| 1 | \input texinfo |
| 2 | @c -*-texinfo-*- |
| 3 | |
| 4 | @c %**start of header |
| 5 | @setfilename guix.info |
| 6 | @documentencoding UTF-8 |
| 7 | @settitle GNU Guix Reference Manual |
| 8 | @c %**end of header |
| 9 | |
| 10 | @include version.texi |
| 11 | |
| 12 | @copying |
| 13 | Copyright @copyright{} 2012, 2013, 2014 Ludovic Courtès@* |
| 14 | Copyright @copyright{} 2013, 2014 Andreas Enge@* |
| 15 | Copyright @copyright{} 2013 Nikita Karetnikov |
| 16 | |
| 17 | Permission is granted to copy, distribute and/or modify this document |
| 18 | under the terms of the GNU Free Documentation License, Version 1.3 or |
| 19 | any later version published by the Free Software Foundation; with no |
| 20 | Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A |
| 21 | copy of the license is included in the section entitled ``GNU Free |
| 22 | Documentation License''. |
| 23 | @end copying |
| 24 | |
| 25 | @dircategory Package management |
| 26 | @direntry |
| 27 | * guix: (guix). Guix, the functional package manager. |
| 28 | * guix package: (guix)Invoking guix package |
| 29 | Managing packages with Guix. |
| 30 | * guix build: (guix)Invoking guix build |
| 31 | Building packages with Guix. |
| 32 | @end direntry |
| 33 | |
| 34 | @titlepage |
| 35 | @title GNU Guix Reference Manual |
| 36 | @subtitle Using the GNU Guix Functional Package Manager |
| 37 | @author Ludovic Courtès |
| 38 | @author Andreas Enge |
| 39 | @author Nikita Karetnikov |
| 40 | |
| 41 | @page |
| 42 | @vskip 0pt plus 1filll |
| 43 | Edition @value{EDITION} @* |
| 44 | @value{UPDATED} @* |
| 45 | |
| 46 | @insertcopying |
| 47 | @end titlepage |
| 48 | |
| 49 | @contents |
| 50 | |
| 51 | @c ********************************************************************* |
| 52 | @node Top |
| 53 | @top GNU Guix |
| 54 | |
| 55 | This document describes GNU Guix version @value{VERSION}, a functional |
| 56 | package management tool written for the GNU system. |
| 57 | |
| 58 | @menu |
| 59 | * Introduction:: What is Guix about? |
| 60 | * Installation:: Installing Guix. |
| 61 | * Package Management:: Package installation, upgrade, etc. |
| 62 | * Programming Interface:: Using Guix in Scheme. |
| 63 | * Utilities:: Package management commands. |
| 64 | * GNU Distribution:: Software for your friendly GNU system. |
| 65 | * Contributing:: Your help needed! |
| 66 | |
| 67 | * Acknowledgments:: Thanks! |
| 68 | * GNU Free Documentation License:: The license of this manual. |
| 69 | * Concept Index:: Concepts. |
| 70 | * Programming Index:: Data types, functions, and variables. |
| 71 | @end menu |
| 72 | |
| 73 | @c ********************************************************************* |
| 74 | @node Introduction |
| 75 | @chapter Introduction |
| 76 | |
| 77 | GNU Guix@footnote{``Guix'' is pronounced like ``geeks'', or ``ɡiːks'' |
| 78 | using the international phonetic alphabet (IPA).} is a functional |
| 79 | package management tool for the GNU system. Package management consists |
| 80 | of all activities that relate to building packages from sources, |
| 81 | honoring their build-time and run-time dependencies, |
| 82 | installing packages in user environments, upgrading installed packages |
| 83 | to new versions or rolling back to a previous set, removing unused |
| 84 | software packages, etc. |
| 85 | |
| 86 | @cindex functional package management |
| 87 | The term @dfn{functional} refers to a specific package management |
| 88 | discipline. In Guix, the package build and installation process is seen |
| 89 | as a function, in the mathematical sense. That function takes inputs, |
| 90 | such as build scripts, a compiler, and libraries, and |
| 91 | returns an installed package. As a pure function, its result depends |
| 92 | solely on its inputs---for instance, it cannot refer to software or |
| 93 | scripts that were not explicitly passed as inputs. A build function |
| 94 | always produces the same result when passed a given set of inputs. It |
| 95 | cannot alter the system's environment in |
| 96 | any way; for instance, it cannot create, modify, or delete files outside |
| 97 | of its build and installation directories. This is achieved by running |
| 98 | build processes in isolated environments (or @dfn{containers}), where only their |
| 99 | explicit inputs are visible. |
| 100 | |
| 101 | @cindex store |
| 102 | The result of package build functions is @dfn{cached} in the file |
| 103 | system, in a special directory called @dfn{the store} (@pxref{The |
| 104 | Store}). Each package is installed in a directory of its own, in the |
| 105 | store---by default under @file{/gnu/store}. The directory name contains |
| 106 | a hash of all the inputs used to build that package; thus, changing an |
| 107 | input yields a different directory name. |
| 108 | |
| 109 | This approach is the foundation of Guix's salient features: support for |
| 110 | transactional package upgrade and rollback, per-user installation, and |
| 111 | garbage collection of packages (@pxref{Features}). |
| 112 | |
| 113 | Guix has a command-line interface, which allows users to build, install, |
| 114 | upgrade, and remove packages, as well as a Scheme programming interface. |
| 115 | |
| 116 | Last but not least, Guix is used to build a distribution of the GNU |
| 117 | system, with many GNU and non-GNU free software packages. @xref{GNU |
| 118 | Distribution}. |
| 119 | |
| 120 | @c ********************************************************************* |
| 121 | @node Installation |
| 122 | @chapter Installation |
| 123 | |
| 124 | GNU Guix is available for download from its website at |
| 125 | @url{http://www.gnu.org/software/guix/}. This section describes the |
| 126 | software requirements of Guix, as well as how to install it and get |
| 127 | ready to use it. |
| 128 | |
| 129 | Note that this section is concerned with the installation of the package |
| 130 | manager, which can be done on top of a running GNU/Linux system. If, |
| 131 | instead, you want to install the complete GNU operating system, |
| 132 | @ref{System Installation}. |
| 133 | |
| 134 | The build procedure for Guix is the same as for other GNU software, and |
| 135 | is not covered here. Please see the files @file{README} and |
| 136 | @file{INSTALL} in the Guix source tree for additional details. |
| 137 | |
| 138 | @menu |
| 139 | * Requirements:: Software needed to build and run Guix. |
| 140 | * Setting Up the Daemon:: Preparing the build daemon's environment. |
| 141 | * Invoking guix-daemon:: Running the build daemon. |
| 142 | @end menu |
| 143 | |
| 144 | @node Requirements |
| 145 | @section Requirements |
| 146 | |
| 147 | GNU Guix depends on the following packages: |
| 148 | |
| 149 | @itemize |
| 150 | @item @url{http://gnu.org/software/guile/, GNU Guile}, version 2.0.5 or later; |
| 151 | @item @url{http://gnupg.org/, GNU libgcrypt} |
| 152 | @end itemize |
| 153 | |
| 154 | Unless @code{--disable-daemon} was passed to @command{configure}, the |
| 155 | following packages are also needed: |
| 156 | |
| 157 | @itemize |
| 158 | @item @url{http://sqlite.org, SQLite 3} |
| 159 | @item @url{http://www.bzip.org, libbz2} |
| 160 | @item @url{http://gcc.gnu.org, GCC's g++} |
| 161 | @end itemize |
| 162 | |
| 163 | When a working installation of @url{http://nixos.org/nix/, the Nix package |
| 164 | manager} is available, you |
| 165 | can instead configure Guix with @code{--disable-daemon}. In that case, |
| 166 | Nix replaces the three dependencies above. |
| 167 | |
| 168 | Guix is compatible with Nix, so it is possible to share the same store |
| 169 | between both. To do so, you must pass @command{configure} not only the |
| 170 | same @code{--with-store-dir} value, but also the same |
| 171 | @code{--localstatedir} value. The latter is essential because it |
| 172 | specifies where the database that stores metadata about the store is |
| 173 | located, among other things. The default values for Nix are |
| 174 | @code{--with-store-dir=/nix/store} and @code{--localstatedir=/nix/var}. |
| 175 | Note that @code{--disable-daemon} is not required if |
| 176 | your goal is to share the store with Nix. |
| 177 | |
| 178 | @node Setting Up the Daemon |
| 179 | @section Setting Up the Daemon |
| 180 | |
| 181 | @cindex daemon |
| 182 | Operations such as building a package or running the garbage collector |
| 183 | are all performed by a specialized process, the @dfn{build daemon}, on |
| 184 | behalf of clients. Only the daemon may access the store and its |
| 185 | associated database. Thus, any operation that manipulates the store |
| 186 | goes through the daemon. For instance, command-line tools such as |
| 187 | @command{guix package} and @command{guix build} communicate with the |
| 188 | daemon (@i{via} remote procedure calls) to instruct it what to do. |
| 189 | |
| 190 | The following sections explain how to prepare the build daemon's |
| 191 | environment. |
| 192 | |
| 193 | @menu |
| 194 | * Build Environment Setup:: Preparing the isolated build environment. |
| 195 | * Daemon Offload Setup:: Offloading builds to remote machines. |
| 196 | @end menu |
| 197 | |
| 198 | @node Build Environment Setup |
| 199 | @subsection Build Environment Setup |
| 200 | |
| 201 | In a standard multi-user setup, Guix and its daemon---the |
| 202 | @command{guix-daemon} program---are installed by the system |
| 203 | administrator; @file{/gnu/store} is owned by @code{root} and |
| 204 | @command{guix-daemon} runs as @code{root}. Unprivileged users may use |
| 205 | Guix tools to build packages or otherwise access the store, and the |
| 206 | daemon will do it on their behalf, ensuring that the store is kept in a |
| 207 | consistent state, and allowing built packages to be shared among users. |
| 208 | |
| 209 | @cindex build users |
| 210 | When @command{guix-daemon} runs as @code{root}, you may not want package |
| 211 | build processes themselves to run as @code{root} too, for obvious |
| 212 | security reasons. To avoid that, a special pool of @dfn{build users} |
| 213 | should be created for use by build processes started by the daemon. |
| 214 | These build users need not have a shell and a home directory: they will |
| 215 | just be used when the daemon drops @code{root} privileges in build |
| 216 | processes. Having several such users allows the daemon to launch |
| 217 | distinct build processes under separate UIDs, which guarantees that they |
| 218 | do not interfere with each other---an essential feature since builds are |
| 219 | regarded as pure functions (@pxref{Introduction}). |
| 220 | |
| 221 | On a GNU/Linux system, a build user pool may be created like this (using |
| 222 | Bash syntax and the @code{shadow} commands): |
| 223 | |
| 224 | @c See http://lists.gnu.org/archive/html/bug-guix/2013-01/msg00239.html |
| 225 | @c for why `-G' is needed. |
| 226 | @example |
| 227 | # groupadd guix-builder |
| 228 | # for i in `seq 1 10`; |
| 229 | do |
| 230 | useradd -g guix-builder -G guix-builder \ |
| 231 | -d /var/empty -s `which nologin` \ |
| 232 | -c "Guix build user $i" --system \ |
| 233 | guix-builder$i; |
| 234 | done |
| 235 | @end example |
| 236 | |
| 237 | @noindent |
| 238 | The @code{guix-daemon} program may then be run as @code{root} with: |
| 239 | |
| 240 | @example |
| 241 | # guix-daemon --build-users-group=guix-builder |
| 242 | @end example |
| 243 | |
| 244 | @cindex chroot |
| 245 | @noindent |
| 246 | This way, the daemon starts build processes in a chroot, under one of |
| 247 | the @code{guix-builder} users. On GNU/Linux, by default, the chroot |
| 248 | environment contains nothing but: |
| 249 | |
| 250 | @c Keep this list in sync with libstore/build.cc! ----------------------- |
| 251 | @itemize |
| 252 | @item |
| 253 | a minimal @code{/dev} directory, created mostly independently from the |
| 254 | host @code{/dev}@footnote{``Mostly'', because while the set of files |
| 255 | that appear in the chroot's @code{/dev} is fixed, most of these files |
| 256 | can only be created if the host has them.}; |
| 257 | |
| 258 | @item |
| 259 | the @code{/proc} directory; it only shows the container's processes |
| 260 | since a separate PID name space is used; |
| 261 | |
| 262 | @item |
| 263 | @file{/etc/passwd} with an entry for the current user and an entry for |
| 264 | user @file{nobody}; |
| 265 | |
| 266 | @item |
| 267 | @file{/etc/group} with an entry for the user's group; |
| 268 | |
| 269 | @item |
| 270 | @file{/etc/hosts} with an entry that maps @code{localhost} to |
| 271 | @code{127.0.0.1}; |
| 272 | |
| 273 | @item |
| 274 | a writable @file{/tmp} directory. |
| 275 | @end itemize |
| 276 | |
| 277 | If you are installing Guix as an unprivileged user, it is still |
| 278 | possible to run @command{guix-daemon}. However, build processes will |
| 279 | not be isolated from one another, and not from the rest of the system. |
| 280 | Thus, build processes may interfere with each other, and may access |
| 281 | programs, libraries, and other files available on the system---making it |
| 282 | much harder to view them as @emph{pure} functions. |
| 283 | |
| 284 | |
| 285 | @node Daemon Offload Setup |
| 286 | @subsection Using the Offload Facility |
| 287 | |
| 288 | @cindex offloading |
| 289 | @cindex build hook |
| 290 | When desired, the build daemon can @dfn{offload} |
| 291 | derivation builds to other machines |
| 292 | running Guix, using the @code{offload} @dfn{build hook}. When that |
| 293 | feature is enabled, a list of user-specified build machines is read from |
| 294 | @file{/etc/guix/machines.scm}; anytime a build is requested, for |
| 295 | instance via @code{guix build}, the daemon attempts to offload it to one |
| 296 | of the machines that satisfies the derivation's constraints, in |
| 297 | particular its system type---e.g., @file{x86_64-linux}. Missing |
