Recent News Atom feed

State of aarch64 on Guix

Efraim Flashner — July 24, 2017

Since the recent 0.13.0 release, Guix supports building software for aarch64 (64-bit ARM architecture). Here’s the current status.

Currently aarch64 support in Guix is pretty good, as long as you don't mind compiling for yourself :). Potential downfalls are too little RAM (I limited my boards to 2GB minimum) and using an SD card. For building packages I made sure that between RAM and swap I have at least 6 GB, which I don't recall giving me any issues.

There were problems with actually building the Guix binary in time for the 0.13 release. It has since been fixed and I have an unoffical aarch64 binary install tarball at http://flashner.co.il/~efraim/. Also there is the signing key for my odroid running guix publish. The URL of my guix publish server is http://git.flashner.co.il:8181.

General problem points/packages:

  • Java is currently out, sablevm-classpath doesn't compile, so currently there is no path for Java. A quick check showed about 140 packages depend on sablevm-classpath.
  • Go: go-1.4.x doesn't support aarch64 (or mips). I have a patch against our GCC to build gccgo, and it produces a go binary, but it fails to actually build anything. When I checked Debian I saw they cross-compile their arm64 go binary from amd64. I believe there may be an issue with using gccgo and linking against glibc.
  • OCaml 4.01.0: Doesn't build on aarch64, haven't investigated.
  • Julia: aarch64 is officially supported, but it has only been tested on superpowerful boards, like the ThunderX. I haven't gotten it to build yet. The issue is related to __fp16.
  • clisp: our current version doesn't build on aarch64, there isn't support yet. There are newer builds but no offical release yet, and I haven't tested those yet.
  • gprolog: No upstream support and AFAICT no one is working on it.
  • LDC: 1.x is supposed to support aarch64, 0.17.x, aka ldc-bootstrap, doesn't, it fails while compiling phobos, which has no aarch64 support in that version.
  • Rust: Has upstream support, our package uses the i686 version as a bootstrap, so only i686 and x86_64 have support in guix ATM.
  • Haskell: There is no upstream aarch64 binary to use for bootstrapping. I'm thinking of trying to use qemu-system-x86_64 as the shell and emulate x86_64 on my aarch64 board to cross-compile it to aarch64. guix package -A ghc | wc -l shows 293 packages.
  • Qt 4: does not build, I've hardly put any time into it.
  • Gnucash: The ancient WebKit version they use didn't build on aarch64, I haven't tried to fix it.
  • Linux-libre: While many boards do require specific patches and versions of the kernel, there have been great increases in recent kernel versions for many ARM boards. It remains to be seen how much support these boards have after the kernel has been deblobbed.

It sounds like its all doom and gloom, but its not too bad. guix package -A | wc -l shows me 5,341 (5,208 without sablevm-classpath), compared with ~5,600 on x86_64. Most of the difference is Haskell. In addition, I personally believe that aarch64 actually has fewer packages that fail to build than armhf.

Currently the project’s build farm lacks aarch64 build machines. If you would like to help, please get in touch with us!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el, armv7, and aarch64.

GNU Guix and GuixSD 0.13.0 released

Ludovic Courtès — May 22, 2017

We are pleased to announce the new release of GNU Guix and GuixSD, version 0.13.0!

The release comes with GuixSD USB installation images, a virtual machine image of GuixSD, and with tarballs to install the package manager on top of your GNU/Linux distro, either from source or from binaries.

It’s been 5 months since the previous release, during which 83 people contribute code and packages. The highlights include:

  • Guix now supports aarch64 (64-bit ARM processors). This release does not include a binary installation tarball though, and our build farm does not provide aarch64 substitutes yet. We are looking for aarch64 hardware to address this. Please get in touch with us if you can help!
  • Likewise, this release no longer includes a mips64el tarball, though Guix still supports that platform. We do not know whether we will continue to support mips64el in the long run; if you’d like to weigh in, please email us on guix-devel@gnu.org!
  • The GuixSD installation image now supports UEFI. GuixSD can also be installed on Btrfs now.
  • GuixSD has support to run system services (daemons) in isolated containers as a way to mitigate the harm that can be done by vulnerabilities in those daemons. See this article from April.
  • A new guix pack command to create standalone binary bundles is available. We presented it in March.
  • Guix now runs on the brand-new 2.2 series of GNU Guile. The transition led to hiccups that we have been addressing, in particular for users of guix pull. Among other things though, the noticeable performance improvement that comes for free is welcome!
  • guix publish, which is what we use to distribute binaries, has a new --cache operation mode that improves performance when distributing binaries to a large number of users, as is the case of our build farm.
  • Many reproducibility issues found in packages have been addressed—more on that in a future post.
  • 840 new packages, leading to a total of 5,400+, and many updates, including glibc 2.25, Linux-libre 4.11, and GCC 7.
  • New system services for Redis, Exim, Open vSwitch, and more. The interface of existing services, notably that of the NGINX service, has been greatly improved.
  • Many bug fixes!

See the release announcement for details.

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el, armv7, and aarch64.

Running system services in containers

Ludovic Courtès — April 14, 2017

At FOSDEM, in the awesome Guile track, I briefly demoed a new experimental GuixSD feature as part my talk on system services: the ability to run system services in containers or “sandboxes”. This post discusses the rationale, status, and implementation of this feature.

The problem

Our computers run many programs that talk to the Internet, and the Internet is an unsafe place as we all know—with states and assorted organizations collecting “zero-day exploits” to exploit them as they see fit. One of the big tasks of operating system distributions has been to keep track of known software vulnerabilities and patch their packages as soon as possible.

When we look closer, many vulnerabilities out there can be exploited because of a combination of two major weaknesses of GNU/Linux and similar Unix-like operating systems: lack of memory-safety in the C language family, and ambient authority in the operating system itself. The former leads to a huge class of bugs that become security issues: buffer overflows, use-after-free, and so on. The latter makes them more exploitable because processes have access to many resources beyond those they really need.

Security-sensitive software is now increasingly written in memory-safe languages, as is the case for Guix and GuixSD. Projects that have been using C are even considering a complete rewrite, as is the case for Tor. Of course the switch away from memory-unsafe languages won’t happen overnight, but it’s good to see a consensus emerging.

The operating system side of things is less bright. Although the principle of least authority (POLA) has been well-known in operating system circles for a long time, it remains foreign to Unix and GNU/Linux. Processes run with the full authority of their user. On top of that, until recent changes to the Linux kernel, resources were global and there was essentially a single view of the file system, of the process hierarchy, and so on. So when a remote-code-execution vulnerability affects a system service—like in the BitlBee instant messaging gateway (CVE-2016-10188) running on my laptop—an attacker could potentially do a lot on your machine.

Fortunately, many daemons have built-in mechanisms to work around this operating system defect. For instance, BitlBee, and Tor can be told to switch to a separate unprivileged user, avahi-daemon and ntpd can do that and also change root. These techniques do reduce the privileges of those processes, but they are still imperfect and ad hoc.

Increasing process isolation with containers

The optimal solution to this problem would be to honor POLA in the first place. As an example, the venerable GNU/Hurd is a capability-based operating system. Thus, GNU/Hurd has supported fine-grained virtualization from the start: a newly-created process can be given a capability to its own proc server (which implements the POSIX notion of processes), to a specific TCP/IP server, etc. In addition, its POSIX personality offers interesting extensions, such as the fact that processes run with the authority of zero or more UIDs. For instance, the Hurd’s login program starts off with zero UIDs and gains a UID when someone has been authenticated.

Back to GNU/Linux, “namespaces” have been introduced as a way to retrofit per-process views of the system resources, and thus improve isolation among processes. Each process can run in a separate namespace and thus have a different view of the file system, process tree, and so on (a process running in separate namespaces is often referred to as a “container”, although that term is sometimes used to denote much larger tooling and practices built around namespaces.) Why not use that to better isolate system services?

Apparently this idea has been floating around. systemd has been considering to extend its “unit files” to include directives instructing systemd to run daemons in separate namespaces. GuixSD uses the Shepherd instead of systemd, but running system services in separate namespaces is something we had been considering for a while.

In fact, adding the ability to run system services in containers was a low-hanging fruit: we already had call-with-container to run code in containers, so all we needed to do was to provide a containerized service starter that uses call-with-container.

The Shepherd itself remains unaware of namespaces, it simply ends up calling make-forkexec-constructor/container instead of make-forkexec-constructor and that’s it. The changes to the service definitions of BitlBee and Tor are minimal. The end result, for Tor, looks like this:

(let ((torrc (tor-configuration->torrc config)))
  (with-imported-modules (source-module-closure
                          '((gnu build shepherd)
                            (gnu system file-systems)))
    (list (shepherd-service
           (provision '(tor))
           (requirement '(user-processes loopback syslogd))

           (modules '((gnu build shepherd)
                      (gnu system file-systems)))

           (start #~(make-forkexec-constructor/container
                     (list #$(file-append tor "/bin/tor") "-f" #$torrc)

                     #:mappings (list (file-system-mapping
                                       (source "/var/lib/tor")
                                       (target source)
                                       (writable? #t))
                                      (file-system-mapping
                                       (source "/dev/log") ;for syslog
                                       (target source)))))
           (stop #~(make-kill-destructor))
           (documentation "Run the Tor anonymous network overlay.")))))

The with-imported-modules form above instructs Guix to import our (gnu build shepherd) library, which provides make-forkexec-constructor/container, into PID 1. The start method of the service specifies the command to start the daemon, as well as file systems to map in its mount name space (“bind mounts”). Here all we need is write access to /var/lib/tor and to /dev/log (for logging via syslogd). In addition to these two mappings, make-forkexec-constructor/container automatically adds /gnu/store and a bunch of files in /etc as we will see below.

Containerized services in action

So what do these containerized services look like when they’re running? When we run herd status bitblee, disappointingly, we don’t see anything special:

charlie@guixsd ~$ sudo herd status bitlbee
Status of bitlbee:
  It is started.
  Running value is 487.
  It is enabled.
  Provides (bitlbee).
  Requires (user-processes networking).
  Conflicts with ().
  Will be respawned.
charlie@guixsd ~$ ps -f 487
UID        PID  PPID  C STIME TTY      STAT   TIME CMD
bitlbee    487     1  0 Apr11 ?        Ss     0:00 /gnu/store/pm05bfywrj2k699qbxpjjqfyfk3grz2i-bitlbee-3.5.1/sbin/bitlbee -n -F -u bitlbee -c /gnu/store/y4jfxya56i1hl9z0a2h4hdar2wm

Again this is because the Shepherd has no idea what a namespace is, so it just displays the daemon’s PID in the global namespace, 487. The process is running as user bitlbee, as requested by the -u bitlbee command-line option.

