I'd love to use Guix (or Nix for that matter) as my day-to-day system but (and correct me, if I'm wrong) the package maintainer story is a bit off putting for me. From what I've understood, packages are maintained in a public git repository (GitHub [0] for Nix and savannah.gnu.org [1] for Guix), which might be great if there are enough people submitting updates, but at least for critical system components there should be clearly defined maintainers to make sure all security patches are applied in time.
Also I'm not sure how I feel about a core part of my potential operating system being hosted by a now Microsoft-owned company. On the other hand GitHub might be more reliable and better fit to server a huge amount of users than savannah...
1. Each package in Nixpkgs repo has assigned maintainer mentioned in source.
2. Nothing prevents you from using your own repo/hosting solution for Nix channel.
3. Writing or overwriting packages in Nix is dumb easy, so I do not see a problem here as well.
I started using Nix exclusively on macOS and I couldn't be happier. The best part IMHO is the fact that I can easily test different packages without permanently changing my system and dealing with clutter left by these.
So in general, this is less of the problem that you think it is, especially as you clone that repo locally, so you do not hit GH/Savannah on each installation.
I have the same experience. Using NixOS, not just NixPkgs, but it shouldn't matter.
Nix takes security very seriously. See e.g. [1]. Plus, a distribution that defines packages declaratively and makes things so reproducible is the ultimate tool to avoid many security issues.
Similarly, ‘guix lint’ has a CVE “checker” that reports CVEs that affect a given package [0]. Since the Guix package name might differ from the “CPE name” (the naming scheme devised by NIST), Guix package definitions can include the CPE name to make sure ‘guix lint’ will look for the right thing. ‘guix lint’ is also able to determine whether a vulnerability is already patched in the Guix package definition.
There’s also work on a ‘guix health’ program in the pipe [1], which is again complicated by this whole CPE story (which Vulnix seems to ignore.)
Last but not least, Guix has “grafts”, a mechanism that allows for fast security update deployment, meaning that rebuilding the world is unnecessary when applying a security update on a package deep down in the dependency graph [2, 3].
In Guix we came to the conclusion [2] that having shared package “ownership”—or, to put it differently, not having explicit ownership—is a solution that works best for us. In practice, most packages have a few associated experts who take care of most updates and fixes to them. However, as a group, the fact that there’s no name explicitly attached to the package means that every committer can feel empowered to modify it.
The pros and cons of per-package maintainers are often debated, notably in the context of Debian where strong ownership has shown its limits [3].
I actually see the just-a-git-project aspect of the Nix/Guix distribution maintenance a massive win on transparency grounds. I agree that I'd like to see a bit more dedicated "ownership" of key components, but I see that more as a lack of manpower meaning that many people have to spread themselves quite broadly.
But at the same time I'm quite hopeful that this model can produce a maintenance culture that's less territorial, arcane and officious than is my impression of e.g. Debian's methods and processes. As much as I love Debian, of course - but it definitely feels like yesterday's approach.
I also guessed that the lack of dedicated maintainers is due to a lack of volunteers, but that's something that stops me from using either guix or Nix at least from handling the critical part of my OS (kernel and base system).
For development environments and other stuff, both are great tools, but I guess the real power comes when you manage the whole system through any of these managers.
NixOS/nixpkgs [1] was at some point last year one of the most active projects in GitHub. I can't find the ranking right now, but it should suffice to say it has 2083 contributors and 178334 commits right now. For a relatively young project, that is a lot.
There are tons of dedicated maintainers. You can see that in the maintainers attribute of most packages. So I don't get your point regarding the lack of dedicated maintainers.
I maintain several packages there, and a bot sends me an automated message every time upstream updates the source, and auto-generates a new package definition for me. Things are really streamlined and bleeding edge. The unstable channel is often more up-to-date than Arch Linux even, due to the high number of Nix developers.
Thanks for the insight in the maintainer story of Nix. I guess it is kinda the same for guix and this more or less invalidates my concerns. So maybe the next time, I reinstall my OS, it's gonna be one of those :)
> Also I'm not sure how I feel about a core part of my potential operating system being hosted by a now Microsoft-owned company.
If it brings any solace: your current OS is using code hosted on GitHub.
What you say is akin to disliking HTTPS and the CA system. People on whom you depend, depend on it. The internet depends on it. Therefore, you are using it. Same with BGP. Same with IPv4. Same with 2G.
No "core part" of Guix is hosted on Github. If you're referring to the daemon: it's being replaced with a Guile implementation (it's an ongoing student project). It's not fetched from Github; our old copy of the daemon is part of the Guix git repository.
Sorry for being unclear. The part about being hosted on GitHub actually referred to Nix. That's the point where I'm unclear about what seems to be the better solution. GitHub could take a turn for the worse but at least for now, GitHub might be able to handle more users than savannah.
