Group: Software/FSDG distributions/CrossDistroBootstrap

From LibrePlanet
Jump to: navigation, search
(Table: add hyperbola)
(More precise guix status: Guix: test for CVE-2024-27297)
 
(98 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
In some cases, users and developers might need to install an FSDG distribution from another one.
 
In some cases, users and developers might need to install an FSDG distribution from another one.
  
For instance to build specific Replicant versions we need specific Trisquel versions.
+
This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution.
  
This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution.
+
The criteria for being OK / green are very subjective:
 +
* The installation needs to be somehow automated (debootstrap / pacstrap)
 +
* Signature needs to be checked
 +
 
 +
== Use cases ==
 +
* Using software not available in the distribution you use, while making sure it doesn't bundle nonfree software, depend on it, etc, by reusing all the work that went into packaging it in other FSDG distributions.
 +
* Build Replicant (it needs specific versions of GNU/Linux distributions)
 +
* Getting FSDG compliant environments packaged by Debian (like Freedombox, or the Android SDK) by getting it from PureOS.
 +
* Supporting more distributions (through semi-automatic installations) in an FSDG hosting environment (where administrators can maintain their own VM with the FSDG distribution of their choice)
  
 
== Cross bootstrap distros table ==
 
== Cross bootstrap distros table ==
Line 10: Line 18:
 
{| class="wikitable"  border="1"
 
{| class="wikitable"  border="1"
 
| colspan=2 rowspan=2 |
 
| colspan=2 rowspan=2 |
! colspan=7 |Hosts
+
! colspan=15 |Hosts
 
|-    <!-- All the hosts are listed below -->
 
|-    <!-- All the hosts are listed below -->
! GuixSD aarch64 / armv7h / i686 / x86_64
+
! Guix for x86_64-linux
 +
! Hyperbola i686
 
! Hyperbola x86_64
 
! Hyperbola x86_64
 
! Parabola armv7h
 
! Parabola armv7h
 
! Parabola i686
 
! Parabola i686
 
! Parabola x86_64
 
! Parabola x86_64
! Trisquel 9.0 Etiona i686
+
! PureOS 10.0 (byzantium) aarch64
! Trisquel 9.0 Etiona x86_64
+
! PureOS 10.0 (byzantium) x86_64
 +
! Trisquel 10 (Nabia) x86_64
 +
! Trisquel 11 (Aramo) amd64
 +
! Trisquel 11 (Aramo) arm64
 +
! Trisquel 11 (Aramo) armhf
 +
! Trisquel 11 (Aramo) ppc64el
 
|-
 
|-
! rowspan=7 | Targets
+
! rowspan=15 | Targets
! Guix / GuixSD / guix pack aarch64 / armv7h / i686 / x86_64
+
! Guix for x86_64-linux
| {{Yes|guix [commands]}}
+
| {{Yes|{{DistroPackage|guix|guix}} package}}
|
+
| {{No|Manual install only}}
| {{Yes|guix installer + guix [commands]}}
+
| {{No|Manual install only}}
| {{Yes|guix installer + guix [commands]}}
+
| {{Yes|{{DistroPackage|parabola|guix}} 1.4.0 and {{DistroPackage|parabola|guix-installer}} 1.4.0 packages}}
| {{Yes|guix installer + guix [commands]}}
+
| {{Yes|{{DistroPackage|parabola|guix}} 1.4.0 and {{DistroPackage|parabola|guix-installer}} 1.4.0 packages}}
| Manual install only?
+
| {{Yes|{{DistroPackage|parabola|guix}} 1.4.0 and {{DistroPackage|parabola|guix-installer}} 1.4.0 packages}}
| Manual install only?
+
| {{Yes|guix package}}<ref name="guix-package">PureOS 10.0 (byzantium) and Trisquel 11 (aramo) now have a guix package</ref>
 +
| {{Yes|guix 1.2.0 package}}<ref name="guix-package"></ref>
 +
| {{No|Manual install only}}
 +
| {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}}
 +
| {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}}
 +
| {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}}
 +
| {{Yes|{{DistroPackage|trisquel|guix}} 1.3.0 package}}
 +
|-
 +
! Hyperbola i686
 +
| {{No|missing pacstrap}}
 +
| {{Yes|pacstrap}}
 +
| {{Yes|pacstrap}}
 +
| {{No|missing qemu-user-static}}
 +
| {{Yes|pacstrap + hyperbola-* packages}}
 +
| {{Yes|pacstrap + hyperbola-* packages}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 
|-
 