We can invoke nsenter and take a look at what the BitlBee process “sees” in its namespace:

charlie@guixsd ~$ sudo nsenter -t 487 -m -p -i -u $(readlink -f $(type -P bash))
root@guixsd /# echo /*
/dev /etc /gnu /proc /tmp /var
root@guixsd /# echo /proc/[0-9]*
/proc/1 /proc/5
root@guixsd /# read line < /proc/1/cmdline
root@guixsd /# echo $line
/gnu/store/pm05bfywrj2k699qbxpjjqfyfk3grz2i-bitlbee-3.5.1/sbin/bitlbee-n-F-ubitlbee-c/gnu/store/y4jfxya56i1hl9z0a2h4hdar2wmivgbl-bitlbee.conf
root@guixsd /# echo /etc/*
/etc/hosts /etc/nsswitch.conf /etc/passwd /etc/resolv.conf /etc/services
root@guixsd /# echo /var/*
/var/lib /var/run
root@guixsd /# echo /var/lib/*
/var/lib/bitlbee
root@guixsd /# echo /var/run/*
/var/run/bitlbee.pid /var/run/nscd

There’s no /home and generally very little in BitlBee’s mount namespace. Notably, the namespace lacks /run/setuid-programs, which is where setuid programs live in GuixSD. Its /etc directory contains the minimal set of files needed for proper operation rather than the complete /etc of the host. /var contains nothing but BitlBee’s own state files, as well as the socket to libc’s name service cache daemon (nscd), which runs in the host system and performs name lookups on behalf of applications.

As can be seen in /proc, there’s only a couple of processes in there and “PID 1” in that namespace is the bitlbee daemon. Finally, the /tmp directory is a private tmpfs:

root@guixsd /# : > /tmp/hello-bitlbee
root@guixsd /# echo /tmp/*
/tmp/hello-bitlbee
root@guixsd /# exit
charlie@guixsd ~$ ls /tmp/*bitlbee
ls: cannot access '/tmp/*bitlbee': No such file or directory

Our bitlbee process runs in a separate mount, PID, and IPC namespace, but it runs in the global user namespace. The reason for this is that we want the -u bitlbee option (which instructs bitlbee to setuid to an unprivileged user at startup) to work as expected. It also shares the network namespace because obviously it needs to access the network.

A nice side-effect of these fully-specified execution environments for services is that it makes them more likely to behave in a reproducible fashion across machines—just like fully-specified build environments help achieve reproducible builds.

Conclusion

GuixSD master and its upcoming release include this feature and a couple of containerized services, and it works like a charm! Yet, there are still open questions as to the way forward.

First, we only looked at “simple” services so far, with simple static file system mappings. Good candidates for increased isolation are HTTP servers such as NGINX. However, for these, it’s more difficult to determine the set of file system mappings that must be made. GuixSD has the advantage that it knows how NGINX is configured and could potentially derive file system mappings from that information. Getting it right may be trickier than it seems, though, so this is something we’ll have to investigate.

Another open question is how the service isolation work should be split between the distro, the init system, and the upstream service author. Authors of daemons already do part of the work via setuid and sometimes chroot. Going beyond that would often hamper portability (the namespace interface is specific to the kernel Linux) or even functionality if the daemon ends up lacking access to resources it needs.

The init system alone also lacks information to decide what goes into the namespaces of the service. For instance, neither the upstream author nor the init system “knows” whether the distro is running nscd and thus they cannot tell whether the nscd socket should be bind-mounted in the service’s namespace. A similar issue is that of D-Bus policy files discussed in this LWN article. Moving D-Bus functionality into the init system itself to solve this problem, as the article suggests, seems questionable, notably because it would add more code to this critical process. Instead, on GuixSD, a service author can make the right policy files available in the sandbox; in fact, GuixSD already knows which policy files are needed thanks to its service framework so we might even be able to automate it.

At this point it seems that tight integration between the distro and the init system is the best way to precisely define system service sandboxes. GuixSD’s declarative approach to system services along with tight Shepherd integration help a lot here, but it remains to be seen how difficult it is to create sandboxes for complex system services such as NGINX.

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el, armv7, and aarch64.

Creating bundles with guix pack

Ludovic Courtès — March 20, 2017

Guix just got a new command, dubbed guix pack, which we think many developers will find useful.

Last week we were celebrating the release of GNU Guile 2.2.0, the Scheme implementation that powers Guix. This is a major milestone and Guile developers naturally wanted to make it easy for users to discover all the goodies of 2.2.0 as soon as possible. One of the major roadblocks to that, as for any non-trivial piece of software, is deployment: because your distro is unlikely to have Guile 2.2.0 packaged on Day 1, you have to build it by yourself, which means getting the right dependencies installed and then building Guile itself. That’s not difficult for a developer, but it’s certainly cumbersome.

Andy Wingo, the driving force behind Guile, thought that it would be nice to propose a binary tarball of Guile 2.2.0 on the day of its release. Guix had already been providing binary tarballs for a couple of years, so why not do the same for Guile? Essentially, the new guix pack command is a generalization of what Guix was already using.

Making packs

So how does it work? The basic idea is simple: you type

guix pack guile

and the command returns in /gnu/store a good old tarball that contains binaries for Guile and all its dependencies. If you run, say,

guix pack guile emacs geiser

then you get a complete “Guile SDK” containing Guile, Emacs, Geiser, and all their dependencies.

When you extract the tarball, you get a /gnu/store directory with a bunch of sub-directories with these long hashes, one of which is the “profile” containing Guile, Emacs, and Geiser.

You wouldn’t want to ask users to type /gnu/store/war325pv1iixj13k6y8yplzagpknfn0c-profile/bin/guile to launch Guile, though. So guix pack has a command-line option to create symlinks in the image.

guix pack -S /opt/gnu/bin=bin guile emacs geiser

The command above creates a /opt/gnu/bin symlink to the bin directory of the profile in the tarball, such that users can simply type /opt/gnu/bin/guile to run Guile.

Recipients of a binary tarball are expected to either extract it in their root file system (yes!) where it will create /gnu and /opt/gnu in this case:

# cd /
# tar xf /path/to/pack.tar.gz
# /opt/gnu/bin/guile --version
guile (GNU Guile) 2.2.0

… or they can chroot into it, possibly relying on user namespaces and thereby avoiding root privileges:

$ mkdir /tmp/pack
$ cd /tmp/pack
$ tar xf /path/to/pack.tar.gz
$ unshare -mrf chroot . /opt/gnu/bin/guile --version
guile (GNU Guile) 2.2.0

The good thing with this is that, because Guix captures the complete dependency graph of packages, the tarball contains everything that’s needed to run Guile and is going to work in exactly the same way on any system that runs the kernel Linux!

Bells and whistles

Of course a popular approach to run such “application bundles” is Docker. Since the image format for Docker is documented and fairly easy to produce, we added an option to produce images in this format (Ricardo Wurmus initially contributed Docker support for the low-level guix archive tool but we found that it made more sense to have it in guix pack):

guix pack -f docker -S /opt/gnu=/ guile emacs geiser

The resulting tarball can be passed to docker load, and people can then use docker run to actually run the application.

One of the goodies that comes for free is cross-compilation: Guix supports cross-compilation, so you can create a pack consisting of software cross-compiled for a given platform, specified by the usual GNU triplet. For example, the following command creates a pack with binaries for GNU/Linux on ARMv7:

guix pack --target=arm-linux-gnueabihf guile

… while the command below creates a pack with Windows binaries using the MinGW cross-compiler:

guix pack --target=i686-w64-mingw32 guile

All the package transformation options that Guix supports are available to guix pack. Let’s say you’re a developer of a large piece of software such as a web browser like IceCat and you’d like your users to test whether the current master branch actually fixes the bug you attempted to fix. In this case, you can build a pack of IceCat, but replace the source that’s specified in the distribution with the snapshot of master you’re interested in:

guix pack icecat --with-source=./icecat-48.8.0.master.tar.gz

Of course the resulting pack is going to be pretty big in this case, but I’m sure the general pattern can be useful.

Wait, didn’t you say that “app bundles get it wrong”?

It turns out that we Guix developers have been saying that binary “application bundles” à la Docker are problematic for a number of reasons:

  1. Composability: each bundle comes with a complete operating system, minus the kernel, and there is little or no sharing happening among bundles, notably in terms of disk space and memory usage.
  2. Security updates: since an “app bundle” is essentially a complete operating system, one has to be careful and apply security updates to all the software in each bundle. Unfortunately, that doesn’t always happen as has been famously reported on several occasions.
  3. Reproducibility: Docker images, for instance, are often hardly “reproducible” in the sense of a reproducible build process. First, Dockerfiles start out with a “base layer” that is typically a huge binary blob of some major distro. On top of that, they run a number of commands such as apt-get install whose result likely depends on the time at which they are run. Docker’s best practices document suggests ways to mitigate the problem, such as “version pinning”, but the whole approach remains rather brittle.
  4. Experimentation: Once you have this big binary blob, sure you can run the application you wanted, but you can do little more than that—you may or may not be able to find the corresponding source code, and you’d have a hard time fiddling with one of the components of the software stack.

We pride ourselves with having a tool set that caters to some of the use cases that “app bundles” and “containerization” try to address while having none of these drawbacks. So how do Guix packs fit into that picture?

First of all, the intended use case is different: we view guix pack as a tool that makes it easy to try out a piece of software on a non-Guix machine. But it is clear that for production, our recommendation is to use Guix directly, to get security updates and generally address all the above issues. :-)

That said, let’s see how these issues affect Guix packs. First, composability of Guix packs turns out to be pretty good. If you receive two different Guix packs for different pieces of software, you can unpack both in your root directory (or union-mount them in the same place): packages that differ have a different /gnu/store file name with a different hash, so they won’t collide; packages that are identical (say the C library or GTK+) will have the same /gnu/store file name so they’ll actually be shared.

That means that for security updates, you could always fetch a new pack of your application with the security updates and extract it in place. However, that requires you as a user to manually pay attention to vulnerabilities in all the software that comes with the pack, so clearly you’re better off using Guix instead and regularly upgrading. No wonders.

