Group: Software/FSDG distributions/CrossDistroBootstrap
(→Table: add hyperbola) |
(→More precise guix status: Guix: test for CVE-2024-27297) |
||
(98 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
In some cases, users and developers might need to install an FSDG distribution from another one. | In some cases, users and developers might need to install an FSDG distribution from another one. | ||
− | + | This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution. | |
− | + | The criteria for being OK / green are very subjective: | |
+ | * The installation needs to be somehow automated (debootstrap / pacstrap) | ||
+ | * Signature needs to be checked | ||
+ | |||
+ | == Use cases == | ||
+ | * Using software not available in the distribution you use, while making sure it doesn't bundle nonfree software, depend on it, etc, by reusing all the work that went into packaging it in other FSDG distributions. | ||
+ | * Build Replicant (it needs specific versions of GNU/Linux distributions) | ||
+ | * Getting FSDG compliant environments packaged by Debian (like Freedombox, or the Android SDK) by getting it from PureOS. | ||
+ | * Supporting more distributions (through semi-automatic installations) in an FSDG hosting environment (where administrators can maintain their own VM with the FSDG distribution of their choice) | ||
== Cross bootstrap distros table == | == Cross bootstrap distros table == | ||
Line 10: | Line 18: | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
| colspan=2 rowspan=2 | | | colspan=2 rowspan=2 | | ||
− | ! colspan= | + | ! colspan=15 |Hosts |
|- <!-- All the hosts are listed below --> | |- <!-- All the hosts are listed below --> | ||
− | ! | + | ! Guix for x86_64-linux |
+ | ! Hyperbola i686 | ||
! Hyperbola x86_64 | ! Hyperbola x86_64 | ||
! Parabola armv7h | ! Parabola armv7h | ||
! Parabola i686 | ! Parabola i686 | ||
! Parabola x86_64 | ! Parabola x86_64 | ||
− | ! | + | ! PureOS 10.0 (byzantium) aarch64 |
− | ! | + | ! PureOS 10.0 (byzantium) x86_64 |
+ | ! Trisquel 10 (Nabia) x86_64 | ||
+ | ! Trisquel 11 (Aramo) amd64 | ||
+ | ! Trisquel 11 (Aramo) arm64 | ||
+ | ! Trisquel 11 (Aramo) armhf | ||
+ | ! Trisquel 11 (Aramo) ppc64el | ||
|- | |- | ||
− | ! rowspan= | + | ! rowspan=15 | Targets |
− | ! Guix | + | ! Guix for x86_64-linux |
− | | {{Yes|guix | + | | {{Yes|{{DistroPackage|guix|guix}} package}} |
− | | | + | | {{No|Manual install only}} |
− | | {{Yes|guix installer | + | | {{No|Manual install only}} |
− | | {{Yes|guix installer | + | | {{Yes|{{DistroPackage|parabola|guix}} 1.4.0 and {{DistroPackage|parabola|guix-installer}} 1.4.0 packages}} |
− | | {{Yes|guix | + | | {{Yes|{{DistroPackage|parabola|guix}} 1.4.0 and {{DistroPackage|parabola|guix-installer}} 1.4.0 packages}} |
− | | Manual install only | + | | {{Yes|{{DistroPackage|parabola|guix}} 1.4.0 and {{DistroPackage|parabola|guix-installer}} 1.4.0 packages}} |
− | | | + | | {{Yes|guix package}}<ref name="guix-package">PureOS 10.0 (byzantium) and Trisquel 11 (aramo) now have a guix package</ref> |
+ | | {{Yes|guix 1.2.0 package}}<ref name="guix-package"></ref> | ||
+ | | {{No|Manual install only}} | ||
+ | | {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}} | ||
+ | | {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}} | ||
+ | | {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}} | ||
+ | | {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}} | ||
+ | |- | ||
+ | ! Hyperbola i686 | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{Yes|pacstrap}} | ||