| 298 | prerequisites for the build are copied over SSH to the target machine, |
| 299 | which then proceeds with the build; upon success the output(s) of the |
| 300 | build are copied back to the initial machine. |
| 301 | |
| 302 | The @file{/etc/guix/machines.scm} file typically looks like this: |
| 303 | |
| 304 | @example |
| 305 | (list (build-machine |
| 306 | (name "eightysix.example.org") |
| 307 | (system "x86_64-linux") |
| 308 | (user "bob") |
| 309 | (speed 2.)) ; incredibly fast! |
| 310 | |
| 311 | (build-machine |
| 312 | (name "meeps.example.org") |
| 313 | (system "mips64el-linux") |
| 314 | (user "alice") |
| 315 | (private-key |
| 316 | (string-append (getenv "HOME") |
| 317 | "/.ssh/id-rsa-for-guix")))) |
| 318 | @end example |
| 319 | |
| 320 | @noindent |
| 321 | In the example above we specify a list of two build machines, one for |
| 322 | the @code{x86_64} architecture and one for the @code{mips64el} |
| 323 | architecture. |
| 324 | |
| 325 | In fact, this file is---not surprisingly!---a Scheme file that is |
| 326 | evaluated when the @code{offload} hook is started. Its return value |
| 327 | must be a list of @code{build-machine} objects. While this example |
| 328 | shows a fixed list of build machines, one could imagine, say, using |
| 329 | DNS-SD to return a list of potential build machines discovered in the |
| 330 | local network (@pxref{Introduction, Guile-Avahi,, guile-avahi, Using |
| 331 | Avahi in Guile Scheme Programs}). |
| 332 | |
| 333 | The compulsory fields for a @code{build-machine} declaration are: |
| 334 | |
| 335 | @table @code |
| 336 | |
| 337 | @item name |
| 338 | The remote machine's host name. |
| 339 | |
| 340 | @item system |
| 341 | The remote machine's system type. |
| 342 | |
| 343 | @item user |
| 344 | The user account to use when connecting to the remote machine over SSH. |
| 345 | Note that the SSH key pair must @emph{not} be passphrase-protected, to |
| 346 | allow non-interactive logins. |
| 347 | |
| 348 | @end table |
| 349 | |
| 350 | @noindent |
| 351 | A number of optional fields may be specified: |
| 352 | |
| 353 | @table @code |
| 354 | |
| 355 | @item port |
| 356 | Port number of the machine's SSH server (default: 22). |
| 357 | |
| 358 | @item private-key |
| 359 | The SSH private key file to use when connecting to the machine. |
| 360 | |
| 361 | @item parallel-builds |
| 362 | The number of builds that may run in parallel on the machine (1 by |
| 363 | default.) |
| 364 | |
| 365 | @item speed |
| 366 | A ``relative speed factor''. The offload scheduler will tend to prefer |
| 367 | machines with a higher speed factor. |
| 368 | |
| 369 | @item features |
| 370 | A list of strings denoting specific features supported by the machine. |
| 371 | An example is @code{"kvm"} for machines that have the KVM Linux modules |
| 372 | and corresponding hardware support. Derivations can request features by |
| 373 | name, and they will be scheduled on matching build machines. |
| 374 | |
| 375 | @end table |
| 376 | |
| 377 | The @code{guix} command must be in the search path on the build |
| 378 | machines, since offloading works by invoking the @code{guix archive} and |
| 379 | @code{guix build} commands. |
| 380 | |
| 381 | There's one last thing to do once @file{machines.scm} is in place. As |
| 382 | explained above, when offloading, files are transferred back and forth |
| 383 | between the machine stores. For this to work, you need to generate a |
| 384 | key pair to allow the daemon to export signed archives of files from the |
| 385 | store (@pxref{Invoking guix archive}): |
| 386 | |
| 387 | @example |
| 388 | # guix archive --generate-key |
| 389 | @end example |
| 390 | |
| 391 | @noindent |
| 392 | Thus, when receiving files, a machine's build daemon can make sure they |
| 393 | are genuine, have not been tampered with, and that they are signed by an |
| 394 | authorized key. |
| 395 | |
| 396 | |
| 397 | @node Invoking guix-daemon |
| 398 | @section Invoking @command{guix-daemon} |
| 399 | |
| 400 | The @command{guix-daemon} program implements all the functionality to |
| 401 | access the store. This includes launching build processes, running the |
| 402 | garbage collector, querying the availability of a build result, etc. It |
| 403 | is normally run as @code{root} like this: |
| 404 | |
| 405 | @example |
| 406 | # guix-daemon --build-users-group=guix-builder |
| 407 | @end example |
| 408 | |
| 409 | @noindent |
| 410 | For details on how to set it up, @ref{Setting Up the Daemon}. |
| 411 | |
| 412 | @cindex chroot |
| 413 | @cindex container, build environment |
| 414 | @cindex build environment |
| 415 | @cindex reproducible builds |
| 416 | By default, @command{guix-daemon} launches build processes under |
| 417 | different UIDs, taken from the build group specified with |
| 418 | @code{--build-users-group}. In addition, each build process is run in a |
| 419 | chroot environment that only contains the subset of the store that the |
| 420 | build process depends on, as specified by its derivation |
| 421 | (@pxref{Programming Interface, derivation}), plus a set of specific |
| 422 | system directories. By default, the latter contains @file{/dev} and |
| 423 | @file{/dev/pts}. Furthermore, on GNU/Linux, the build environment is a |
| 424 | @dfn{container}: in addition to having its own file system tree, it has |
| 425 | a separate mount name space, its own PID name space, network name space, |
| 426 | etc. This helps achieve reproducible builds (@pxref{Features}). |
| 427 | |
| 428 | The following command-line options are supported: |
| 429 | |
| 430 | @table @code |
| 431 | @item --build-users-group=@var{group} |
| 432 | Take users from @var{group} to run build processes (@pxref{Setting Up |
| 433 | the Daemon, build users}). |
| 434 | |
| 435 | @item --no-substitutes |
| 436 | @cindex substitutes |
| 437 | Do not use substitutes for build products. That is, always build things |
| 438 | locally instead of allowing downloads of pre-built binaries |
| 439 | (@pxref{Substitutes}). |
| 440 | |
| 441 | By default substitutes are used, unless the client---such as the |
| 442 | @command{guix package} command---is explicitly invoked with |
| 443 | @code{--no-substitutes}. |
| 444 | |
| 445 | When the daemon runs with @code{--no-substitutes}, clients can still |
| 446 | explicitly enable substitution @i{via} the @code{set-build-options} |
| 447 | remote procedure call (@pxref{The Store}). |
| 448 | |
| 449 | @cindex build hook |
| 450 | @item --no-build-hook |
| 451 | Do not use the @dfn{build hook}. |
| 452 | |
| 453 | The build hook is a helper program that the daemon can start and to |
| 454 | which it submits build requests. This mechanism is used to offload |
| 455 | builds to other machines (@pxref{Daemon Offload Setup}). |
| 456 | |
| 457 | @item --cache-failures |
| 458 | Cache build failures. By default, only successful builds are cached. |
| 459 | |
| 460 | @item --cores=@var{n} |
| 461 | @itemx -c @var{n} |
| 462 | Use @var{n} CPU cores to build each derivation; @code{0} means as many |
| 463 | as available. |
| 464 | |
| 465 | The default value is @code{1}, but it may be overridden by clients, such |
| 466 | as the @code{--cores} option of @command{guix build} (@pxref{Invoking |
| 467 | guix build}). |
| 468 | |
| 469 | The effect is to define the @code{NIX_BUILD_CORES} environment variable |
| 470 | in the build process, which can then use it to exploit internal |
| 471 | parallelism---for instance, by running @code{make -j$NIX_BUILD_CORES}. |
| 472 | |
| 473 | @item --max-jobs=@var{n} |
| 474 | @itemx -M @var{n} |
| 475 | Allow at most @var{n} build jobs in parallel. The default value is |
| 476 | @code{1}. |
| 477 | |
| 478 | @item --debug |
| 479 | Produce debugging output. |
| 480 | |
| 481 | This is useful to debug daemon start-up issues, but then it may be |
| 482 | overridden by clients, for example the @code{--verbosity} option of |
| 483 | @command{guix build} (@pxref{Invoking guix build}). |
| 484 | |
| 485 | @item --chroot-directory=@var{dir} |
| 486 | Add @var{dir} to the build chroot. |
| 487 | |
| 488 | Doing this may change the result of build processes---for instance if |
| 489 | they use optional dependencies found in @var{dir} when it is available, |
| 490 | and not otherwise. For that reason, it is not recommended to do so. |
| 491 | Instead, make sure that each derivation declares all the inputs that it |
| 492 | needs. |
| 493 | |
| 494 | @item --disable-chroot |
| 495 | Disable chroot builds. |
| 496 | |
| 497 | Using this option is not recommended since, again, it would allow build |
| 498 | processes to gain access to undeclared dependencies. |
| 499 | |
| 500 | @item --disable-log-compression |
| 501 | Disable compression of the build logs. |
| 502 | |
| 503 | Unless @code{--lose-logs} is used, all the build logs are kept in the |
| 504 | @var{localstatedir}. To save space, the daemon automatically compresses |
| 505 | them with bzip2 by default. This option disables that. |
| 506 | |
| 507 | @item --disable-store-optimization |
| 508 | Disable automatic file ``deduplication'' in the store. |
| 509 | |
| 510 | By default, files added to the store are automatically ``deduplicated'': |
| 511 | if a newly added file is identical as another one found in the store, |
| 512 | the daemon makes the new file a hard link to the other file. This |
| 513 | slightly increases the input/output load at the end of a build process. |
| 514 | This option disables this. |
| 515 | |
| 516 | @item --gc-keep-outputs[=yes|no] |
| 517 | Tell whether the garbage collector (GC) must keep outputs of live |
| 518 | derivations. |
| 519 | |
| 520 | When set to ``yes'', the GC will keep the outputs of any live derivation |
| 521 | available in the store---the @code{.drv} files. The default is ``no'', |
| 522 | meaning that derivation outputs are kept only if they are GC roots. |
| 523 | |
| 524 | @item --gc-keep-derivations[=yes|no] |
| 525 | Tell whether the garbage collector (GC) must keep derivations |
| 526 | corresponding to live outputs. |
| 527 | |
| 528 | When set to ``yes'', as is the case by default, the GC keeps |
| 529 | derivations---i.e., @code{.drv} files---as long as at least one of their |
| 530 | outputs is live. This allows users to keep track of the origins of |
| 531 | items in their store. Setting it to ``no'' saves a bit of disk space. |
| 532 | |
| 533 | Note that when both @code{--gc-keep-derivations} and |
| 534 | @code{--gc-keep-outputs} are used, the effect is to keep all the build |
| 535 | prerequisites (the sources, compiler, libraries, and other build-time |
| 536 | tools) of live objects in the store, regardless of whether these |
| 537 | prerequisites are live. This is convenient for developers since it |
| 538 | saves rebuilds or downloads. |
| 539 | |
| 540 | @item --impersonate-linux-2.6 |
| 541 | On Linux-based systems, impersonate Linux 2.6. This means that the |
| 542 | kernel's @code{uname} system call will report 2.6 as the release number. |
| 543 | |
| 544 | This might be helpful to build programs that (usually wrongfully) depend |
| 545 | on the kernel version number. |
| 546 | |
| 547 | @item --lose-logs |
| 548 | Do not keep build logs. By default they are kept under |
| 549 | @code{@var{localstatedir}/nix/log}. |
| 550 | |
| 551 | @item --system=@var{system} |
| 552 | Assume @var{system} as the current system type. By default it is the |
| 553 | architecture/kernel pair found at configure time, such as |
| 554 | @code{x86_64-linux}. |
| 555 | |
| 556 | @item --listen=@var{socket} |
| 557 | Listen for connections on @var{socket}, the file name of a Unix-domain |
| 558 | socket. The default socket is |
| 559 | @file{@var{localstatedir}/daemon-socket/socket}. This option is only |
| 560 | useful in exceptional circumstances, such as if you need to run several |
| 561 | daemons on the same machine. |
| 562 | @end table |
| 563 | |
| 564 | |
| 565 | @c ********************************************************************* |
| 566 | @node Package Management |
| 567 | @chapter Package Management |
| 568 | |
| 569 | The purpose of GNU Guix is to allow users to easily install, upgrade, and |
| 570 | remove software packages, without having to know about their build |
| 571 | procedure or dependencies. Guix also goes beyond this obvious set of |
| 572 | features. |
| 573 | |
| 574 | This chapter describes the main features of Guix, as well as the package |
| 575 | management tools it provides. |
| 576 | |
| 577 | @menu |
| 578 | * Features:: How Guix will make your life brighter. |
| 579 | * Invoking guix package:: Package installation, removal, etc. |
| 580 | * Substitutes:: Downloading pre-built binaries. |
| 581 | * Packages with Multiple Outputs:: Single source package, multiple outputs. |
| 582 | * Invoking guix gc:: Running the garbage collector. |
| 583 | * Invoking guix pull:: Fetching the latest Guix and distribution. |
| 584 | * Invoking guix archive:: Exporting and importing store files. |
| 585 | @end menu |
| 586 | |
| 587 | @node Features |
| 588 | @section Features |
| 589 | |
| 590 | When using Guix, each package ends up in the @dfn{package store}, in its |
| 591 | own directory---something that resembles |
| 592 | @file{/gnu/store/xxx-package-1.2}, where @code{xxx} is a base32 string. |
| 593 | |
| 594 | Instead of referring to these directories, users have their own |
| 595 | @dfn{profile}, which points to the packages that they actually want to |
| 596 | use. These profiles are stored within each user's home directory, at |
| 597 | @code{$HOME/.guix-profile}. |
| 598 | |
| 599 | For example, @code{alice} installs GCC 4.7.2. As a result, |
| 600 | @file{/home/alice/.guix-profile/bin/gcc} points to |
| 601 | @file{/gnu/store/@dots{}-gcc-4.7.2/bin/gcc}. Now, on the same machine, |
| 602 | @code{bob} had already installed GCC 4.8.0. The profile of @code{bob} |