Packs themselves are reproducible bit-by-bit. If you know the Guix commit that was used to build a given pack, you can thus run the same guix pack command on another machine and verify that you get the exact same tarball. Currently not 100% of the packages Guix provides are reproducible bit-by-bit; we’re getting closer to that goal though, in part due to the fact that Guix builds are isolated by default, and also thanks to the efforts of everyone in the Reproducible Builds project to address sources of non-determinism in free software.

Because Guix packs are reproducible, you can not only reproduce the exact same pack but also create packs with variants of the software—for instance, changing the version of one of the packages in the stack. Of course this part requires you to have Guix installed somewhere, but at least you can easily fiddle with the software stack and “compile” your own variant of the software stack down to a new pack.

We hope you’ll enjoy packs and Guix, and would welcome your feedback on the guix-devel mailing list and on #guix on Freenode!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Join GNU Guix for GSoC

Ludovic Courtès — March 9, 2017

As in previous years, Guix participates in the Google Summer of Code (GSoC), under the aegis of the GNU Project.

We have collected project ideas for Guix, GuixSD, as well as the GNU Shepherd, covering a range of topics. If you are passionate about computing freedom, Scheme, functional programming, or operating system development, check out the proposed projects. The list is far from exhaustive, so feel free to bring your own!

You can get in touch with us on the mailing lists and on the #guix channel on the Freenode IRC network.

If you are an eligible student, make sure to apply by April 3rd.

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Meet Guix at FOSDEM

Ludovic Courtès — January 17, 2017

GNU Guix will be present at FOSDEM next month with talks on a number of areas of active development. The first one will be on Saturday, in the high-performance computing (HPC) track:

Of course, the GNU Guile track on Sunday will be like home, with a bunch of talks there: We'll end the day with a round table on the future of Guix.

FOSDEM takes place in Brussels, Belgium, on the 4th and 5th of February, with the Guile track all day long on Sunday 5th. Hope to see you there!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix and GuixSD 0.12.0 released

Ricardo Wurmus — December 21, 2016

We are pleased to announce the new release of GNU Guix and GuixSD, version 0.12.0!

The release comes with USB installation images to install the standalone GuixSD, and with tarballs to install the package manager on top of your GNU/Linux distro, either from source or from binaries.

It’s been a little over 4 months since the previous release, during which 76 people contributed code and packages. The highlights include:

See the release announcement for details.

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Reproducible Build Summit, 2nd Edition

Ludovic Courtès, John Darrington, Ricardo Wurmus — December 16, 2016

GNU Guix was present this week at the second Reproducible Build Summit in Berlin. Three of us were there. We happily joined a dozen of other free software projects, mostly distros, to discuss cross-cutting reproducibility issues going from outreach to hacking on a specific piece of software. This attempts to summarize important points that were discussed in some of the sessions we attended, and how Guix fits into that.

On reproducibility

What does it mean for a build process to be reproducible? That sounded obvious to many attendants, but experience has shown that many outside of the community needed clarifications. A group led by Ed Maste of FreeBSD worked hard to come up with a definition that is both concise, accurate, and generic. Impressive and useful work!

At the same time, another group worked on the other thankless task that consists in improving the reproducible build documentation. A big thanks to them!

Testing reproducibility

For a couple of years, Debian has had a dashboard that shows the progress that has been made. The result is impressive: 92% of its source packages are now bit-for-bit reproducible! During the meeting, Eelco Dolstra reported first results for NixOS, obtained thanks to an extension to the Hydra continuous integration tool: 77% of the packages are currently reproducible.

Our build farm in Guix doesn't yet have the resources to perform independent rebuilds of packages. We plan to use the shared resources at tests.reproducible-builds.org to achieve that soon. Since last year's summit, our patch submission guidelines require submitters to check for reproducibility issues using guix build --rounds=N. This has already allowed us to fix lots of reproducibility issues in packages.

User-facing interfaces to reproducible builds

Reproducible builds should allow users to verify builds, and distributors to no longer be single points of failure. But how can we actually empower users with reproducible builds? Last year, we outlined that reproducible builds are a means to user empowerment. Thus it was great to brainstorm these issues with brilliant minds!

dkg of Debian and ACLU led a couple of sessions on this topic. Tools like guix challenge are one way to help users check whether their binaries are trustworthy, provided independent package builds are available. Some suggested that this could be used as an input for a more general kind of “system health” monitoring tool.

A large part of the discussion then focused on policies that users could select. For example, assuming several independent organizations provide binaries for a given distro, users could disallow installation of binaries for which providers disagree on the output. Worded like this, the policy could easily lead to denial of service should one of the providers be unavailable. A refinement of this policy is to install only packages for which k out of n known builders “agree” on what the package contents are.

Guix currently allows users to specify multiple binary providers through the --substitute-urls option. We hope we can extend it to support this “k out of n” policy by the next Reproducible Build Summit!

Bootstrapping

The Summit focuses on reproducible builds, but unfortunately, there are more and more situations where software is not built from source. In most cases, this is due to bootstrapping issues: a compiler is written in the language it compiles, and thus distributors have no choice but to start from an opaque pre-built binary provided by upstream. The problem also comes up when building a complete system “from nothing”. This situation prevents users from knowing what code they’re running, and it makes them vulnerable to trusting trust attacks.

In Guix, the debate came up every time we added one of these self-hosted compilers—Rust, OCaml, GHC, etc. This is not a comfortable situation. We led sessions on this topic with two goals: to try and make a specific package “bootstrappable”, and to raise awareness and come up with guidelines for compiler and tool writers. Together with other hackers, we drafted a manifesto that we hope to publish soon. Stay tuned!

Hacks!

During the hacking sessions, while Ricardo was busy working on the bootstrapping manifesto, John together with Pierre Pronchery of NetBSD tackled gettext reproducibility issues, and Ludovic picked up the work of others on fixing a longstanding reproducibility issue in Guile, the Scheme implementation used by Guix—“the shoemaker’s child always goes barefoot”, they say.

Thanks!

We would like to thank the sponsors who helped make the Reproducible Build Summit possible: Debian, Google, Linux Foundation, and Open Tech Fund. Special thanks to Beatrice and Gunner of Aspiration and to Holger of Debian for the perfect organization, and for the productive and friendly atmosphere they created!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Growing Our Build Farm

Andreas Enge — November 10, 2016

We have received our new server for continuous builds of the GNU Guix system, and are putting the finishing touches on its installation. The machine is intended as an eventual replacement for hydra.gnu.org, a virtual machine kindly hosted by the FSF. The new machine will drive our build farm, which continuously compiles the GNU system, and it will feed the mirror with binary packages, so that end users who do not wish to compile packages by themselves can easily keep up-to-date. Time to report on the adventure! This first part covers the hardware.

Buying the new machine has been made possible through a very generous donation by Igalia to Guix Europe. Igalia is a free software consultancy well known for its involvement in the development of the GNOME stack, GStreamer, the JavaScript compilers of Web browsers, and more, promoting values close to the GNU Guix project. It is heartening that the company is helping us towards our goal of creating a free system that liberates its users to take their computing and data processing needs into their own hands!

Of course, we wanted to buy the best for the money — but it turned out the best did not exist yet! Our goal was a system that would be as free as possible, starting from the BIOS, without backdoors of one kind or another; of course it also needed to be powerful enough to pilot our build farm, which is expected to grow with an ever increasing number of packages and maybe new architectures. The Libreboot project provides a free BIOS, which was in the process of being ported to the ASUS KGPE-D16 mainboard. Timothy Pearson from the Coreboot project (on which Libreboot is based) worked hard to make the port a reality. We bought the machine from Thomas Umbach, owner of VIKINGS, a company selling complete servers based on this board and planning to provide hosting services on this platform. Thomas made us a very generous offer of only billing the parts, so we are grateful to VIKINGS as a second sponsor for this machine; independently, the close interaction with Thomas and his fast and helpful replies to our questions meant a very pleasant experience for a first-time buyer of a server machine! Hopefully, this will not be the last time either.

The machine arrived carefully packaged in styrofoam and cardboard packaging with a power cable and the rails for mounting it in the rack of the hosting facility (for the time being, however, it is still sitting on a Moroccan pouffe in my living room, waiting for its installation to be finished). It is 1U high to save hosting fees. At the front, two USB ports, a power and a reset button. At the back, more USB ports, Ethernet ports, a VGA and a serial port; apart from the latter, it does not look more exotic than my laptop.

Interior of the server. The interior looks very tidy to my untrained eyes. This is not only a good sign for the vendor's professionalism, but according to Thomas also a necessity for ensuring sufficient air flow in the 1U case! This air flow is created by the array of five case fans on the right, in their orange housing. At the left, one can distinguish the two processors. We opted for the AMD Opteron 6262HE, which is free of backdoors to the best of our knowledge and power saving. Each of the processors has 16 cores, which should be amply enough for our needs (remember that the compilation of packages will take place on the build farm and not on this machine). Actually, only the processor fans and their big copper heatpipes are visible. There are 16 slots for memory, of which only four are used so far, each with a 16GB module for 64GB of total RAM — I do not think we will need to make use of our extension possibilities any time soon! Two hard disks of 4TB each are hidden under the metal cover to the right.

So the hardware looks very neat, and in the next installment, we will have a look at the installation of GuixSD on it.

Thanks again to all who made this adventure possible through their hard work and dedication, in particular Igalia, Thomas of VIKINGS, and Timothy of Coreboot and Raptor Engineering!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix and GuixSD 0.11.0 released

Ludovic Courtès — August 3, 2016

It is a pleasure to announce the new beta release of GNU Guix and GuixSD, version 0.11.0!

The release comes with USB installation images to install the standalone GuixSD, and with tarballs to install the package manager on top of your GNU/Linux distro, either from source or from binaries.

It’s been 4 months since the previous release, during which 70 people contributed code and packages. The highlights include:

See https://lists.gnu.org/archive/html/guix-devel/2016-08/msg00219.html for details.

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GuixSD system tests

Ludovic Courtès — June 28, 2016

From its inception, Guix has had a thorough test suite—something that’s not only reassuring, but also the thing that allows for fearless evolution of the code. That we didn’t have this safety net when hacking on the whole operating system, GuixSD, made it uncomfortable and more risky. We are now addressing the problem with the introduction of system tests, closing one of the major roadblocks towards 1.0.