+ | | {{Yes|pacstrap}} | ||
+ | | {{No|missing qemu-user-static}} | ||
+ | | {{Yes|pacstrap + hyperbola-* packages}} | ||
+ | | {{Yes|pacstrap + hyperbola-* packages}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
|- | |- | ||
! Hyperbola x86_64 | ! Hyperbola x86_64 | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing qemu-user-static}} | ||
+ | | {{Yes|pacstrap}} | ||
+ | | {{No|missing qemu-user-static}} | ||
+ | | {{Yes|pacstrap + hyperbola-* packages + qemu-user-static}} | ||
+ | | {{Yes|pacstrap + hyperbola-* packages}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
|- | |- | ||
! Parabola armv7h | ! Parabola armv7h | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
− | | | + | | {{No|missing qemu-user-static + keyring + configs}} |
+ | | {{No|missing qemu-user-static + keyring + configs}} | ||
| {{Yes|pacstrap}} | | {{Yes|pacstrap}} | ||
− | | {{Yes|pacstrap + archlinux-arm-keyring}} | + | | {{Yes|pacstrap + archlinux-arm-keyring + qemu-user-static}} |
− | | {{Yes|pacstrap + archlinux-arm-keyring}} | + | | {{Yes|pacstrap + archlinux-arm-keyring + qemu-user-static}} |
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
Line 43: | Line 97: | ||
! Parabola i686 | ! Parabola i686 | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
− | | | + | | {{No|manual with pacstrap: missing keyring + configs}} |
− | | {{No| | + | | {{No|manual with pacstrap: missing keyring + configs}} |
− | | {{Yes}} | + | | {{No|missing qemu-user-static}} |
+ | | {{Yes|pacstrap}} | ||
| {{Yes|pacstrap + archlinux32-keyring}} | | {{Yes|pacstrap + archlinux32-keyring}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
Line 52: | Line 112: | ||
! Parabola x86_64 | ! Parabola x86_64 | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
− | | | + | | {{No|missing qemu-user-static + keyring + configs}} |
− | | {{No| | + | | {{No|manual with pacstrap: missing keyring + configs}} |
− | | | + | | {{No|missing qemu-user-static}} |
+ | | {{Yes|pacstrap + qemu-user-static}} | ||
| {{Yes|pacstrap}} | | {{Yes|pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
+ | | {{No|missing pacstrap}} | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
| {{No|missing pacstrap}} | | {{No|missing pacstrap}} | ||
|- | |- | ||
− | ! | + | ! PureOS 9.0 (amber) aarch64 |
+ | | Needs testing (with debootstrap and qemu:static) | ||
+ | | {{No|missing debootstrap}} | ||
+ | | {{No|missing debootstrap}} | ||
+ | | {{No|Can't run --second-stage: missing qemu-user-static}} | ||
+ | | {{Yes|deboostrap --foreign + pureos-archive-keyring + qemu-user-static}} | ||
+ | | {{Yes|deboostrap --foreign + pureos-archive-keyring + qemu-user-static}} | ||
+ | | {{Yes|debootstrap}} | ||
+ | | {{Yes|debootstrap --foreign + qemu-user-static}} | ||
| {{No|missing support in debootstrap + missing keyring?}} | | {{No|missing support in debootstrap + missing keyring?}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | |- | ||
+ | ! PureOS 9.0 (amber) x86_64 | ||
+ | | Needs testing (with debootstrap).<ref name="debootstrap-guix-pureos">{{DistroPackage|guix|debootstrap}} now supports PureOS and automatically pulls the {{DistroPackage|guix|pureos-archive-keyring}} dependency. Tested with PureOS byzantium when sending the patch for that in Guix.</ref> | ||
+ | | {{No|missing debootstrap}} | ||
+ | | {{No|missing debootstrap}} | ||
+ | | {{No|Can't run --second-stage: missing qemu-user-static}} | ||
+ | | {{Yes|deboostrap --foreign + pureos-archive-keyring + qemu-user-static}} | ||
+ | | {{Yes|deboostrap + pureos-archive-keyring}} | ||
