nexus/nip - Forgejo: Beyond coding. We forge.

Commit Graph

Author	SHA1	Message	Date
Markus Maiwald	d2aa120f4e	feat(nip): achieve ARM64 static build with LibreSSL (5.5MB) Milestone: Sovereign Package Manager - Static Build Complete Successfully compiled nip as a 5.5MB ARM64 static binary with full LibreSSL 3.8.2 and Zstd 1.5.5 integration. Deployed to NexBox. ## Key Achievements ### 1. Static Dependency Stack - LibreSSL 3.8.2 (libssl.a 3.5MB + libcrypto.a 16MB + libtls.a 550KB) - Zstd 1.5.5 (libzstd.a 1.2MB) - Cross-compiled for aarch64-linux-gnu with musl compatibility - Zero runtime dependencies (fully static binary) ### 2. OpenSSL Shim Bridge (openssl_shim.c) - Created C shim to bridge LibreSSL macros to function symbols - Solved SSL_in_init undefined reference (macro → function) - Enables Nim's compiled object files to link against LibreSSL ### 3. Manual Linking Infrastructure - Implemented link_manual.sh (Iron Hand Protocol) - Bypassed Nim cross-compilation bug (dropped -o output flag) - Manually linked 289 ARM64 object files + shim - Link flags: -static -Wl,-z,muldefs with proper library ordering ### 4. NimCrypto Optimization - Removed SHA2/NEON dependencies from hash_verifier.nim - Retained BLAKE2b support only (required for integrity checks) - Prevents NEON-specific compilation conflicts in cross-build ### 5. Build Scripts - build_arm64_gcc.sh: Main cross-compilation script - build_arm64_libre.sh: LibreSSL-specific build - build_arm64_diagnostic.sh: Verbose diagnostic build - GCC wrapper at /tmp/aarch64-gcc-wrapper.sh filters x86 flags ### 6. Binary Optimization - Initial: 30MB (with debug symbols) - Stripped: 5.5MB (aarch64-linux-gnu-strip -s) - 82% size reduction while maintaining full functionality ## NexBox Integration - Image size: 12,867 blocks (down from 62,469 pre-strip) - Static binary embedded in initramfs - Ready for boot verification ## Build Environment - Vendor libs: core/nexus/vendor/{libressl-3.8.2,zstd-1.5.5} - Cross-compiler: aarch64-linux-gnu-gcc 15.1.0 - Nim cache: /tmp/nip-arm64-cache (289 object files) ## Verification Status ✅ Binary: ELF 64-bit ARM aarch64, statically linked ✅ No libcrypto.so dlopen references ✅ BuildID: 4ed2d90fcb6fc82d52429bed63bd1cb378993582 ⏳ Boot test: Pending ## Technical Debt - Nim's -o flag bug in cross-compilation (workaround: manual link) - Static LibreSSL adds ~3MB (future: consider BearSSL/Monocypher) - Build process requires manual steps (future: containerize in Distrobox) ## Next Steps - Distrobox migration for reproducible build environment - Boot verification in NexBox guest - Warhead Test II (pack/extract cycle with static Zstd) Time investment: 4.5 hours Contributors: Forge (AI), Markus Maiwald Closes: Static build blocker See-also: BUILD_SUCCESS.md, BUILD_BLOCKER.md	2025-12-31 20:18:45 +01:00
Markus Maiwald	46f7867237	feat(rumk): v0.5 LWKT scheduler with NPL loading Rumk hypervisor milestone - December 27, 2025: v0.1: LWKT foundation (1552B) - Message types, thread descriptors, per-CPU state - Cooperative scheduler, syscall dispatch - RISC-V trap handling v0.2: MLFQ scheduler (2176B) - 4-level priority queues (RT/High/Normal/Idle) - Trust-adjusted quanta - Demote/promote/starvation handling v0.3: Work stealing + zero-idle (2880B) - Per-CPU MLFQ queues - Lockless work stealing - WFI-based idle (OpenBSD style) v0.4: IPI + per-CPU cache (3072B) - CLINT IPI for cross-core wake - 16-slot per-CPU cache - Stats tracking v0.5: NPL loading (3088B) - NplHeader, LoadedNpl, NplRegistry - loadNpl(), unloadNpl(), verifySignature() - ProvChain NPL events Ready for VisionFive 2 hardware demo (Jan 15, 2026)	2025-12-31 20:18:40 +01:00

Author

SHA1

Message

Date

Markus Maiwald

d2aa120f4e

feat(nip): achieve ARM64 static build with LibreSSL (5.5MB)

**Milestone: Sovereign Package Manager - Static Build Complete**

Successfully compiled nip as a 5.5MB ARM64 static binary with full
LibreSSL 3.8.2 and Zstd 1.5.5 integration. Deployed to NexBox.