|-
 
! Hyperbola x86_64
 
! Hyperbola x86_64
 +
| {{No|missing pacstrap}}
 +
| {{No|missing qemu-user-static}}
 +
| {{Yes|pacstrap}}
 +
| {{No|missing qemu-user-static}}
 +
| {{Yes|pacstrap + hyperbola-* packages + qemu-user-static}}
 +
| {{Yes|pacstrap + hyperbola-* packages}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 
|-
 
|-
 
! Parabola armv7h
 
! Parabola armv7h
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
|
+
| {{No|missing qemu-user-static + keyring + configs}}
 +
| {{No|missing qemu-user-static + keyring + configs}}
 
| {{Yes|pacstrap}}
 
| {{Yes|pacstrap}}
| {{Yes|pacstrap + archlinux-arm-keyring}}
+
| {{Yes|pacstrap + archlinux-arm-keyring + qemu-user-static}}
| {{Yes|pacstrap + archlinux-arm-keyring}}
+
| {{Yes|pacstrap + archlinux-arm-keyring + qemu-user-static}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
Line 43: Line 97:
 
! Parabola i686
 
! Parabola i686
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
|
+
| {{No|manual with pacstrap: missing keyring + configs}}
| {{No|Requires packaging qemu-user-static}}
+
| {{No|manual with pacstrap: missing keyring + configs}}
| {{Yes}}
+
| {{No|missing qemu-user-static}}
 +
| {{Yes|pacstrap}}
 
| {{Yes|pacstrap + archlinux32-keyring}}
 
| {{Yes|pacstrap + archlinux32-keyring}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
Line 52: Line 112:
 
! Parabola x86_64
 
! Parabola x86_64
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
|
+
| {{No|missing qemu-user-static + keyring + configs}}
| {{No|Requires packaging qemu-user-static}}
+
| {{No|manual with pacstrap: missing keyring + configs}}
| ?
+
| {{No|missing qemu-user-static}}
 +
| {{Yes|pacstrap + qemu-user-static}}
 
| {{Yes|pacstrap}}
 
| {{Yes|pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 +
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
| {{No|missing pacstrap}}
 
|-
 
|-
! Trisquel 9.0 Etiona i686
+
! PureOS 9.0 (amber) aarch64
 +
| Needs testing (with debootstrap and qemu:static)
 +
| {{No|missing debootstrap}}
 +
| {{No|missing debootstrap}}
 +
| {{No|Can't run --second-stage: missing qemu-user-static}}
 +
| {{Yes|deboostrap --foreign + pureos-archive-keyring + qemu-user-static}}
 +
| {{Yes|deboostrap --foreign + pureos-archive-keyring + qemu-user-static}}
 +
| {{Yes|debootstrap}}
 +
| {{Yes|debootstrap --foreign + qemu-user-static}}
 
