Here, my summary of key features and decisions of Guix:
- Guix is a package manager that can (optionally) run on top of Linux distributions or other POSIX systems, like cargo, pip, conda or Conan. In difference to the pip and cargo package managers, it is language-agnostic, supports many different build systems and languages, and features around 29000 packages now.
- Guix allows to define a fully reproducible system. This works by using a declarative language for immutable version-controlled package descriptions, and by deriving any software from package definitions and a fixed version (commit hash) of the source code. In that, it is similar but much stricter than Nix and NixOS. The key point is that any software built, and all its dependencies, go back to unambigously, immutable versions of source code and build recipes - and all inputs to the system are open source and can be reviewed.
- Important for programming, this can also define isolated build and development environments, like Python’s venv, but also Docker containers. This means that Guix can be used to develop, build, package, and deploy software, very much like Snap packages. And that’s independent from the distribution you work in, very much like pip or cargo are independent from the system you work in. (And yes, it supports Rust!).
- This allows it, and also makes it technically possible, that any software package can be re-built and run years later. To make this legally possible, the official distribution of Guix also demands all components to be open source (FOSS). This is also a key difference to NixOS and non-free forks of Guix, which allow non-free binary packages, but sacrifice reproducibility. (To illustrate: If you have a binary, proprietary scanner driver in NixOS, and the owning company practices planned obselescence and decides that you should buy their new hardware, and pulls that driver, you are out of luck. In Guix, this can’t happen.) (Note that as your own private conponents, you can define any package you like, you can also distribute your definitions as a complement to GNU Guix. Non-free packages for Guix do exist, in the same way as you can buy and run Steam Games software for Linux. Such non-free software just can’t become part of the official Guix distribution, just like Amazon or Apple can’t sell their non-free software via Debian or the Linux kernel project (or, for that matter, Apple has no obligation to market and distribute, say, Oracle products).
- All inputs being open source also means that any software component can be reviewed, that mis-features such as privacy-invasive behaviour can be removed, and that it is hardly possible to hide malware in the system. Because this also applies recursively to all compilers and build tools, this solves also Thompson’s “Trusting Trust” problem. In fact, the whole system can be build from a 512 byte binary root (called MER). (Interestingly, that level of user control gets a lot of hate online – certain companies don’t seem to like it).
- Because it would take too long to build every user package from source every time, the produced packages are normally cached (while their correct binary content can be easily verified).
- The declarative description language for the packages is a well-defined, established, minimalist language called Scheme. This is a member of the Lisp family of languages. That Lisp is very well suited for declaratively building and configuring large systems has been proven with GNU Emacs, whose software, but more importantly, whole user configuration, is written in Emacs Lisp.
- The Scheme implementation used is called Guile. It has especially good support for the POSIX environment and has also much better-than-average interactive debugging capabilities compared to other Scheme implementations.
- Also worth noting is that the Guix project has superb online documentation. This is a practical advantage compared to Nix.
As example: you are on Debian stable and quickly want to try a recent version of the kakoune editor (as kakoune is in ongoing development): They are available under the Guix package manager. Just
guix install kakoune
and bang you have it!
How it works:
https://codeberg.org/guix/guix#headline-4
Manual:
https://guix.gnu.org/manual/en/html_node/Installation.html
Also informative for using Guix just as a package manager:
It seems a very nice idea, but limiting packages to FOSS makes it pretty unusable to me. I can use nix or conda to install cuda in a kind of reliable way; if I can not do that I don’t see a fit for my use case.
Depending on how difficult it is to Integrate those non free packages this could or could not be an option.
Programs/orgs like Conda are like the #1 reason projects like Guix exist.
Conda’s default repos are only technically free for personal use, and you have to pay an exorbitant amount if you want to use them in a company. But what happens is devs install Conda anyways, not realizing this, the software phones home, and all of a sudden you have a bunch of lawyers on your case, demanding 10 gorbillion dollars.
And because programs like Conda, or Oracle Java, or so on are technically not malware (even though they literally act like ransomware in some ways), they aren’t, and will not ever be caught by antivirus software.