## Key Achievements

### 1. Static Dependency Stack
- LibreSSL 3.8.2 (libssl.a 3.5MB + libcrypto.a 16MB + libtls.a 550KB)
- Zstd 1.5.5 (libzstd.a 1.2MB)
- Cross-compiled for aarch64-linux-gnu with musl compatibility
- Zero runtime dependencies (fully static binary)

### 2. OpenSSL Shim Bridge (openssl_shim.c)
- Created C shim to bridge LibreSSL macros to function symbols
- Solved SSL_in_init undefined reference (macro → function)
- Enables Nim's compiled object files to link against LibreSSL

### 3. Manual Linking Infrastructure
- Implemented link_manual.sh (Iron Hand Protocol)
- Bypassed Nim cross-compilation bug (dropped -o output flag)
- Manually linked 289 ARM64 object files + shim
- Link flags: -static -Wl,-z,muldefs with proper library ordering

### 4. NimCrypto Optimization
- Removed SHA2/NEON dependencies from hash_verifier.nim
- Retained BLAKE2b support only (required for integrity checks)
- Prevents NEON-specific compilation conflicts in cross-build

### 5. Build Scripts
- build_arm64_gcc.sh: Main cross-compilation script
- build_arm64_libre.sh: LibreSSL-specific build
- build_arm64_diagnostic.sh: Verbose diagnostic build
- GCC wrapper at /tmp/aarch64-gcc-wrapper.sh filters x86 flags

### 6. Binary Optimization
- Initial: 30MB (with debug symbols)
- Stripped: 5.5MB (aarch64-linux-gnu-strip -s)
- 82% size reduction while maintaining full functionality

## NexBox Integration
- Image size: 12,867 blocks (down from 62,469 pre-strip)
- Static binary embedded in initramfs
- Ready for boot verification

## Build Environment
- Vendor libs: core/nexus/vendor/{libressl-3.8.2,zstd-1.5.5}
- Cross-compiler: aarch64-linux-gnu-gcc 15.1.0
- Nim cache: /tmp/nip-arm64-cache (289 object files)

## Verification Status
✅ Binary: ELF 64-bit ARM aarch64, statically linked
✅ No libcrypto.so dlopen references
✅ BuildID: 4ed2d90fcb6fc82d52429bed63bd1cb378993582
⏳ Boot test: Pending

## Technical Debt
- Nim's -o flag bug in cross-compilation (workaround: manual link)
- Static LibreSSL adds ~3MB (future: consider BearSSL/Monocypher)
- Build process requires manual steps (future: containerize in Distrobox)

## Next Steps
- Distrobox migration for reproducible build environment
- Boot verification in NexBox guest
- Warhead Test II (pack/extract cycle with static Zstd)

Time investment: 4.5 hours
Contributors: Forge (AI), Markus Maiwald

Closes: Static build blocker
See-also: BUILD_SUCCESS.md, BUILD_BLOCKER.md

2025-12-31 20:18:45 +01:00

Markus Maiwald

46f7867237

feat(rumk): v0.5 LWKT scheduler with NPL loading

Rumk hypervisor milestone - December 27, 2025:

v0.1: LWKT foundation (1552B)
- Message types, thread descriptors, per-CPU state
- Cooperative scheduler, syscall dispatch
- RISC-V trap handling

v0.2: MLFQ scheduler (2176B)
- 4-level priority queues (RT/High/Normal/Idle)
- Trust-adjusted quanta
- Demote/promote/starvation handling

v0.3: Work stealing + zero-idle (2880B)
- Per-CPU MLFQ queues
- Lockless work stealing
- WFI-based idle (OpenBSD style)

v0.4: IPI + per-CPU cache (3072B)
- CLINT IPI for cross-core wake
- 16-slot per-CPU cache
- Stats tracking

v0.5: NPL loading (3088B)
- NplHeader, LoadedNpl, NplRegistry
- loadNpl(), unloadNpl(), verifySignature()
- ProvChain NPL events

Ready for VisionFive 2 hardware demo (Jan 15, 2026)

2025-12-31 20:18:40 +01:00

2 Commits All Branches Search

2 Commits

All Branches