| {{No|missing support in debootstrap + missing keyring?}}
 
| {{No|missing support in debootstrap + missing keyring?}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
|-
 +
! PureOS 9.0 (amber) x86_64
 +
| Needs testing (with debootstrap).<ref name="debootstrap-guix-pureos">{{DistroPackage|guix|debootstrap}} now supports PureOS and automatically pulls the {{DistroPackage|guix|pureos-archive-keyring}} dependency. Tested with PureOS byzantium when sending the patch for that in Guix.</ref>
 +
| {{No|missing debootstrap}}
 +
| {{No|missing debootstrap}}
 +
| {{No|Can't run --second-stage: missing qemu-user-static}}
 +
| {{Yes|deboostrap --foreign + pureos-archive-keyring + qemu-user-static}}
 +
| {{Yes|deboostrap + pureos-archive-keyring}}
 +
| {{Yes|debootstrap --foreign + qemu-user-static}}
 +
| {{Yes|debootstrap}}
 +
| {{No|missing support in debootstrap + missing keyring?}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
|-
 +
! PureOS 10 (byzantium) aarch64
 +
| Needs testing (with debootstrap and qemu:static)
 
|
 
|
| ?
+
|
 +
|
 +
|
 +
| {{Yes|debootstrap --foreign + qemu-user-static}}<ref>Tested on Parabola x86_64.</ref>
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
! PureOS 10.0 (byzantium) x86_64
 +
| {{yes|debootstrap}}<ref name="debootstrap-guix-pureos"></ref>
 +
|
 +
|
 +
|
 +
|
 +
| {{Yes|deboostrap + pureos-archive-keyring}}<ref>Tested on Parabola x86_64.</ref>
 +
|
 +
| {{Yes|deboostrap + pureos-archive-keyring}}<ref>Tested inside a byzantium chroot inside Parabola x86_64.</ref>
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
! Trisquel 10 (Nabia) x86_64
 +
| Needs testing (with debootstrap).<ref name="debootstrap-guix-trisquel">{{DistroPackage|guix|debootstrap}} now supports Trisquel and automatically pulls the trisquel-keyring dependency. Tested with Trisquel 11 when sending the patch for that in Guix.</ref>
 +
| {{No|missing debootstrap}}
 +
| {{No|missing debootstrap}}
 +
|
 +
|
 +
| {{yes|debootstrap + trisquel-keyring}}<ref>Tested with debootstrap nabia rootfs https://archive.trisquel.info/trisquel on Parabola x86_64.</ref>
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{No|missing support in debootstrap + missing keyring}}
 +
| {{yes|debootstrap (+ some keyring?)}}
 
| {{Yes|debootstrap + trisquel-keyring}}
 
| {{Yes|debootstrap + trisquel-keyring}}
 +
|
 +
|
 +
|
 +
|-
 +
! Trisquel 11 (Aramo) amd64
 +
| {{yes|debootstrap}}<ref name="debootstrap-guix-trisquel"></ref>
 +
|
 +
|
 +
|
 +
|
 +
| {{yes|debootstrap + trisquel-keyring}}<ref>Tested with debootstrap aramo trisquel-11 https://archive.trisquel.info/trisquel on Parabola x86_64</ref>
 +
|
 +
|
 +
|
 
| {{Yes|debootstrap + trisquel-keyring}}
 
| {{Yes|debootstrap + trisquel-keyring}}
| {{yes|debootstrap + some keyring?}}
+
|
| {{yes|debootstrap + some keeyring?}}
+
|
 +
|
 
|-
 
|-
! Trisquel 9.0 Etiona x86_64
+
! Trisquel 11 (Aramo) arm64
| {{No|missing support in debootstrap + missing keyring?}}
+
| Needs testing (with debootstrap and qemu:static)
 +
|
 +
|
 +
|
 +
|
 +
| {{yes|deboostrap --foreign + trisquel-keyring + qemu-user-static}}<ref>Tested under Parabola x86_64 by running 'debootstrap --foreign --arch arm64 aramo rootfs' and 'cp /usr/bin/qemu-aarch64-static rootfs' and 'LANG=C.UTF-8 chroot trisquel-11-arm64 qemu-aarch64-static /bin/bash' and '/debootstrap/debootstrap --second-stage' inside the chroot</ref>
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
 