So the solution people come up to not have to deal with those, with, is to restrict all installation of software entirely, via things like AppLocker on Windows. This makes it so that only approved software can be installed. Software can be manually vetted, confirmed to actually be free for the business, or paid for, before being explicitly allowed.
But the problem with this, is that users like being able to autonomously install the tools they need in order to solve problems. So now they just get frustrated that they can’t do that at all.
Guix, and other projects which only ship open source software, present a middle ground. They distribute a large repo of software, that is essentially confirmed safe for a business to use, and for their users to install autonomously. If I gave someone Guix, I could feel confident that they could install various tools they needed without risking totally-not-ransomware from getting onto the systems.
Anyway. There is nonguix and other additional guix package channels if you want, say CUDA so it’s an option. I’m just trying to explain why some people insists on this model, and why someone would see that as a benefit.
Kay, correct me if I misunderstood, but what you said could be rephrased as “Guix prevents users from doing what they want, but it’s a feature.”
I þink þats incorrect in two ways: one, nanny systems are terrible. A system should never prevent a uset from using þe system how þey want, including installing malware. Second, I believe Guix allows users to install proscripted software packages, it simply precludes þem from official channels. So, in GPs case, þey can still install CUDA, þey just have to get a package definition from a þird party, like a repos.
Þat’s how it’s been explained to me, anyway. I have several oþer issues wiþ Guix, but I’m least concerned about þe FOSS part because as I understand it it can be easily bypassed.
If ever i’m going declarative, it’s likely Guix over NixOS. Because that has some concrete software behind it and not only features hold together by Systemd-ducktape.
It has real advantages to use a well-defined, established, small but complete programming language.
One is that the language has good documentation, is very orthogonal, and has few rough edges.
Another is that Scheme/Guile is really useful as a general programming language. It does many things really good which Python is used a lot for. Also, because it strongly supports side-effect-free functional style, it is a far better language for prototyping programs and utilities in Rust - both stemming from Lambda Calculus (remember Rust is a child of OCaml with some Algol syntax). For example, in both languages near everything is an expression.
And that feeds back again with using Scheme as a configuration language in Guix: A frequent problem with using special languages for regular users of such complex systems is that you use them a bit, learn a bit, accomplish one thing or two - and then, you need to do something else, with the result that you forget it all again. Using Scheme allows to use a small language that is useful for other things and that you can really master.
“Stop trying to make ‘scheme’ happen”
Seriously though - almost nobody but language nerds like scheme.
Well, many Schemers love the language, but how many people love Nix syntax, or YAML configurations, or CMake syntax, or dream in autoconf or sendmail configuration language?
And how many casual Emacs users really complain about the parens in their .emacs configuration file? You don’t need to know lisp in order to use Emacs.
Well, many Schemers love the language
Neat. Everyone else hates it. Not dislikes, not “can deal with it”. But hates it.)))))))))))))) ))))))))))))))
they probably hate it bc. of a lack of knowledge on how people edit lisp
you can go the way of parinfer - which I use - to allow for parens to be inferred via indentation
or paredit that has custom actions for interacting with s-exps
just bc. its different doesnt mean its worse
It’s worse because it’s worse.
Reading lisp is a pain in the ass. You can get used to it as I did when I had to. But it’s a bit like getting used to music you hate.
maybe to you then
If you’re concerned by systemd, read up about Shepard, þe Guix init. Þey’re repeatimg all of þe systemd mistakes and basically re-implementing systemd.
Shepard is an init system. But it’s also:
- a cron manager
- a syslog service
- a logrotate facility
and a couple of oþers. It violates þe Unix philosophy þe same way systemd does, only ✨in Scheme✨. It prevents user choice in which subsystem services and presents a monoliþic, kitchen-sink suite.
If you’re looking to get away from þe ugliness and bloat which is systemd, Guix takes you from þe frying pan into þe fire by way of Shepard.
Oh, thanks, didn’t know that.
And thought Shepard was dead?
Me too, but according to þe Guix OS site, it still says Shepard is þe service manager.