| 603 | simply continues to point to |
| 604 | @file{/gnu/store/@dots{}-gcc-4.8.0/bin/gcc}---i.e., both versions of GCC |
| 605 | coexist on the same system without any interference. |
| 606 | |
| 607 | The @command{guix package} command is the central tool to manage |
| 608 | packages (@pxref{Invoking guix package}). It operates on those per-user |
| 609 | profiles, and can be used @emph{with normal user privileges}. |
| 610 | |
| 611 | The command provides the obvious install, remove, and upgrade |
| 612 | operations. Each invocation is actually a @emph{transaction}: either |
| 613 | the specified operation succeeds, or nothing happens. Thus, if the |
| 614 | @command{guix package} process is terminated during the transaction, |
| 615 | or if a power outage occurs during the transaction, then the user's |
| 616 | profile remains in its previous state, and remains usable. |
| 617 | |
| 618 | In addition, any package transaction may be @emph{rolled back}. So, if, |
| 619 | for example, an upgrade installs a new version of a package that turns |
| 620 | out to have a serious bug, users may roll back to the previous instance |
| 621 | of their profile, which was known to work well. Similarly, the global |
| 622 | system configuration is subject to transactional upgrades and roll-back |
| 623 | (@pxref{Using the Configuration System}). |
| 624 | |
| 625 | All those packages in the package store may be @emph{garbage-collected}. |
| 626 | Guix can determine which packages are still referenced by the user |
| 627 | profiles, and remove those that are provably no longer referenced |
| 628 | (@pxref{Invoking guix gc}). Users may also explicitly remove old |
| 629 | generations of their profile so that the packages they refer to can be |
| 630 | collected. |
| 631 | |
| 632 | @cindex reproducibility |
| 633 | @cindex reproducible builds |
| 634 | Finally, Guix takes a @dfn{purely functional} approach to package |
| 635 | management, as described in the introduction (@pxref{Introduction}). |
| 636 | Each @file{/gnu/store} package directory name contains a hash of all the |
| 637 | inputs that were used to build that package---compiler, libraries, build |
| 638 | scripts, etc. This direct correspondence allows users to make sure a |
| 639 | given package installation matches the current state of their |
| 640 | distribution. It also helps maximize @dfn{build reproducibility}: |
| 641 | thanks to the isolated build environments that are used, a given build |
| 642 | is likely to yield bit-identical files when performed on different |
| 643 | machines (@pxref{Invoking guix-daemon, container}). |
| 644 | |
| 645 | @cindex substitutes |
| 646 | This foundation allows Guix to support @dfn{transparent binary/source |
| 647 | deployment}. When a pre-built binary for a @file{/gnu/store} item is |
| 648 | available from an external source---a @dfn{substitute}, Guix just |
| 649 | downloads it and unpacks it; |
| 650 | otherwise, it builds the package from source, locally |
| 651 | (@pxref{Substitutes}). |
| 652 | |
| 653 | @node Invoking guix package |
| 654 | @section Invoking @command{guix package} |
| 655 | |
| 656 | The @command{guix package} command is the tool that allows users to |
| 657 | install, upgrade, and remove packages, as well as rolling back to |
| 658 | previous configurations. It operates only on the user's own profile, |
| 659 | and works with normal user privileges (@pxref{Features}). Its syntax |
| 660 | is: |
| 661 | |
| 662 | @example |
| 663 | guix package @var{options} |
| 664 | @end example |
| 665 | |
| 666 | Primarily, @var{options} specifies the operations to be performed during |
| 667 | the transaction. Upon completion, a new profile is created, but |
| 668 | previous generations of the profile remain available, should the user |
| 669 | want to roll back. |
| 670 | |
| 671 | For example, to remove @code{lua} and install @code{guile} and |
| 672 | @code{guile-cairo} in a single transaction: |
| 673 | |
| 674 | @example |
| 675 | guix package -r lua -i guile guile-cairo |
| 676 | @end example |
| 677 | |
| 678 | For each user, a symlink to the user's default profile is automatically |
| 679 | created in @file{$HOME/.guix-profile}. This symlink always points to the |
| 680 | current generation of the user's default profile. Thus, users can add |
| 681 | @file{$HOME/.guix-profile/bin} to their @code{PATH} environment |
| 682 | variable, and so on. |
| 683 | |
| 684 | In a multi-user setup, user profiles must be stored in a place |
| 685 | registered as a @dfn{garbage-collector root}, which |
| 686 | @file{$HOME/.guix-profile} points to (@pxref{Invoking guix gc}). That |
| 687 | directory is normally |
| 688 | @code{@var{localstatedir}/profiles/per-user/@var{user}}, where |
| 689 | @var{localstatedir} is the value passed to @code{configure} as |
| 690 | @code{--localstatedir}, and @var{user} is the user name. It must be |
| 691 | created by @code{root}, with @var{user} as the owner. When it does not |
| 692 | exist, or is not owned by @var{user}, @command{guix package} emits an |
| 693 | error about it. |
| 694 | |
| 695 | The @var{options} can be among the following: |
| 696 | |
| 697 | @table @code |
| 698 | |
| 699 | @item --install=@var{package} @dots{} |
| 700 | @itemx -i @var{package} @dots{} |
| 701 | Install the specified @var{package}s. |
| 702 | |
| 703 | Each @var{package} may specify either a simple package name, such as |
| 704 | @code{guile}, or a package name followed by a hyphen and version number, |
| 705 | such as @code{guile-1.8.8}. If no version number is specified, the |
| 706 | newest available version will be selected. In addition, @var{package} |
| 707 | may contain a colon, followed by the name of one of the outputs of the |
| 708 | package, as in @code{gcc:doc} or @code{binutils-2.22:lib} |
| 709 | (@pxref{Packages with Multiple Outputs}). Packages with a corresponding |
| 710 | name (and optionally version) are searched for among the GNU |
| 711 | distribution modules (@pxref{Package Modules}). |
| 712 | |
| 713 | @cindex propagated inputs |
| 714 | Sometimes packages have @dfn{propagated inputs}: these are dependencies |
| 715 | that automatically get installed along with the required package. |
| 716 | |
| 717 | An example is the GNU MPC library: its C header files refer to those of |
| 718 | the GNU MPFR library, which in turn refer to those of the GMP library. |
| 719 | Thus, when installing MPC, the MPFR and GMP libraries also get installed |
| 720 | in the profile; removing MPC also removes MPFR and GMP---unless they had |
| 721 | also been explicitly installed independently. |
| 722 | |
| 723 | Besides, packages sometimes rely on the definition of environment |
| 724 | variables for their search paths (see explanation of |
| 725 | @code{--search-paths} below). Any missing or possibly incorrect |
| 726 | environment variable definitions are reported here. |
| 727 | |
| 728 | @c XXX: keep me up-to-date |
| 729 | Finally, when installing a GNU package, the tool reports the |
| 730 | availability of a newer upstream version. In the future, it may provide |
| 731 | the option of installing directly from the upstream version, even if |
| 732 | that version is not yet in the distribution. |
| 733 | |
| 734 | @item --install-from-expression=@var{exp} |
| 735 | @itemx -e @var{exp} |
| 736 | Install the package @var{exp} evaluates to. |
| 737 | |
| 738 | @var{exp} must be a Scheme expression that evaluates to a |
| 739 | @code{<package>} object. This option is notably useful to disambiguate |
| 740 | between same-named variants of a package, with expressions such as |
| 741 | @code{(@@ (gnu packages base) guile-final)}. |
| 742 | |
| 743 | Note that this option installs the first output of the specified |
| 744 | package, which may be insufficient when needing a specific output of a |
| 745 | multiple-output package. |
| 746 | |
| 747 | @item --remove=@var{package} @dots{} |
| 748 | @itemx -r @var{package} @dots{} |
| 749 | Remove the specified @var{package}s. |
| 750 | |
| 751 | As for @code{--install}, each @var{package} may specify a version number |
| 752 | and/or output name in addition to the package name. For instance, |
| 753 | @code{-r glibc:debug} would remove the @code{debug} output of |
| 754 | @code{glibc}. |
| 755 | |
| 756 | @item --upgrade[=@var{regexp} @dots{}] |
| 757 | @itemx -u [@var{regexp} @dots{}] |
| 758 | Upgrade all the installed packages. If one or more @var{regexp}s are |
| 759 | specified, upgrade only installed packages whose name matches a |
| 760 | @var{regexp}. |
| 761 | |
| 762 | Note that this upgrades package to the latest version of packages found |
| 763 | in the distribution currently installed. To update your distribution, |
| 764 | you should regularly run @command{guix pull} (@pxref{Invoking guix |
| 765 | pull}). |
| 766 | |
| 767 | @item --roll-back |
| 768 | Roll back to the previous @dfn{generation} of the profile---i.e., undo |
| 769 | the last transaction. |
| 770 | |
| 771 | When combined with options such as @code{--install}, roll back occurs |
| 772 | before any other actions. |
| 773 | |
| 774 | When rolling back from the first generation that actually contains |
| 775 | installed packages, the profile is made to point to the @dfn{zeroth |
| 776 | generation}, which contains no files apart from its own meta-data. |
| 777 | |
| 778 | Installing, removing, or upgrading packages from a generation that has |
| 779 | been rolled back to overwrites previous future generations. Thus, the |
| 780 | history of a profile's generations is always linear. |
| 781 | |
| 782 | @item --search-paths |
| 783 | @cindex search paths |
| 784 | Report environment variable definitions, in Bash syntax, that may be |
| 785 | needed in order to use the set of installed packages. These environment |
| 786 | variables are used to specify @dfn{search paths} for files used by some |
| 787 | of the installed packages. |
| 788 | |
| 789 | For example, GCC needs the @code{CPATH} and @code{LIBRARY_PATH} |
| 790 | environment variables to be defined so it can look for headers and |
| 791 | libraries in the user's profile (@pxref{Environment Variables,,, gcc, |
| 792 | Using the GNU Compiler Collection (GCC)}). If GCC and, say, the C |
| 793 | library are installed in the profile, then @code{--search-paths} will |
| 794 | suggest setting these variables to @code{@var{profile}/include} and |
| 795 | @code{@var{profile}/lib}, respectively. |
| 796 | |
| 797 | @item --profile=@var{profile} |
| 798 | @itemx -p @var{profile} |
| 799 | Use @var{profile} instead of the user's default profile. |
| 800 | |
| 801 | @item --verbose |
| 802 | Produce verbose output. In particular, emit the environment's build log |
| 803 | on the standard error port. |
| 804 | |
| 805 | @item --bootstrap |
| 806 | Use the bootstrap Guile to build the profile. This option is only |
| 807 | useful to distribution developers. |
| 808 | |
| 809 | @end table |
| 810 | |
| 811 | In addition to these actions @command{guix package} supports the |
| 812 | following options to query the current state of a profile, or the |
| 813 | availability of packages: |
| 814 | |
| 815 | @table @option |
| 816 | |
| 817 | @item --search=@var{regexp} |
| 818 | @itemx -s @var{regexp} |
| 819 | List the available packages whose synopsis or description matches |
| 820 | @var{regexp}. Print all the meta-data of matching packages in |
| 821 | @code{recutils} format (@pxref{Top, GNU recutils databases,, recutils, |
| 822 | GNU recutils manual}). |
| 823 | |
| 824 | This allows specific fields to be extracted using the @command{recsel} |
| 825 | command, for instance: |
| 826 | |
| 827 | @example |
| 828 | $ guix package -s malloc | recsel -p name,version |
| 829 | name: glibc |
| 830 | version: 2.17 |
| 831 | |
| 832 | name: libgc |
| 833 | version: 7.2alpha6 |
| 834 | @end example |
| 835 | |
| 836 | Similarly, to show the name of all the packages available under the |
| 837 | terms of the GNU@tie{}LGPL version 3: |
| 838 | |
| 839 | @example |
| 840 | $ guix package -s "" | recsel -p name -e 'license ~ "LGPL 3"' |
| 841 | name: elfutils |
| 842 | |
| 843 | name: gmp |
| 844 | @dots{} |
| 845 | @end example |
| 846 | |
| 847 | @item --show=@var{package} |
| 848 | Show details about @var{package}, taken from the list of available packages, in |
| 849 | @code{recutils} format (@pxref{Top, GNU recutils databases,, recutils, GNU |
| 850 | recutils manual}). |
| 851 | |
| 852 | @example |
| 853 | $ guix package --show=python | recsel -p name,version |
| 854 | name: python |
| 855 | version: 2.7.6 |
| 856 | |
| 857 | name: python |
| 858 | version: 3.3.5 |
| 859 | @end example |
| 860 | |
| 861 | You may also specify the full name of a package to only get details about a |
| 862 | specific version of it: |
| 863 | @example |
| 864 | $ guix package --show=python-3.3.5 | recsel -p name,version |
| 865 | name: python |
| 866 | version: 3.3.5 |
| 867 | @end example |
| 868 | |
| 869 | |
| 870 | |
| 871 | @item --list-installed[=@var{regexp}] |
| 872 | @itemx -I [@var{regexp}] |
| 873 | List the currently installed packages in the specified profile, with the |
| 874 | most recently installed packages shown last. When @var{regexp} is |
| 875 | specified, list only installed packages whose name matches @var{regexp}. |
| 876 | |
| 877 | For each installed package, print the following items, separated by |
| 878 | tabs: the package name, its version string, the part of the package that |
| 879 | is installed (for instance, @code{out} for the default output, |
| 880 | @code{include} for its headers, etc.), and the path of this package in |
| 881 | the store. |
| 882 | |
| 883 | @item --list-available[=@var{regexp}] |
| 884 | @itemx -A [@var{regexp}] |
| 885 | List packages currently available in the software distribution |
| 886 | (@pxref{GNU Distribution}). When @var{regexp} is specified, list only |