 +
|-
 +
! Trisquel 11 (Aramo) armhf
 +
| {{yes|debootstrap + qemu:static + small tweaks}}<ref>Tested with the [[Group:Hardware/FSDG_distributions/Trisquel|Hardware/FSDG_distributions/Trisquel]] tutorial with 'etiona' replaced by 'aramo', up to the '/debootstrap/debootstrap --second-stage' (included). The tweaks are mentioned in the tutorial.</ref>
 +
|
 +
|
 +
|
 +
|
 +
| {{yes|deboostrap --foreign + trisquel-keyring + qemu-user-static}}<ref>Tested on Parabola x86_64 by following [[Group:Hardware/FSDG_distributions/Trisquel#How_to_install_Trisquel_10_.28etiona.29_on_32bit_ARM_SBCs]] with aramo instead of etiona. Only the first and second stage deboostrap were done though (I didn't create a loop device, etc).</ref>
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
! Trisquel 11 (Aramo) ppc64el
 +
| Needs testing (with debootstrap and qemu:static)
 +
|
 +
|
 +
|
 +
|
 +
| {{No|missing qemu-ppc64el-static}}<ref>Parabola has qemu-ppc64le-static, qemu-ppc64-static, qemu-ppc-static but none of them work for chrooting inside the ppc64el chroot.</ref>
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|
 +
|-
 +
| colspan=2 rowspan=2 |
 +
! Guix for x86_64-linux
 +
! Hyperbola i686
 +
! Hyperbola x86_64
 +
! Parabola armv7h
 +
! Parabola i686
 +
! Parabola x86_64
 +
! PureOS 10.0 (byzantium) aarch64
 +
! PureOS 10.0 (byzantium) x86_64
 +
! Trisquel 10 (Nabia) x86_64
 +
! Trisquel 11 (Aramo) aarch64
 +
! Trisquel 11 (Aramo) x86_64
 +
! Trisquel 11 (Aramo) armhf
 +
! Trisquel 11 (Aramo) ppc64el
 +
|-
 +
! colspan=15 |Hosts
 +
|}
 +
 
 +
== More precise guix status ==
 +
 
 +
{| class="wikitable"  border="1"
 +
|-
 +
! rowspan=2 | Distribution Package / installation method
 +
! colspan=2 | Default substitute server provided by the package
 +
! colspan=2 | Security fixes
 +
! rowspan=2 | /etc/guix/acl permissions
 +
|-
 +
! ci.guix.gnu.org
 +
! bordeaux.guix.gnu.org
 +
! [https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/ Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)]
 +
! [https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ Build User Takeover Vulnerability]
 +
|-
 +
! guix system
 +
|
 +
|
 +
|
 +
|
 +
| -r--r--r-- 1 root root
 +
|-
 +
! guix-install.sh
 +
| colspan=2 | User setting during installation
 +
|
 
|
 
|
| ?
+
| -rw------- 1 root root
| {{Yes|debootstrap --foreign + trisquel-keyring}}
+
|-
| {{Yes|debootstrap + trisquel-keyring}}
+
! Parabola
| {{yes|debootstrap --foreign + some keyring?}}
+
| colspan=2 | None
| {{yes|debootstrap + some keeyring?}}
+
| {{no|Vulnerable}}<ref name="parabola-guix-package-issue">Currently the Parabola Guix package doesn't build anymore. This needs to be fixed in order to apply the security fixes.</ref>
 +
| {{no|Vulnerable}}<ref name="parabola-guix-package-issue"></ref>
 +
|-
 +
! PureOS 10.0 (byzantium)
 +
| {{yes}}
 +
| {{no}}
 +
| {{yes|Safe}}
 +
| {{no|Vulnerable}}
 +
| -rw-r--r-- 1 root root
 +
|-
 +
! Trisquel 11.0 (nabia)
 +
| {{yes}}
 +
| {{no}}
 +
| {{yes|Safe}}
 +
| {{yes|Safe}}
 +
| -rw------- 1 root root
 +
|-
 
|}
 
|}
 +
 +
== References ==
 +
<references />

Latest revision as of 16:54, 27 October 2024

Introduction

In some cases, users and developers might need to install an FSDG distribution from another one.

