Bootstrapable Builds
   HOME





Bootstrapable Builds
Bootstrappable builds, a process of compiling software that doesn't depend on (compiler) binaries that aren't built from source by this process. This process can protect against compiler backdoors: if the build process doesn't depend on binary code that is difficult to audit, then a compiler backdoor cannot be hidden in compiler binaries anymore. Methods A way to tackle the issue for a Software distributions is to reduce the size of the binaries used to bootstrap the distribution until there are not needed anymore or that the size is small enough to be easily reviewed by humans. Many compilers for various programming languages are written in the language they target. For instance the official Go (programming language), Go compiler(gc) is written in Go. So without alternatives compilers compiler like GNU Compiler Collection, GCC that are written in another programming language (here in C and C++) the go compiler would require a binary of a previous version of the go compiler bina ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Compiling
In computing, a compiler is a computer program that translates computer code written in one programming language (the ''source'' language) into another language (the ''target'' language). The name "compiler" is primarily used for programs that translate source code from a high-level programming language to a low-level programming language (e.g. assembly language, object code, or machine code) to create an executable program. Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman - Second Edition, 2007 There are many different types of compilers which produce output in different useful forms. A ''cross-compiler'' produces code for a different CPU or operating system than the one on which the cross-compiler itself runs. A ''bootstrap compiler'' is often a temporary compiler, used for compiling a more permanent or better optimised compiler for a language. Related software include ''decompilers'', programs that translate from low-level la ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Compiler Backdoors
A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus computer"—a tiny computer-within-a-computer such as that found in Intel's AMT technology). Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks. In the United States, the 1994 Communications Assistance for Law Enforcement Act forces internet providers to provide backdoors for government authorities. In 2024, the U.S. government realized that China had been tapping communications in the U.S. using that infrastructure for months, or perhaps longer; China recorded presidential candidate campaign offi ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Software Distribution
Software distribution is the process of delivering software to the end user. Free software distribution tools GNU Autotools are widely used for which consist of source files written in C++ and the C programming language, but are not limited to these. Commercial software distribution tools * LANDesk Management Suite provides software distribution for Windows, OS X, and Linux. * Dell KACE provides remote administration, software distribution, and software installation to any Windows, Mac, or Linux desktop or server. Distribution tools for mobile devices Distribution of software to small mobile devices such as phones, PDAs and other hand-held terminals is a particular challenge due to their inconsistent connection to the Internet. Some tools that cater to this category of devices are: * Sybase iAnywhere Afaria See also *Provisioning (technology) In telecommunications, provisioning involves the process of preparing and equipping a network to allow it to provide new servi ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Go (programming Language)
Go is a high-level programming language, high-level general purpose programming language that is static typing, statically typed and compiled language, compiled. It is known for the simplicity of its syntax and the efficiency of development that it enables by the inclusion of a large standard library supplying many needs for common projects. It was designed at Google in 2007 by Robert Griesemer, Rob Pike, and Ken Thompson, and publicly announced in November of 2009. It is syntax (programming languages), syntactically similar to C (programming language), C, but also has memory safety, garbage collection (computer science), garbage collection, structural type system, structural typing, and communicating sequential processes, CSP-style concurrency (computer science), concurrency. It is often referred to as Golang to avoid ambiguity and because of its former domain name, golang.org, but its proper name is Go. There are two major implementations: * The original, Self-hosting (compi ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

