap --second-stage' (included). The tweaks are mentioned in the tutorial.
  11. Tested on Parabola x86_64 by following Group:Hardware/FSDG_distributions/Trisquel#How_to_install_Trisquel_10_.28etiona.29_on_32bit_ARM_SBCs with aramo instead of etiona. Only the first and second stage deboostrap were done though (I didn't create a loop device, etc).
  12. Parabola has qemu-ppc64le-static, qemu-ppc64-static, qemu-ppc-static but none of them work for chrooting inside the ppc64el chroot.
  13. 13.013.1 Currently the Parabola Guix package doesn't build anymore. This needs to be fixed in order to apply the security fixes.