Before going into details, let me recap the sorts of testing that already occurred in Guix land.

Unit tests

Guix’s test suite currently contains almost 600 unit tests. Each one of these stresses one particular function or subset of the functionality of Guix. This covers core package management functionality such as package builds, utility modules such as monads or the public key infrastructure (PKI) used for authenticating binaries, maintenance tools such as lint and the importers, as well as the command-line interface.

Since Guix provides Scheme modules for use both in the package management front-end and on the “build side”, the latter is also tested. This includes part of the build systems, and helpers like our ELF validation module.

Package tests

Then come the software packages that Guix ships. All of the packages in the distro are under continuous integration on the 4 supported architectures (32-bit and 64-bit Intel compatible, as well as MIPS64 and ARMv7.) Our build farm serves the resulting binaries, which users can choose to download as substitutes for local builds. Our build server, which currently runs an instance of Hydra, always shows the number of succeeding/failing builds on its dashboard. That way, breakage introduced by changes in the package collection is always rapidly detected. This is a direct benefit of the functional packaging model.

Additionally, our policy is to always run each package’s test suite (typically “make check”) as part of its build process, unless there is a serious technical obstacle to doing that. That way, we can, and do catch integration issues, incompatibilities, and plain bugs before they hit users.

System tests

So far, so good. Now, what about GuixSD itself? GuixSD did not have an automated test suite until now. What it did have, though, is the ability to instantiate an operating system in a virtual machine (VM) or in a container. You would write your operating system declaration in a file, then run, say:

guix system vm my-config.scm 

This gives you a script to launch a VM running an instance of the OS declared in ‘my-config.scm’. Already pretty convenient! And indeed, even more so back in the days when we were eating a fair amount of dog food. In fact, that’s how we ate our firstdog food dishes, and the VM infrastructure was the fork and knife that made it more tolerable.

So what could we test exactly? Roughly, we want to test that the instantiated system behaves according to the source ‘operating-system’ declaration: that user accounts are all there, that system services are running as expected, that all of the configuration is taken into account.

To do that, we need to run the system under test in a VM, but we also need to instrument it. We use QEMU to run our VMs, and QEMU along with the Linux virtio-serial module nicely supports communication between the guest operating system and the host, a strategy also used by NixOS’ test driver. Concretely, we define a “marionette”service, which hooks a Guile read-eval-print loop (REPL) inside the guest. This allows the host to evaluate arbitrary code in the guest VM.

Now we can write build processes (aka. “derivations”) that will:

  1. instantiate an instrumented variant of the operating system configuration we want to test in a VM image;
  2. spawn the VM, run a series of tests on the guest OS, and return the test results.

Thus, a system test to make sure the ‘uname’ system call returns something that matches the OS declaration looks like this:

(define (run-test)
  (define os
    ;; The declaration of the OS we want to instantiate and test.
    ;; Calling 'marionette-operating-system' instruments it.
    (marionette-operating-system
     (operating-system
       (host-name "komputilo")
       (timezone "Europe/Berlin")
       (locale "en_US.UTF-8")

       (bootloader (grub-configuration (device "/dev/sdX")))
       (file-systems %base-file-systems))))

  ;; Compute the script to run OS in a VM.
  (mlet %store-monad ((run (system-qemu-image/shared-store-script
                            os #:graphic? #f)))
    (define test
      ;; The actual test.  Here “#~” is like “quote”, allowing us
      ;; to describe code to run in the build environment; it’s a
      ;; “g-expression.”
      #~(begin
          (use-modules (gnu build marionette)
                       (srfi srfi-64)
                       (ice-9 match))

          (define marionette
	    ;; Spawn the VM that runs the declared OS.
            (make-marionette (list #$run)))

          (mkdir #$output)
          (chdir #$output)

          (test-begin "basic")

          (test-assert "uname"
	    ;; Call the ‘uname’ Scheme function in the guest.
	    ;; In the host, make sure its result (a vector) matches
	    ;; our OS declaration above.
            (match (marionette-eval '(uname) marionette)
              (#("Linux" host-name version _ architecture)
               (and (string=? host-name
                              #$(operating-system-host-name os))
                    (string-prefix? #$(package-version
                                       (operating-system-kernel os))
                                    version)
                    (string-prefix? architecture %host-type)))))

          (test-end)
          (exit (= (test-runner-fail-count (test-runner-current)) 0))))

    ;; Turn the test into a buildable “derivation”.
    (gexp->derivation "simple-test" test
                      #:modules '((gnu build marionette)))))

There are interesting things going on here. First, while this is all Scheme code, there are in fact three tiers or strata of code at play here: the code that produces the OS declaration and the derivation, the build code of that derivation—the test—embodied in a g-expression, and code sent from the host to the guest VM via ‘marionette-eval’.

Using Scheme all the way means we can share code, use the right tools such as the SRFI-64 test framework here, pass values from one tier to another, and so on. And of course, being a full-blown language rather than shell scripts or similar means we have a rich and semantically-clear interface at our fingertips: we can directly access the data structures that matter rather than grepping the output of high-level commands. As an example, we can directly query the system service manager right from Scheme, which is often useful in system tests.

Status

Guix now includes the test infrastructure described above; running “make check-system” runs all the currently defined tests. Currently we have tests for basic functionality. This includes making sure that all the system services declared are available and running. We have tests for specific system services such as the mcron job scheduling daemon—inspired by your parents’ cron, but with a powerful Scheme interface—and Avahi and its name service switch (NSS) integration.

Last but not least, we have tests of the full GuixSD installation procedure, which turned out to be more involved than the other tests. This works by running the GuixSD installation image in a VM, using another VM image as the target installation media, and finally booting the newly-installed system.

All the tests are automatically run on our build farm (see here, here, or there), which provides quick feedback. One step closer to 1.0!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix welcomes four students for GSoC

Ludovic Courtès — April 24, 2016

We are glad to announce that four students will join GNU Guix for the 2016 Google Summer of Code (GSoC):

All four projects sound exciting to us and we are happy to see progress on these fronts. Happy hacking!

About GNU Guix

GNU Guix is a transactional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix & GuixSD 0.10.0 released

Ludovic Courtès — March 29, 2016

We are pleased to announce the new beta release of GNU Guix and GuixSD, version 0.10.0!

The release comes with USB installation images to install the standalone GuixSD, and with tarballs to install the package manager on top of a running GNU/Linux system, either from source or from binaries.

It’s been almost 5 months since the previous release, and many things happened! The highlights include:

See https://lists.gnu.org/archive/html/guix-devel/2016-03/msg01241.html for details.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNOME in GuixSD

Ludovic Courtès — March 23, 2016

It’s a feature that many users were waiting for: proper GNOME support in GuixSD. Good news: the forthcoming Guix and GuixSD release will give you exactly that! Don’t miss the obligatory screenshot!

You would think adding GNOME is routine distro work involving a lot of packaging and bits of plumbing that’s already been done a hundred times, which is probably true! Yet, adding GNOME support turned out to be interesting in many ways: it’s a good test for GuixSD’s declarative operating system configuration framework, it’s a way to formalize how this whole software stack fits together, and it’s been an insightful journey into GNU/Linux desktop plumbing!

Of course, a lot of software needs to be packaged to begin with. This had been on-going for some time, culminating with the addition of a gnome meta-package thanks to the hard work of 宋文武 (Sou Bunnbu) and other hackers. On the way, we added an auto-updater for GNOME packages, because all these package recipes need love.

The more interesting parts were system integration. Modern GNOME/Freedesktop environments rely on a number of daemons, most of which talk over D-Bus, and extending each other’s functionality: udev, udisks, upower, colord, geoclue, and polkit, to name a few. Being able to compose all these system services was one of the driving use cases behind the design of GuixSD’s new service composition framework. With this design, we knew we were able to have fine control over the service composition graph. Challenge #1 overcome!

Since GuixSD uses the GNU Shepherd and not systemd as its init system, we needed a way to provide the “logind” functionality that systemd implements, and which allows GNOME to know about users, sessions, and seats.

So Andy Wingo courageously started by extracting logind from systemd, leading to “elogind”. At this point, we had this daemon that could keep track of logged-in users and active sessions, and which GNOME could talk to over D-Bus… provided all the relevant PAM services would use the pam_elogind module so that elogind knows when a user logs in and out, as Andy nicely explained it.

This pam_elogind thing is a typical example of a cross-cutting concern: if you use elogind, then you want all the relevant login-related PAM services (mingetty, the X login manager, commands such as su, the SSH daemon, etc.) to use pam_elogind. To achieve that, we updated our PAM service such that it could be extended with such cross-cutting modules. At last, we had proper logind support!

At this point, the brave could start using GNOME on GuixSD but would soon realize that, for example, the “power off” button wouldn’t have the desired effect, or that changing a laptop’s backlight wouldn’t work because polkit, the daemon that allows unprivileged users to perform privileged operations like that one, was missing essential policy files.

You would think you can finally change the brightness of your screen, but no! Turns out that polkit would refuse to run gnome-setting-daemon’s backlight helper program because elogind happened to fail to map PIDs to sessions. Whatever.

Of course there were still a bunch of embarrassing glitches such as GNOME suspending right after it wakes up from suspend, failure to start in QEMU, or the lack of GNOME’s favorite font. Well, it seems that all these are gone now!

GuixSD users can now enable GNOME by adding one line in their operating system configuration. Overall, this has been a nice experience involving a variety of areas.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Guix at LibrePlanet 2016

David Thompson — March 15, 2016

GNU hackers Christopher Allan Webber (whom you may know from the GNU MediaGoblin project) and David Thompson will be co-presenting "Solving the Deployment Crisis with Guix" at LibrePlanet 2016 this Saturday, March 19th. Chris and David will be focusing on the hardships and obstacles that users face when trying to exercise their software freedom by self-hosting web applications, offering Guix as a solution. The presentation will be held from 10:55 AM to 11:40 AM in room 32-141 of the MIT Stata Center in Cambridge, Massachusetts.

About LibrePlanet

LibrePlanet is an annual conference run by the FSF and MIT's Student Information Processing Board for free software users, developers, and activists to gather and share ideas. Admission is gratis for FSF associate members.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Join GNU Guix for GSoC

Ludovic Courtès — March 8, 2016

This year again the GNU Project is a mentoring organization for the Google Summer of Code (GSoC), and Guix is participating under GNU’s umbrella.

