Planet Guix

A security issue, CVE-2025-59378 , has been identified in guix-daemon , which allows for a local user to gain the privileges of any of the build users and subsequently use this to manipulate the output of any build. In the case of the rootless daemon, this also means gaining the privileges of guix-daemon . All systems are affected, whether or not guix-daemon is running with root privileges. You are strongly advised to upgrade your daemon now (see instructions below). The only requirements to exploit this are the ability to create and build an arbitrary derivation that has …

What is the ubiquitous with-imported-modules in G-expressions? Why do you need it when you already have use-modules?

Indent generated G-expression scripts with this trick to aid in debugging!

Mes 0.27.1 is a bug-fix release. It represents 53 commits by four people over one year. This release resurrects supports development builds with gcc-14 and adds support for using NYACC versions 0.99.0 through 2.02.2.

Using Guix with Container Toolbox on an atomic Fedora distrbution.

Giacomo Leidi's talk at Guix.Social covering how to run Docker and OCI containers in Guix: bringing together the easy distribution of Docker containers, and the capabilities of Guix's declarative configuration. All part of his Gocix project (https://github.com/fishinthecalculator/gocix) which provides ready made services for Prometheus, Bonfire, Grafana, Forgejo and others.

Two security issues, known as CVE-2025-46415 and CVE-2025-46416 , have been identified in guix-daemon , which allow for a local user to gain the privileges of any of the build users and subsequently use this to manipulate the output of any build, as well as to subsequently gain the privileges of the daemon user. You are strongly advised to upgrade your daemon now (see instructions below), especially on multi-user systems. Both exploits require the ability to start a derivation build. CVE-2025-46415 requires the ability to create files in /tmp in the…

David Thompson, CTO of Spritely Institute gives a talk about 'Getting Rich Slow with Guile and Guix' at the Guix.social online meet-up. David presents how he came to Guile via his love of Emacs, his developments in Guix and games, and his work at the Spritely Institute bringing Guile Hoot to the Web browser via WASM.

David Wilson gives his tips, tricks and workflows for Guix system crafting. David is the creator of systemcrafters.net where he streams and creates content on Guix, Guile, Emacs and crafting the perfect Linux system.

Recording of Jgart's Guix.social talk. How to use Mumi to review patches in Guix. Also discusses setting up email with RDE's home services in Guix.