From a33a92449d697dc918ab302b098c81ad11736902 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 20 Aug 2024 18:58:04 -0400 Subject: [PATCH] stagex: rewrite a good chunk --- stagex/stagex.md | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/stagex/stagex.md b/stagex/stagex.md index c9ea249..279c839 100644 --- a/stagex/stagex.md +++ b/stagex/stagex.md @@ -7,32 +7,49 @@ backgroundColor: #fff ![bg left:40% 80%](img/stagex-logo.png) -Minimalism and security first repository of reproducible and multi-signed OCI images of common open source software toolchains full-source bootstrapped from Stage 0 all the way up. +Minimalism and security first repository of reproducible and multi-signed OCI +images of common open source software toolchains full-source bootstrapped from +Stage 0 to the compiler and libraries you'll use. --- -# **Minimalism and security first repository** +# Minimalism and security first repository -Most Linux distributions are built for **compatibility** rather than **security** +Approach the distribution of a toolchain by ensuring each component uses +exactly what it needs to build - no more, no less. -This results in a dramatic increase of attack surface area of an operating system +TODO: include image describing traditional package building, by installing +_every_ dependency in a single OS, with a comparison of stagex only having mini +Containerfiles with just what each project needs. -StageX is designed to allow the creation of application specific environments with a minimal footprint to eliminate attack surface area. + --- # Rust "hello world" ```dockerfile -FROM stagex/busybox as build +FROM scratch AS build +COPY --from=stagex/busybox . / COPY --from=stagex/rust . / COPY --from=stagex/gcc . / COPY --from=stagex/binutils . / COPY --from=stagex/libunwind . / -RUN printf 'fn main(){ println!("Hello World!"); }' > hello.rs +ADD <