I don't think it matters much. You can use any git mirror in your ~/.config/guix/channels.scm file (including a local clone); you only need access to the git repo when running "guix pull" to upgrade your copy of Guix. I don't think that Savannah will become a bottleneck even with three times the users we have now. If it ever becomes a problem it's trivial to move to something else or to host dedicated infrastructure.
Yeah I just realized that. The binary caches might experience higher load but it the worst case you would have to build the binary yourself.
I just had to reinstall guix since `guix pull && guix package -u` didn't seem to upgrade guix itself but I think I will play around with it, at least for non critical stuff in my OS.
"guix pull" upgrades Guix itself. It installs the latest version as ~/.config/guix/current/bin/guix. If you ran the "guix" command from a different location before Bash's caching of command names can trick you. Guix prints a recommendation to run "hash guix" to refresh this command cache.
Looks like a neat concept. Would anyone here with experience managing this in production care to comment? Seems like it could be interesting if you need to reproduce the exact same software/OS on several machines as deliverables.
I've been using Guix in production since 2014 at a research institute to support reproducible bioinformatics workflows. It has come a long way since then.
Guix takes reproducibility and "bootstrappability" very seriously. Its design as an extension to Guile Scheme enabled the development of software built around Guix, such as a workflow language, alternative user interfaces (e.g. an Emacs interface or a web interface), etc.
The `guix system` family of commands is awesome because it can build reproducible containers, disk images, virtual machines, or bare-metal systems all from the same specifications.
What's still missing, in my opinion, is a tool to manage systems that have been generated with Guix, e.g. to check on their state, build new configurations and swap them out for old ones, etc. Some work has been done towards this goal, but there's still some way to go there.
Other than that I'm very happy with it and use Guix systems and Guix as a package manager on all my machines.
How does writing Guix Lisp expressions compare to writing Nix? Is it pretty succinct and intuitive? Do patterns make a little bit better sense?
It took me a long time to get the hang of the Nix design patterns like the three different kinds of overrides and the module system. Curious if it plays better in Lisp.
"succinct" is hard to answer. It depends a lot on the upstream package. For most packages the package expression looks like data:
(define-public r-valr
(package
(name "r-valr")
(version "0.5.0")
(source
(origin
(method url-fetch)
(uri (cran-uri "valr" version))
(sha256
(base32
"14jhrwkiwmha3vlmm7b50n2xxyizj6ddmy89gb20mpzq7qhz1ika"))))
(build-system r-build-system)
(propagated-inputs
`(("r-broom" ,r-broom)
("r-dplyr" ,r-dplyr)
("r-ggplot2" ,r-ggplot2)
("r-rcpp" ,r-rcpp)
("r-readr" ,r-readr)
("r-rlang" ,r-rlang)
("r-stringr" ,r-stringr)
("r-tibble" ,r-tibble)))
(home-page "https://github.com/rnabioco/valr")
(synopsis "Genome interval arithmetic in R")
(description
"This package enables you to read and manipulate genome intervals and
signals. It provides functionality similar to command-line tool suites within
R, enabling interactive analysis and visualization of genome-scale data.")
(license license:expat)))
This defines the name "r-valr" to be a "package" value with the given fields. The "source" field describes how Guix should obtain the source tarball ("url-fetch" is a procedure that implements a URL downloader, but there are others like "git-fetch", "hg-fetch", etc) and what the hash of that data is supposed to be. The "build-system" field tells Guix how to build the thing. "r-build-system" is a very succinct way to say "do with this package as you do for all other R packages: unpack the tarball, run `R CMD bla`, then run the tests, etc". We've got quite a few such build systems: "gnu-build-system", "cmake-build-system", "python-build-system", "ant-build-system", ... All of these can be further configured via the "arguments" package field, which isn't used here, because this is a boring package.
The "propagated-inputs" field is an association list of arbitrary labels to actual package values --- the things on the right hand side are variable names that are bound to package values, which are unquoted here, so this field really contains actual references to these other package values. The result is a lazily constructed graph of package values.
Some packages can be really nasty, though, when the developers decided to ignore conventions and implement their very own way to build their very special software. We can usually accommodate those packages by starting out with e.g. the gnu-build-system and then modifying the build phases: deleting the "configure" phase, adding a custom phase before the "build", replacing the "install" phase, etc. The system is flexible enough for all of this, but for really ... special software I would no longer call this "succinct" or "intuitive".
That said, most packages are easy. Almost all R packages, for example, look like the one above. But there are some really frustrating ones like Tensorflow (due to the fact that we use CMake instead of Bazel because Bazel hasn't been bootstrapped yet) or the old JDKs (that we use as part of a longer bootstrap chain) that are plain ugly. You just need to know when to give up, I suppose :)
> You just need to know when to give up, I suppose :)
Oh gosh I relate to this. I tried to package 3DSlicer for NixOS, which uses a cmake superbuild of dozens of dependent projects, which it fetched during compile and required a very special GCC. I had to give up; it was making me too depressed.