We have collected project ideas for Guix, GuixSD, and the GNU Shepherd covering a wide range of topics. If you are passionate about computing freedom, Scheme, functional programming, or operating system development, check out the proposed projects. The list is far from exhaustive, so feel free to bring your own!

Get in touch with us on the mailing lists or #guix on the Freenode IRC network.

If you are an eligible student, make sure to apply by March 25th.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Timely delivery of security updates

Ludovic Courtès — March 2, 2016

Yesterday, a new version of OpenSSL was released, addressing several serious vulnerabilities, some of which are nicknamed "DROWN". Like all free software distributions, we were waiting to deploy the fixes as soon as possible. This time though, we are happy to report that we were able to deploy it to users faster than before: an hour or so after disclosure. This was made possible by fixing our fast update deployment mechanism, which is based on grafts.

Updates in a functional package management framework

GNU Guix implements the functional package management discipline. What this means is that the the package graph in Guix is an immutable, persistent data structure—similar to a singly-linked list in a functional programming language, or to the object graph in the Git version control system.

A common difficulty with persistent data structures is the algorithmic complexity of updates—the computational cost of updating an arbitrary element of the data structure. For instance, to update the nth element of a singly-linked list, you first need to traverse and copy the n ? 1 elements at the head of the list, then insert the new element and make it point to the tail of the list.

With the functional package management paradigm, the cost of updating a package is simple to understand: you need to rebuild the package itself, and all the packages that depend on it. This is nice in many ways: all packages must build from source, there is no way we can be using binaries that cannot be rebuilt from their Corresponding Source, breakage due to incompatible application binary interfaces (ABIs) is foreign to our users, we have a precise trail of the tools that produced binaries—that is, builds are “referentially transparent”, and as a bonus, we get features such as transactional upgrades and rollbacks, peaceful coexistence of different variants of the same package, and more.

But obviously, this update cost is very high when all you want is to deliver an important security update in a core package. Regarding yesterday’s update, guix refresh -l openssl shows that 2,115 packages depend on OpenSSL. On top of that, Guix supports 4 architectures, so needless to say, rebuilding everything that depends on OpenSSL would take time. Sure, users do not have to wait for pre-built binaries and can instead build just what they need locally; in practice, they’d better have a powerful machine, though.

Grafting important updates

A solution to this problem has been floating around for some time: the idea is to graft important package updates onto packages that depend on it. That way, we would rebuild OpenSSL, but all we need to do for packages that depend on OpenSSL is to substitute the reference to the “broken” OpenSSL with a reference to the security update, with the understanding that this substitution process is orders of magnitude cheaper than rebuilding packages, and faster than redownloading rebuilt packages.

Shea Levy had implemented a form of grafting in Nixpkgs in 2013, and Guix itself has provided the infrastructure for grafted updates since version 0.8 in 2014. With Guix, package developers simply have to define a replacement in the object representing the package that needs an update and the tools automatically pick the replacement and graft it onto packages as needed.

The problem is that these implementations had a severe limitation, described in this bug report: grafting was not recursive. When we provided a patched OpenSSL to be grafted, any package that directly depended on OpenSSL, would be appropriately grafted to refer to the new OpenSSL. However, if a package depended on libfoo, which in turn depended on OpenSSL, then that package would keep referring to the old libfoo, which refered to the old OpenSSL. That made grafts useless in most situations.

Good news!

This bug was finally addressed, just in time for yesterday’s OpenSSL update. We have identified things to improve, but overall, it has worked pretty well. It has worked so well that we even experienced our first ABI break like all realdistros!

From now on, we have confidence that we can deliver important updates quickly using grafts, and happily rebuild the world in the background, whenever is convenient. This is an important improvement for functional package management to keep our users happy and safe.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Meet Guix at FOSDEM!

Ludovic Courtès — January 22, 2016

One week to FOSDEM! This year, there will be no less than six Guix-related talks. This and the fact that we are addressing different communities is exciting.

First, on Saturday morning, in the GNU Guile track (room K.3.201):

On Saturday afternoon:

On Sunday noon:

See you there!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix talk in Boston, MA (USA) on January 20th

Ludovic Courtès — January 11, 2016

David Thompson will be giving a talk about Guix on January 20th at the BLU gathering at MIT in Boston, Massachusetts (USA).

David gives an overview of what functional package management is all about and how it differs from traditional imperative package management.

He also demonstrates some interesting features of Guix such as transactional package management, unprivileged package management, bit-reproducible builds, and full system configuration management.

The talk will take place in MIT building E-51, room 325.

David is a GNU hacker who contributes to Guix and Guile; he implemented container support in Guix. If you are in the Boston area, do not miss him!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Guix starts fundraising campaign with support from the FSF

Ludovic Courtès — December 16, 2015

The GNU Guix project is glad to announce its first fundraising campaign, supported by the Free Software Foundation (FSF). As the FSF announced today, the campaign’s primary goal is to help increase the capacity of the project’s build farm. We believe Guix offers a great tool set to increase the freedom and autonomy of computer users, and we are excited that the FSF supports the project!

Until now, the build farm behind hydra.gnu.org had been working on hardware and hosting generously provided by several organizations and individuals—thank you! To cope with the growing number of packages and users, we felt that the time has come to call to the community to strengthen the project’s infrastructure. Our first action will be to change the build farm’s front-end, which orchestrates builds and distributes binaries. Next we want to add more build machines, with two goals in mind: being able to quickly test changes that trigger lots of rebuilds, and being able to identify non-verifiable builds.

Donations can be made on the FSF-hosted page for the campaign. 10% of your contribution will also go to help the FSF meet its current fundraising goal.

GNU Guix also welcomes contributions, both technical and non-technical: testing, adding new packages, writing code, translating messages and package descriptions to your native language, helping with Web design, and more. Check out the contribution page!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Service composition in GuixSD

Ludovic Courtès — November 19, 2015

GuixSD provides a declarative, stateless approach to operating system configuration management. In this context, the mechanism offered to select and compose system services is a crucial one. This post presents the new service framework introduced in the 0.9.0 version of GNU Guix.

Declarative Configuration Management

GuixSD is not like your parents’ distro. Instead of fiddling with configuration files all around, or running commands that do so as a side effect, the system administrator declares what the system will be like. This takes the form of an operating-system declaration, which specifies all the details: file systems, user accounts, locale, timezone, system services, etc.

If you’re familiar with it, this may remind you of what deployment tools like Ansible and Puppet provide. There is an important difference though: GuixSD takes a stateless—or “purely functional”—approach. This means that instantiating the system with guix system always produces the same result, without modifying the current system state. This is what makes it possible to test new system configurations, roll-back to previous ones, and so on. The guix system command allows system configurations to be instantiated on the bare metal, in virtual machines, or in containers, which makes it easy to test them.

In GuixSD, operating-system declarations are first-class objects in the host language. They can be inspected at the REPL:

scheme@(guile-user)> ,use (gnu)
scheme@(guile-user)> (define os (load "os-config.scm"))
scheme@(guile-user)> (operating-system-kernel os)
$1 = #<package linux-libre-4.2.6 gnu/packages/linux.scm:279 2ea90c0>
scheme@(guile-user)> (length (operating-system-user-services os))
$2 = 30
scheme@(guile-user)> (map user-account-name (operating-system-users os))
$3 = ("alice" "nobody" "root")

It is also possible to write functions that take or return OS configurations. For instance, the virtualized-operating-system function returns a variant of the given OS where the set of file systems and the initrd are changed so that the resulting OS can be used in a lightweight virtual machine environment. Likewise for containerized-operating-system.

Services Beyond Daemons

System services are specified in the services field of operating-system declarations, which is a list of service objects. As a user, we want to be able to ideally add one line specifying the system service we want to add, possibly with several instances of a service, and have GuixSD do the right thing.

Before 0.9.0, GuixSD had a narrow definition of what a “system service” is. Each service in the operating-system configuration had to map to exactly one dmd service—GNU dmd is the init system of GuixSD. This would work well in many cases: an SSH server or a log-in daemon is indeed a service that dmd has to take care of, even a file system mount is an operation that can be usefully inserted into dmd’s service dependency graph.

However, this simple mapping failed to capture more complex service composition patterns. A striking example is “super-daemons”—daemons that can spawn other daemons, such as dbus-daemon or inetd. From the user viewpoint, it does not matter whether a daemon is started by dmd, or by dbus-daemon, or by inetd; this should be transparent. If it’s a D-Bus service, then dbus-daemon’s configuration file should be told about the service; if it’s an inetd service, then inetd.conf should be augmented accordingly; if it’s a dmd service, information on how to start and stop it should go to dmd’s configuration file. Unfortunately, the pre-0.9.0 services could not express such things.

Worse, this approach did not capture the more general pattern of service extension. In the examples above, the super-daemons are effectively extended by other services that rely on them. But there are many cases where services are similarly extended: eudev can be passed new device rules, polkit can be extended with new rules and actions, the Pluggable authentication module system (PAM) can be extended with new services, and so on. At that point it was clear that GuixSD’s naive approach wouldn’t scale.

Composing System Services

The lesson learned from these observations is that system services extend each other in various way. The new service composition framework is built around this model: “system services”, broadly defined, can extend each other, and services and their “extends” relationships form a graph. The root of the graph is the operating system itself.

We can see that this pattern applies to services that are not daemons. PAM is one such example. Accounts are another example: GuixSD provides an “account service” that can be extended with new user accounts or groups; for example, the Network time protocol (NTP) daemon needs to run under the unprivileged “ntp” user, so the NTP service extends the account service with an “ntp” user account. Likewise, the “/etc” service can be extended with new files to be added to /etc; the “setuid” service can be extended with new programs to be made setuid-root. See the manual for more examples.

The nice thing is that composition of services is made explicit: extensions can only happen where explicit extension relationships have been declared. By looking at the extension graph, users can see how services fit together. The guix system extension-graph command, for instance, takes an operating-system declaration and renders the extension graph in the Graphviz format, making it easy to inspect the OS configuration structure.

The API makes it easy to see how services contributed to a specific service’s configuration. For instance, the following expression shows the PAM service as extended by other declared services:

(fold-services (operating-system-services os) 
               #:target-type pam-root-service-type)

The result is a service object whose value is a list of pam-service objects. Likewise, the following expression returns the /etc service, whose value is a list of entries to be added to /etc:

(fold-services (operating-system-services os) 
               #:target-type etc-service-type)

This contrasts with the approach taken by NixOS, GuixSD’s cousin, and described in this 2010 paper. In NixOS, the whole system configuration is described in an “attribute set”—a list of key/value associations, similar to JavaScript objects or Python dictionaries. Each NixOS service is passed the whole system configuration, allowing it to inspect and change any part of it.

