Planet Guix

What is the ubiquitous with-imported-modules in G-expressions? Why do you need it when you already have use-modules?

Indent generated G-expression scripts with this trick to aid in debugging!

One of the oft-cited reasons people give for not switching to Guix is that their favourite software is too outdated, and a look at Repology shows that they are not wrong. Now the number of active committers in the Guix project is amazingly small, and even counting all contributors I am impressed by what these few people actually achieve. Nevertheless I wondered how I could improve the situation at least a little bit for packages I am interested in, that is, for the science team; and the first step is to get an account of what actually builds and what does not. So I decided to set up my own little build farm, limited to the packages in the scope of the science team, using the same technology that powers the bordeaux build farm. I call it the Tiny Build Farm for Guix, or TBFG for short, and this post is the first one in (hopefully) a series of blog posts about the topic; at the time of starting this series, the TBFG does not actually exist yet, so wish me luck.

Mes 0.27.1 is a bug-fix release. It represents 53 commits by four people over one year. This release resurrects supports development builds with gcc-14 and adds support for using NYACC versions 0.99.0 through 2.02.2.

Recently I changed my ISP, and the new one uses Carrier-grade NAT, or CGNAT, by default. While this sounds fancy and professional, it is in fact even worse than conventional NAT: Not only do all my devices share the same IPv4, but I share one IPv4 with several other customers! Apparently I am only assigned a few out of the 65535 ports, and this assignment may change from day to day, which implies that I cannot connect from the outside to any of my home devices. However, I do have a separate IPv4 of my own for a virtual machine at Aquilenet, and it should be possible to use this as a trampoline to access my home through a virtual private network. We are already employing WireGuard for one of the Guix build farms, so it felt like a natural choice. Guix provides the wireguard-service-type, which is documented with all its options in the manual; but without an explanation of the general concepts behind the service it is a bit difficult to set up. The Guix Cookbook has an entry on WireGuard, but it is concerned with kernel modules and connecting to an existing WireGuard VPN, while my goal was to set one up in the first place. This turned out to be surprisingly easy.

Using Guix with Container Toolbox on an atomic Fedora distrbution.

Two security issues, known as CVE-2025-46415 and CVE-2025-46416 , have been identified in guix-daemon , which allow for a local user to gain the privileges of any of the build users and subsequently use this to manipulate the output of any build, as well as to subsequently gain the privileges of the daemon user. You are strongly advised to upgrade your daemon now (see instructions below), especially on multi-user systems. Both exploits require the ability to start a derivation build. CVE-2025-46415 requires the ability to create files in /tmp in the…

If you've ever struggled with Rust packaging, here's some good news! We have changed to a simplified Rust packaging model that is easier to automate and allows for modification, replacement and deletion of dependencies at the same time. The new model will significantly reduce our Rust packaging time and will help us to improve both package availability and quality. Those changes are currently on the rust-team branch, slated to be merged in the coming weeks. How good is the news? Migration of our current Rust package collection, 150+ applications with 3600+ dependency libraries, only took two…

Using Mailutil's Sieve to filter email

Bonfire is a new framework to build federated applications that just reached RC1. It is written in Elixir, a nice functional language, and allows communities to create custom flavored Fediverse applications, that can be tailored for their specific needs. I have been in touch with the core team and I'm trying to make the experience of running Bonfire on Guix as smooth as possible.