+ | | {{Yes|debootstrap --foreign + qemu-user-static}} | ||
+ | | {{Yes|debootstrap}} | ||
+ | | {{No|missing support in debootstrap + missing keyring?}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | |- | ||
+ | ! PureOS 10 (byzantium) aarch64 | ||
+ | | Needs testing (with debootstrap and qemu:static) | ||
| | | | ||
− | | ? | + | | |
+ | | | ||
+ | | | ||
+ | | {{Yes|debootstrap --foreign + qemu-user-static}}<ref>Tested on Parabola x86_64.</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | ! PureOS 10.0 (byzantium) x86_64 | ||
+ | | {{yes|debootstrap}}<ref name="debootstrap-guix-pureos"></ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | {{Yes|deboostrap + pureos-archive-keyring}}<ref>Tested on Parabola x86_64.</ref> | ||
+ | | | ||
+ | | {{Yes|deboostrap + pureos-archive-keyring}}<ref>Tested inside a byzantium chroot inside Parabola x86_64.</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | ! Trisquel 10 (Nabia) x86_64 | ||
+ | | Needs testing (with debootstrap).<ref name="debootstrap-guix-trisquel">{{DistroPackage|guix|debootstrap}} now supports Trisquel and automatically pulls the trisquel-keyring dependency. Tested with Trisquel 11 when sending the patch for that in Guix.</ref> | ||
+ | | {{No|missing debootstrap}} | ||
+ | | {{No|missing debootstrap}} | ||
+ | | | ||
+ | | | ||
+ | | {{yes|debootstrap + trisquel-keyring}}<ref>Tested with debootstrap nabia rootfs https://archive.trisquel.info/trisquel on Parabola x86_64.</ref> | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{No|missing support in debootstrap + missing keyring}} | ||
+ | | {{yes|debootstrap (+ some keyring?)}} | ||
| {{Yes|debootstrap + trisquel-keyring}} | | {{Yes|debootstrap + trisquel-keyring}} | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | ! Trisquel 11 (Aramo) amd64 | ||
+ | | {{yes|debootstrap}}<ref name="debootstrap-guix-trisquel"></ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | {{yes|debootstrap + trisquel-keyring}}<ref>Tested with debootstrap aramo trisquel-11 https://archive.trisquel.info/trisquel on Parabola x86_64</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
| {{Yes|debootstrap + trisquel-keyring}} | | {{Yes|debootstrap + trisquel-keyring}} | ||
− | | | + | | |
− | | | + | | |
+ | | | ||
|- | |- | ||
− | ! Trisquel | + | ! Trisquel 11 (Aramo) arm64 |
− | | {{No|missing | + | | Needs testing (with debootstrap and qemu:static) |
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | {{yes|deboostrap --foreign + trisquel-keyring + qemu-user-static}}<ref>Tested under Parabola x86_64 by running 'debootstrap --foreign --arch arm64 aramo rootfs' and 'cp /usr/bin/qemu-aarch64-static rootfs' and 'LANG=C.UTF-8 chroot trisquel-11-arm64 qemu-aarch64-static /bin/bash' and '/debootstrap/debootstrap --second-stage' inside the chroot</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |||
+ | |- | ||
+ | ! Trisquel 11 (Aramo) armhf | ||
+ | | {{yes|debootstrap + qemu:static + small tweaks}}<ref>Tested with the [[Group:Hardware/FSDG_distributions/Trisquel|Hardware/FSDG_distributions/Trisquel]] tutorial with 'etiona' replaced by 'aramo', up to the '/debootstrap/debootstrap --second-stage' (included). The tweaks are mentioned in the tutorial.</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | {{yes|deboostrap --foreign + trisquel-keyring + qemu-user-static}}<ref>Tested on Parabola x86_64 by following [[Group:Hardware/FSDG_distributions/Trisquel#How_to_install_Trisquel_10_.28etiona.29_on_32bit_ARM_SBCs]] with aramo instead of etiona. Only the first and second stage deboostrap were done though (I didn't create a loop device, etc).</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | ! Trisquel 11 (Aramo) ppc64el | ||