| 887 | installed packages whose name matches @var{regexp}. |
| 888 | |
| 889 | For each package, print the following items separated by tabs: its name, |
| 890 | its version string, the parts of the package (@pxref{Packages with |
| 891 | Multiple Outputs}), and the source location of its definition. |
| 892 | |
| 893 | @item --list-generations[=@var{pattern}] |
| 894 | @itemx -l [@var{pattern}] |
| 895 | Return a list of generations along with their creation dates; for each |
| 896 | generation, show the installed packages, with the most recently |
| 897 | installed packages shown last. Note that the zeroth generation is never |
| 898 | shown. |
| 899 | |
| 900 | For each installed package, print the following items, separated by |
| 901 | tabs: the name of a package, its version string, the part of the package |
| 902 | that is installed (@pxref{Packages with Multiple Outputs}), and the |
| 903 | location of this package in the store. |
| 904 | |
| 905 | When @var{pattern} is used, the command returns only matching |
| 906 | generations. Valid patterns include: |
| 907 | |
| 908 | @itemize |
| 909 | @item @emph{Integers and comma-separated integers}. Both patterns denote |
| 910 | generation numbers. For instance, @code{--list-generations=1} returns |
| 911 | the first one. |
| 912 | |
| 913 | And @code{--list-generations=1,8,2} outputs three generations in the |
| 914 | specified order. Neither spaces nor trailing commas are allowed. |
| 915 | |
| 916 | @item @emph{Ranges}. @code{--list-generations=2..9} prints the |
| 917 | specified generations and everything in between. Note that the start of |
| 918 | a range must be lesser than its end. |
| 919 | |
| 920 | It is also possible to omit the endpoint. For example, |
| 921 | @code{--list-generations=2..}, returns all generations starting from the |
| 922 | second one. |
| 923 | |
| 924 | @item @emph{Durations}. You can also get the last @emph{N}@tie{}days, weeks, |
| 925 | or months by passing an integer along with the first letter of the |
| 926 | duration. For example, @code{--list-generations=20d} lists generations |
| 927 | that are up to 20 days old. |
| 928 | @end itemize |
| 929 | |
| 930 | @item --delete-generations[=@var{pattern}] |
| 931 | @itemx -d [@var{pattern}] |
| 932 | When @var{pattern} is omitted, delete all generations except the current |
| 933 | one. |
| 934 | |
| 935 | This command accepts the same patterns as @option{--list-generations}. |
| 936 | When @var{pattern} is specified, delete the matching generations. When |
| 937 | @var{pattern} specifies a duration, generations @emph{older} than the |
| 938 | specified duration match. For instance, @code{--delete-generations=1m} |
| 939 | deletes generations that are more than one month old. |
| 940 | |
| 941 | If the current generation matches, it is deleted atomically---i.e., by |
| 942 | switching to the previous available generation. Note that the zeroth |
| 943 | generation is never deleted. |
| 944 | |
| 945 | Note that deleting generations prevents roll-back to them. |
| 946 | Consequently, this command must be used with care. |
| 947 | |
| 948 | @end table |
| 949 | |
| 950 | Finally, since @command{guix package} may actually start build |
| 951 | processes, it supports all the common build options that @command{guix |
| 952 | build} supports (@pxref{Invoking guix build, common build options}). |
| 953 | |
| 954 | @node Substitutes |
| 955 | @section Substitutes |
| 956 | |
| 957 | @cindex substitutes |
| 958 | @cindex pre-built binaries |
| 959 | Guix supports transparent source/binary deployment, which means that it |
| 960 | can either build things locally, or download pre-built items from a |
| 961 | server. We call these pre-built items @dfn{substitutes}---they are |
| 962 | substitutes for local build results. In many cases, downloading a |
| 963 | substitute is much faster than building things locally. |
| 964 | |
| 965 | Substitutes can be anything resulting from a derivation build |
| 966 | (@pxref{Derivations}). Of course, in the common case, they are |
| 967 | pre-built package binaries, but source tarballs, for instance, which |
| 968 | also result from derivation builds, can be available as substitutes. |
| 969 | |
| 970 | The @code{hydra.gnu.org} server is a front-end to a build farm that |
| 971 | builds packages from the GNU distribution continuously for some |
| 972 | architectures, and makes them available as substitutes. |
| 973 | |
| 974 | @cindex security |
| 975 | @cindex digital signatures |
| 976 | To allow Guix to download substitutes from @code{hydra.gnu.org}, you |
| 977 | must add its public key to the access control list (ACL) of archive |
| 978 | imports, using the @command{guix archive} command (@pxref{Invoking guix |
| 979 | archive}). Doing so implies that you trust @code{hydra.gnu.org} to not |
| 980 | be compromised and to serve genuine substitutes. |
| 981 | |
| 982 | This public key is installed along with Guix, in |
| 983 | @code{@var{prefix}/share/guix/hydra.gnu.org.pub}, where @var{prefix} is |
| 984 | the installation prefix of Guix. If you installed Guix from source, |
| 985 | make sure you checked the GPG signature of |
| 986 | @file{guix-@value{VERSION}.tar.gz}, which contains this public key file. |
| 987 | Then, you can run something like this: |
| 988 | |
| 989 | @example |
| 990 | # guix archive --authorize < hydra.gnu.org.pub |
| 991 | @end example |
| 992 | |
| 993 | Once this is in place, the output of a command like @code{guix build} |
| 994 | should change from something like: |
| 995 | |
| 996 | @example |
| 997 | $ guix build emacs --dry-run |
| 998 | The following derivations would be built: |
| 999 | /gnu/store/yr7bnx8xwcayd6j95r2clmkdl1qh688w-emacs-24.3.drv |
| 1000 | /gnu/store/x8qsh1hlhgjx6cwsjyvybnfv2i37z23w-dbus-1.6.4.tar.gz.drv |
| 1001 | /gnu/store/1ixwp12fl950d15h2cj11c73733jay0z-alsa-lib-1.0.27.1.tar.bz2.drv |
| 1002 | /gnu/store/nlma1pw0p603fpfiqy7kn4zm105r5dmw-util-linux-2.21.drv |
| 1003 | @dots{} |
| 1004 | @end example |
| 1005 | |
| 1006 | @noindent |
| 1007 | to something like: |
| 1008 | |
| 1009 | @example |
| 1010 | $ guix build emacs --dry-run |
| 1011 | The following files would be downloaded: |
| 1012 | /gnu/store/pk3n22lbq6ydamyymqkkz7i69wiwjiwi-emacs-24.3 |
| 1013 | /gnu/store/2ygn4ncnhrpr61rssa6z0d9x22si0va3-libjpeg-8d |
| 1014 | /gnu/store/71yz6lgx4dazma9dwn2mcjxaah9w77jq-cairo-1.12.16 |
| 1015 | /gnu/store/7zdhgp0n1518lvfn8mb96sxqfmvqrl7v-libxrender-0.9.7 |
| 1016 | @dots{} |
| 1017 | @end example |
| 1018 | |
| 1019 | @noindent |
| 1020 | This indicates that substitutes from @code{hydra.gnu.org} are usable and |
| 1021 | will be downloaded, when possible, for future builds. |
| 1022 | |
| 1023 | Guix ignores substitutes that are not signed, or that are not signed by |
| 1024 | one of the keys listed in the ACL. It also detects and raises an error |
| 1025 | when attempting to use a substitute that has been tampered with. |
| 1026 | |
| 1027 | The substitute mechanism can be disabled globally by running |
| 1028 | @code{guix-daemon} with @code{--no-substitutes} (@pxref{Invoking |
| 1029 | guix-daemon}). It can also be disabled temporarily by passing the |
| 1030 | @code{--no-substitutes} option to @command{guix package}, @command{guix |
| 1031 | build}, and other command-line tools. |
| 1032 | |
| 1033 | |
| 1034 | Today, each individual's control over their own computing is at the |
| 1035 | mercy of institutions, corporations, and groups with enough power and |
| 1036 | determination to subvert the computing infrastructure and exploit its |
| 1037 | weaknesses. While using @code{hydra.gnu.org} substitutes can be |
| 1038 | convenient, we encourage users to also build on their own, or even run |
| 1039 | their own build farm, such that @code{hydra.gnu.org} is less of an |
| 1040 | interesting target. |
| 1041 | |
| 1042 | Guix has the foundations to maximize build reproducibility |
| 1043 | (@pxref{Features}). In most cases, independent builds of a given |
| 1044 | package or derivation should yield bit-identical results. Thus, through |
| 1045 | a diverse set of independent package builds, we can strengthen the |
| 1046 | integrity of our systems. |
| 1047 | |
| 1048 | In the future, we want Guix to have support to publish and retrieve |
| 1049 | binaries to/from other users, in a peer-to-peer fashion. If you would |
| 1050 | like to discuss this project, join us on @email{guix-devel@@gnu.org}. |
| 1051 | |
| 1052 | |
| 1053 | @node Packages with Multiple Outputs |
| 1054 | @section Packages with Multiple Outputs |
| 1055 | |
| 1056 | @cindex multiple-output packages |
| 1057 | @cindex package outputs |
| 1058 | |
| 1059 | Often, packages defined in Guix have a single @dfn{output}---i.e., the |
| 1060 | source package leads exactly one directory in the store. When running |
| 1061 | @command{guix package -i glibc}, one installs the default output of the |
| 1062 | GNU libc package; the default output is called @code{out}, but its name |
| 1063 | can be omitted as shown in this command. In this particular case, the |
| 1064 | default output of @code{glibc} contains all the C header files, shared |
| 1065 | libraries, static libraries, Info documentation, and other supporting |
| 1066 | files. |
| 1067 | |
| 1068 | Sometimes it is more appropriate to separate the various types of files |
| 1069 | produced from a single source package into separate outputs. For |
| 1070 | instance, the GLib C library (used by GTK+ and related packages) |
| 1071 | installs more than 20 MiB of reference documentation as HTML pages. |
| 1072 | To save space for users who do not need it, the documentation goes to a |
| 1073 | separate output, called @code{doc}. To install the main GLib output, |
| 1074 | which contains everything but the documentation, one would run: |
| 1075 | |
| 1076 | @example |
| 1077 | guix package -i glib |
| 1078 | @end example |
| 1079 | |
| 1080 | The command to install its documentation is: |
| 1081 | |
| 1082 | @example |
| 1083 | guix package -i glib:doc |
| 1084 | @end example |
| 1085 | |
| 1086 | Some packages install programs with different ``dependency footprints''. |
| 1087 | For instance, the WordNet package install both command-line tools and |
| 1088 | graphical user interfaces (GUIs). The former depend solely on the C |
| 1089 | library, whereas the latter depend on Tcl/Tk and the underlying X |
| 1090 | libraries. In this case, we leave the command-line tools in the default |
| 1091 | output, whereas the GUIs are in a separate output. This allows users |
| 1092 | who do not need the GUIs to save space. |
| 1093 | |
| 1094 | There are several such multiple-output packages in the GNU distribution. |
| 1095 | Other conventional output names include @code{lib} for libraries and |
| 1096 | possibly header files, @code{bin} for stand-alone programs, and |
| 1097 | @code{debug} for debugging information (@pxref{Installing Debugging |
| 1098 | Files}). The outputs of a packages are listed in the third column of |
| 1099 | the output of @command{guix package --list-available} (@pxref{Invoking |
| 1100 | guix package}). |
| 1101 | |
| 1102 | |
| 1103 | @node Invoking guix gc |
| 1104 | @section Invoking @command{guix gc} |
| 1105 | |
| 1106 | @cindex garbage collector |
| 1107 | Packages that are installed but not used may be @dfn{garbage-collected}. |
| 1108 | The @command{guix gc} command allows users to explicitly run the garbage |
| 1109 | collector to reclaim space from the @file{/gnu/store} directory. |
| 1110 | |
| 1111 | The garbage collector has a set of known @dfn{roots}: any file under |
| 1112 | @file{/gnu/store} reachable from a root is considered @dfn{live} and |
| 1113 | cannot be deleted; any other file is considered @dfn{dead} and may be |
| 1114 | deleted. The set of garbage collector roots includes default user |
| 1115 | profiles, and may be augmented with @command{guix build --root}, for |
| 1116 | example (@pxref{Invoking guix build}). |
| 1117 | |
| 1118 | Prior to running @code{guix gc --collect-garbage} to make space, it is |
| 1119 | often useful to remove old generations from user profiles; that way, old |
| 1120 | package builds referenced by those generations can be reclaimed. This |
| 1121 | is achieved by running @code{guix package --delete-generations} |
| 1122 | (@pxref{Invoking guix package}). |
| 1123 | |
| 1124 | The @command{guix gc} command has three modes of operation: it can be |
| 1125 | used to garbage-collect any dead files (the default), to delete specific |
| 1126 | files (the @code{--delete} option), or to print garbage-collector |
| 1127 | information. The available options are listed below: |
| 1128 | |
| 1129 | @table @code |
| 1130 | @item --collect-garbage[=@var{min}] |
| 1131 | @itemx -C [@var{min}] |
| 1132 | Collect garbage---i.e., unreachable @file{/gnu/store} files and |
| 1133 | sub-directories. This is the default operation when no option is |
| 1134 | specified. |
| 1135 | |
| 1136 | When @var{min} is given, stop once @var{min} bytes have been collected. |
| 1137 | @var{min} may be a number of bytes, or it may include a unit as a |
| 1138 | suffix, such as @code{MiB} for mebibytes and @code{GB} for gigabytes. |
| 1139 | |
| 1140 | When @var{min} is omitted, collect all the garbage. |
| 1141 | |
| 1142 | @item --delete |
| 1143 | @itemx -d |
| 1144 | Attempt to delete all the store files and directories specified as |
| 1145 | arguments. This fails if some of the files are not in the store, or if |
| 1146 | they are still live. |
| 1147 | |
| 1148 | @item --list-dead |
| 1149 | Show the list of dead files and directories still present in the |
| 1150 | store---i.e., files and directories no longer reachable from any root. |
| 1151 | |
| 1152 | @item --list-live |
| 1153 | Show the list of live store files and directories. |
| 1154 | |
| 1155 | @end table |
| 1156 | |
