guix: update README.md

This commit is contained in:
tobtoht 2024-10-03 16:38:47 +02:00
parent 7c1f43ce7c
commit 2764cd0cdd
No known key found for this signature in database
GPG key ID: E45B10DD027D2472

View file

@ -1,13 +1,22 @@
# Bootstrappable Feather Wallet Builds # Bootstrappable Feather Wallet Builds
This directory contains the files necessary to perform bootstrappable Feather Wallet This directory contains the files necessary to perform [bootstrappable](b17e) Feather Wallet builds.
builds.
[Bootstrappability][b17e] furthers our binary security guarantees by allowing us Bootstrappability allows us to _audit and reproduce_ our toolchain instead of blindly _trusting_ binary downloads.
to _audit and reproduce_ our toolchain instead of blindly _trusting_ binary Our build environment can be built from source, [all the way down](https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/).
downloads. It allows us to reduce our supply chain attack surface by only including the packages that we need, and nothing else.
We achieve bootstrappability by using Guix as a functional package manager. We achieve bootstrappability by using Guix as a functional package manager. Guix runs on any Linux distribution and on
most architectures (x86_64, aarch64, riscv64). To produce reproducible release binaries, you only need to install Guix
and run the build script.
Unlike Gitian, we are not limited to the package set of a particular Ubuntu version. Guix allows us to pick and choose
our toolchains. We are able to use the latest compilers while targeting older versions of glibc. Packages that are not
available in Guix can easily be defined in the manifest or upstreamed.
Guix allows us to modify any detail about our build environment with ease. Debugging build issues takes less time
because we have shell access to the build environment. Our source code is bind mounted into the container, so
edits to package definitions can be tested incrementally.
# Requirements # Requirements