This form of ambient authority gives a lot of flexibility, but it makes it harder to reason about service composition—all a service implementation does is inspect, add, or modify attributes of the global configuration, which may or may not affect other services. The use of a loose key/value dictionary also prevents good error reporting; for instance, a typo in a service name may go undetected. Lastly, NixOS services are enabled by writing service.enable = true stanzas, which leads to complications for services that may have several instances, each with its own configuration.

Wrapping Up

The new service composition framework in GuixSD 0.9.0 addresses shortcomings found in previous versions of GuixSD. It simplifies operating-system declarations for users, and provides a highly extensible framework that clearly exposes the way services are composed.

This new framework has already allowed us to integrate Freedesktop and GNOME services in a convenient way. We hope it will prove fruitful as we address other types of services, such as Web services.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Reproducible builds: a means to an end

Ludovic Courtès — November 11, 2015

What we stand for

GNU Guix is committed to improving the freedom and autonomy of computer users. This obviously manifests in the fact that GuixSD is a fully free distro, and this is what GNU stands for. All the packages in Guix are built from source, including things like firmware where there is an unfortunate tendency to use pre-built binaries; that way, users can know what software they run. On the technical side, Guix also tries hard to empower users by making the whole system as hackable as possible, in a uniform way—making Freedom #1 practical, à la Emacs.

Guix provides pre-compiled binaries of software packages as a service to its users—these are substitutes for local builds. This is a convenient way to save time, but it could become a threat to users if they cannot establish that those substitutes are authentic—that their Corresponding Source really is what it claims to be.

Reproducible builds

We view “reproducible builds” as a technical means to an end: that of guaranteeing user autonomy and safety. What matters here is that, if package build processes are reproducible, then users actually have a chance to verify that the substitutes (pre-compiled binaries) they download correspond to the source code that supposedly produced them.

Guix builds packages in a fully isolated environment to maximize reproducibility—a crucial feature inherited from Nix. Thus, by construction, very few variations are possible between separate instances of a build environment; the set of files accessible in the environment, the host name, environment variables, locale, and so on are fully under control and cannot change. This eliminates a whole class of possible discrepancies between independent builds.

The only things that may vary are the kernel, and the hardware. The most prominent example of how ‘hardware’ details can leak into a build process are timestamps: it’s unfortunately quite common for build processes to query the system clock and record it in build outputs. Eelco Dolstra, Andres Löh, and Nicolas Pierron described sources of non-determinism in their 2010 JFP paper about NixOS, along with a study on how this affects packages of the distribution in practice. The Reproducible Debian project has since made a similar evaluation but at a larger scale, and with a larger number of independent builds, thereby providing more insight.

Reproducible Debian has demonstrated one thing: contrary to what one might expect, sources of non-determinism are common in build processes. To eliminate the sources of non-determinism that remain in spite of the isolation techniques used in Nix and Guix, the most viable approach appears to be to fix upstream projects that suffer from these problems—one by one.

The reproducible-builds.org project is a great effort to try and address that collectively. We are glad Guix hackers were invited to participate in the first Reproducible Build Summit organized by the project, which will take place in December.

Going further

How can we take advantage of the fact that builds are reproducible, when they are, to actually empower users? There are several things we can do.

First, users must be able to build software locally in the same way distribution developers would do it. This possibility is an integral part of the transparent source/binary deployment model provided by functional package management; Guix users can use the --no-substitutes command-line option to force a local build.

Second, we must make it easy for users to use the binary provider of their choice, and possibly to use several of them, something that Guix allows.

Third, it must be equally simple for any user to publish their locally-built binaries as a way to improve diversity and avoid any single point of failure or trust. The guix publish command is a simple way to serve signed binaries over HTTP. A fully peer-to-peer approach based on GNUnet was tackled as part of GSoC 2015; the code needs more work before it can be integrated into Guix, but the approach is promising.

Last but not least, users must be able to challenge binary providers by themselves. The ability to verify binaries should not be the privilege of power developers. To address that, the just-released 0.9.0 version of GNU Guix provides a new command called guix challenge. The command allows users to automatically compare the build results of their local builds against those served by one or more binary providers. It allows both to find out about non-reproducible builds—and indeed, has already proved to be fruitful, and possibly to find out about compromised servers.

This and other matters were discussed in a Guix talk earlier this week (slides). We strongly believe in a future where the ability to authenticate distribution-provided binaries will be commonplace. Let’s build it!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix 0.9.0 released

Ludovic Courtès — November 5, 2015

We are pleased to announce the next alpha release of GNU Guix, version 0.9.0.

The release comes with USB installation images to install the standalone GuixSD, and with tarballs to install the package manager on top of a running GNU/Linux system, either from source or from binaries.

The highlights for this release include:

  • Support for automatic container provisioning in guix environment, for development environments, and in guix system, for full GuixSD deployments.
  • A brand new service composition framework for GuixSD. It significantly improves extensibility and modularity, while providing a framework that makes it easy to reason about how system services relate to each other. This was one of the main design issues that needed to be addressed on the road to 1.0.
  • The new guix graph command can draw package dependency graphs with different levels of details. Likewise, guix system has a new extension-graph command to draw the system's service composition graph, and a dmd-graph command to draw the service dependency graph as seen by GNU dmd.
  • The new guix challenge command allows users to challenge the authenticity of substitutes provided by a server. More on that in a future post!
  • 543 new packages, notably Idris and many imported Haskell, Python, and R packages.
  • Bug fixes, documentation, and other niceties!

See https://lists.gnu.org/archive/html/guix-devel/2015-11/msg00131.html for details.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix talk in Rennes, France, November 9th

Ludovic Courtès — November 2, 2015

Ludovic Courtès will be giving a talk about GNU Guix and GuixSD in Rennes, France, on November 9th. The event is organized by the three local free software and hacker organizations:

“It used to work perfectly, then I upgraded something, and somehow…” Sounds like a déjà vu? Sometimes feel like software deployment is unpredictable? Dissatisfied with Dockerfiles, Vagrantfiles, and co? Ever wondered if you can trust your compiler or the integrity of those binary packages you have downloaded?

This talk introduces GNU Guix, a package manager that implements the functional package management paradigm pioneered by Nix to address these issues. Guix supports transactional upgrades and rollbacks, as well as support for multiple software profiles. In this talk, I will introduce functional package management and demonstrate Guix on practical use cases. I will discuss the implications on (bit-)reproducible packages and environments, and how this can lead to verifiable binaries. Lastly, we will see how this extends to whole-system deployments with GuixSD, the Guix System Distribution.

Earlier on that day, a similar talk with a focus on security and reproducibility issues will be given at Inria, thanks to the support of Christian Grothoff and the software development department in Bordeaux.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Container provisioning with Guix

David Thompson — October 27, 2015

The upcoming release of GNU Guix will feature an implementation of Linux containers named, following Scheme conventions, call-with-container. Containers are a lightweight virtualization technique used to isolate processes sharing the same host machine. A container has its own separate global kernel resources such as mount points, networking interfaces, users, hostname, and processes.

Containers are a hot topic, and there are many implementations available, but Guix containers are built differently. Compared to other container implementations such as Docker, the most notable difference is that disk images and layered file systems are not used. Instead, the necessary software packages are inserted into containers via simple bind mounts. A pleasant consequence of this structure is that software is deduplicated system-wide. A package used in any number of containers is only on disk in a single place. Additionally, some containers may be created by unprivileged users, allowing any Guix user to create isolated sandboxes for their applications to play in.

One of the programs that uses call-with-container is 'guix environment', the generic virtual development environment creation tool. A --container flag has been introduced that will, as the name suggests, spawn the environment inside of a container. The container only has file system access to the directory from which 'guix environment' was invoked and the read-only store directories of the dependencies. Additional directories and files may be shared from the host using the --expose and --share flags. For example, a "containerized" development environment that is capable of building Guix from source may be created like so:

guix environment --container guix 

Likewise, the 'guix system' tool has been extended with a 'container' action for creating scripts that launch full-blown GuixSD containers:

guix system container my-system.scm 

Please note, however, that GuixSD containers may only be created by the root user at this time.

In order to use call-with-container, a kernel with support for user namespaces is required. User namespaces were introduced in Linux 3.8, but several distributions disable them by default.

There is still much work to be done in order to make call-with-container a robust container platform. For example, control groups could be used to arbitrarily limit the resources a container can consume, and virtual network interfaces could be used to give containers access to the net without sharing the host system's network interfaces. If you would like to help improve call-with-container, or any other part of the Guix codebase, please join the fun!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Guix-Tox talk at PyConFR, October 17th

Ludovic Courtès — October 9, 2015

Bonjour ! Cyril Roelandt of Red Hat who works on OpenStack will be giving a talk about Guix-Tox at PyConFR in Pau, France, on October 17th.

Guix-Tox is a young variant of the Tox "virtualenv" management tool for Python that uses guix environment as its back-end. In essence, while Tox restricts itself to building pure Python environments, Guix-Tox takes advantages of Guix to build complete environments, including dependencies that are outside Tox's control, thereby improving environment reproducibility. Cyril will demonstrate practical use cases with OpenStack.

If you're around, do not miss the talk. If you're a Pythonista, you can help by providing feedback on Guix-Tox!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Chris Webber talks about Guix in Chicago, September 30th

Ludovic Courtès — September 18, 2015

Chris Webber of MediaGoblin fame will be giving two talks for the Chicago GNU/Linux User Group meeting on September 30th. The first talk will discuss the state of federation on the Web, while the second one is entitled Functional Package Management and Deployment with Guix:

Tired of being stuck after an upgrade? Wish your operating system could roll forward and backwards in time, more like Git? Want a way to get really reproducible software? Or just want a better alternative to $YOUR_LANGUAGE's stressful packaging ecosystem you can run on an existing distro? And why on earth would you want something called a "symlink forest" anyway? Discover all this and more in this exciting talk about the GNU Guix project!

If you're in the Chicago area, do not miss Chris!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Porting Guix and GuixSD

Ludovic Courtès — September 7, 2015

Quite a lot has happened lately when it comes to porting Guix and GuixSD to other systems.