| 1157 | In addition, the references among existing store files can be queried: |
| 1158 | |
| 1159 | @table @code |
| 1160 | |
| 1161 | @item --references |
| 1162 | @itemx --referrers |
| 1163 | List the references (respectively, the referrers) of store files given |
| 1164 | as arguments. |
| 1165 | |
| 1166 | @item --requisites |
| 1167 | @itemx -R |
| 1168 | List the requisites of the store files passed as arguments. Requisites |
| 1169 | include the store files themselves, their references, and the references |
| 1170 | of these, recursively. In other words, the returned list is the |
| 1171 | @dfn{transitive closure} of the store files. |
| 1172 | |
| 1173 | @end table |
| 1174 | |
| 1175 | |
| 1176 | @node Invoking guix pull |
| 1177 | @section Invoking @command{guix pull} |
| 1178 | |
| 1179 | Packages are installed or upgraded to the latest version available in |
| 1180 | the distribution currently available on your local machine. To update |
| 1181 | that distribution, along with the Guix tools, you must run @command{guix |
| 1182 | pull}: the command downloads the latest Guix source code and package |
| 1183 | descriptions, and deploys it. |
| 1184 | |
| 1185 | On completion, @command{guix package} will use packages and package |
| 1186 | versions from this just-retrieved copy of Guix. Not only that, but all |
| 1187 | the Guix commands and Scheme modules will also be taken from that latest |
| 1188 | version. New @command{guix} sub-commands added by the update also |
| 1189 | become available. |
| 1190 | |
| 1191 | The @command{guix pull} command is usually invoked with no arguments, |
| 1192 | but it supports the following options: |
| 1193 | |
| 1194 | @table @code |
| 1195 | @item --verbose |
| 1196 | Produce verbose output, writing build logs to the standard error output. |
| 1197 | |
| 1198 | @item --url=@var{url} |
| 1199 | Download the source tarball of Guix from @var{url}. |
| 1200 | |
| 1201 | By default, the tarball is taken from its canonical address at |
| 1202 | @code{gnu.org}, for the stable branch of Guix. |
| 1203 | |
| 1204 | @item --bootstrap |
| 1205 | Use the bootstrap Guile to build the latest Guix. This option is only |
| 1206 | useful to Guix developers. |
| 1207 | @end table |
| 1208 | |
| 1209 | |
| 1210 | @node Invoking guix archive |
| 1211 | @section Invoking @command{guix archive} |
| 1212 | |
| 1213 | The @command{guix archive} command allows users to @dfn{export} files |
| 1214 | from the store into a single archive, and to later @dfn{import} them. |
| 1215 | In particular, it allows store files to be transferred from one machine |
| 1216 | to another machine's store. For example, to transfer the @code{emacs} |
| 1217 | package to a machine connected over SSH, one would run: |
| 1218 | |
| 1219 | @example |
| 1220 | guix archive --export emacs | ssh the-machine guix archive --import |
| 1221 | @end example |
| 1222 | |
| 1223 | @noindent |
| 1224 | However, note that, in this example, all of @code{emacs} and its |
| 1225 | dependencies are transferred, regardless of what is already available in |
| 1226 | the target machine's store. The @code{--missing} option can help figure |
| 1227 | out which items are missing from the target's store. |
| 1228 | |
| 1229 | Archives are stored in the ``Nix archive'' or ``Nar'' format, which is |
| 1230 | comparable in spirit to `tar', but with a few noteworthy differences |
| 1231 | that make it more appropriate for our purposes. First, rather than |
| 1232 | recording all Unix meta-data for each file, the Nar format only mentions |
| 1233 | the file type (regular, directory, or symbolic link); Unix permissions |
| 1234 | and owner/group are dismissed. Second, the order in which directory |
| 1235 | entries are stored always follows the order of file names according to |
| 1236 | the C locale collation order. This makes archive production fully |
| 1237 | deterministic. |
| 1238 | |
| 1239 | When exporting, the daemon digitally signs the contents of the archive, |
| 1240 | and that digital signature is appended. When importing, the daemon |
| 1241 | verifies the signature and rejects the import in case of an invalid |
| 1242 | signature or if the signing key is not authorized. |
| 1243 | @c FIXME: Add xref to daemon doc about signatures. |
| 1244 | |
| 1245 | The main options are: |
| 1246 | |
| 1247 | @table @code |
| 1248 | @item --export |
| 1249 | Export the specified store files or packages (see below.) Write the |
| 1250 | resulting archive to the standard output. |
| 1251 | |
| 1252 | @item --import |
| 1253 | Read an archive from the standard input, and import the files listed |
| 1254 | therein into the store. Abort if the archive has an invalid digital |
| 1255 | signature, or if it is signed by a public key not among the authorized |
| 1256 | keys (see @code{--authorize} below.) |
| 1257 | |
| 1258 | @item --missing |
| 1259 | Read a list of store file names from the standard input, one per line, |
| 1260 | and write on the standard output the subset of these files missing from |
| 1261 | the store. |
| 1262 | |
| 1263 | @item --generate-key[=@var{parameters}] |
| 1264 | @cindex signing, archives |
| 1265 | Generate a new key pair for the daemons. This is a prerequisite before |
| 1266 | archives can be exported with @code{--export}. Note that this operation |
| 1267 | usually takes time, because it needs to gather enough entropy to |
| 1268 | generate the key pair. |
| 1269 | |
| 1270 | The generated key pair is typically stored under @file{/etc/guix}, in |
| 1271 | @file{signing-key.pub} (public key) and @file{signing-key.sec} (private |
| 1272 | key, which must be kept secret.) When @var{parameters} is omitted, it |
| 1273 | is a 4096-bit RSA key. Alternately, @var{parameters} can specify |
| 1274 | @code{genkey} parameters suitable for Libgcrypt (@pxref{General |
| 1275 | public-key related Functions, @code{gcry_pk_genkey},, gcrypt, The |
| 1276 | Libgcrypt Reference Manual}). |
| 1277 | |
| 1278 | @item --authorize |
| 1279 | @cindex authorizing, archives |
| 1280 | Authorize imports signed by the public key passed on standard input. |
| 1281 | The public key must be in ``s-expression advanced format''---i.e., the |
| 1282 | same format as the @file{signing-key.pub} file. |
| 1283 | |
| 1284 | The list of authorized keys is kept in the human-editable file |
| 1285 | @file{/etc/guix/acl}. The file contains |
| 1286 | @url{http://people.csail.mit.edu/rivest/Sexp.txt, ``advanced-format |
| 1287 | s-expressions''} and is structured as an access-control list in the |
| 1288 | @url{http://theworld.com/~cme/spki.txt, Simple Public-Key Infrastructure |
| 1289 | (SPKI)}. |
| 1290 | @end table |
| 1291 | |
| 1292 | To export store files as an archive to the standard output, run: |
| 1293 | |
| 1294 | @example |
| 1295 | guix archive --export @var{options} @var{specifications}... |
| 1296 | @end example |
| 1297 | |
| 1298 | @var{specifications} may be either store file names or package |
| 1299 | specifications, as for @command{guix package} (@pxref{Invoking guix |
| 1300 | package}). For instance, the following command creates an archive |
| 1301 | containing the @code{gui} output of the @code{git} package and the main |
| 1302 | output of @code{emacs}: |
| 1303 | |
| 1304 | @example |
| 1305 | guix archive --export git:gui /gnu/store/...-emacs-24.3 > great.nar |
| 1306 | @end example |
| 1307 | |
| 1308 | If the specified packages are not built yet, @command{guix archive} |
| 1309 | automatically builds them. The build process may be controlled with the |
| 1310 | same options that can be passed to the @command{guix build} command |
| 1311 | (@pxref{Invoking guix build, common build options}). |
| 1312 | |
| 1313 | |
| 1314 | @c ********************************************************************* |
| 1315 | @node Programming Interface |
| 1316 | @chapter Programming Interface |
| 1317 | |
| 1318 | GNU Guix provides several Scheme programming interfaces (APIs) to |
| 1319 | define, build, and query packages. The first interface allows users to |
| 1320 | write high-level package definitions. These definitions refer to |
| 1321 | familiar packaging concepts, such as the name and version of a package, |
| 1322 | its build system, and its dependencies. These definitions can then be |
| 1323 | turned into concrete build actions. |
| 1324 | |
| 1325 | Build actions are performed by the Guix daemon, on behalf of users. In a |
| 1326 | standard setup, the daemon has write access to the store---the |
| 1327 | @file{/gnu/store} directory---whereas users do not. The recommended |
| 1328 | setup also has the daemon perform builds in chroots, under a specific |
| 1329 | build users, to minimize interference with the rest of the system. |
| 1330 | |
| 1331 | @cindex derivation |
| 1332 | Lower-level APIs are available to interact with the daemon and the |
| 1333 | store. To instruct the daemon to perform a build action, users actually |
| 1334 | provide it with a @dfn{derivation}. A derivation is a low-level |
| 1335 | representation of the build actions to be taken, and the environment in |
| 1336 | which they should occur---derivations are to package definitions what |
| 1337 | assembly is to C programs. The term ``derivation'' comes from the fact |
| 1338 | that build results @emph{derive} from them. |
| 1339 | |
| 1340 | This chapter describes all these APIs in turn, starting from high-level |
| 1341 | package definitions. |
| 1342 | |
| 1343 | @menu |
| 1344 | * Defining Packages:: Defining new packages. |
| 1345 | * Build Systems:: Specifying how packages are built. |
| 1346 | * The Store:: Manipulating the package store. |
| 1347 | * Derivations:: Low-level interface to package derivations. |
| 1348 | * The Store Monad:: Purely functional interface to the store. |
| 1349 | * G-Expressions:: Manipulating build expressions. |
| 1350 | @end menu |
| 1351 | |
| 1352 | @node Defining Packages |
| 1353 | @section Defining Packages |
| 1354 | |
| 1355 | The high-level interface to package definitions is implemented in the |
| 1356 | @code{(guix packages)} and @code{(guix build-system)} modules. As an |
| 1357 | example, the package definition, or @dfn{recipe}, for the GNU Hello |
| 1358 | package looks like this: |
| 1359 | |
| 1360 | @example |
| 1361 | (define-module (gnu packages hello) |
| 1362 | #:use-module (guix packages) |
| 1363 | #:use-module (guix download) |
| 1364 | #:use-module (guix build-system gnu) |
| 1365 | #:use-module (guix licenses)) |
| 1366 | |
| 1367 | (define hello |
| 1368 | (package |
| 1369 | (name "hello") |
| 1370 | (version "2.8") |
| 1371 | (source (origin |
| 1372 | (method url-fetch) |
| 1373 | (uri (string-append "mirror://gnu/hello/hello-" version |
| 1374 | ".tar.gz")) |
| 1375 | (sha256 |
| 1376 | (base32 "0wqd8sjmxfskrflaxywc7gqw7sfawrfvdxd9skxawzfgyy0pzdz6")))) |
| 1377 | (build-system gnu-build-system) |
| 1378 | (arguments `(#:configure-flags '("--enable-silent-rules"))) |
| 1379 | (inputs `(("gawk" ,gawk))) |
| 1380 | (synopsis "Hello, GNU world: An example GNU package") |
| 1381 | (description "Guess what GNU Hello prints!") |
| 1382 | (home-page "http://www.gnu.org/software/hello/") |
| 1383 | (license gpl3+))) |
| 1384 | @end example |
| 1385 | |
| 1386 | @noindent |
| 1387 | Without being a Scheme expert, the reader may have guessed the meaning |
| 1388 | of the various fields here. This expression binds variable @code{hello} |
| 1389 | to a @code{<package>} object, which is essentially a record |
| 1390 | (@pxref{SRFI-9, Scheme records,, guile, GNU Guile Reference Manual}). |
| 1391 | This package object can be inspected using procedures found in the |
| 1392 | @code{(guix packages)} module; for instance, @code{(package-name hello)} |
| 1393 | returns---surprise!---@code{"hello"}. |
| 1394 | |
| 1395 | In the example above, @var{hello} is defined into a module of its own, |
| 1396 | @code{(gnu packages hello)}. Technically, this is not strictly |
| 1397 | necessary, but it is convenient to do so: all the packages defined in |
| 1398 | modules under @code{(gnu packages @dots{})} are automatically known to |
| 1399 | the command-line tools (@pxref{Package Modules}). |
| 1400 | |
| 1401 | There are a few points worth noting in the above package definition: |
| 1402 | |
| 1403 | @itemize |
| 1404 | @item |
| 1405 | The @code{source} field of the package is an @code{<origin>} object. |
| 1406 | Here, the @code{url-fetch} method from @code{(guix download)} is used, |
| 1407 | meaning that the source is a file to be downloaded over FTP or HTTP. |
| 1408 | |
| 1409 | The @code{mirror://gnu} prefix instructs @code{url-fetch} to use one of |
| 1410 | the GNU mirrors defined in @code{(guix download)}. |
| 1411 | |
| 1412 | The @code{sha256} field specifies the expected SHA256 hash of the file |
| 1413 | being downloaded. It is mandatory, and allows Guix to check the |
| 1414 | integrity of the file. The @code{(base32 @dots{})} form introduces the |
| 1415 | base32 representation of the hash. You can obtain this information with |
| 1416 | @code{guix download} (@pxref{Invoking guix download}) and @code{guix |
| 1417 | hash} (@pxref{Invoking guix hash}). |
| 1418 | |
| 1419 | @cindex patches |
| 1420 | When needed, the @code{origin} form can also have a @code{patches} field |
| 1421 | listing patches to be applied, and a @code{snippet} field giving a |
| 1422 | Scheme expression to modify the source code. |
| 1423 | |
| 1424 | @item |
| 1425 | @cindex GNU Build System |
| 1426 | The @code{build-system} field specifies the procedure to build the |
| 1427 | package (@pxref{Build Systems}). Here, @var{gnu-build-system} |
| 1428 | represents the familiar GNU Build System, where packages may be |
| 1429 | configured, built, and installed with the usual @code{./configure && |
| 1430 | make && make check && make install} command sequence. |
| 1431 | |
| 1432 | @item |