Thank you for sharing how Guix derivations work. It seems very similar semantically to Nix, but I like the build-system method. In nix we have e.g. buildDotnetPackage, buildBazelPackage functions which are overridden, but there's not a clean interface for build systems. I like it.
Is the module system similar to Nix's? Nix modules define imports, config schema and config values, which are merged together to produce an expression for the state of the whole system, e.g. configuration.nix. How's that work in GuixSD?
> Is the module system similar to Nix's? Nix modules define imports, config schema and config values, which are merged together to produce an expression for the state of the whole system, e.g. configuration.nix. How's that work in GuixSD?
The way the Guix system is configured differs a lot from how it's done in NixOS. (Note, though, that I've never used NixOS, so I'll just talk about how it works in Guix.)
First about the term "modules" to avoid confusion: Guix code is organized in Guile modules. A Guile module is a file containing definitions. A module can export variable names. Other modules can use those variable names. That's just like how you'd do "import foo" in Python --- in Guile you do "(use-modules (where foo is))".
This is nothing to do with system configuration, of course; it's just a language feature.
The way a system is configured is through the `operating-system` record. Much like the `package` record for defining first class package values the `operating-system` record is used to declare operating systems. Here's an example straight from the manual:
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen)
(operating-system
(host-name "komputilo")
(timezone "Europe/Berlin")
(locale "en_US.utf8")
;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
;; target hard disk, and "my-root" is the label of the target
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sdX")))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
;; This is where user accounts are specified. The "root"
;; account is implicit, and is initially created with the
;; empty password.
(users (cons (user-account
(name "alice")
(comment "Bob's sister")
(group "users")
;; Adding the account to the "wheel" group
;; makes it a sudoer. Adding it to "audio"
;; and "video" allows the user to play sound
;; and access the webcam.
(supplementary-groups '("wheel"
"audio" "video")))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons screen %base-packages))
;; Add services to the baseline: a DHCP client and
;; an SSH server.
(services (append (list (service dhcp-client-service-type)
(service openssh-service-type
(openssh-configuration
(port-number 2222))))
%base-services)))
The "packages" field is for declaring globally available packages, nothing special. What's interesting, though, is the "services" field. This is not just about services in the sense of daemons (i.e. Shepherd services that can be started and stopped), but about anything really to extend the system.
System services can be composed and may extend one another, see <https://www.gnu.org/software/guix/manual/en/html_node/Servic.... This can be used for complex system setup like web applications that require a web server configuration (e.g. by adding an nginx server block), a database, and so on. An example is the Zabbix system service. We also use the service framework for generating PAM policies, creating files in /etc, for udev rules, etc.
"guix system" operates on an "operating-system" value (read from a file or read as a Scheme expression) to instantiate a VM, a container image, or a bare-metal system.
I use nix in production, and it is amazing. It's super config management on steroids with the ability to roll back in a literal instant.
Guix is based off nix, I have looked at it a few times, but it seems much more complicated and less developed than nix. It's only selling point over nix if that everything is written in guile, which does not matter to me.
It's a bit of both, though much more spiritually. A low-level component (the daemon) is taken from Nix. The daemon takes so-called derivations (text files listing the expected outputs and inputs, as well as the file name of the builder script), sets up a chroot where the inputs are available, and runs the builder script. Everything above that level of abstraction is different. (Guix has first-class package values and build system abstractions, for example, and is generally implemented as an extension to Guile Scheme, i.e. as an embedded DSL.)
Even at that level there are differences: our build scripts are not glued together shell snippets but Guile scripts that are generated from the upper layers.
We're in the process of replacing the daemon with something written in Guile, because a lot of the daemon's functionality has already been implemented in Guile for other features of Guix (e.g. the container features), but we're in no hurry as the modified nix daemon works fine in practice. We'd love to reuse more Guile code, though, and lower the barrier to hacking on the daemon (which is currently written in C++), so eventually the only thing that connects Guix and Nix is the format of the derivation files and the idea of functional package management.
Many people run Nix in production — a similarly structured OS. Nix works fine. GUIX is relatively new; I played with it, but didn’t use in production yet.
This seems like a large piece of software. I'm interested in the purely functional, portable package manager aspect. I can see that it has [0] a lot of packages that are a pain to build on my Slackware system (or even to download prebuilt) because of the awesome number of dependencies. Downloading mpv and its dependencies takes quite a bit of time, for example. If anyone has experience with using guix this way, I'd be interested.
At the beginning of this year I got hooked-up on this concept of functional system and package management. I've read through all the Nix documentation trying to get a feeling of how should I use it. And it just felt bad - sometimes the documentation was outdated, sometimes it clearly contradicts code on master, sometimes the programming style was inconsistent, sometimes the examples were unclear, too simple or too contrived... Thousand ways to achieve the same things and no clear "best practices" way.