GNU Compiler Collection
The GNU Compiler Collection (GCC) is a collection of compilers from the GNU Project that support various programming languages, Computer architecture, hardware architectures, and operating systems. The Free Software Foundation (FSF) distributes GCC as free software under the GNU General Public License (GNU GPL). GCC is a key component of the GNU toolchain which is used for most projects related to GNU and the Linux kernel. With roughly 15 million lines of code in 2019, GCC is one of the largest free programs in existence. It has played an important role in the growth of free software, as both a tool and an example. When it was first released in 1987 by Richard Stallman, GCC 1.0 was named the GNU C Compiler since it only handled the C (programming language), C programming language. It was extended to compile C++ in December of that year. Compiler#Front end, Front ends were later developed for Objective-C, Objective-C++, Fortran, Ada (programming language), Ada, Go (programming la ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Tiny C Compiler
The Tiny C Compiler, TCC, tCc, or TinyCC is a x86 (32-bits), X86-64 and ARM processor C compiler initially written by Fabrice Bellard. It is designed to work for slower computers with little disk space (e.g. on rescue disks). Windows operating system support was added in version 0.9.23 (17 June 2005). TCC is distributed under the GNU Lesser General Public License. TCC claims to implement all of ANSI C (C89/C90), much of the C99 ISO standard, and many GNU C extensions including inline assembly. Features TCC has a number of features that differentiate it from other current C compilers: * Its small file size (about 100 KB for the x86 TCC executable) and memory footprint allow it to be used directly from a single 1.44 M floppy disk, such as a rescue disk. * TCC is intended to produce native x86, x86-64 and ARM code very quickly; according to Bellard, it compiles, assembles and links about nine times faster than GCC does. As of 2023, the "mob" development branch als ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Gradle
Gradle is a build automation tool for multi-language software development. It manages tasks like compilation, packaging, testing, deployment, and publishing. Supported languages include Java (as well as JDK-based languages Kotlin, Groovy, Scala), C/ C++, and JavaScript. Gradle builds on the concepts of Apache Ant and Apache Maven, and introduces a Groovy- and Kotlin-based domain-specific language contrasted with the XML-based project configuration used by Maven. Gradle uses a directed acyclic graph to provide dependency management. The graph is used to determine the order in which tasks should be executed. Gradle runs on the Java Virtual Machine. Gradle was designed for multi-project builds, which can grow to be large. It operates based on a series of build tasks that can run serially or in parallel. Incremental builds are supported by determining the parts of the build tree that are already up to date; any task dependent only on those parts does not need to be re-exe ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Scala (programming Language)
Scala ( ) is a strongly statically typed high-level general-purpose programming language that supports both object-oriented programming and functional programming. Designed to be concise, many of Scala's design decisions are intended to address criticisms of Java. Scala source code can be compiled to Java bytecode and run on a Java virtual machine (JVM). Scala can also be transpiled to JavaScript to run in a browser, or compiled directly to a native executable. When running on the JVM, Scala provides language interoperability with Java so that libraries written in either language may be referenced directly in Scala or Java code. Like Java, Scala is object-oriented, and uses a syntax termed '' curly-brace'' which is similar to the language C. Since Scala 3, there is also an option to use the off-side rule (indenting) to structure blocks, and its use is advised. Martin Odersky has said that this turned out to be the most productive change introduced in Scala 3. Unlike J ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Proprietary Software
Proprietary software is computer software, software that grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modifying it, and—in some cases, as is the case with some patent-encumbered and EULA-bound software—from making use of the software on their own, thereby restricting their freedoms. Proprietary software is a subset of non-free software, a term defined in contrast to free and open-source software; non-commercial licenses such as CC BY-NC are not deemed proprietary, but are non-free. Proprietary software may either be closed-source software or source-available software. Types Origin Until the late 1960s, computers—especially large and expensive mainframe computers, machines in specially air-conditioned computer rooms—were usually leased to customers rather than Sales, sold. Service and all software available ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Kotlin (programming Language)
Kotlin () is a Cross-platform software, cross-platform, static typing, statically typed, general-purpose programming language, general-purpose High-level programming language, high-level programming language with type inference. Kotlin is designed to interoperate fully with Java (programming language), Java, and the Java virtual machine, JVM version of Kotlin's standard library depends on the Java Class Library, but type inference allows its syntax (programming languages), syntax to be more concise. Kotlin mainly targets the JVM, but also compiles to JavaScript (e.g., for frontend web applications using React (software), React) or machine code, native code via LLVM (e.g., for native iOS apps sharing business logic with Android (operating system), Android apps). Language development costs are borne by JetBrains, while the Kotlin Foundation protects the Kotlin trademark. On 7 May 2019, Google announced that the Kotlin programming language had become its preferred language for Andro ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


GNU Guix
GNU Guix (; portmanteau of Guile and Nix) is a functional cross-platform package manager and a tool to instantiate and manage Unix-like operating systems, based on the Nix package manager. Configuration and package recipes are written in Guile Scheme. GNU Guix is the default package manager of the GNU Guix System distribution. Differing from traditional package managers, Guix (like Nix) utilizes a purely functional deployment model where software is installed into unique directories generated through cryptographic hashes. All dependencies for each software are included in the input of each hash. This solves the problem of dependency hell, allowing multiple versions of the same software to coexist which makes packages portable and reproducible. Performing scientific computations in a Guix setup has been proposed as a promising response to the replication crisis. The development of GNU Guix is intertwined with the GNU Guix System, an installable operating system dist ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Reproducible Builds
Reproducible builds, also known as deterministic compilation, is a process of compiling software which ensures the resulting binary code can be reproduced. Source code compiled using deterministic compilation will always output the same binary. Reproducible builds can act as part of a chain of trust; the source code can be signed, and deterministic compilation can prove that the binary was compiled from trusted source code. Verified reproducible builds provide a strong countermeasure against attacks where binaries do not match their source code, e.g., because an attacker has inserted malicious code into a binary. This is a relevant attack; attackers sometimes attack binaries but not the source code, e.g., because they can only change the distributed binary or to evade detection since it is the source code that developers normally review and modify. In a survey of 17 experts, reproducible builds had a very high utility rating from 58.8% participants, but also a high-cost rating f ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]