| 1433 | The @code{arguments} field specifies options for the build system |
| 1434 | (@pxref{Build Systems}). Here it is interpreted by |
| 1435 | @var{gnu-build-system} as a request run @file{configure} with the |
| 1436 | @code{--enable-silent-rules} flag. |
| 1437 | |
| 1438 | @item |
| 1439 | The @code{inputs} field specifies inputs to the build process---i.e., |
| 1440 | build-time or run-time dependencies of the package. Here, we define an |
| 1441 | input called @code{"gawk"} whose value is that of the @var{gawk} |
| 1442 | variable; @var{gawk} is itself bound to a @code{<package>} object. |
| 1443 | |
| 1444 | Note that GCC, Coreutils, Bash, and other essential tools do not need to |
| 1445 | be specified as inputs here. Instead, @var{gnu-build-system} takes care |
| 1446 | of ensuring that they are present (@pxref{Build Systems}). |
| 1447 | |
| 1448 | However, any other dependencies need to be specified in the |
| 1449 | @code{inputs} field. Any dependency not specified here will simply be |
| 1450 | unavailable to the build process, possibly leading to a build failure. |
| 1451 | @end itemize |
| 1452 | |
| 1453 | Once a package definition is in place@footnote{Simple package |
| 1454 | definitions like the one above may be automatically converted from the |
| 1455 | Nixpkgs distribution using the @command{guix import} command.}, the |
| 1456 | package may actually be built using the @code{guix build} command-line |
| 1457 | tool (@pxref{Invoking guix build}). @xref{Packaging Guidelines}, for |
| 1458 | more information on how to test package definitions. |
| 1459 | |
| 1460 | Eventually, updating the package definition to a new upstream version |
| 1461 | can be partly automated by the @command{guix refresh} command |
| 1462 | (@pxref{Invoking guix refresh}). |
| 1463 | |
| 1464 | Behind the scenes, a derivation corresponding to the @code{<package>} |
| 1465 | object is first computed by the @code{package-derivation} procedure. |
| 1466 | That derivation is stored in a @code{.drv} file under @file{/gnu/store}. |
| 1467 | The build actions it prescribes may then be realized by using the |
| 1468 | @code{build-derivations} procedure (@pxref{The Store}). |
| 1469 | |
| 1470 | @deffn {Scheme Procedure} package-derivation @var{store} @var{package} [@var{system}] |
| 1471 | Return the @code{<derivation>} object of @var{package} for @var{system} |
| 1472 | (@pxref{Derivations}). |
| 1473 | |
| 1474 | @var{package} must be a valid @code{<package>} object, and @var{system} |
| 1475 | must be a string denoting the target system type---e.g., |
| 1476 | @code{"x86_64-linux"} for an x86_64 Linux-based GNU system. @var{store} |
| 1477 | must be a connection to the daemon, which operates on the store |
| 1478 | (@pxref{The Store}). |
| 1479 | @end deffn |
| 1480 | |
| 1481 | @noindent |
| 1482 | @cindex cross-compilation |
| 1483 | Similarly, it is possible to compute a derivation that cross-builds a |
| 1484 | package for some other system: |
| 1485 | |
| 1486 | @deffn {Scheme Procedure} package-cross-derivation @var{store} @ |
| 1487 | @var{package} @var{target} [@var{system}] |
| 1488 | Return the @code{<derivation>} object of @var{package} cross-built from |
| 1489 | @var{system} to @var{target}. |
| 1490 | |
| 1491 | @var{target} must be a valid GNU triplet denoting the target hardware |
| 1492 | and operating system, such as @code{"mips64el-linux-gnu"} |
| 1493 | (@pxref{Configuration Names, GNU configuration triplets,, configure, GNU |
| 1494 | Configure and Build System}). |
| 1495 | @end deffn |
| 1496 | |
| 1497 | |
| 1498 | @node Build Systems |
| 1499 | @section Build Systems |
| 1500 | |
| 1501 | @cindex build system |
| 1502 | Each package definition specifies a @dfn{build system} and arguments for |
| 1503 | that build system (@pxref{Defining Packages}). This @code{build-system} |
| 1504 | field represents the build procedure of the package, as well implicit |
| 1505 | dependencies of that build procedure. |
| 1506 | |
| 1507 | Build systems are @code{<build-system>} objects. The interface to |
| 1508 | create and manipulate them is provided by the @code{(guix build-system)} |
| 1509 | module, and actual build systems are exported by specific modules. |
| 1510 | |
| 1511 | Build systems accept an optional list of @dfn{arguments}. In package |
| 1512 | definitions, these are passed @i{via} the @code{arguments} field |
| 1513 | (@pxref{Defining Packages}). They are typically keyword arguments |
| 1514 | (@pxref{Optional Arguments, keyword arguments in Guile,, guile, GNU |
| 1515 | Guile Reference Manual}). The value of these arguments is usually |
| 1516 | evaluated in the @dfn{build stratum}---i.e., by a Guile process launched |
| 1517 | by the daemon (@pxref{Derivations}). |
| 1518 | |
| 1519 | The main build system is @var{gnu-build-system}, which implements the |
| 1520 | standard build procedure for GNU packages and many other packages. It |
| 1521 | is provided by the @code{(guix build-system gnu)} module. |
| 1522 | |
| 1523 | @defvr {Scheme Variable} gnu-build-system |
| 1524 | @var{gnu-build-system} represents the GNU Build System, and variants |
| 1525 | thereof (@pxref{Configuration, configuration and makefile conventions,, |
| 1526 | standards, GNU Coding Standards}). |
| 1527 | |
| 1528 | @cindex build phases |
| 1529 | In a nutshell, packages using it configured, built, and installed with |
| 1530 | the usual @code{./configure && make && make check && make install} |
| 1531 | command sequence. In practice, a few additional steps are often needed. |
| 1532 | All these steps are split up in separate @dfn{phases}, |
| 1533 | notably@footnote{Please see the @code{(guix build gnu-build-system)} |
| 1534 | modules for more details about the build phases.}: |
| 1535 | |
| 1536 | @table @code |
| 1537 | @item unpack |
| 1538 | Unpack the source tarball, and change the current directory to the |
| 1539 | extracted source tree. If the source is actually a directory, copy it |
| 1540 | to the build tree, and enter that directory. |
| 1541 | |
| 1542 | @item patch-source-shebangs |
| 1543 | Patch shebangs encountered in source files so they refer to the right |
| 1544 | store file names. For instance, this changes @code{#!/bin/sh} to |
| 1545 | @code{#!/gnu/store/@dots{}-bash-4.3/bin/sh}. |
| 1546 | |
| 1547 | @item configure |
| 1548 | Run the @file{configure} script with a number of default options, such |
| 1549 | as @code{--prefix=/gnu/store/@dots{}}, as well as the options specified |
| 1550 | by the @code{#:configure-flags} argument. |
| 1551 | |
| 1552 | @item build |
| 1553 | Run @code{make} with the list of flags specified with |
| 1554 | @code{#:make-flags}. If the @code{#:parallel-builds?} argument is true |
| 1555 | (the default), build with @code{make -j}. |
| 1556 | |
| 1557 | @item check |
| 1558 | Run @code{make check}, or some other target specified with |
| 1559 | @code{#:test-target}, unless @code{#:tests? #f} is passed. If the |
| 1560 | @code{#:parallel-tests?} argument is true (the default), run @code{make |
| 1561 | check -j}. |
| 1562 | |
| 1563 | @item install |
| 1564 | Run @code{make install} with the flags listed in @code{#:make-flags}. |
| 1565 | |
| 1566 | @item patch-shebangs |
| 1567 | Patch shebangs on the installed executable files. |
| 1568 | |
| 1569 | @item strip |
| 1570 | Strip debugging symbols from ELF files (unless @code{#:strip-binaries?} |
| 1571 | is false), copying them to the @code{debug} output when available |
| 1572 | (@pxref{Installing Debugging Files}). |
| 1573 | @end table |
| 1574 | |
| 1575 | @vindex %standard-phases |
| 1576 | The build-side module @code{(guix build gnu-build-system)} defines |
| 1577 | @var{%standard-phases} as the default list of build phases. |
| 1578 | @var{%standard-phases} is a list of symbol/procedure pairs, where the |
| 1579 | procedure implements the actual phase. |
| 1580 | |
| 1581 | The list of phases used for a particular package can be changed with the |
| 1582 | @code{#:phases} parameter. For instance, passing: |
| 1583 | |
| 1584 | @example |
| 1585 | #:phases (alist-delete 'configure %standard-phases) |
| 1586 | @end example |
| 1587 | |
| 1588 | means that all the phases described above will be used, except the |
| 1589 | @code{configure} phase. |
| 1590 | |
| 1591 | In addition, this build system ensures that the ``standard'' environment |
| 1592 | for GNU packages is available. This includes tools such as GCC, libc, |
| 1593 | Coreutils, Bash, Make, Diffutils, grep, and sed (see the @code{(guix |
| 1594 | build-system gnu)} module for a complete list.) We call these the |
| 1595 | @dfn{implicit inputs} of a package, because package definitions don't |
| 1596 | have to mention them. |
| 1597 | @end defvr |
| 1598 | |
| 1599 | Other @code{<build-system>} objects are defined to support other |
| 1600 | conventions and tools used by free software packages. They inherit most |
| 1601 | of @var{gnu-build-system}, and differ mainly in the set of inputs |
| 1602 | implicitly added to the build process, and in the list of phases |
| 1603 | executed. Some of these build systems are listed below. |
| 1604 | |
| 1605 | @defvr {Scheme Variable} cmake-build-system |
| 1606 | This variable is exported by @code{(guix build-system cmake)}. It |
| 1607 | implements the build procedure for packages using the |
| 1608 | @url{http://www.cmake.org, CMake build tool}. |
| 1609 | |
| 1610 | It automatically adds the @code{cmake} package to the set of inputs. |
| 1611 | Which package is used can be specified with the @code{#:cmake} |
| 1612 | parameter. |
| 1613 | @end defvr |
| 1614 | |
| 1615 | @defvr {Scheme Variable} python-build-system |
| 1616 | This variable is exported by @code{(guix build-system python)}. It |
| 1617 | implements the more or less standard build procedure used by Python |
| 1618 | packages, which consists in running @code{python setup.py build} and |
| 1619 | then @code{python setup.py install --prefix=/gnu/store/@dots{}}. |
| 1620 | |
| 1621 | For packages that install stand-alone Python programs under @code{bin/}, |
| 1622 | it takes care of wrapping these programs so their @code{PYTHONPATH} |
| 1623 | environment variable points to all the Python libraries they depend on. |
| 1624 | |
| 1625 | Which Python package is used can be specified with the @code{#:python} |
| 1626 | parameter. |
| 1627 | @end defvr |
| 1628 | |
| 1629 | @defvr {Scheme Variable} perl-build-system |
| 1630 | This variable is exported by @code{(guix build-system perl)}. It |
| 1631 | implements the standard build procedure for Perl packages, which |
| 1632 | consists in running @code{perl Makefile.PL PREFIX=/gnu/store/@dots{}}, |
| 1633 | followed by @code{make} and @code{make install}. |
| 1634 | |
| 1635 | The initial @code{perl Makefile.PL} invocation passes flags specified by |
| 1636 | the @code{#:make-maker-flags} parameter. |
| 1637 | |
| 1638 | Which Perl package is used can be specified with @code{#:perl}. |
| 1639 | @end defvr |
| 1640 | |
| 1641 | |
| 1642 | Lastly, for packages that do not need anything as sophisticated, a |
| 1643 | ``trivial'' build system is provided. It is trivial in the sense that |
| 1644 | it provides basically no support: it does not pull any implicit inputs, |
| 1645 | and does not have a notion of build phases. |
| 1646 | |
| 1647 | @defvr {Scheme Variable} trivial-build-system |
| 1648 | This variable is exported by @code{(guix build-system trivial)}. |
| 1649 | |
| 1650 | This build system requires a @code{#:builder} argument. This argument |
| 1651 | must be a Scheme expression that builds the package's output(s)---as |
| 1652 | with @code{build-expression->derivation} (@pxref{Derivations, |
| 1653 | @code{build-expression->derivation}}). |
| 1654 | @end defvr |
| 1655 | |
| 1656 | @node The Store |
| 1657 | @section The Store |
| 1658 | |
| 1659 | @cindex store |
| 1660 | @cindex store paths |
| 1661 | |
| 1662 | Conceptually, the @dfn{store} is where derivations that have been |
| 1663 | successfully built are stored---by default, under @file{/gnu/store}. |
| 1664 | Sub-directories in the store are referred to as @dfn{store paths}. The |
| 1665 | store has an associated database that contains information such has the |
| 1666 | store paths referred to by each store path, and the list of @emph{valid} |
| 1667 | store paths---paths that result from a successful build. |
| 1668 | |
| 1669 | The store is always accessed by the daemon on behalf of its clients |
| 1670 | (@pxref{Invoking guix-daemon}). To manipulate the store, clients |
| 1671 | connect to the daemon over a Unix-domain socket, send it requests, and |
| 1672 | read the result---these are remote procedure calls, or RPCs. |
| 1673 | |
| 1674 | The @code{(guix store)} module provides procedures to connect to the |
| 1675 | daemon, and to perform RPCs. These are described below. |
| 1676 | |
| 1677 | @deffn {Scheme Procedure} open-connection [@var{file}] [#:reserve-space? #t] |
| 1678 | Connect to the daemon over the Unix-domain socket at @var{file}. When |
| 1679 | @var{reserve-space?} is true, instruct it to reserve a little bit of |
| 1680 | extra space on the file system so that the garbage collector can still |
| 1681 | operate, should the disk become full. Return a server object. |
| 1682 | |
| 1683 | @var{file} defaults to @var{%default-socket-path}, which is the normal |
| 1684 | location given the options that were passed to @command{configure}. |
| 1685 | @end deffn |
| 1686 | |
| 1687 | @deffn {Scheme Procedure} close-connection @var{server} |
| 1688 | Close the connection to @var{server}. |
| 1689 | @end deffn |
| 1690 | |
| 1691 | @defvr {Scheme Variable} current-build-output-port |
| 1692 | This variable is bound to a SRFI-39 parameter, which refers to the port |
| 1693 | where build and error logs sent by the daemon should be written. |
| 1694 | @end defvr |
| 1695 | |
| 1696 | Procedures that make RPCs all take a server object as their first |