+ | | Needs testing (with debootstrap and qemu:static) | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | {{No|missing qemu-ppc64el-static}}<ref>Parabola has qemu-ppc64le-static, qemu-ppc64-static, qemu-ppc-static but none of them work for chrooting inside the ppc64el chroot.</ref> | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |- | ||
+ | | colspan=2 rowspan=2 | | ||
+ | ! Guix for x86_64-linux | ||
+ | ! Hyperbola i686 | ||
+ | ! Hyperbola x86_64 | ||
+ | ! Parabola armv7h | ||
+ | ! Parabola i686 | ||
+ | ! Parabola x86_64 | ||
+ | ! PureOS 10.0 (byzantium) aarch64 | ||
+ | ! PureOS 10.0 (byzantium) x86_64 | ||
+ | ! Trisquel 10 (Nabia) x86_64 | ||
+ | ! Trisquel 11 (Aramo) aarch64 | ||
+ | ! Trisquel 11 (Aramo) x86_64 | ||
+ | ! Trisquel 11 (Aramo) armhf | ||
+ | ! Trisquel 11 (Aramo) ppc64el | ||
+ | |- | ||
+ | ! colspan=15 |Hosts | ||
+ | |} | ||
+ | |||
+ | == More precise guix status == | ||
+ | |||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! rowspan=2 | Distribution Package / installation method | ||
+ | ! colspan=2 | Default substitute server provided by the package | ||
+ | ! colspan=2 | Security fixes | ||
+ | ! rowspan=2 | /etc/guix/acl permissions | ||
+ | |- | ||
+ | ! ci.guix.gnu.org | ||
+ | ! bordeaux.guix.gnu.org | ||
+ | ! [https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/ Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)] | ||
+ | ! [https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ Build User Takeover Vulnerability] | ||
+ | |- | ||
+ | ! guix system | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | | -r--r--r-- 1 root root | ||
+ | |- | ||
+ | ! guix-install.sh | ||
+ | | colspan=2 | User setting during installation | ||
+ | | | ||
| | | | ||
− | | | + | | -rw------- 1 root root |
− | | {{ | + | |- |
− | | {{ | + | ! Parabola |
− | | {{yes| | + | | colspan=2 | None |
− | | {{yes| | + | | {{no|Vulnerable}}<ref name="parabola-guix-package-issue">Currently the Parabola Guix package doesn't build anymore. This needs to be fixed in order to apply the security fixes.</ref> |
+ | | {{no|Vulnerable}}<ref name="parabola-guix-package-issue"></ref> | ||
+ | |- | ||
+ | ! PureOS 10.0 (byzantium) | ||
+ | | {{yes}} | ||
+ | | {{no}} | ||
+ | | {{yes|Safe}} | ||
+ | | {{no|Vulnerable}} | ||
+ | | -rw-r--r-- 1 root root | ||
+ | |- | ||
+ | ! Trisquel 11.0 (nabia) | ||
+ | | {{yes}} | ||
+ | | {{no}} | ||
+ | | {{yes|Safe}} | ||
+ | | {{yes|Safe}} | ||
+ | | -rw------- 1 root root | ||
+ | |- | ||
|} | |} | ||
+ | |||
+ | == References == | ||
+ | <references /> |
Latest revision as of 16:54, 27 October 2024
Contents
Introduction
In some cases, users and developers might need to install an FSDG distribution from another one.
This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution.
The criteria for being OK / green are very subjective:
- The installation needs to be somehow automated (debootstrap / pacstrap)
- Signature needs to be checked
Use cases
- Using software not available in the distribution you use, while making sure it doesn't bundle nonfree software, depend on it, etc, by reusing all the work that went into packaging it in other FSDG distributions.
- Build Replicant (it needs specific versions of GNU/Linux distributions)
- Getting FSDG compliant environments packaged by Debian (like Freedombox, or the Android SDK) by getting it from PureOS.