This tracks tools that can script installations of an FSDG distribution rootfs from another FSDG distribution.

The criteria for being OK / green are very subjective:

  • The installation needs to be somehow automated (debootstrap / pacstrap)
  • Signature needs to be checked

Use cases

  • Using software not available in the distribution you use, while making sure it doesn't bundle nonfree software, depend on it, etc, by reusing all the work that went into packaging it in other FSDG distributions.
  • Build Replicant (it needs specific versions of GNU/Linux distributions)
  • Getting FSDG compliant environments packaged by Debian (like Freedombox, or the Android SDK) by getting it from PureOS.
  • Supporting more distributions (through semi-automatic installations) in an FSDG hosting environment (where administrators can maintain their own VM with the FSDG distribution of their choice)

Cross bootstrap distros table

Hosts
Guix for x86_64-linux Hyperbola i686 Hyperbola x86_64 Parabola armv7h Parabola i686 Parabola x86_64 PureOS 10.0 (byzantium) aarch64 PureOS 10.0 (byzantium) x86_64 Trisquel 10 (Nabia) x86_64 Trisquel 11 (Aramo) amd64 Trisquel 11 (Aramo) arm64 Trisquel 11 (Aramo) armhf Trisquel 11 (Aramo) ppc64el
Targets Guix for x86_64-linux

guix package

Manual install only Manual install only

guix 1.4.0 and

guix-installer 1.4.0 packages

guix 1.4.0 and

guix-installer 1.4.0 packages

guix 1.4.0 and

guix-installer 1.4.0 packages

guix package[1] guix 1.2.0 package[1] Manual install only

guix 1.3.0 package

guix 1.3.0 package

guix 1.3.0 package

guix 1.3.0 package

Hyperbola i686 missing pacstrap pacstrap pacstrap missing qemu-user-static pacstrap + hyperbola-* packages pacstrap + hyperbola-* packages missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Hyperbola x86_64 missing pacstrap missing qemu-user-static pacstrap missing qemu-user-static pacstrap + hyperbola-* packages + qemu-user-static pacstrap + hyperbola-* packages missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola armv7h missing pacstrap missing qemu-user-static + keyring + configs missing qemu-user-static + keyring + configs pacstrap pacstrap + archlinux-arm-keyring + qemu-user-static pacstrap + archlinux-arm-keyring + qemu-user-static missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola i686 missing pacstrap manual with pacstrap: missing keyring + configs manual with pacstrap: missing keyring + configs missing qemu-user-static pacstrap pacstrap + archlinux32-keyring missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
Parabola x86_64 missing pacstrap missing qemu-user-static + keyring + configs manual with pacstrap: missing keyring + configs missing qemu-user-static pacstrap + qemu-user-static pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap missing pacstrap
PureOS 9.0 (amber) aarch64 Needs testing (with debootstrap and qemu:static) missing debootstrap missing debootstrap Can't run --second-stage: missing qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static debootstrap debootstrap --foreign + qemu-user-static missing support in debootstrap + missing keyring? missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring
PureOS 9.0 (amber) x86_64 Needs testing (with debootstrap).[2] missing debootstrap missing debootstrap Can't run --second-stage: missing qemu-user-static deboostrap --foreign + pureos-archive-keyring + qemu-user-static deboostrap + pureos-archive-keyring debootstrap --foreign + qemu-user-static debootstrap missing support in debootstrap + missing keyring? missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring
PureOS 10 (byzantium) aarch64 Needs testing (with debootstrap and qemu:static) debootstrap --foreign + qemu-user-static[3]
PureOS 10.0 (byzantium) x86_64 debootstrap[2] deboostrap + pureos-archive-keyring[4] deboostrap + pureos-archive-keyring[5]
Trisquel 10 (Nabia) x86_64 Needs testing (with debootstrap).[6] missing debootstrap missing debootstrap debootstrap + trisquel-keyring[7] missing support in debootstrap + missing keyring missing support in debootstrap + missing keyring debootstrap (+ some keyring?) debootstrap + trisquel-keyring
Trisquel 11 (Aramo) amd64 debootstrap[6] debootstrap + trisquel-keyring[8] debootstrap + trisquel-keyring
Trisquel 11 (Aramo) arm64 Needs testing (with debootstrap and qemu:static) deboostrap --foreign + trisquel-keyring + qemu-user-static[9]
Trisquel 11 (Aramo) armhf debootstrap + qemu:static + small tweaks[10] deboostrap --foreign + trisquel-keyring + qemu-user-static[11]
Trisquel 11 (Aramo) ppc64el Needs testing (with debootstrap and qemu:static) missing qemu-ppc64el-static[12]
Guix for x86_64-linux Hyperbola i686 Hyperbola x86_64 Parabola armv7h Parabola i686 Parabola x86_64 PureOS 10.0 (byzantium) aarch64 PureOS 10.0 (byzantium) x86_64 Trisquel 10 (Nabia) x86_64 Trisquel 11 (Aramo) aarch64 Trisquel 11 (Aramo) x86_64 Trisquel 11 (Aramo) armhf Trisquel 11 (Aramo) ppc64el
Hosts

