Docker is known to have less than optimal security defaults, hence the hype for Podman. If you want to run rootless containers in your Guix System, it is sufficient to add the following to your operating-system configuration.
In the last few days, I got familiar with Guix, which is both a modern package
management system and the main GNU Project distribution for Linux and Hurd (the Guix system).
As a package management system, it can be installed on most foreign distributions,
including Debian and any other, as an alternative/additional packaging system.
Having promoted Guix as one of the tools to support reproducible research workflows, we are happy that it is now officially presented as one way to produce and review software artifacts that accompany articles submitted to SuperComputing 2024 (SC24), the leading HPC conference. In this post we look at what this entails and reflect on the role of reproducible software deployment on conference artifact evaluation.
Guix package structure: build phases and using modify-phases
In the first part of this post, last month, I described my attempt at using my Guix home server as a virtualisation environment. With a clever use of the Guile programming language (haha, really, by copying other people's code from the internet!) I was able to set up a small number of services, each one in its dedicated virtual machine for security-through-compartmentalisation.
After rebuilding all added/modified packages in Trisquel, I have been circling around the elephant in the room: 99% of the binary packages in Trisquel comes from Ubuntu, which to a large extent are built from Debian source packages. Is it possible to rebuild the official binary packages identically? Does anyone make an effort to do so? Does anyone care about going through the differences between the official package and a rebuilt version? Reproducible-build.org‘s effort to track reproducibility bugs in Debian (and other systems) is amazing. However as far as I know, they do not confirm or deny that their rebuilds match the official packages. In fact, typically their rebuilds do not match the official packages, even when they say the package is reproducible, which had me surprised at first. To understand why that happens, compare the buildinfo file for the official coreutils 9.1-1 from Debian bookworm with the buildinfo file for reproducible-build.org’s build and you will see that the SHA256 checksum does not match, but still they declare it as a reproducible package. As far as I can tell of the situation, the purpose of their rebuilds are not to say anything about the official binary build, instead the purpose is to offer a QA service to maintainers by performing two builds of a package and declaring success if both builds match.
We are happy to announce the release of GNU Mes 0.27.
A RISC-V bootstrapping path path has been discovered. Now it’s time for the distros to catch up.
Mes 0.26.2 is a bug-fix release.
David Thompson, CTO of Spritely Institute gives a talk about 'Getting Rich Slow with Guile and Guix' at the Guix.social online meet-up. David presents how he came to Guile via his love of Emacs, his developments in Guix and games, and his work at the Spritely Institute bringing Guile Hoot to the Web browser via WASM.