Send in your ideas. Deadline December 1, 2024
logo
hex
Story
Interview :
interview.html
Website
More info available :
https://ekaitz.elenq.tech/tag/bootstrapping-gcc-in-risc-v.html
Grant
Theme fund: NGI Assure
Period: 2023-04 — 2024-07
More projects like this
Operating Systems

Ekaitz Zarraga - RISC-V bootstrapping effort via GNU Mes

Allow bootstrapping Guix on RISC-V via GNU Mes

icon of terminal Operating systems, firmware and virtualisation

Profile picture of Ekaitz Zarraga.

Can you introduce yourself and your project?

I’m Ekaitz Zarraga, a freelance engineer in the Basque Country. I’ve always been an enthusiast for free software and have participated in many free software projects since I started programming professionally ten years ago.

I’m working on the RISC-V bootstrapping effort for GNU Guix. I’ve been working on this project for two years already, first alone, filling some gaps we had, and now in collaboration with several people from related projects, trying to achieve a full-source bootstrap chain finally.

What are the key issues you see with the state of the internet today?

There are many problems to choose from, but it’s not a surprise that trust is one of the biggest problems on the internet. In our case, we focus on trust in the software supply chain, a very overlooked issue.

We already have free software, and we love it, but we cannot make sure that the artifacts (pre-built programs or even pre-processed sources) we can find on the internet exactly match the source code they are supposed to come from.

This is a huge source of security issues. Proof of that is the recent XZ package drama and the many issues that happened but weren’t as famous as that one.

How does your project contribute to correcting some of those issues?

logo

Our focus is to provide a system that can be independent of package maintainers to ensure that everything is what it’s supposed to be, meaning the source code matches the artifact we obtained from the internet.

I gave a talk about this issue in FOSDEM 2023, that introduces the problem, and another one in 2024 updating in the status of the project.

What do you like most about (working on) your project?

This is an exciting project where we must deal with many low-level programming details: compilers, assemblers, architectures, standard libraries, and hundreds of implementation details.

logo

Also, this last year, I’ve been working in collaboration with other people, mostly Andrius Štikonas, who is working on the “Full-source bootstrap” for Live-Bootstrap and has a key role in Stage0-Posix, and Janneke Nieuwenhuizen, the GNU Mes author and maintainer, but also with others. Collaboration is a great way to keep motivation and learn, which is very important in a project requiring attention to detail and low-level knowledge.

Lastly, I should mention the freedom this project has given me. I can organize my time freely, and the project is goal-oriented so that I can focus on the essential things: providing something to humanity rather than sitting on a chair for eight hours a day.

Where will you take your project next?

We are providing this “Full-source bootstrap” system for GNU Guix and Live-Bootstrap (thanks to Andrius), where the users will be able to install their distributions from source, without having to trust any third parties, also in RISC-V machines.

How did NGI Assure help you reach your goals for your project?

The “Full-source bootstrap” is an immense effort as it requires many small details to work perfectly, and many new projects need to be developed to fill all the gaps. Working on a new architecture like RISC-V makes the process even more challenging. Many projects already working in other architectures are unavailable for RISC-V, and we need to find alternatives or port them to RISC-V. With NGI funds, we have been able to fund several efforts in this direction for several years until we finally reached a “Full-source bootstrap” for x86 and now for RISC-V. These are the efforts:

  • GNU Mes is one of the key projects of the bootstrapping effort. It has been funded by NGI (Zero and Assure) in the past, and thanks to that, we can ask Janneke, the author and maintainer, to help us reach our shared goals.
  • Stage0-posix is the other key project of the bootstrapping effort. With the NGI funding, we can fund Andrius to continue to work on it and improve Live-bootstrap, giving us a new setup to test our bootstrapping system.
  • GNU Guix provides a reproducible setup and a powerful package system that helps us develop our bootstrapping effort. Several GNU Guix-related projects have been funded by NGI.
  • My previous backporting effort has been also funded by NGI Assure, and that opened the door to the current project.

This was possible with the current and previous NGI funding for this project and the adjacent ones. This long-term investment allows us to protect the users in a way that is impossible to keep up with in our free time without funds. Because the project is so complex, we have to be able to focus 100% on it and combine the expertise of several people.

Do you have advice for people who are considering applying for NGI funding?

Yes! Just try. If your idea is good, and you are helping people, I think the proposal is worth the effort. My first proposal was rejected, but I tried again, being more careful with the project’s scope, and it was accepted. Don’t give up. In my experience, realistic projects that are practical and have a good plan are more likely to be funded.

My advice is to be as specific as possible (sometimes the projects don’t help with that) and don’t give up too early. Also, the projects are long and sometimes can be slightly overwhelming. Trying to do what your heart tells you helps to keep the motivation in hard times.

Do you have any recommendations to improve future NGI programmes or the wider NGI initiative?

It’s probably already being done, but I think a good balance between short-term and long-term projects is vital. Real changes cannot be made without long-term projects, and without short-term projects, everyday needs take a long time to solve. Keeping a good balance between both is hard, but I think that is the best way to contribute to a better society.

I’d also like to focus more on the independent programmers working in their free time to improve our computing and society, thanklessly, with no funds. I think their work should be appreciated more, and they deserve more funding as they are vital parts of the ecosystem from which companies and individuals benefit.

I strongly believe that programs like this can change lives, help people focus more on their passions, and help them be more effective in their goals of improving society. Other programs spotlight the private sector with the excuse of pushing innovation, but I think the focus should be on those who build things for everyone and whose goals are to improve everyone’s lives.

Acknowledgements

Image: courtesy of Ekaitz Zarraga.

Published on October 21, 2024

RISC-V bootstrapping effort via GNU Mes received funding through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.


Logo NGI Assure: letterlogo shaped like a tag

Navigate projects

Currently open for proposals:

git merge icon
Job opening
NGI Zero is looking for a Regional Representative.
podcast logo, antenna with radio waves
Listen to our podcast
Converstations with people building the Next Generation Internet

Search