| 1697 | argument. |
| 1698 | |
| 1699 | @deffn {Scheme Procedure} valid-path? @var{server} @var{path} |
| 1700 | Return @code{#t} when @var{path} is a valid store path. |
| 1701 | @end deffn |
| 1702 | |
| 1703 | @deffn {Scheme Procedure} add-text-to-store @var{server} @var{name} @var{text} [@var{references}] |
| 1704 | Add @var{text} under file @var{name} in the store, and return its store |
| 1705 | path. @var{references} is the list of store paths referred to by the |
| 1706 | resulting store path. |
| 1707 | @end deffn |
| 1708 | |
| 1709 | @deffn {Scheme Procedure} build-derivations @var{server} @var{derivations} |
| 1710 | Build @var{derivations} (a list of @code{<derivation>} objects or |
| 1711 | derivation paths), and return when the worker is done building them. |
| 1712 | Return @code{#t} on success. |
| 1713 | @end deffn |
| 1714 | |
| 1715 | Note that the @code{(guix monads)} module provides a monad as well as |
| 1716 | monadic versions of the above procedures, with the goal of making it |
| 1717 | more convenient to work with code that accesses the store (@pxref{The |
| 1718 | Store Monad}). |
| 1719 | |
| 1720 | @c FIXME |
| 1721 | @i{This section is currently incomplete.} |
| 1722 | |
| 1723 | @node Derivations |
| 1724 | @section Derivations |
| 1725 | |
| 1726 | @cindex derivations |
| 1727 | Low-level build actions and the environment in which they are performed |
| 1728 | are represented by @dfn{derivations}. A derivation contain the |
| 1729 | following pieces of information: |
| 1730 | |
| 1731 | @itemize |
| 1732 | @item |
| 1733 | The outputs of the derivation---derivations produce at least one file or |
| 1734 | directory in the store, but may produce more. |
| 1735 | |
| 1736 | @item |
| 1737 | The inputs of the derivations, which may be other derivations or plain |
| 1738 | files in the store (patches, build scripts, etc.) |
| 1739 | |
| 1740 | @item |
| 1741 | The system type targeted by the derivation---e.g., @code{x86_64-linux}. |
| 1742 | |
| 1743 | @item |
| 1744 | The file name of a build script in the store, along with the arguments |
| 1745 | to be passed. |
| 1746 | |
| 1747 | @item |
| 1748 | A list of environment variables to be defined. |
| 1749 | |
| 1750 | @end itemize |
| 1751 | |
| 1752 | @cindex derivation path |
| 1753 | Derivations allow clients of the daemon to communicate build actions to |
| 1754 | the store. They exist in two forms: as an in-memory representation, |
| 1755 | both on the client- and daemon-side, and as files in the store whose |
| 1756 | name end in @code{.drv}---these files are referred to as @dfn{derivation |
| 1757 | paths}. Derivations paths can be passed to the @code{build-derivations} |
| 1758 | procedure to perform the build actions they prescribe (@pxref{The |
| 1759 | Store}). |
| 1760 | |
| 1761 | The @code{(guix derivations)} module provides a representation of |
| 1762 | derivations as Scheme objects, along with procedures to create and |
| 1763 | otherwise manipulate derivations. The lowest-level primitive to create |
| 1764 | a derivation is the @code{derivation} procedure: |
| 1765 | |
| 1766 | @deffn {Scheme Procedure} derivation @var{store} @var{name} @var{builder} @ |
| 1767 | @var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @ |
| 1768 | [#:recursive? #f] [#:inputs '()] [#:env-vars '()] @ |
| 1769 | [#:system (%current-system)] [#:references-graphs #f] @ |
| 1770 | [#:allowed-references #f] [#:local-build? #f] |
| 1771 | Build a derivation with the given arguments, and return the resulting |
| 1772 | @code{<derivation>} object. |
| 1773 | |
| 1774 | When @var{hash} and @var{hash-algo} are given, a |
| 1775 | @dfn{fixed-output derivation} is created---i.e., one whose result is |
| 1776 | known in advance, such as a file download. If, in addition, |
| 1777 | @var{recursive?} is true, then that fixed output may be an executable |
| 1778 | file or a directory and @var{hash} must be the hash of an archive |
| 1779 | containing this output. |
| 1780 | |
| 1781 | When @var{references-graphs} is true, it must be a list of file |
| 1782 | name/store path pairs. In that case, the reference graph of each store |
| 1783 | path is exported in the build environment in the corresponding file, in |
| 1784 | a simple text format. |
| 1785 | |
| 1786 | When @var{allowed-references} is true, it must be a list of store items |
| 1787 | or outputs that the derivation's output may refer to. |
| 1788 | |
| 1789 | When @var{local-build?} is true, declare that the derivation is not a |
| 1790 | good candidate for offloading and should rather be built locally |
| 1791 | (@pxref{Daemon Offload Setup}). This is the case for small derivations |
| 1792 | where the costs of data transfers would outweigh the benefits. |
| 1793 | @end deffn |
| 1794 | |
| 1795 | @noindent |
| 1796 | Here's an example with a shell script as its builder, assuming |
| 1797 | @var{store} is an open connection to the daemon, and @var{bash} points |
| 1798 | to a Bash executable in the store: |
| 1799 | |
| 1800 | @lisp |
| 1801 | (use-modules (guix utils) |
| 1802 | (guix store) |
| 1803 | (guix derivations)) |
| 1804 | |
| 1805 | (let ((builder ; add the Bash script to the store |
| 1806 | (add-text-to-store store "my-builder.sh" |
| 1807 | "echo hello world > $out\n" '()))) |
| 1808 | (derivation store "foo" |
| 1809 | bash `("-e" ,builder) |
| 1810 | #:inputs `((,bash) (,builder)) |
| 1811 | #:env-vars '(("HOME" . "/homeless")))) |
| 1812 | @result{} #<derivation /gnu/store/@dots{}-foo.drv => /gnu/store/@dots{}-foo> |
| 1813 | @end lisp |
| 1814 | |
| 1815 | As can be guessed, this primitive is cumbersome to use directly. A |
| 1816 | better approach is to write build scripts in Scheme, of course! The |
| 1817 | best course of action for that is to write the build code as a |
| 1818 | ``G-expression'', and to pass it to @code{gexp->derivation}. For more |
| 1819 | information, @ref{G-Expressions}. |
| 1820 | |
| 1821 | Once upon a time, @code{gexp->derivation} did not exist and constructing |
| 1822 | derivations with build code written in Scheme was achieved with |
| 1823 | @code{build-expression->derivation}, documented below. This procedure |
| 1824 | is now deprecated in favor of the much nicer @code{gexp->derivation}. |
| 1825 | |
| 1826 | @deffn {Scheme Procedure} build-expression->derivation @var{store} @ |
| 1827 | @var{name} @var{exp} @ |
| 1828 | [#:system (%current-system)] [#:inputs '()] @ |
| 1829 | [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @ |
| 1830 | [#:recursive? #f] [#:env-vars '()] [#:modules '()] @ |
| 1831 | [#:references-graphs #f] [#:allowed-references #f] @ |
| 1832 | [#:local-build? #f] [#:guile-for-build #f] |
| 1833 | Return a derivation that executes Scheme expression @var{exp} as a |
| 1834 | builder for derivation @var{name}. @var{inputs} must be a list of |
| 1835 | @code{(name drv-path sub-drv)} tuples; when @var{sub-drv} is omitted, |
| 1836 | @code{"out"} is assumed. @var{modules} is a list of names of Guile |
| 1837 | modules from the current search path to be copied in the store, |
| 1838 | compiled, and made available in the load path during the execution of |
| 1839 | @var{exp}---e.g., @code{((guix build utils) (guix build |
| 1840 | gnu-build-system))}. |
| 1841 | |
| 1842 | @var{exp} is evaluated in an environment where @code{%outputs} is bound |
| 1843 | to a list of output/path pairs, and where @code{%build-inputs} is bound |
| 1844 | to a list of string/output-path pairs made from @var{inputs}. |
| 1845 | Optionally, @var{env-vars} is a list of string pairs specifying the name |
| 1846 | and value of environment variables visible to the builder. The builder |
| 1847 | terminates by passing the result of @var{exp} to @code{exit}; thus, when |
| 1848 | @var{exp} returns @code{#f}, the build is considered to have failed. |
| 1849 | |
| 1850 | @var{exp} is built using @var{guile-for-build} (a derivation). When |
| 1851 | @var{guile-for-build} is omitted or is @code{#f}, the value of the |
| 1852 | @code{%guile-for-build} fluid is used instead. |
| 1853 | |
| 1854 | See the @code{derivation} procedure for the meaning of |
| 1855 | @var{references-graphs}, @var{allowed-references}, and @var{local-build?}. |
| 1856 | @end deffn |
| 1857 | |
| 1858 | @noindent |
| 1859 | Here's an example of a single-output derivation that creates a directory |
| 1860 | containing one file: |
| 1861 | |
| 1862 | @lisp |
| 1863 | (let ((builder '(let ((out (assoc-ref %outputs "out"))) |
| 1864 | (mkdir out) ; create /gnu/store/@dots{}-goo |
| 1865 | (call-with-output-file (string-append out "/test") |
| 1866 | (lambda (p) |
| 1867 | (display '(hello guix) p)))))) |
| 1868 | (build-expression->derivation store "goo" builder)) |
| 1869 | |
| 1870 | @result{} #<derivation /gnu/store/@dots{}-goo.drv => @dots{}> |
| 1871 | @end lisp |
| 1872 | |
| 1873 | |
| 1874 | @node The Store Monad |
| 1875 | @section The Store Monad |
| 1876 | |
| 1877 | @cindex monad |
| 1878 | |
| 1879 | The procedures that operate on the store described in the previous |
| 1880 | sections all take an open connection to the build daemon as their first |
| 1881 | argument. Although the underlying model is functional, they either have |
| 1882 | side effects or depend on the current state of the store. |
| 1883 | |
| 1884 | The former is inconvenient: the connection to the build daemon has to be |
| 1885 | carried around in all those functions, making it impossible to compose |
| 1886 | functions that do not take that parameter with functions that do. The |
| 1887 | latter can be problematic: since store operations have side effects |
| 1888 | and/or depend on external state, they have to be properly sequenced. |
| 1889 | |
| 1890 | @cindex monadic values |
| 1891 | @cindex monadic functions |
| 1892 | This is where the @code{(guix monads)} module comes in. This module |
| 1893 | provides a framework for working with @dfn{monads}, and a particularly |
| 1894 | useful monad for our uses, the @dfn{store monad}. Monads are a |
| 1895 | construct that allows two things: associating ``context'' with values |
| 1896 | (in our case, the context is the store), and building sequences of |
| 1897 | computations (here computations includes accesses to the store.) Values |
| 1898 | in a monad---values that carry this additional context---are called |
| 1899 | @dfn{monadic values}; procedures that return such values are called |
| 1900 | @dfn{monadic procedures}. |
| 1901 | |
| 1902 | Consider this ``normal'' procedure: |
| 1903 | |
| 1904 | @example |
| 1905 | (define (sh-symlink store) |
| 1906 | ;; Return a derivation that symlinks the 'bash' executable. |
| 1907 | (let* ((drv (package-derivation store bash)) |
| 1908 | (out (derivation->output-path drv)) |
| 1909 | (sh (string-append out "/bin/bash"))) |
| 1910 | (build-expression->derivation store "sh" |
| 1911 | `(symlink ,sh %output)))) |
| 1912 | @end example |
| 1913 | |
| 1914 | Using @code{(guix monads)}, it may be rewritten as a monadic function: |
| 1915 | |
| 1916 | @c FIXME: Find a better example, one that uses 'mlet'. |
| 1917 | @example |
| 1918 | (define (sh-symlink) |
| 1919 | ;; Same, but return a monadic value. |
| 1920 | (gexp->derivation "sh" |
| 1921 | #~(symlink (string-append #$bash "/bin/bash") #$output))) |
| 1922 | @end example |
| 1923 | |
| 1924 | There are two things to note in the second version: the @code{store} |
| 1925 | parameter is now implicit, and the monadic value returned by |
| 1926 | @code{package-file}---a wrapper around @code{package-derivation} and |
| 1927 | @code{derivation->output-path}---is @dfn{bound} using @code{mlet} |
| 1928 | instead of plain @code{let}. |
| 1929 | |
| 1930 | Calling the monadic @code{profile.sh} has no effect. To get the desired |
| 1931 | effect, one must use @code{run-with-store}: |
| 1932 | |
| 1933 | @example |
| 1934 | (run-with-store (open-connection) (profile.sh)) |
| 1935 | @result{} /gnu/store/...-profile.sh |
| 1936 | @end example |
| 1937 | |
| 1938 | The main syntactic forms to deal with monads in general are described |
| 1939 | below. |
| 1940 | |
| 1941 | @deffn {Scheme Syntax} with-monad @var{monad} @var{body} ... |
| 1942 | Evaluate any @code{>>=} or @code{return} forms in @var{body} as being |
| 1943 | in @var{monad}. |
| 1944 | @end deffn |
| 1945 | |
| 1946 | @deffn {Scheme Syntax} return @var{val} |
| 1947 | Return a monadic value that encapsulates @var{val}. |
| 1948 | @end deffn |
| 1949 | |
| 1950 | @deffn {Scheme Syntax} >>= @var{mval} @var{mproc} |
| 1951 | @dfn{Bind} monadic value @var{mval}, passing its ``contents'' to monadic |
| 1952 | procedure @var{mproc}@footnote{This operation is commonly referred to as |
| 1953 | ``bind'', but that name denotes an unrelated procedure in Guile. Thus |
| 1954 | we use this somewhat cryptic symbol inherited from the Haskell |
| 1955 | language.}. |
| 1956 | @end deffn |
| 1957 | |
| 1958 | @deffn {Scheme Syntax} mlet @var{monad} ((@var{var} @var{mval}) ...) @ |
| 1959 | @var{body} ... |
| 1960 | @deffnx {Scheme Syntax} mlet* @var{monad} ((@var{var} @var{mval}) ...) @ |
| 1961 | @var{body} ... |
| 1962 | Bind the variables @var{var} to the monadic values @var{mval} in |
| 1963 | @var{body}. The form (@var{var} -> @var{val}) binds @var{var} to the |
| 1964 | ``normal'' value @var{val}, as per @code{let}. |
| 1965 | |
| 1966 | @code{mlet*} is to @code{mlet} what @code{let*} is to @code{let} |
| 1967 | (@pxref{Local Bindings,,, guile, GNU Guile Reference Manual}). |
| 1968 | @end deffn |
| 1969 | |
| 1970 | The interface to the store monad provided by @code{(guix monads)} is as |
| 1971 | follows. |
| 1972 | |
| 1973 | @defvr {Scheme Variable} %store-monad |
| 1974 | The store monad. Values in the store monad encapsulate accesses to the |
| 1975 | store. When its effect is needed, a value of the store monad must be |
