README: Update Comparisons section

README.md

@@ -178,28 +178,37 @@ seminal paper by Ken Thomson, [Reflections on Trusting Trust](https://www.cs.cmu
 
 A comparison of `stagex` to other distros in some of the areas we care about:
 
-| Distro | Containerized | Signatures | Libc  | Bootstrapped | Reproducible | Rust Deps |
-|--------|---------------|------------|-------|--------------|--------------|-----------|
-| Stagex | Native        | 2+ Human   | Musl  | Yes          | Yes          | 4         |
-| Guix   | No            | 1 Human    | Glibc | Yes          | Yes          | 4         |
-| Nix    | No            | 1 Bot      | Glibc | Partial      | Mostly       | 4         |
-| Debian | Adapted       | 1 Human    | Glibc | No           | Partial      | 232       |
-| Arch   | Adapted       | 1 Human    | Glibc | No           | Partial      | 262       |
-| Fedora | Adapted       | 1 Bot      | Glibc | No           | No           | 166       |
-| Alpine | Adapted       | None       | Musl  | No           | No           | 32        |
+| Distro | Containerized | Signatures | Libc  | Bootstrapped | Reproducible  | Rust Deps |
+|--------|---------------|------------|-------|--------------|---------------|-----------|
+| Stagex | Native        | 2+ Human   | Musl  | Yes          | Yes           | 9         |
+| Guix   | No            | 1 Human    | Glibc | Yes          | Partial (90%) | 4 (Unconfirmed) |
+| Nix    | No            | 1 Bot      | Glibc | Partial      | Partial (95%) | 25        |
+| Debian | Adapted       | 1 Human    | Glibc | No           | Partial (96%) | 231       |
+| Arch   | Adapted       | 1 Human    | Glibc | No           | Partial (80%) | 127       |
+| Fedora | Adapted       | 1 Bot      | Glibc | No           | No            | 167       |
+| Alpine | Adapted       | None       | Musl  | No           | No            | 41        |
 
 ### Notes
 
 - “Bootstrapped”: Can the entire distro be full-source-bootstrapped from Stage0
 - “Reproducible”: Is the entire distro reproducible bit-for-bit identically
+    - Statistics have been pulled from https://reproducible-builds.org/citests/
+    - The statistic we care about the most is the distribution as a whole,
+      meaning a combination of "core" packages as well as "extra" or
+      "community". Multiple architectures, however, are not yet considered.
+    - Fedora and Alpine were previously listed on the Reproducible Builds site,
+      but their entries have not been maintained, and as such are marked not
+      reproducible.
 - “Rust Deps”: the number of total dependencies installed to use rustc
     - Rust is a worst case example for compiler deps and build complexity
         - It is kind of a nightmare most distros skip
         - See: [Guix documenting their process](https://guix.gnu.org/en/blog/2018/bootstrapping-rust/) (similar to ours)
-    - Nix, guix, and our distro get away with only 4 deps because:
-        - Rustc -does- need ~20 dependencies to build
-        - The final resulting rust builds can run standalone
-        - We only actually need musl libc, llvm, and gcc to build most projects
+    - Nix, guix, and our distro get away with small dependency counts because:
+        - Rustc _does_ need ~20 dependencies to build
+        - These distributions can reduce initial package constraints to only a
+          package manager and the required utilities
+    - The numbers listed here were generated by installing Cargo on a Docker
+      Hub container of the distro in question, via the "rust-deps" scripts.
 
 ### Signatures
 

src/rust-deps-stats/alpine.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+apk add cargo
+printf "DEPS (Alpine): %s\n" $(apk list --installed | tail -n +2 | wc -l)

src/rust-deps-stats/alpine:3.20.3.sh

@@ -0,0 +1 @@
+alpine.sh

src/rust-deps-stats/archlinux.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+pacman -Syu --noconfirm rust
+printf "DEPS (Arch Linux): %s\n" $(pacman -Q | wc -l)

src/rust-deps-stats/archlinux:base.sh

@@ -0,0 +1 @@
+archlinux.sh

src/rust-deps-stats/debian.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+apt-get update
+apt-get install -y cargo rustc
+printf "DEPS (Debian): %s\n" $(dpkg --get-selections | wc -l)

src/rust-deps-stats/debian:bookworm-slim.sh

@@ -0,0 +1 @@
+debian.sh

src/rust-deps-stats/debian:bookworm.sh

@@ -0,0 +1 @@
+debian.sh

src/rust-deps-stats/fedora.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+yum install -y cargo
+printf "DEPS (Fedora): %s\n" $(yum list installed | tail -n +2 | wc -l)

src/rust-deps-stats/fedora:40.sh

@@ -0,0 +1 @@
+fedora.sh

src/rust-deps-stats/nix.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+get_deps='nix-store -q --requisites $(dirname $(dirname $(which cargo)))'
+printf "DEPS (Nix): %s\n" $(nix-shell -p cargo --run "$get_deps" | wc -l)

src/rust-deps-stats/nixos_nix:2.24.7.sh

@@ -0,0 +1 @@
+nix.sh

src/rust-deps-stats/rust-deps.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+SCRIPTDIR="$(cd "$(dirname $0)"; pwd)"
+
+# for distro in debian:bookworm debian:bookworm-slim archlinux:base fedora:40 alpine:3.20.3 nixos/nix:2.24.7; do
+for distro in nixos/nix:2.24.7; do
+  script="$(echo "${distro}" | tr "/" "_")"
+  docker run --rm -v "$SCRIPTDIR:/scripts:ro" $distro /bin/sh /scripts/$script.sh | grep --color "^DEPS"
+done