- Supporting more distributions (through semi-automatic installations) in an FSDG hosting environment (where administrators can maintain their own VM with the FSDG distribution of their choice)
Cross bootstrap distros table
Hosts | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Guix for x86_64-linux | Hyperbola i686 | Hyperbola x86_64 | Parabola armv7h | Parabola i686 | Parabola x86_64 | PureOS 10.0 (byzantium) aarch64 | PureOS 10.0 (byzantium) x86_64 | Trisquel 10 (Nabia) x86_64 | Trisquel 11 (Aramo) amd64 | Trisquel 11 (Aramo) arm64 | Trisquel 11 (Aramo) armhf | Trisquel 11 (Aramo) ppc64el | ||||
Targets | Guix for x86_64-linux |
guix package |
Manual install only | Manual install only |
guix 1.4.0 and guix-installer 1.4.0 packages |
guix 1.4.0 and guix-installer 1.4.0 packages |
guix 1.4.0 and guix-installer 1.4.0 packages |
guix package[1] | guix 1.2.0 package[1] | Manual install only |
guix 1.3.0 package |
guix 1.3.0 package |
guix 1.3.0 package |
guix 1.3.0 package |
||
Hyperbola i686 | missing pacstrap | pacstrap | pacstrap | missing qemu-user-static | pacstrap + hyperbola-* packages | pacstrap + hyperbola-* packages | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | |||
Hyperbola x86_64 | missing pacstrap | missing qemu-user-static | pacstrap | missing qemu-user-static | pacstrap + hyperbola-* packages + qemu-user-static | pacstrap + hyperbola-* packages | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | |||
Parabola armv7h | missing pacstrap | missing qemu-user-static + keyring + configs | missing qemu-user-static + keyring + configs | pacstrap | pacstrap + archlinux-arm-keyring + qemu-user-static | pacstrap + archlinux-arm-keyring + qemu-user-static | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | |||
Parabola i686 | missing pacstrap | manual with pacstrap: missing keyring + configs | manual with pacstrap: missing keyring + configs | missing qemu-user-static | pacstrap | pacstrap + archlinux32-keyring | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | |||
Parabola x86_64 | missing pacstrap | missing qemu-user-static + keyring + configs | manual with pacstrap: missing keyring + configs | missing qemu-user-static | pacstrap + qemu-user-static | pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | missing pacstrap | |||
PureOS 9.0 (amber) aarch64 | Needs testing (with debootstrap and qemu:static) | missing debootstrap | missing debootstrap | Can't run --second-stage: missing qemu-user-static | deboostrap --foreign + pureos-archive-keyring + qemu-user-static | deboostrap --foreign + pureos-archive-keyring + qemu-user-static | debootstrap | debootstrap --foreign + qemu-user-static | missing support in debootstrap + missing keyring? | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | |||
PureOS 9.0 (amber) x86_64 | Needs testing (with debootstrap).[2] | missing debootstrap | missing debootstrap | Can't run --second-stage: missing qemu-user-static | deboostrap --foreign + pureos-archive-keyring + qemu-user-static | deboostrap + pureos-archive-keyring | debootstrap --foreign + qemu-user-static | debootstrap | missing support in debootstrap + missing keyring? | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | |||
PureOS 10 (byzantium) aarch64 | Needs testing (with debootstrap and qemu:static) | debootstrap --foreign + qemu-user-static[3] | ||||||||||||||
PureOS 10.0 (byzantium) x86_64 | debootstrap[2] | deboostrap + pureos-archive-keyring[4] | deboostrap + pureos-archive-keyring[5] | |||||||||||||