Is guix's documentation any better? I mean - teach me the theory, but also show me practical examples making use of it so I could remember?
Yes, but not only : "GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the kernel Linux, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, and AArch64 machines."
(Note: we call it "Guix System" instead of "GuixSD" now.)
There is little difference between Guix and the Guix system when looking a little more closely. Even when using Guix as a package manager it won't link with any of your OS libraries, so you end up downloading or building variants of libraries that you may already have on your host operating system --- that's by design as it unlocks reproducible builds.
The scheme you have now is confusing for no reason. I saw this news on Phoronix and even after reading the article I couldn't tell if it was the pkg manager or the distro that had reached 1.0 (I guess it's both?).
They are both the same. With the "guix system" family of commands you can build containers, VMs, and you can also install a system on bare hardware. Describing it as a package manager really doesn't do the thing justice. You can use all of the "guix system" family of commands even on top of a foreign distribution --- except for "guix system init" which installs the Guix system on your hardware and "guix system reconfigure" which upgrades it on your hardware.
Good to know about the terminology change. Thanks!
I understand what you mean by the difference. (I currently overlay Nix on top of a different Linux distribution.) But without the "system" part, Guix on its own is still not strictly an OS, since there's no kernel being deployed. A pedantic point, but an accurate one I think. :)
Personally the thing that holds me back from Guix is their (understandable) insistence on packaging libre/free software only. Guix looks like it has better usability than Nix, IMO, but I don't want to jump through extra hoops to get non-free software installed.
I've been using the Guix system since early 2018. It's a lot of fun. I've put off some of the more complicated stuff (from a user's perspective) like packaging new things, but it's managed to stay my daily driver just fine.
I haven't been active for a couple of years, but I've contributed my fair share of packages and features since 2013 that I'm proud to see have made it all the way to 1.0. Congrats, Guix team!
As a person with ~intermediate knowledge of Nix/NixOS and only knowing Guix from a distance yet:
- I don't see a word about GuixSD there - what's the status of this? Is it also 1.0 now?
- (How) can I pin my whole config to a particular commit of the package set/channel, and only update gradually? I'm kinda having trouble finding out how to do this in NixOS
- Can I package non-libre software for Guix? Are there third-party non-libre package sets/channels? I know GNU proper doesn't want me to do this, and I'm sympathetic, but not ready for the jump. What's the situation for me in practice?
- Can I replace kernel with L4Linux? I tried to do that in NixOS but gave up because of complexity.
- Does GNU mirror/archive all package sources used by Guix somewhere? If github is sunset by MS, can I still build an OS from a 2018 snapshot?
- What's the multi-user story? In Nix it's complicated.
- Does Guix have something like Nix's home-manager?
> - I don't see a word about GuixSD there - what's the status of this? Is it also 1.0 now?
Yes. GuixSD is now called "Guix System".
> can I pin my whole config to a particular commit of the package set/channel
Yes, you can. You only need to describe the channels you want to use (and possibly their commits) in ~/.config/guix/channels.scm and then run "guix pull". You now have that particular version of Guix and it won't change until you change the channel specification and run "guix pull" again. That's great for reproducing a system elsewhere or at a different point in time.
> Can I replace kernel with L4Linux
I don't know if anyone has tried.
> Does GNU mirror/archive all package sources used by Guix somewhere
We cache sources for as long as possible on the build farm; we also fall back to looking up sources through Nix caches; and finally we fall back to the Software Heritage archive.
> Can I package non-libre software for Guix? Are there third-party non-libre package sets/channels?
Yes and yes. Adding channels is easy: just add a specification to ~/.config/guix/channels.scm
> Does Guix have something like Nix's home-manager
Sadly it doesn't. I'd love to see something like this in Guix.
Thanks! How about the multi-user story for non-OS Guix?
Also, can you share some links to third-party non-libre package sets/channels, or some place where I can find them to see what's available?
Edit: As to kernel: are you using Hurd, or Linux? Or any one of them can be chosen? If it's choosable, I imagine L4Linux should not be that hard. Edit 2: I see there was some work being done on this: https://www.gnu.org/software/guix/blog/tags/gnuhurd/ but last news seems to be from Feb 2017. Did the work get integrated into trunk, or did it bitrot in an old branch? Edit 3: Found some info: http://lists.gnu.org/archive/html/guix-devel/2019-04/msg0023... IIUC, not very stable (missing some Shepherd stuff?), but at least the work seems upstreamed (?)
I don't know what this means, so I'm just answering what I'm guessing this means :)
Probably one of the biggest non-OS deployments of Guix is at the institute where I work. We use Guix as a package manager on an HPC cluster. Hundreds of users share the same Guix daemon but each of them can use their own version of Guix with it. They simply invoke "guix pull" to upgrade whenever they feel like it to get a new version of Guix and this affects nobody else.