A few weeks ago, Manolis Ragkousis announced the completion of the GSoC project whose purpose was to port Guix to the Hurd. The system distribution, GuixSD, cannot run GNU/Hurd yet, but the package manager itself can both cross-compile from GNU/Linux to GNU/Hurd and build natively on GNU/Hurd. The work of Manolis is being gradually merged in the main branch.

More recently, Mark H Weaver posted a series of patches porting GuixSD to MIPS (Lemote Yeeloong), making it the first GuixSD port to non-Intel-compatible hardware (the package manager itself has supported mips64el for two years already.) By removing several platform-specific assumptions, this work paves the way for future ports.

Lastly, we are glad to report the donation of two ARM machines for our build farm. They will allow us to continuously test the ARM port, which was completed earlier this year, and to publish pre-built binaries on our build farm. We are grateful to the donors whose contribution makes a big difference for the development of Guix on ARM. If you would like to help out with hardware and/or hosting, please get in touch!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix 0.8.3 released

Ludovic Courtès — July 22, 2015

We are pleased to announce the next alpha release of GNU Guix, version 0.8.3.

The release comes with USB installation images to install the standalone Guix System Distribution (GuixSD), and with tarballs to install the package manager on top of a running GNU/Linux system, either from source or from binaries.

The highlights for this release include:

See http://lists.gnu.org/archive/html/guix-devel/2015-07/msg00585.html for details.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GSoC update

Ludovic Courtès — July 19, 2015

This year Guix was lucky to have 3 GSoC projects, and they have made rather good progress so far:

  • Manolis successfully completed the recipes to get a cross-compilation toolchain to GNU/Hurd, with part of the work already in the main branch. This allowed him to produce statically-linked bootstrap binaries (stumbling upon nasty ld.so issues on the way.) Manolis is now running Guix and building packages natively on GNU/Hurd, which will constitute a large part of the remainder of his project.
  • Rémi has written Guile bindings to crucial parts of the GNUnet API, including the file sharing API. This will allow him to move to the next step: Writing tools to publish and retrieve Guix substitutes (pre-built binaries.)
  • Rohan laid the foundations of the DHCP client. The current code can send packets on all the configured network interfaces. Rohan hopes to have working code to establish leases in the following weeks.

Happy hacking!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

Reproducible and User-Controlled Software Environments in HPC with Guix

Ludovic Courtès — July 1, 2015

Our paper entitled Reproducible and User-Controlled Software Environments in HPC with Guix was accepted for RepPar, a workshop on reproducibility in parallel computing:

Support teams of high-performance computing (HPC) systems often find themselves between a rock and a hard place: on one hand, they understandably administrate these large systems in a conservative way, but on the other hand, they try to satisfy their users by deploying up-to-date tool chains as well as libraries and scientific software. HPC system users often have no guarantee that they will be able to reproduce results at a later point in time, even on the same system—software may have been upgraded, removed, or recompiled under their feet, and they have little hope of being able to reproduce the same software environment elsewhere. We present GNU Guix and the functional package management paradigm and show how it can improve reproducibility and sharing among researchers with representative use cases.

The paper can be thought of as a followup to the recent experience report by Ricardo Wurmus.

We believe package management and reproducibility are key topics for HPC research. We are glad to have this opportunity to discuss the subject with researchers of the field.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix 0.8.2 released

Ludovic Courtès — May 14, 2015

We are pleased to announce the next alpha release of GNU Guix, version 0.8.2.

The release comes both with tarballs, which allow you to install it on top of a running GNU/Linux system, either from source or from a binaries, and a USB installation image to install the standalone Guix System Distribution (GuixSD).

The highlights for this release include:

See http://lists.gnu.org/archive/html/guix-devel/2015-05/msg00195.html for details.

Special thanks go to Luis Felipe López Acevedo, the incredible designer of the new web site and GuixSD logo!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and respects the user's freedom.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.

GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix talk at OpenTechSummit, Berlin, May 14th

Ludovic Courtès — May 12, 2015

Ricardo Wurmus will be giving a talk about GNU Guix and GuixSD at the OpenTechSummit in Berlin, Germany, on May 14th. The talk will take place at 3:15pm in track 2 and covers topics such as the fundamentals of functional package management, software management features with GNU Guix, and system description in GuixSD.

Ricardo has been making major contributions to Guix over the last year and is a long-time free software contributor. If you are in Berlin area, do not miss the talk!

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution (GuixSD) is an advanced distribution of the GNU system that relies on GNU Guix.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language.

At this stage the Guix System Distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix welcomes three students for GSoC

Ludovic Courtès — May 2, 2015

GNU Guix got 3 slots for the Google Summer of Code (GSoC), as part of GNU, which participates as an organization. So we are pleased to welcome three students this summer:

All three projects have very exciting prospects and we are thrilled to get them started! We are also glad that this allows us to strengthen ties with several other GNU packages.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution (GuixSD) is an advanced distribution of the GNU system that relies on GNU Guix.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language.

At this stage the Guix System Distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix recruits for GSoC

Ludovic Courtès — March 13, 2015

This year again Guix participates in the Google Summer of Code under the umbrella of the GNU Project.

If you are an eligible student, your contributions to GNU's package manager and to the Guix System Distribution are welcome!

We have collected project ideas (see also related ideas for GNU dmd) touching a variety of topics. If you are a free software hacker passionate about GNU/Linux packaging, Scheme, functional programming, operating system development, or peer-to-peer networking, check out the proposed projects. The list is far from exhaustive, so feel free to bring your own!

Get in touch with us on the mailing list and on the #guix IRC channel.

Make sure to send your application to Google by March 27th.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution (GuixSD) is an advanced distribution of the GNU system that relies on GNU Guix.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language.

At this stage the Guix System Distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix 0.8.1 released

Ludovic Courtès — January 29, 2015

We are pleased to announce the next alpha release of GNU Guix, version 0.8.1.

The release comes both with a source tarball, which allows you to install it on top of a running GNU/Linux system, and a USB installation image to install the standalone Guix System Distribution.

The highlights for this release include:

See the original announcement for details.

About GNU Guix

GNU Guix is a functional package manager for the GNU system. The Guix System Distribution is an advanced distribution of the GNU system.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language.

At this stage the Guix System Distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.

GNU Guix at FOSDEM

Ludovic Courtès — January 27, 2015

Guix will be present at FOSDEM in Brussels, Belgium, with a talk entitled "The Emacs of Distros" this Saturday, at 3PM, in room H.1302.

The talk will give an update on developments in Guix and the Guix System Distribution since last year, and will explain and demo the overall philosophy behind its design---how Guix seeks to empower users.

Hope to see you there!

GNU Guix ported to ARM and other niceties of the new year

Ludovic Courtès — January 9, 2015

A new port of GNU Guix to ARM using the "hard float" ABI has just landed, thanks to the hard work of Mark H Weaver and John Darrington. This makes it the fourth supported architecture after x86_64, i686, and mips64el. We are looking for ARM hardware donations that would allow us to add this architecture to our continuous integration build farm; your help is welcome!

In other news, there has been work to improve Linux module handling, the addition of session support in the login manager, more tooling in 'guix lint', an nscd configuration interface, many new packages (Xfce, NumPy, SciPy, and Clang, to name a few), and many bug fixes. Getting closer to a new release!

About GNU Guix

GNU Guix is the functional package manager for the GNU system, and a distribution thereof.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native Guile modules, using extensions to the Scheme language.

At this stage the distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armhf.

GNU Guix 0.8 released

Ludovic Courtès — November 18, 2014

We are pleased to announce the next alpha release of GNU Guix, version 0.8.

The release comes both with a source tarball, which allows you to install it on top a running GNU/Linux system, and a USB installation image to install the standalone operating system.

The highlights for this release include:

See the original announcement for details.

About GNU Guix

GNU Guix is the functional package manager for the GNU system, and a distribution thereof.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, with Guile Scheme programming interfaces.

At this stage the distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el.

Guix at the 2014 GNU Hackers Meeting

Ludovic Courtès — October 11, 2014

The Guix talk of this summer's GNU Hackers Meeting is now available on-line.

It gives an introduction to Guix from a user's viewpoint, and covers topics such as features for GNU maintainers, programming interfaces, declarative operating system configuration, status of the GNU/Hurd port, and the new Emacs and Web interfaces---with a bunch of demos.

Do not miss other fine talks from the GHM. Many thanks to everyone who took care of the video recordings.

About GNU Guix

GNU Guix is the functional package manager for the GNU system, and a distribution thereof.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, with Guile Scheme programming interfaces.

At this stage the distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el.

Join us for a Guix hackathon on Sep. 27-28!

Ludovic Courtès — September 16, 2014

The GNU Guix project is organizing a hackathon on September 27th and 28th, 2014. The hackathon will take place primarily on-line, on the #guix IRC channel on Freenode. We have started collecting a list of hacking ideas. Feel free to stop by and make more suggestions!

The hackathon is accessible to anyone with experience in GNU/Linux packaging or systems hacking. Scheme programmers will find additional things to work on in the tool set. Finally, we will also be welcoming newcomers and helping them get started.

This is a followup to last year's hackathon, organized for GNU's 30th anniversary.

About GNU Guix

GNU Guix is the functional package manager for the GNU system, and a distribution thereof.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. It also offers a declarative approach to operating system configuration management. Guix uses low-level mechanisms from the Nix package manager, with Guile Scheme programming interfaces.

At this stage the distribution can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el.

Emacs as a general-purpose package manager

Ludovic Courtès — September 4, 2014

GNU Guix, the package manager written for the GNU system, now has a neat Emacs user interface! It offers a visual, user-friendly alternative to the guix package command-line interface.

For those familiar with package.el, the main user interface is quite similar: commands like guix-newest-available-packages, guix-search-by-regexp, and guix-installed-packages present a browsable list of packages. Individual packages can be selected, which displays additional details and presents a button to install or delete them. It is also possible to mark a set of packages for installation, upgrade, or deletion, and execute the set of operations in a single transaction.

The interface has been developed by Alex Kost and was merged in Guix a day ago. It uses Geiser, the beloved Guile/Emacs interface and development environment, to communicate with the underlying Guile process. That Guile process, in turn, simply uses Guix and the whole distribution as libraries—the goodness of embedding the packaging DSL in a general-purpose language.

Try it out and let us know what you think!

