[Stageˣ] Linux distribution (original) (raw)
HOW IT COMPARES
How StageX compares
| StageX | Guix | Debian | Arch | Nix | Yocto | Buildroot | Chimera | Alpine | Fedora | |
|---|---|---|---|---|---|---|---|---|---|---|
| Trust model Decentralized: No single system or individual is trusted Centralized: One single system or individual is trusted Distributed: All members of a system or organization are trusted | Decentralized | Distributed | Distributed | Distributed | Centralized | Centralized | Centralized | Centralized | Centralized | Centralized |
| OCIOCI (Open Container Initiative) defines standard formats and runtimes for containers. Native: OCI layers serve as the native package management system Exported: Can export OCI images from a non-OCI build system Published: Provides officially published OCI images | Native | Exported | Published | Published | Exported | Exported | Exported | Published | Published | Published |
| LanguageDomain‑specific language used for package build definitions. | Containerfile | Custom | Custom | Shell | Custom | Custom | Makefile | Python | Shell | Custom |
| BootstrappedCan the entire distro be full-source bootsrapped from Stage0? | Yes | Yes | No | No | Partial | No | No | No | No | No |
| ReproducibleIs the entire distro reproducible bit-for-bit identically? | Yes | Mostly | Mostly | Mostly | Mostly | No | No | No | No | No |
| Toolchain base | LLVM | GNU | GNU | GNU | GNU | GNU | GNU | LLVM | GNU | GNU |
| C standard library | musl | glibc | glibc | glibc | glibc | glibc | glibc | musl | musl | glibc |
| Memory allocator | mimalloc | glibc | glibc | glibc | glibc | glibc | glibc | mimalloc | mallocng | glibc |
| StageX | Guix | Debian | Arch | Nix | Yocto | Buildroot | Chimera | Alpine | Fedora | |
|---|---|---|---|---|---|---|---|---|---|---|
| Trust model Decentralized: No single system or individual is trusted Centralized: One single system or individual is trusted Distributed: All members of a system or organization are trusted | Decentralized | Distributed | Distributed | Distributed | Centralized | Centralized | Centralized | Centralized | Centralized | Centralized |
| OCIOCI (Open Container Initiative) defines standard formats and runtimes for containers. Native: OCI layers serve as the native package management system Exported: Can export OCI images from a non-OCI build system Published: Provides officially published OCI images | Native | Exported | Published | Published | Exported | Exported | Exported | Published | Published | Published |
| LanguageDomain‑specific language used for package build definitions. | Containerfile | Custom | Custom | Shell | Custom | Custom | Makefile | Python | Shell | Custom |
| BootstrappedCan the entire distro be full-source bootsrapped from Stage0? | Yes | Yes | No | No | Partial | No | No | No | No | No |
| ReproducibleIs the entire distro reproducible bit-for-bit identically? | Yes | Mostly | Mostly | Mostly | Mostly | No | No | No | No | No |
| Toolchain base | LLVM | GNU | GNU | GNU | GNU | GNU | GNU | LLVM | GNU | GNU |
| C standard library | musl | glibc | glibc | glibc | glibc | glibc | glibc | musl | musl | glibc |
| Memory allocator | mimalloc | glibc | glibc | glibc | glibc | glibc | glibc | mimalloc | mallocng | glibc |
Features
Built for verifiable infrastructure
$ curl -s https://codeberg.org/stagex/stagex/raw/branch/main/packages/bootstrap/stage0/hex0-seed | hexdump
> 457f 464c 0101 0301 0000 0000 0000 0000
0002 0003 0001 0000 804c 0804 002c 0000
0000 0000 0000 0000 0034 0020 0001 0000
0000 0000 8000 0804 8000 0804 00b5 0000
00b5 0000 0001 0000 0001 0000 5b58 315b
6ac9 5805 cd99 5b80 6650 41b9 6602 c0ba
6a01 5805 80cd 4299 3197 89ed 4ed6 895b
6ae1 5803 80cd 8553 75c0 4005 db31 80cd
018a 0a3c e574 f685 e475 233c df74 3b3c
db74 302c 0a2c 0872 072c df24 073c ce73
e5c1 0404 010a f7c5 7cdf 89c3 8929 b0fb
cd04 eb80 00b4Full-source bootstrapped
StageX is bootstrapped entirely from source, so nothing depends on unverified binaries. Only fully bootstrappable software, including programming languages, is allowed.
- A <190-byte x86 assembly seed reproduced across multiple distros.
- The seed builds up to a tiny C compiler and ultimately x86 GCC.
- x86 GCC bootstraps cross-toolchains for target architectures.
- Cross-toolchains build a minimal native toolchain.
- Bootstrap native / cross toolchains for every major programming language.
Learn about software integrity
Learn about software integrity
Reproducible
Every build in StageX can be verified. If the hashes differ, something changed, and you'll know.
- Build this repository and get the same hashes we do for every package.
- Rebuild any release at any time and get identical results.
- Protect against compromised or malicious maintainers.
- Zero non-reproducible third-party binaries.
- Package locking for effortless reproducibility in your own projects.
$ make
$ git diff digests/*.txt$ gpg --recv-keys \
E106781E007AB91C989DB33244A86CFF1FDF0E85 \
67553FBDA46BB71ABD2E0B0B8E47A1EC35A1551D \
9EE89EDEA66373DF465A4A09E1F4160251DB4C2E \
88823A75ECAA786B0FF38B148E401478A3FBEF72
$ find \
sig*/**/*stage3*43f0f*/* \
-exec gpg -qd {} 2>&1 ; \
| grep Good \
| cut -d\ -f5-
>"Ryan Heywood <ryan@distrust.co>" [ultimate]
"Daniel Grove <danny@drgrovellc.com>" [ultimate]
"Lance Vick <lance@distrust.co>" [ultimate]
"Anton Livaja <anton@distrust.co>" [ultimate]Multi-signed
Distributed trust, cryptographically enforced. Every change and artifact in StageX is independently attested.
- Every commit is signed by its author.
- Every merge is signed by a reviewer.
- Every artifact is signed by multiple maintainers.
- All signatures use hardware-backed PGP keys.
- Signatures follow the OCI container-signing standard.
- Native multi-sig validation in containerd.
Container-native
Built on Open Container Initiative (OCI) standards for seamless integration with your existing workflows.
- StageX uses the OCI packaging standard instead of yet another custom manager.
- Every "package" is an OCI layer.
- Easily lock any combination of build dependencies to SHA-256 hashes.
- Build your project's Containerfile with any OCI-compatible runtime you prefer.
FROM stagex/pallet-gcc
COPY <<-EOF hello.c
#include <stdio.h>
int main() {
printf("Hello, World!");
return 0;
}
EOF
RUN ["/usr/bin/gcc","hello.c"]Whitepaper
Read the StageX whitepaper
A deep technical overview of the StageX trust model, source bootstrap, reproducible builds, and multi-party signing.
FREE FOREVER
Unlike paid corporate options, StageX is open source forever. Every build and line of code is public, reproducible, and licensed under ISC. Credit is appreciated.