Users are, of course, not limited to having just one profile. Just like Guix can be used to manage different software environments per user it can just as well be used to manage separate software environments per project. At the institute we do this all the time to create separate environments for independent projects that each have their own upgrade schedule.
> Hurd?
We're using Linux libre by default. Guix runs as a package manager on a Hurd system (such as Debian GNU/Hurd) and Guix has packages for building Hurd servers as well, so a Guix System that uses the Hurd instead of Linux libre is close to being ready. Most of this work was done by a very dedicated student who did this as part of GSoC (twice) and who continued to fix problems afterward.
Not all features of Guix will work on a Hurd system; Linux-style containers obviously only work on Linux --- the Hurd has much prettier support for container features, including unprivileged file system virtualization (something I hate to miss on Linux).
The biggest problem with Guix + Hurd is that we aren't yet building packages for the Hurd on our build farms, so no binaries are available. This means there are only very few people who would be willing to use this and report bugs or contribute fixes. I'm planning to attach some Debian GNU/Hurd VMs to the build farm within the next few weeks so that this obstacle is removed. Many of the Guix developers are Hurd enthusiasts (myself included), so I hope now some of us can close the gaps that prevent us from having a native Guix + Hurd GNU system.
> third party channels with non-free software
As one of the maintainers of Guix I'd rather not share links to channels providing non-free software. I also sincerely hope that people will put their time into improving free software than to develop workarounds to allow them to keep software alive that does not respect their freedom and thus harms our communities. That said, there are countless repositories on popular hosting sites that provide package definitions of varying quality for non-free software (also of varying quality :)) --- some of them are also used in HPC deployments.
Just for context to the GP, Nix channels work basically the exact same way. Or, you can do as I do, and not use channels and always specify the exact nixpkgs revision as part of your Nix file. Anyone can `nix-build chimera.nix` and get a (nearly) bit-for-bit identical build of my laptop, which is great - we don't have to have a conversation about which channel I'm on, or which rev of which channel I'm on, etc.
I can then independently rev the nixpkgs revision and either commit that, or not.
Oh oh, can you show me your chimera.nix file? I'm having trouble finding a correct incantation how to do that and how to use it in an /etc/configuration.nix for NixOS :(
Start in {configurations,machines}/chimera.nix and explore outward from there ;).
EDIT: I forgot, I decommissioned 'chimera' because computers are terrible. `xeep` is probably a better example of what you're looking for. `azera` is an Azure VM that runs the services `chimera` used to host.
Sorry if the repos a bit messy. I don't practice good git hygiene there. Feel free to ping me on the nix IRC rooms or email me. I love NixOS and enjoy evangelizing cool tech.
Here's something I wrote a few months ago (with minor changes) to clarify the relationship between these two projects. I hope this helps.
-------------------
As one of the co-maintainers of GNU Guix I'm obviously biased, but here's what I consider some important unique features of Guix:
- Guix is all written in Guile Scheme (with the exception of parts of the inherited daemon, which hasn't yet been completely implemented in Guile); this extends to development tools like importers, updaters, to user tools like "guix environment", and even bleeds into other projects that are used by Guix System (the GNU system distribution built around Guix), such as the shepherd init system. There is a lot of code reuse across the stack, which makes hacking on Guix really fun and smooth.
- Packages are first class citizens in Guix. In Nix the idea of functional package management is very obvious in the way that packages are defined, namely as functions. These functions take their concrete inputs from an enormous mapping. In Guix you define first-class package values as Scheme variables. These package values reference other package values, which leads to a lazily constructed graph of packages. This emergent graph can be used as a library to trivially build other tools like "guix graph" (for visualising the graph in various ways) or "guix web" (for a web interface to installing and searching packages), "guix refresh" (for updating package definitions), a lovely feature-rich Emacs interface etc.
- Embedded DSL. Since Guix is written in Scheme---a language for writing languages---it was an obvious choice to embed the package DSL in the host language Scheme instead of implementing a separate language that needs a custom interpreter. This is great for hacking on Guix, because you can use all the tools you'd use for Scheme hacking. There's a REPL, great Emacs support, a debugger, etc. With its support for hygienic macros, Scheme is also a perfect vehicle to implement features like monads (we use a monadic interface for talking to the daemon) and to implement other convenient abstractions.
- Graph rewriting. Having everything defined as regular Scheme values means that you can almost trivially go through the package graph and rewrite things, e.g. to replace one variant of a package with a different one. Your software environment is just a Scheme value and can be inspected or precisely modified with a simple Scheme API.
- Code staging. Thanks to different ways of quoting code (plain S-expressions and package-aware G-expressions), we use Scheme at all stages: on the "host side" as well as on the "build side". Instead of gluing together shell snippets to be run by the daemon we work with the AST of Scheme code at all stages. If you're interested in code staging I recommend reading this paper: https://hal.inria.fr/hal-01580582/en
- Bootstrapping. Some of us are very active in the "bootstrappable builds" community (see http://bootstrappable.org) and are working towards full bootstrap paths for self-hosting compilers and build systems. One result is a working bootstrap path of the JDK from C (using jikes, GNU classpath, jamvm, icedtea, etc). In Guix we take bootstrapping problems serious and prefer to take the longer way to build things fully from source instead of just adding more binary blobs. This means that we cannot always package as many things as quickly as others (e.g. Java libraries are hard to build recursively from source). I'm currently working on bootstrapping GHC without GHC and without the generated C code, but via interpreting a variant of GHC with Hugs. Others are working on bootstrapping GCC via Scheme.
- Guix System, the GNU system distribution built around Guix. Guix System has many features that are very different from NixOS. The declarative configuration in Scheme includes system facilities, which also form a graph that can be inspected and extended; this allows for the definition of complex system facilities that abstract over co-dependent services and service configurations. Guix System provides more Scheme APIs that apply to the whole system, turning your operating system into a Scheme library.
- I like the UI of Guix a lot more than that of Nix. With Nix 2.0 many perceived problems with the UI have been addressed, of course, but hey, I still prefer the Guix way. I also really like the Emacs interface, which is absolutely gorgeous. (What can I say, I live in Emacs and prefer rich 2D buffers over 1D command line strings.)
- It's what I want GNU to be. I'm a GNU hacker and to me Guix is a representative of a modern and innovative GNU. It's great to see more GNU projects acting as one within the context of Guix to provide an experience that is greater than the sum of its parts. Work on Guix affected other GNU packages such as the Hurd, Guile, Mes, cool Guile libraries, and led to a bunch of new GNU packages such as a workflow language for scientific computing.
On the other hand, although Guix has a lot of regular contributors and is very active, Nix currently has more contributors than Guix. Guix is a younger project. The tendency to take bootstrapping problems very seriously means that sometimes difficult packages require more work. Oddly, Guix seems to attract more Lispers than Haskellers (I'm a recovering Haskeller who fell in love with Scheme after watching the SICP lecture videos); it seems to be the other way around with Nix.
Having said all that: Nix and Guix are both implementations of functional package management. Both projects solve similar problems and both are active in the reproducible builds efforts. Solutions that were found by Nix devs sometimes make their way into Guix and vice versa. The projects are not competing with one another (there are orders of magnitudes more people out there who use neither Guix nor Nix than there are users of functional package managers, so there's no point in trying to get people who use Nix to switch to Guix). At our recent Guix fringe event before FOSDEM Eelco Dolstra (who invented functional package management and Nix) gave a talk on the future of Nix surrounded by Guix hackers --- there is no rivalry between these two projects.
----
Now to the last question: How usable are they? I've been using Guix (as a package manager and as an OS) since 2014 on all of my machines and I love it. I have written hundreds of package definitions both manually and with the help of "guix import", which generates them for me (even recursively). If you're okay with Lisp it's not painful at all. I have experience with RPM spec files and Arch PKGBUILDs and I love how declarative Guix package definitions are in comparison. For well-behaved projects that's great. For projects that reinvent build systems or come with custom build instructions or that assume unreasonable things about the target system things can get pretty gnarly, though.
Guix differs in that you don't use shell snippets to describe the installation steps. This can be confusing for people coming from other packaging systems, and it can be a little uncomfortable having to express things in Scheme instead. On the plus side you have access to a much more flexible language and don't have to mess with low-level shell. You can write procedures and reuse them across packages, or you can abstract the whole build process so that all that is ever needed is a declaration like `(build-system python-build-system)'.
(Things that suck: packaging NPM/nodejs things. Guix folks are really into building things from source, and there's a cultural mismatch with NPM folks. There are workarounds but there's no silver bullet.)
For those (like me) learning of Guix for the first time:
>"About GNU Guix
GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the kernel Linux, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, and AArch64 machines.
In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language."
Guix has a very nice Emacs interface --- that's better than a bare TUI in my opinion. Even if you aren't a die-hard Emacs user the Emacs interface has a lot to offer.
There also is a web interface, but that's more useful for browsing the package collection than to install things.
I don't know what you mean by "all-or-nothing kind of deal". You can easily create package variants (thanks to first-class package record values that support field inheritance), but in my experience you rarely need that as packages are often composable at runtime --- you just install them into the same profile.
- Package A recommends Package B, if the package maintainer judges that most users would not want A without also having the functionality provided by B.
- Package A suggests Package B if B contains files that are related to (and usually enhance) the functionality of A.
- Package A depends on Package B if B is a A can't work without B
Its possible for B to actually be optional but in fact be designated as required if A is built with options that require B.
And variable CFLAGS and CXXFLAGS for explicitely choosing to optimize whichever way i see fit, instead of using something generic? Individually, on a per package base? Like described here for example:
As far as I know, it does not have USE flags, but you can customize the compilation however you want, adding build options, patches, etc. They also provide binaries for a good amount of packages if you don't want to build some from source.
I see. But that is not the point. I can customize any compilation anywhere. But it is a hassle i can do without. I really miss the "automagic" of Gentoo because this feature was intrinsic to their package management. I'm watching Guix(XD/System/Whatever) since years, browsing the docs, reading this and that, and it seems to me like just another rpm, deb with some nice addons. And not too inviting at all, because who likes ghettos which ideologically shun this and that which unfortunately is part of my life?
Anyways, interesting work whith reproducable bootstrapping in GNU Mes. (sigh)
It's not just like those at all... did you think that I was saying that you can just compile things manually or something? You can define build options and such for a group of packages using Guix; there just isn't an abstraction like USE flags. You can find more info at https://ambrevar.xyz/guix-advance/index.html#orgc3c05c9.
And I don't consider its other features just "some nice addons". It's easy to build things from source; in fact, it automatically does it by default if a binary isn't available. It's contained in a directory, you can roll back to a previous state, it's reproducible, everything can be configured through one file, etc.
Guix is one of the package managers most different from apt and such; if there's anything it's similar to, it's Nix, which IIRC it's based on/inspired by.
Also, I'm curious as to what it is that you do that they shun? Is it working on proprietary software or something?
Thank you for that link, i'll park that in some tab for later reading after skimming over. What i meant to say with shunning
is exactly the thing with proprietary software. I need that to work. All i ever read up until now was handwavy referrals to some obscure "guix-channels". So i searched some, and found none. It's not that i can't mobilize some hardcore search machine foo. It's just that i don't want to do this anymore, because i feel it is wasted time, which ends into subscribing into some ghettoish cult, chanting askew "commercial baaaad, nooo goood, we better food...",
...while in reality i need to get things f...ing done by whichever means. Which meant Windows for the last few years.
So, whenever i read about something interesting to me, considering to spend my free time with it, this annoys me to no end, because it feels like trying to make me jump through burning loops like some trained animal. I can't stand this sort of stuff anymore. Especially given the fact how much hardware only really works with binary blobs, at least when it's current, and not some obsoleted gear or niche systems.
Anyways // ENDRANT (sorry)
Geek is a borrowed word in French, and the original English spelling is used. If you wanted to write a word that respects French pronunciation and sounded like "geeks" in English, you'd write it "guix", or "guiks". It is a bilingual pun.
Hmm. If you remember, could you drop me a link the next time you come across this in a recorded talk? It's pretty weird with a word like geek. Something that ends with a voiced sound as in dog of course will be tend to occur with a final /z/ rather than /s/ (though word-final devoicing is a productive process, so even dogs is often realised as /dɔgs/).
I've been intrigued by nix then guix for several years now, but have yet to give either one a test run.
I understand some of the technical differences, but can anyone explain the implications of the license differences to me?
I know that NixOS is X11/MIT licensed, and that as a GNU project Guix is AGPL.
In practice, if I wanted to use Guix as a base system for hosting a proprietary SaaS website, would there be issues with that? Either way, is there an easier-to-read summary than the license itself anywhere?
Which is great. Means you have a clean install that's sure to be reproducible. There's always the option to keep your own channel of non-free packages if you really need them.
Proprietary packages may still be reproducible. Presumably, you verify a hash of the inputs (e.g. upstream tarball/binary and patches), and the output should still be bit-for-bit the same on any machine given the same inputs.
Not to mention that there are many open-source (as in OSI) packages that may not be distributed with Guix System because they use non-FSF-approved software licenses.
> Not to mention that there are many open-source (as in OSI) packages that may not be distributed with Guix System because they use non-FSF-approved software licenses.
This is not true; at the very least "many" is wrong in the above statement. Generally, there is virtually no difference between the OSI set of approved licenses and the FSF set.
Can you list examples of the many packages that would be considered "open source" (according to the OSI definition) but not also Free Software as per the FSF definition?
The only distro I know of which packages nvidia proprietary driver not as an original blob and a bunch of scripts is Debian. To say it's a mess is understatement (list of dependencies by metapackage[0], which doesn't include all driver parts either).
You can download blob from official site, but it wouldn't work in a lot of cases after installation process while giving you no options for some choices there are (like GLX provider or vendor-neutral OpenGL libs), that's the difference of Debian's metapackage.
As Ubuntu does on theirs. The thing is, Ubuntu is stated as officially supported by Nvidia's blob itself, although it doesn't remove all the fun of their driver's installation and configuration processes.
Yeah I only mention pop_os because it truly is a painless process for a fresh install and that's worth calling out. Life is too short to suffer installing uncooperative Linux distros on modern laptops.
Pop_OS does not reuse Debian's packaging for this, does not do it the same way Ubuntu does. It also bundles it with the OS installer image, which can be pretty important.
These are decisions that OS authors make. Even if they are derivative, it is worth calling out these specifics. Especially if it enables painless adoption of the OS on specific hardware rather than saying "well it's just Debian."
Is it possible to convert the packages for nixos to guix? Seems like someone should create a nonfree repo for guix to allow people to simply add a new source for nonfree software.
If I understand properly this is done via GUIX_PACKAGE_PATH which works somewhat like PATH in that multiple sources are searched in order of precedence.
It's definitely not trivial to do. I have the Guix system installed on my mid 2013 MBP. I installed the mainline Linux kernel and drivers along with the proprietary Broadcom wireless module. Everything seems to be running fine.
This is going to be a deal breaker for a lot of HPC folks, so it's surprising to me that there isn't an "unofficial official" way to get non-free Nvidia drivers given Guix's aims at reproducible builds for HPC.
Sounds like you can use just the package manager, so I guess there's nothing stopping you from installing just the proprietary blobs with your system package manager and build everything else with guix?
I need to run CuDNN. I'd happily take a conceptually-pure operating system in every other respect, but without that package I can't use it for anything.
Perhaps locking me out is a feature, but it isn't a very welcoming one.
Guix doesn't prevent you from using proprietary software. It gives you all the tools you need to use package modules published by other people, or to package them yourself. This is free software after all: you have the freedom to use Guix for any purpose including the installation of non-free software.
I'm not just saying this to make a nitpicking point: Guix makes it easier to, say, build a custom kernel using the same reliable and hackable mechanisms Guix uses for Linux libre.
It's just that the Guix project itself won't recommend projects that extend Guix with package definitions for non-free software, nor will it include said packages by default.
Guix is still a general purpose operating system running on a general purpose computer. You should be able to run any software on it that is GNU or Linux compatible.
If you don't want to go through the pain of installing it outside of a package manager, that's fine, but that's not "locking you out", it's putting the blame where it belongs: the proprietary ISV.
The hardest thing to understand here about Guix is exactly what it does, because there's only 3 tools out there that operate like this (that I'm aware of, at least):
- GNU Guix
- NixOS
- Chef Habitat
These three tools have some common themes but ultimately accomplish different end goals.
Some common things:
- They all provide a package manager that exists outside of the regular scope of your operating system.
- They all bundle together your compiled application code AND configuration code AND runtime dependencies into one package, making it easy to just run your application.
Some differences:
Nix. [Edit: It was pointed out that the package manager Nix, is separate from NixOS, and this package manager can be run on any operation system). (https://nixos.org/) (https://github.com/NixOS)
GNU Guix has a larger focus on reproducibility and archival properties of software. In other words, Guix uses it's ability to run software independently of your operating system as a way of ensuring authentic, realistic, and 100% portable applications. Guix wants to build your application FIRST, and ignore whatever problems your OS might present to you. It lets you build a development environment in a "clean-room" with the environment command. It also lets you write those configurations and environments using Guile programming interfaces and the Scheme programming language, which is super powerful. (https://www.gnu.org/software/guix/) (https://github.com/pjotrp/guix)
Chef Habitat is very similar to GNU Guix, except it also works for Windows packages. It's primary goal is so that you can build and deploy your applications completely independently of the constraints of your operating system or runtime environment. Just like GNU Guix, this makes it super awesome to take old applications that are "stuck" on old operating system environments and quickly port them to whatever modern OS or runtime format you wish. Like GNU Guix, it has a chrooted clean-room environment called the Studio and uses Bash/Powershell to allow you to build packages. Chef Habitat diverges from GNU Guix in that it provides a runtime process supervisor that has auto-update / continuous delivery capabilities, and also provides a gossip protocol so that applications can talk to each other and do things like leader election automatically. (https://habitat.sh) (https://github.com/habitat-sh/)
Overall, I think most people will be confused when they approach these tools because they've never used anything like them before. But once you get your hands in them you'll realize how awesome they really are.
The manual is really good, so I recommend looking through the installation instructions there. The installation image comes with a text-based installer where you can select GNOME.
(Personally, I prefer to install a bare-bones system and then reconfigure it to something fancier. This way I can get to enjoy the features of the Guix system much sooner --- including booting into older generations of the system.)
Also I'm not sure how I feel about a core part of my potential operating system being hosted by a now Microsoft-owned company. On the other hand GitHub might be more reliable and better fit to server a huge amount of users than savannah...
[0]: https://github.com/NixOS/nixpkgs
[1]: https://git.savannah.gnu.org/cgit/guix.git/