More precise guix status

Distribution Package / installation method Default substitute server provided by the package Security fixes /etc/guix/acl permissions
ci.guix.gnu.org bordeaux.guix.gnu.org Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297) Build User Takeover Vulnerability
guix system -r--r--r-- 1 root root
guix-install.sh User setting during installation -rw------- 1 root root
Parabola None Vulnerable[13] Vulnerable[13]
PureOS 10.0 (byzantium) Yes No Safe Vulnerable -rw-r--r-- 1 root root
Trisquel 11.0 (nabia) Yes No Safe Safe -rw------- 1 root root

References

  1. 1.01.1 PureOS 10.0 (byzantium) and Trisquel 11 (aramo) now have a guix package
  2. 2.02.1 debootstrap now supports PureOS and automatically pulls the pureos-archive-keyring dependency. Tested with PureOS byzantium when sending the patch for that in Guix.
  3. Tested on Parabola x86_64.
  4. Tested on Parabola x86_64.
  5. Tested inside a byzantium chroot inside Parabola x86_64.
  6. 6.06.1 debootstrap now supports Trisquel and automatically pulls the trisquel-keyring dependency. Tested with Trisquel 11 when sending the patch for that in Guix.
  7. Tested with debootstrap nabia rootfs https://archive.trisquel.info/trisquel on Parabola x86_64.
  8. Tested with debootstrap aramo trisquel-11 https://archive.trisquel.info/trisquel on Parabola x86_64
  9. Tested under Parabola x86_64 by running 'debootstrap --foreign --arch arm64 aramo rootfs' and 'cp /usr/bin/qemu-aarch64-static rootfs' and 'LANG=C.UTF-8 chroot trisquel-11-arm64 qemu-aarch64-static /bin/bash' and '/debootstrap/debootstrap --second-stage' inside the chroot
  10. Tested with the Hardware/FSDG_distributions/Trisquel tutorial with 'etiona' replaced by 'aramo', up to the '/debootstrap/debootstrap --second-stage' (included). The tweaks are mentioned in the tutorial.
  11. Tested on Parabola x86_64 by following Group:Hardware/FSDG_distributions/Trisquel#How_to_install_Trisquel_10_.28etiona.29_on_32bit_ARM_SBCs with aramo instead of etiona. Only the first and second stage deboostrap were done though (I didn't create a loop device, etc).
  12. Parabola has qemu-ppc64le-static, qemu-ppc64-static, qemu-ppc-static but none of them work for chrooting inside the ppc64el chroot.
  13. 13.013.1 Currently the Parabola Guix package doesn't build anymore. This needs to be fixed in order to apply the security fixes.