Trisquel 10 (Nabia) x86_64 | Needs testing (with debootstrap).[6] | missing debootstrap | missing debootstrap | debootstrap + trisquel-keyring[7] | missing support in debootstrap + missing keyring | missing support in debootstrap + missing keyring | debootstrap (+ some keyring?) | debootstrap + trisquel-keyring | ||||||||
Trisquel 11 (Aramo) amd64 | debootstrap[6] | debootstrap + trisquel-keyring[8] | debootstrap + trisquel-keyring | |||||||||||||
Trisquel 11 (Aramo) arm64 | Needs testing (with debootstrap and qemu:static) | deboostrap --foreign + trisquel-keyring + qemu-user-static[9] | ||||||||||||||
Trisquel 11 (Aramo) armhf | debootstrap + qemu:static + small tweaks[10] | deboostrap --foreign + trisquel-keyring + qemu-user-static[11] | ||||||||||||||
Trisquel 11 (Aramo) ppc64el | Needs testing (with debootstrap and qemu:static) | missing qemu-ppc64el-static[12] | ||||||||||||||
Guix for x86_64-linux | Hyperbola i686 | Hyperbola x86_64 | Parabola armv7h | Parabola i686 | Parabola x86_64 | PureOS 10.0 (byzantium) aarch64 | PureOS 10.0 (byzantium) x86_64 | Trisquel 10 (Nabia) x86_64 | Trisquel 11 (Aramo) aarch64 | Trisquel 11 (Aramo) x86_64 | Trisquel 11 (Aramo) armhf | Trisquel 11 (Aramo) ppc64el | ||||
Hosts |
More precise guix status
Distribution Package / installation method | Default substitute server provided by the package | Security fixes | /etc/guix/acl permissions | ||
---|---|---|---|---|---|
ci.guix.gnu.org | bordeaux.guix.gnu.org | Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297) | Build User Takeover Vulnerability | ||
guix system | -r--r--r-- 1 root root | ||||
guix-install.sh | User setting during installation | -rw------- 1 root root | |||
Parabola | None | Vulnerable[13] | Vulnerable[13] | ||
PureOS 10.0 (byzantium) | Yes | No | Safe | Vulnerable | -rw-r--r-- 1 root root |
Trisquel 11.0 (nabia) | Yes | No | Safe | Safe | -rw------- 1 root root |
References
- ↑ 1.01.1 PureOS 10.0 (byzantium) and Trisquel 11 (aramo) now have a guix package
- ↑ 2.02.1 debootstrap now supports PureOS and automatically pulls the pureos-archive-keyring dependency. Tested with PureOS byzantium when sending the patch for that in Guix.
- ↑ Tested on Parabola x86_64.
- ↑ Tested on Parabola x86_64.
- ↑ Tested inside a byzantium chroot inside Parabola x86_64.
- ↑ 6.06.1 debootstrap now supports Trisquel and automatically pulls the trisquel-keyring dependency. Tested with Trisquel 11 when sending the patch for that in Guix.
- ↑ Tested with debootstrap nabia rootfs https://archive.trisquel.info/trisquel on Parabola x86_64.
- ↑ Tested with debootstrap aramo trisquel-11 https://archive.trisquel.info/trisquel on Parabola x86_64
- ↑ Tested under Parabola x86_64 by running 'debootstrap --foreign --arch arm64 aramo rootfs' and 'cp /usr/bin/qemu-aarch64-static rootfs' and 'LANG=C.UTF-8 chroot trisquel-11-arm64 qemu-aarch64-static /bin/bash' and '/debootstrap/debootstrap --second-stage' inside the chroot
- ↑ Tested with the Hardware/FSDG_distributions/Trisquel tutorial with 'etiona' replaced by 'aramo', up to the '/debootstrap/debootstrap --second-stage' (included). The tweaks are mentioned in the tutorial.
- ↑ Tested on Parabola x86_64 by following Group:Hardware/FSDG_distributions/Trisquel#How_to_install_Trisquel_10_.28etiona.29_on_32bit_ARM_SBCs with aramo instead of etiona. Only the first and second stage deboostrap were done though (I didn't create a loop device, etc).
- ↑ Parabola has qemu-ppc64le-static, qemu-ppc64-static, qemu-ppc-static but none of them work for chrooting inside the ppc64el chroot.
- ↑ 13.013.1 Currently the Parabola Guix package doesn't build anymore. This needs to be fixed in order to apply the security fixes.