guix: update README.md

This commit is contained in:
tobtoht 2024-10-03 17:06:42 +02:00
parent 2764cd0cdd
commit 21315e3334
No known key found for this signature in database
GPG key ID: E45B10DD027D2472

View file

@ -6,18 +6,21 @@ Bootstrappability allows us to _audit and reproduce_ our toolchain instead of bl
Our build environment can be built from source, [all the way down](https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/). Our build environment can be built from source, [all the way down](https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/).
It allows us to reduce our supply chain attack surface by only including the packages that we need, and nothing else. It allows us to reduce our supply chain attack surface by only including the packages that we need, and nothing else.
We achieve bootstrappability by using Guix as a functional package manager. Guix runs on any Linux distribution and on We achieve bootstrappability by using [Guix](https://guix.gnu.org/) as a functional package manager. Guix runs on any Linux distribution and on
most architectures (x86_64, aarch64, riscv64). To produce reproducible release binaries, you only need to install Guix most architectures (x86_64, aarch64, riscv64). To produce reproducible release binaries, you only need to install Guix
and run the build script. and run the build script.
Unlike Gitian, we are not limited to the package set of a particular Ubuntu version. Guix allows us to pick and choose Unlike [Gitian](https://github.com/devrandom/gitian-builder), we are not limited to the package set of a particular Ubuntu version. Guix allows us to pick and choose
our toolchains. We are able to use the latest compilers while targeting older versions of glibc. Packages that are not our toolchains. We are able to use the latest compilers while targeting older versions of glibc. Packages that are not
available in Guix can easily be defined in the manifest or upstreamed. available in Guix can easily be defined in the [manifest](https://github.com/feather-wallet/feather/blob/master/contrib/guix/manifest.scm) or upstreamed.
Guix allows us to modify any detail about our build environment with ease. Debugging build issues takes less time Guix allows us to modify any detail about our build environment with ease. Debugging build issues takes less time
because we have shell access to the build environment. Our source code is bind mounted into the container, so because we have shell access to the build environment. Our source code is bind mounted into the container, so
edits to package definitions can be tested incrementally. edits to package definitions can be tested incrementally.
Feather releases are independently reproduced and cryptographically attested to by multiple contributors.
You can submit attestations to the [feather-sigs](https://github.com/feather-wallet/feather-sigs) repo.
# Requirements # Requirements
Conservatively, you will need an x86_64 machine with: Conservatively, you will need an x86_64 machine with: