GNU Guix transactional package manager and distribution — GNU Guix
guix.gnu.org
Guix is a distribution of the GNU operating system. Guix is technology that respects the freedom of computer users. You are free to run the system for any purpose, study how it works, improve it, and share it with the whole world.

cross-posted from: https://feddit.org/post/23120439

Some people might look for alternatives to using AUR for common packages, for example because they don’t have the competence to review PKDBUILD scripts for malicious code, or maybe because they simply do not have the time. The Guix package manager might be an alternative for these, as it now supports 31000 packages - significantly more than the Arch distribution. So, for popular packages, chances are good that your package is covered by Guix.

But what is Guix? Here, a summary of key features and decisions of Guix:

  1. Guix includes a package manager that can run on top of Linux distributions like Debian or Arch (I use it successfully for both) or other POSIX systems, like cargo, pip, conda or Conan. In difference to the pip and cargo package managers, it is language-agnostic, supports many different build systems and languages.
  2. Guix allows to define a fully reproducible system. This works by using a declarative language for immutable version-controlled package descriptions, and by deriving any software from package definitions and a fixed version (commit hash) of the source code. In that, it is similar but much stricter than Nix and NixOS. The key point is that any software built, and all its dependencies, go back to unambigously, immutable versions of source code and build recipes - and all inputs to the system are open source and can be reviewed. This gives also some important protection against malware: An altered cached, binary package would not match the hash of the package’s source code, its package definition, and the recursive hash of its dependencies.
  3. Important for programming, this can also define isolated build and development environments, like Python’s venv, but also Docker containers. This means that Guix can be used to develop, build, package, and deploy software, very much like Snap packages. And that’s independent from the distribution you work in, very much like pip or cargo are independent from the system you work in. (And yes, it supports Rust!).
  4. This allows it, and also makes it technically possible, that any software package can be re-built and run years later. To make this legally possible, the official distribution of Guix also demands all components to be open source (FOSS). This is also a key difference to NixOS and non-free forks of Guix, which allow non-free binary packages, but sacrifice reproducibility. (To illustrate: If you have a binary, proprietary scanner driver in NixOS, and the owning company practices planned obselescence and decides that you should buy their new hardware, and pulls that driver, you are out of luck. In Guix, this can’t happen.) (Note that as your own private conponents, you can define any package you like, you can also distribute your definitions as a complement to GNU Guix. Non-free packages for Guix do exist, in the same way as you can buy and run Steam Games software for Linux. Such non-free software just can’t become part of the official Guix distribution, just like Amazon or Apple can’t sell their non-free software via Debian or the Linux kernel project (or, for that matter, Apple has no obligation to market and distribute, say, Oracle products).
  5. All inputs being open source also means that any software component can be reviewed, that mis-features such as privacy-invasive behaviour can be removed, and that it is hardly possible to hide malware in the system. Because this also applies recursively to all compilers and build tools, this solves also Thompson’s “Trusting Trust” problem. In fact, the whole system can be build from a 512 byte binary root (called MER). (Interestingly, that level of user control gets a lot of hate online – certain companies don’t seem to like it).
  6. Because it would take too long to build every user package from source every time, the produced packages are normally cached (while their correct binary content can be easily verified).
  7. The declarative description language for the packages is a well-defined, established, minimalist language called Scheme. This is a member of the Lisp family of languages. That Lisp is very well suited for declaratively building and configuring large systems has been proven with GNU Emacs, whose software, but more importantly, whole user configuration, is written in Emacs Lisp.
  8. The Scheme implementation used is called Guile. It has especially good support for the POSIX environment and has also much better-than-average interactive debugging capabilities compared to other Scheme implementations.
  9. Also worth noting is that the Guix project has superb online documentation. This is a practical advantage compared to Nix.

As example: you quickly want to try a recent version of a modern Scheme, say Guile 2 or Guile 3, or kawa (which runs on the JVM, like Clojure, see https://www.gnu.org/software/kawa/). Or of the interesting vis editor, a spin-off of Rob Pike’s sam (https://github.com/martanne/vis). But you can’t use the AUR packages, since AUR only supports Guile 1.8, and / or you don’t have time to review the PKGBUILD and all its dependencies, and vis is simply not in AUR. Here, Guix helps out! Just type

guix install guile
guix install kawa
guix install vis

and bang you have it!

Disadvantages

  • Guix generates packages from source. This means the package definition and a hash of the source code is hashed, and compared against cached packages. If it is available as a compiled package, it is retrieved. In other cases, Guix might need to compile the package and its dependencies. This is slower than using pacman. But if you only use it for the few packages you can’t find in Arch, this should not bother you much. The advantage is that it is fully automated.
  • Guix is not a good choice for installing proprietary binary drivers. This is due to its primary design choices. In this case, Nix might be a better alternative. (Or, you just get good Linux-compatible hardware, which can definitely avoid a lot of grief and head-scratching!)

How it works:

https://codeberg.org/guix/guix#headline-4

Manual:

https://guix.gnu.org/manual/en/html_node/Installation.html

For using Guix as a package manager under Arch, see:

https://wiki.archlinux.org/title/Guix

  • mathemachristian[he]@lemmy.ml
    2·
    15 hours ago

    Guix is not a good choice for installing proprietary binary drivers. This is due to its primary design choices. In this case, Nix might be a better alternative. (Or, you just get good Linux-compatible hardware, which can definitely avoid a lot of grief and head-scratching!)

    nonguix exists to mitigate most of those problems

  • juipeltje@lemmy.world
    1·
    24 hours ago

    I’m using Guix system so it’s not really relevant to me right now, but since you mentioned you’ve used it on foreign distros, how does Guix handle programs that need graphics drivers? When using Nix on foreign distros, the graphics drivers are handled in a weird way where you either have to use a wrapper like NixGL, or, what i do right now, is create the driver packages manually and symlink them to /run, which is how NixOS does it. Do you need to do anything special on the Guix side of things? I noticed that Guix system does not have its drivers in /run, so they must be doing it differently.

    • HaraldvonBlauzahn@feddit.orgOP
      2·
      21 hours ago

      I can’t say much to this. I am for example using an Emacs version from Guix (mostly under Debian though, in order to use the Rust LSP server and the corresponding Emacs package, and it runs fine as a graphical program. I am usually using StumWM under X11. But currently I use GNOME under wayland.

      For Arch, I run it in a VM with Guix-packaged programs (with XFce2), and didn’t see any problem either. Nor had I to think about it.

      Do you expect problems when using Wayland? Wayland runs fine for me, I only needed to replace NVidia graphics with an AMD Radeon some time ago. But that was a Debian thing…

      And apart from that, it is essentially the kernel’s job, and that of the graphical display server, to abstract from the hardware, so I would expect when running Guix on top of a Arch kernel+Display server, not have to worry much. The Guix packages stand on their own libc, but they use the syscall interface of the underlying kernel of course.

      It is different if the Guix SD distribution runs directly on the metal. In this case, compatible graphics hardware is definitively needed.

      • juipeltje@lemmy.world
        1·
        15 hours ago

        Hmm, i should probably experiment with it in a vm at some point, but from what you’re saying it sounds like it works ootb. In that case i would say Guix definitely handles this better. Nix packages that need graphics drivers don’t work ootb, because it expects the drivers to be in /run, because that’s where the drivers are on NixOS, and they can’t use the host drivers. NixGL tries to solve this, but i stopped using it because it causes other problems. For example, if you install a wayland compositor through nix and run it with the NixGL wrapper, if you then try to run a game or something that needs the host drivers, it won’t work because everything launched inside of the compositor inherits the NixGL status. So now i manually create a driver package and symlink it to /run, that way there is no wrapping and the drivers don’t conflict with each other, but it still feels hacky. I can also imagine it’s very inconvenient for someone who’s just getting into Nix and just wants to install a few things in a profile to be running into that issue.