[zapps-wg] Rust built from source - rough draft

Devrandom c1.devrandom at niftybox.net
Sat Nov 25 21:48:17 EST 2017


Hi all,

I was able to build the Rust compiler almost purely from source via the
mrustc compiler.  The necessary scripts and instructions are here:

https://github.com/devrandom/trust-rust

There is still some work to be done to remove the dependency on the Cargo
binary and to vendor the sources that it currently downloads.

The diffoscope report, comparing against the distributed Linux binaries, is
here:  https://github.com/devrandom/trust-rust/wiki/initial-report .  It
would be cool to prove that the distributed binaries don't have
trusting-trust malware, but the diff is currently a bit large so not there
yet.  However, just building from source should be enough for our purposes,
since it would let us audit the sources after the fact.

I would appreciate a review of the methodology / code.


More information about the zapps-wg mailing list