Worth checking out https://github.com/fosslinux/live-bootstrap which starts from a handwritten hex bootloader and later a Scheme interpreter that implements a C compiler that compiles tcc
I don't really understand why this would be better than using tcc, which also can be used to bootstrap gcc, as a trusted prebuilt binary. Is there any reason to think that posix shell is more trustworthy? I certainly would expect c code to be more human readable than shell for writing a compiler.
This compiler is written in C though. You also have the option to distribute the "compiled" version which is a POSIX shell script. I can imagine instances where I can't grab a TCC binary or maybe I'm not allowed to set the exec bit.
There is a problem if you want to verify using the C source though (assuming the resulting shell script is as inscrutably as binary executable). Even if you use pnut.sh to compile pnut.c and see that you get the correct output, or even include GCC in the chain, you're still (afaict) susceptible to a "trusting trust" attack on the original pnut.sh .
> assuming the resulting shell script is as inscrutably as binary executable
It's quite the opposite, pnut generates shell code that's close to the original C code to make it easy to audit the code. A useful way to see pnut is as a tool that rewrites C code to POSIX shell, without significantly changing the structure.
This means that even if GCC is required for the initial compilation of pnut (GCC compiles pnut, then pnut compiles itself and we get the pnut-sh.sh script), the script can be "sanitized" from trusting trust attacks by simply comparing the script to the C code and making sure GCC hasn't introduced any malicious code.
Full steps on https://github.com/fosslinux/live-bootstrap/blob/master/part...