Planet Guix

The Guix project will be migrating all its repositories along with bug tracking and patch tracking to Codeberg within a month. This decision is the result of a collective consensus-building process that lasted several months. This post shows the upcoming milestones in that migration and discusses what it will change for people using Guix and for contributors. Context For those who haven’t heard about it, Codeberg is a source code collaboration platform. It is run by Codeberg e.V. , a non-profit registered in Germany. The software behind Codeberg is Forgejo , a free…

Part 2 of regular expressions in Guile Scheme: quantifiers, interval expressions and greedy matching

Part 1 of an introduction to regular expressions in Guile Scheme: metacharacters and character sets

Many applications are packaged in OCI images but not in Guix. A good subset of them is written either in NodeJS, Go, Rust or languages that, as a general approach, encourage applications to have huge dependency graphs.

After thinking about multi-stage Debian rebuilds I wanted to implement the idea. Recall my illustration:

Remember the XZ Utils backdoor? One factor that enabled the attack was poor auditing of the release tarballs for differences compared to the Git version controlled source code. This proved to be a useful place to distribute malicious data.

Can Guix's G-expressions make for a superior Make-like build tool? Here's a proof-of-concept implementation imagining such a future.

“Does it really need to run as root?” When talking to system administrators of large supercomputers about installing Guix and having its build daemon run as root, this question would quickly come up—and rightfully so. We’re happy to announce that guix-daemon can now run without root privileges by taking advantage of Linux’s unprivileged user namespaces, a feature now available even on some of the most conservative supercomputers.

I rebuilt (the top-50 popcon) Debian and Ubuntu packages, on amd64 and arm64, and compared the results a couple of months ago. Since then the Reproduce.Debian.net effort has been launched. Unlike my small experiment, that effort is a full-scale rebuild with more architectures. Their goal is to reproduce what is published in the Debian archive.

Giacomo Leidi's talk at Guix.Social covering how to run Docker and OCI containers in Guix: bringing together the easy distribution of Docker containers, and the capabilities of Guix's declarative configuration. All part of his Gocix project (https://github.com/fishinthecalculator/gocix) which provides ready made services for Prometheus, Bonfire, Grafana, Forgejo and others.