boot2

Playing with the boostrap
git clone https://git.ryansepassi.com/git/boot2.git
Log | Files | Refs | README

boot2 release — @ARCH@

This tarball is a self-contained input bundle for the boot2 bootstrap chain on @ARCH@. Extract it, run ./verify.sh, and the chain will be re-run from boot0 through boot6 using only the bundled inputs. The outputs are sha256-compared against OUTPUT_MANIFEST.txt.

The tarball is content-addressed: its sha256 reflects only the bundled inputs + manifests. Provenance (the git rev it was built from, build date, build host arch) lives in the sidecar <tarball>.provenance file in the same directory as the tarball, not inside it.

Contents

boot2-@ARCH@/
├── README.md             this file
├── verify.sh             build + diff driver
├── INPUT_MANIFEST.txt    sha256 of every file under src/ + boot/
├── OUTPUT_MANIFEST.txt   sha256 of expected per-stage artifacts
├── src/                  sealed source tree (canonical inputs)
│   ├── bin/hex0-seed     vendored ELF seed (the only opaque input)
│   ├── src/              all textual sources: P1, M1pp, hex2pp,
│   │                       scheme1, cc, tcc, mes-libc, musl, kernel
│   └── run/              run.scm files driving boot3..boot6
└── boot/                 boot0..boot6 stage drivers + libs
    ├── boot{0..6}.sh
    ├── lib-{arch,pipeline,runscm}.sh
    └── containers/       Containerfile.{busybox,empty} (DRIVER=podman)

There is no bootprep/ and no vendor/ — every input the chain needs is already inside src/. bootprep/ exists in the upstream repo to populate src/; this tarball ships the populated tree directly.

Trust path

src/bin/hex0-seed is the only opaque artifact in the chain (a few hundred bytes; vendored from live-bootstrap's stage0-posix). Every other file under src/ is text and is hashed in INPUT_MANIFEST.txt. You can audit the manifest end-to-end before running anything.

Running

macOS note: with DRIVER=podman, the podman VM only sees host paths under /Users/. Extract the tarball under $HOME (not /tmp or /private/tmp), or boot0 will fail with a statfs ... no such file or directory error. verify.sh checks this and aborts early with a clearer message.

tar xzf boot2-@ARCH@.tar.gz
cd boot2-@ARCH@

# Default: DRIVER=podman. Builds container images on first run.
./verify.sh

# Or re-run inside the boot6-built kernel under qemu (closes the loop):
DRIVER=seed ./verify.sh

verify.sh does three things:

  1. Stages src/ into build/@ARCH@/src/ (the layout the boot stage scripts expect).
  2. Runs boot/boot0.shboot/boot6.sh in order under the selected driver.
  3. Hashes each artifact listed in OUTPUT_MANIFEST.txt and prints OK / DIFFER / MISSING per row.

Exit status is 0 iff every artifact matches.

Drivers

DRIVER runtime prereqs
podman each stage runs in a minimal container podman (rootless ok), qemu-user-static for cross-arch
seed each stage runs inside seed-kernel under qemu one prior DRIVER=podman pass to mint the boot6 kernel; qemu-system-@ARCH@

The output manifest is driver-agnostic: the same artifacts must hash identically under both drivers. The upstream repo's tests/seed-accept.sh harness verifies this byte-equivalence.

Verifying input integrity

# macOS:
shasum -a 256 -c INPUT_MANIFEST.txt
# Linux:
sha256sum -c INPUT_MANIFEST.txt

Re-running just the diff

If you've already built and just want to re-check the manifest:

./verify.sh --check-only

Useful env vars (passthrough to boot/boot.sh)

var default meaning
BOOT3_TIMEOUT 1800 scheme1-driven boot3, seconds
BOOT4_TIMEOUT 5400 tcc1/tcc2/tcc3 self-host chain
BOOT5_TIMEOUT 7200 musl build
BOOT6_TIMEOUT 1200 seed-kernel link
QEMU_MEM 3072M guest RAM for DRIVER=seed