> PS. I fear that Debian main may have already went into a state where it is not able to rebuild itself at all anymore: the presence and assumption of non-free firmware and non-Debian signed binaries may have already corrupted the ability for Debian main to rebuild itself. To be able to complete the idempotent and bootstrapped rebuild of Debian, this needs to be worked out.
Are any nonfree packages used as build inputs? If not, just ("just") bootstrap guix on a blobless platform, and cross build Debian from that
> PS. I fear that Debian main may have already went into a state where it is not able to rebuild itself at all anymore: the presence and assumption of non-free firmware and non-Debian signed binaries may have already corrupted the ability for Debian main to rebuild itself. To be able to complete the idempotent and bootstrapped rebuild of Debian, this needs to be worked out.
Are any nonfree packages used as build inputs? If not, just ("just") bootstrap guix on a blobless platform, and cross build Debian from that
As an alternative to Guix with a much more strict supply chain security policy, consider: https://stagex.tools/