GNU Guix 0.7 released

Ludovic Courtès — July 25, 2014

We are pleased to announce the next alpha release of GNU Guix, version 0.7.

This release is an important milestone for the project since it is the first to provide an image to install the GNU system from a USB stick.

Noteworthy features for the release are:

  • The GNU operating system can now be installed. Try it out!
  • To make it possible the guix system command has been augmented with new options, and support for 'operating-system' declarations has been vastly improved.
  • Programming has been simplified with the introduction of "G-expressions", which capture dependencies used by build-side expressions.
  • More than 130 packages have been added, including "big ones" like the GIMP and Maxima.

See the original announcement for details.

Guix at OpenBio Codefest 2014

David Thompson — July 13, 2014

On Wednesday, July 9th, David Thompson gave a brief introduction to GNU Guix at the Open Bioinformatics Codefest 2014 hackathon. The objective of the Codefest is to give developers of bioinformatics software a chance to be fully focused on their projects for a few days and work in person. These developers are concerned with the reliability and reproducibility of their operating systems, and the limitations of their package management utilities.

See the slides on-line.

GNU dmd 0.2 released

Ludovic Courtès — July 8, 2014

GNU dmd 0.2 has been released. It provides new features such as the ability to load new definitions for existing services, as well as bug fixes and an improved manual.

GNU dmd is a dependency-based service manager meant to be used as the init system in GNU. It is written in Guile Scheme.

GNU Guix 0.6 released

Ludovic Courtès — April 9, 2014

We are pleased to announce the sixth alpha release of GNU Guix.

This release provides a bunch of new features, among other things:

  • "Substitutes" (pre-built binaries) must now be signed and authorized to be installed;
  • Builds can be offloaded to other build machines over SSH; we use this facility for our build farm.
  • The +guix build+ command has a new --with-source option that allows a package to be built from a tarball other than that specified in the source. This is notably useful for maintainers who want to test pre-releases of their package.
  • 91 new packages, including GNU Octave, and many upgrades, notably GNU libc 2.19.

An updated QEMU x86_64 image is provided, featuring Guix 0.6 and dmd 0.1. It starts an X server with WindowMaker.

See the original announcement for details.

GNU Guix looks for GSoC students

Ludovic Courtès — February 27, 2014

This year again Guix participates in the Google Summer of Code under the umbrella of the GNU Project.

If you are an eligible student, your contributions to GNU's package manager and to the GNU system are welcome!

We have collected project ideas touching a variety of topics. If you are a free software hacker passionate about GNU/Linux packaging, Scheme, functional programming, Emacs, or peer-to-peer networking, check out the proposed projects. The list is far from exhaustive, so feel free to bring your own!

Get in touch with us on the mailing list and on the #guix IRC channel.

Make sure to send your application to Google by March 24th.

One week to FOSDEM!

Ludovic Courtès — January 25, 2014

FOSDEM takes place next week. We'll be giving a talk about Guix and the GNU system on Sunday at noon, in the distributions devroom. Interested parties, freedom supporters, GNU hackers, and Schemers all alike are welcome to join in!

GNU Guix 0.5 released

Ludovic Courtès — December 11, 2013

We are pleased to announce the fifth alpha release of GNU Guix.

The highlights are:

  • Port to the Loongson MIPS64 processors, using the n32 ABI.
  • New monad interface to handle operations on the store.
  • New whole-system configuration API, allowing users to declare and instantiate a machine's settings.
  • 110 new packages, including "big ones" such as GNU IceCat and hacker's favorites such as Guile-WM. ;-)

An updated QEMU virtual machine is provided, featuring Guix 0.5 and dmd 0.1.

See the original announcement for details.

GNU dmd 0.1 released

Ludovic Courtès — December 2, 2013

GNU dmd 0.1 has been released, providing many improvements and bug fixes.

GNU dmd is a dependency-based service manager meant to be used as the init system in GNU. It is written in Guile Scheme.

Distro of the Linux-based GNU system ported to MIPS

Ludovic Courtès — October 28, 2013

The Guix-based distro has been ported to MIPS64, specifically to the Loongson processors notably found in the free-software-friendly Yeeloong laptops.

Technically, "porting" here means that the "bootstrap binaries" were cross-compiled to +mips64el-linux-gnu+, and then used as an input to the distro's bootstrapping process---a purely functional, and trackable, process.

Thanks to Mark and Nikita for their tireless work to make this happen!

GNU Guix 0.4 released; happy birthday, GNU!

Ludovic Courtès — September 27, 2013

We are pleased to celebrate GNU's 30th anniversary with the fourth alpha release of GNU Guix.

The highlights are:

  • New APIs for the instantiation of the global system environment, and for the creation of QEMU images of the system.
  • New --list-generations and --delete-generations command-line options.
  • 60 packages were added to the distro, and 27 were upgraded, notably glibc.

In addition, we provide a virtual machine image showing preliminary work toward getting a stand-alone GNU system. It features GNU dmd, a dependency-based init system written in Guile Scheme, and of course it comes with Guix installed. The image is self-reproducible in that the recipe to build it is part of Guix.

See the original announcement for details.

Join us on-line in the next couple of days for a hackathon to celebrate GNU's birthday!

Join Guix for an on-line hackathon on Sep. 28-29!

Ludovic Courtès — September 18, 2013

GNU Guix joins other projects in celebrating GNU's 30th anniversary.

Join the #guix channel of the Freenode IRC network for a Guix hackathon on Sep. 28-29!

Tasks will include packaging your favorite software, hunting bugs, and improving stand-alone builds of the Guix-based GNU system. This is accessible to anyone with experience with GNU/Linux packages; people with experience in Scheme may find additional things to work on.

Happy hacking!

Back from the GNU Hackers Meeting

Ludovic Courtès — September 2, 2013

The GNU Hackers Meeting took place last week in Paris. As usual, it was a nice place to meet fellow hackers, grow new ideas, and to learn about what other projects are up to. Thanks to IRILL for hosting the event, and a big thanks to Luca for the very professional organization!

Several Guix hackers were present, with no less than two talks advertising Guix. The first talk demoed the package manager, both from a user's and from a hacker's perspective, and with a look forward. The second talk delivered a "packaging how-to" that should be helpful to anyone willing to contribute to the GNU system distribution.

GNU Guix 0.3 released

Ludovic Courtès — July 17, 2013

The third alpha release of GNU Guix is available. The highlights are:

See the original announcement for details.

Guix gets cross-compilation support

Ludovic Courtès — June 26, 2013

Recently, Guix gained cross-compilation support. What this means is that existing package definitions can be reused to cross compile packages. So for instance one can cross-compile Guile and its dependencies for MIPS with:

guix build --target=mips64el-linux-gnu guile 

This may sound like an unexpected feature for a "package manager". In fact, it is particularly useful when porting the GNU system distribution to new platforms. The distribution being self-contained, it is bootstrapped from a small set of pre-built binaries. With cross-compilation support, porting to a new platform boils down to cross-compiling the bootstrap binaries for that platform.

Back from the European Lisp Symposium

Ludovic Courtès — June 5, 2013

The European Lisp Symposium (ELS) is over now, and it’s been pleasant experience: thoughtful discussions, beautiful city, and parentheses all around. Thanks to all the Lispers and Schemers who made it to ELS for the friendly atmosphere!

The slides of the talk I gave on the design and implementation of Guix are available on-line. Nick Levine also published audio recordings of most of the talks (thanks!).

Guix at the European Lisp Symposium

Ludovic Courtès — May 21, 2013

A paper presenting the design of Guix's Scheme API and packaging language has been accepted for the 2013 European Lisp Symposium (ELS). ELS will take place in Madrid on June 3-4.

GNU Guix 0.2 released

Ludovic Courtès — May 12, 2013

The second alpha release of GNU Guix is available. It comes with a number of new features, notably:

  • The "guix package" command supports upgrades of user profiles and full-text package searches.
  • Binary packages are continuously built and may be transparently downloaded as "substitutes" to the result of a local build.
  • The new "guix pull" command updates the user's copy of Guix and its distro from Git.
  • New Scheme interfaces are available to facilitate package management in various ways.

The distribution has grown to more than 400 packages; noteworthy additions include Xorg and TeXLive.

See the original announcement for more information.

Guix & GSoC

Ludovic Courtès — April 12, 2013

Guix participates in the Google Summer of Code under GNU's umbrella. If you are an eligible student, your contributions to GNU's package manager and distribution are welcome!

We have collected project ideas, some connected with other projects such as GNUnet and Emacs. Come and discuss them on the mailing list and on the #guix channel of the Freenode IRC network.

The project list if far from exhaustive, so feel free to bring your own!

Make sure to send your application to Google by May 3rd.

Boot-to-Guile!

Ludovic Courtès — February 16, 2013

As a contribution to Guile's birthday potluck, Guix has been extended with the infrastructure to build a Boot-to-Guile QEMU disk image.

The image has GRUB to boot Linux-Libre, which in turn runs directly Guile and an init script in Scheme from its initrd. To put it differently, it boots Guile and its device driver environment known as Linux-Libre. :-)

In addition to being fun, it actually has a practical impact. First, Guix now has infrastructure to create bootable GNU/Linux-Libre QEMU images.

Second, using Guile in the initrd proves to be very convenient: all the expressivity and power of Guile and Scheme, without the complexity and code duplication associated with specific tool suites like klibc, Ash, and BusyBox.

Happy birthday Guile 2.0, and happy hacking!

GNU Guix 0.1 released!

Ludovic Courtès — January 18, 2013

Version 0.1 of the GNU Guix functional package manager and its baby distribution of user-land software has been released. See http://lists.gnu.org/archive/html/bug-guix/2013-01/msg00191.html for the original announcement.

In addition to standard package management features, Guix supports
transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection (more details in the manual.)

The distro is not a bootable distro yet, but rather one to be installed on top of a running GNU/Linux system. It includes GNU libc 2.17, GCC 4.7.2, GNU Emacs 24.2, GNU Guile 2.0.7, and more.

Building the distribution is a cooperative effort, and you are invited to join!

Introducing Guix, a package manager and distro for GNU

Ludovic Courtès — November 22, 2012

GNU Guix is an on-going project to build a purely functional package manager and free software distribution of the GNU system.

In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection.

Guix is approaching its first alpha release. It comes with a small and growing, self-contained user-land software distribution.

The road map details the current plan. Let us know what you think, and join the fun!