| 1976 | ``evaluated'' by passing it to the @code{run-with-store} procedure (see |
| 1977 | below.) |
| 1978 | @end defvr |
| 1979 | |
| 1980 | @deffn {Scheme Procedure} run-with-store @var{store} @var{mval} [#:guile-for-build] [#:system (%current-system)] |
| 1981 | Run @var{mval}, a monadic value in the store monad, in @var{store}, an |
| 1982 | open store connection. |
| 1983 | @end deffn |
| 1984 | |
| 1985 | @deffn {Monadic Procedure} text-file @var{name} @var{text} |
| 1986 | Return as a monadic value the absolute file name in the store of the file |
| 1987 | containing @var{text}, a string. |
| 1988 | @end deffn |
| 1989 | |
| 1990 | @deffn {Monadic Procedure} text-file* @var{name} @var{text} @dots{} |
| 1991 | Return as a monadic value a derivation that builds a text file |
| 1992 | containing all of @var{text}. @var{text} may list, in addition to |
| 1993 | strings, packages, derivations, and store file names; the resulting |
| 1994 | store file holds references to all these. |
| 1995 | |
| 1996 | This variant should be preferred over @code{text-file} anytime the file |
| 1997 | to create will reference items from the store. This is typically the |
| 1998 | case when building a configuration file that embeds store file names, |
| 1999 | like this: |
| 2000 | |
| 2001 | @example |
| 2002 | (define (profile.sh) |
| 2003 | ;; Return the name of a shell script in the store that |
| 2004 | ;; initializes the 'PATH' environment variable. |
| 2005 | (text-file* "profile.sh" |
| 2006 | "export PATH=" coreutils "/bin:" |
| 2007 | grep "/bin:" sed "/bin\n")) |
| 2008 | @end example |
| 2009 | |
| 2010 | In this example, the resulting @file{/gnu/store/@dots{}-profile.sh} file |
| 2011 | will references @var{coreutils}, @var{grep}, and @var{sed}, thereby |
| 2012 | preventing them from being garbage-collected during its lifetime. |
| 2013 | @end deffn |
| 2014 | |
| 2015 | @deffn {Monadic Procedure} package-file @var{package} [@var{file}] @ |
| 2016 | [#:system (%current-system)] [#:output "out"] Return as a monadic |
| 2017 | value in the absolute file name of @var{file} within the @var{output} |
| 2018 | directory of @var{package}. When @var{file} is omitted, return the name |
| 2019 | of the @var{output} directory of @var{package}. |
| 2020 | @end deffn |
| 2021 | |
| 2022 | @deffn {Monadic Procedure} package->derivation @var{package} [@var{system}] |
| 2023 | Monadic version of @code{package-derivation} (@pxref{Defining |
| 2024 | Packages}). |
| 2025 | @end deffn |
| 2026 | |
| 2027 | |
| 2028 | @node G-Expressions |
| 2029 | @section G-Expressions |
| 2030 | |
| 2031 | @cindex G-expression |
| 2032 | @cindex build code quoting |
| 2033 | So we have ``derivations'', which represent a sequence of build actions |
| 2034 | to be performed to produce an item in the store (@pxref{Derivations}). |
| 2035 | Those build actions are performed when asking the daemon to actually |
| 2036 | build the derivations; they are run by the daemon in a container |
| 2037 | (@pxref{Invoking guix-daemon}). |
| 2038 | |
| 2039 | @cindex strata of code |
| 2040 | It should come as no surprise that we like to write those build actions |
| 2041 | in Scheme. When we do that, we end up with two @dfn{strata} of Scheme |
| 2042 | code@footnote{The term @dfn{stratum} in this context was coined by |
| 2043 | Manuel Serrano et al.@: in the context of their work on Hop. Oleg |
| 2044 | Kiselyov, who has written insightful |
| 2045 | @url{http://okmij.org/ftp/meta-programming/#meta-scheme, essays and code |
| 2046 | on this topic}, refers to this kind of code generation as |
| 2047 | @dfn{staging}.}: the ``host code''---code that defines packages, talks |
| 2048 | to the daemon, etc.---and the ``build code''---code that actually |
| 2049 | performs build actions, such as making directories, invoking |
| 2050 | @command{make}, etc. |
| 2051 | |
| 2052 | To describe a derivation and its build actions, one typically needs to |
| 2053 | embed build code inside host code. It boils down to manipulating build |
| 2054 | code as data, and Scheme's homoiconicity---code has a direct |
| 2055 | representation as data---comes in handy for that. But we need more than |
| 2056 | Scheme's normal @code{quasiquote} mechanism to construct build |
| 2057 | expressions. |
| 2058 | |
| 2059 | The @code{(guix gexp)} module implements @dfn{G-expressions}, a form of |
| 2060 | S-expressions adapted to build expressions. G-expressions, or |
| 2061 | @dfn{gexps}, consist essentially in three syntactic forms: @code{gexp}, |
| 2062 | @code{ungexp}, and @code{ungexp-splicing} (or simply: @code{#~}, |
| 2063 | @code{#$}, and @code{#$@@}), which are comparable respectively to |
| 2064 | @code{quasiquote}, @code{unquote}, and @code{unquote-splicing} |
| 2065 | (@pxref{Expression Syntax, @code{quasiquote},, guile, GNU Guile |
| 2066 | Reference Manual}). However, there are major differences: |
| 2067 | |
| 2068 | @itemize |
| 2069 | @item |
| 2070 | Gexps are meant to be written to a file and run or manipulated by other |
| 2071 | processes. |
| 2072 | |
| 2073 | @item |
| 2074 | When a package or derivation is unquoted inside a gexp, the result is as |
| 2075 | if its output file name had been introduced. |
| 2076 | |
| 2077 | @item |
| 2078 | Gexps carry information about the packages or derivations they refer to, |
| 2079 | and these dependencies are automatically added as inputs to the build |
| 2080 | processes that use them. |
| 2081 | @end itemize |
| 2082 | |
| 2083 | To illustrate the idea, here is an example of a gexp: |
| 2084 | |
| 2085 | @example |
| 2086 | (define build-exp |
| 2087 | #~(begin |
| 2088 | (mkdir #$output) |
| 2089 | (chdir #$output) |
| 2090 | (symlink (string-append #$coreutils "/bin/ls") |
| 2091 | "list-files"))) |
| 2092 | @end example |
| 2093 | |
| 2094 | This gexp can be passed to @code{gexp->derivation}; we obtain a |
| 2095 | derivation that builds a directory containing exactly one symlink to |
| 2096 | @file{/gnu/store/@dots{}-coreutils-8.22/bin/ls}: |
| 2097 | |
| 2098 | @example |
| 2099 | (gexp->derivation "the-thing" build-exp) |
| 2100 | @end example |
| 2101 | |
| 2102 | As one would expect, the @code{"/gnu/store/@dots{}-coreutils-8.22"} string is |
| 2103 | substituted to the reference to the @var{coreutils} package in the |
| 2104 | actual build code, and @var{coreutils} is automatically made an input to |
| 2105 | the derivation. Likewise, @code{#$output} (equivalent to @code{(ungexp |
| 2106 | output)}) is replaced by a string containing the derivation's output |
| 2107 | directory name. The syntactic form to construct gexps is summarized |
| 2108 | below. |
| 2109 | |
| 2110 | @deffn {Scheme Syntax} #~@var{exp} |
| 2111 | @deffnx {Scheme Syntax} (gexp @var{exp}) |
| 2112 | Return a G-expression containing @var{exp}. @var{exp} may contain one |
| 2113 | or more of the following forms: |
| 2114 | |
| 2115 | @table @code |
| 2116 | @item #$@var{obj} |
| 2117 | @itemx (ungexp @var{obj}) |
| 2118 | Introduce a reference to @var{obj}. @var{obj} may be a package or a |
| 2119 | derivation, in which case the @code{ungexp} form is replaced by its |
| 2120 | output file name---e.g., @code{"/gnu/store/@dots{}-coreutils-8.22}. |
| 2121 | |
| 2122 | If @var{obj} is a list, it is traversed and any package or derivation |
| 2123 | references are substituted similarly. |
| 2124 | |
| 2125 | If @var{obj} is another gexp, its contents are inserted and its |
| 2126 | dependencies are added to those of the containing gexp. |
| 2127 | |
| 2128 | If @var{obj} is another kind of object, it is inserted as is. |
| 2129 | |
| 2130 | @item #$@var{package-or-derivation}:@var{output} |
| 2131 | @itemx (ungexp @var{package-or-derivation} @var{output}) |
| 2132 | This is like the form above, but referring explicitly to the |
| 2133 | @var{output} of @var{package-or-derivation}---this is useful when |
| 2134 | @var{package-or-derivation} produces multiple outputs (@pxref{Packages |
| 2135 | with Multiple Outputs}). |
| 2136 | |
| 2137 | @item #$output[:@var{output}] |
| 2138 | @itemx (ungexp output [@var{output}]) |
| 2139 | Insert a reference to derivation output @var{output}, or to the main |
| 2140 | output when @var{output} is omitted. |
| 2141 | |
| 2142 | This only makes sense for gexps passed to @code{gexp->derivation}. |
| 2143 | |
| 2144 | @item #$@@@var{lst} |
| 2145 | @itemx (ungexp-splicing @var{lst}) |
| 2146 | Like the above, but splices the contents of @var{lst} inside the |
| 2147 | containing list. |
| 2148 | |
| 2149 | @end table |
| 2150 | |
| 2151 | G-expressions created by @code{gexp} or @code{#~} are run-time objects |
| 2152 | of the @code{gexp?} type (see below.) |
| 2153 | @end deffn |
| 2154 | |
| 2155 | @deffn {Scheme Procedure} gexp? @var{obj} |
| 2156 | Return @code{#t} if @var{obj} is a G-expression. |
| 2157 | @end deffn |
| 2158 | |
| 2159 | G-expressions are meant to be written to disk, either as code building |
| 2160 | some derivation, or as plain files in the store. The monadic procedures |
| 2161 | below allow you to do that (@pxref{The Store Monad}, for more |
| 2162 | information about monads.) |
| 2163 | |
| 2164 | @deffn {Monadic Procedure} gexp->derivation @var{name} @var{exp} @ |
| 2165 | [#:system (%current-system)] [#:inputs '()] @ |
| 2166 | [#:hash #f] [#:hash-algo #f] @ |
| 2167 | [#:recursive? #f] [#:env-vars '()] [#:modules '()] @ |
| 2168 | [#:references-graphs #f] [#:local-build? #f] @ |
| 2169 | [#:guile-for-build #f] |
| 2170 | Return a derivation @var{name} that runs @var{exp} (a gexp) with |
| 2171 | @var{guile-for-build} (a derivation) on @var{system}. |
| 2172 | |
| 2173 | Make @var{modules} available in the evaluation context of @var{EXP}; |
| 2174 | @var{MODULES} is a list of names of Guile modules from the current |
| 2175 | search path to be copied in the store, compiled, and made available in |
| 2176 | the load path during the execution of @var{exp}---e.g., @code{((guix |
| 2177 | build utils) (guix build gnu-build-system))}. |
| 2178 | |
| 2179 | The other arguments are as for @code{derivation} (@pxref{Derivations}). |
| 2180 | @end deffn |
| 2181 | |
| 2182 | @deffn {Monadic Procedure} gexp->script @var{name} @var{exp} |
| 2183 | Return an executable script @var{name} that runs @var{exp} using |
| 2184 | @var{guile} with @var{modules} in its search path. |
| 2185 | |
| 2186 | The example below builds a script that simply invokes the @command{ls} |
| 2187 | command: |
| 2188 | |
| 2189 | @example |
| 2190 | (use-modules (guix gexp) (gnu packages base)) |
| 2191 | |
| 2192 | (gexp->script "list-files" |
| 2193 | #~(execl (string-append #$coreutils "/bin/ls") |
| 2194 | "ls")) |
| 2195 | @end example |
| 2196 | |
| 2197 | When ``running'' it through the store (@pxref{The Store Monad, |
| 2198 | @code{run-with-store}}), we obtain a derivation that produces an |
| 2199 | executable file @file{/gnu/store/@dots{}-list-files} along these lines: |
| 2200 | |
| 2201 | @example |
| 2202 | #!/gnu/store/@dots{}-guile-2.0.11/bin/guile -ds |
| 2203 | !# |
| 2204 | (execl (string-append "/gnu/store/@dots{}-coreutils-8.22"/bin/ls") |
| 2205 | "ls") |
| 2206 | @end example |
| 2207 | @end deffn |
| 2208 | |
| 2209 | @deffn {Monadic Procedure} gexp->file @var{name} @var{exp} |
| 2210 | Return a derivation that builds a file @var{name} containing @var{exp}. |
| 2211 | |
| 2212 | The resulting file holds references to all the dependencies of @var{exp} |
| 2213 | or a subset thereof. |
| 2214 | @end deffn |
| 2215 | |
| 2216 | Of course, in addition to gexps embedded in ``host'' code, there are |
| 2217 | also modules containing build tools. To make it clear that they are |
| 2218 | meant to be used in the build stratum, these modules are kept in the |
| 2219 | @code{(guix build @dots{})} name space. |
| 2220 | |
| 2221 | |
| 2222 | @c ********************************************************************* |
| 2223 | @node Utilities |
| 2224 | @chapter Utilities |
| 2225 | |
| 2226 | This section describes tools primarily targeted at developers and users |
| 2227 | who write new package definitions. They complement the Scheme |
| 2228 | programming interface of Guix in a convenient way. |
| 2229 | |
| 2230 | @menu |
| 2231 | * Invoking guix build:: Building packages from the command line. |
| 2232 | * Invoking guix download:: Downloading a file and printing its hash. |
| 2233 | * Invoking guix hash:: Computing the cryptographic hash of a file. |
| 2234 | * Invoking guix refresh:: Updating package definitions. |
| 2235 | @end menu |
| 2236 | |
| 2237 | @node Invoking guix build |
| 2238 | @section Invoking @command{guix build} |
| 2239 | |
| 2240 | The @command{guix build} command builds packages or derivations and |
| 2241 | their dependencies, and prints the resulting store paths. Note that it |
| 2242 | does not modify the user's profile---this is the job of the |
| 2243 | @command{guix package} command (@pxref{Invoking guix package}). Thus, |
| 2244 | it is mainly useful for distribution developers. |
| 2245 | |
| 2246 | The general syntax is: |
| 2247 | |
| 2248 | @example |
| 2249 | guix build @var{options} @var{package-or-derivation}@dots{} |
| 2250 | @end example |
| 2251 | |
| 2252 | @var{package-or-derivation} may be either the name of a package found in |
| 2253 | the software distribution such as @code{coreutils} or |
| 2254 | @code{coreutils-8.20}, or a derivation such as |
| 2255 | @file{/gnu/store/@dots{}-coreutils-8.19.drv}. In the former case, a |
| 2256 | package with the corresponding name (and optionally version) is searched |
| 2257 | for among the GNU distribution modules (@pxref{Package Modules}). |
| 2258 | |
| 2259 | Alternatively, the @code{--expression} option may be used to specify a |
| 2260 | Scheme expression that evaluates to a package; this is useful when |
| 2261 | disambiguation among several same-named packages or package variants is |
| 2262 | needed. |
| 2263 | |
| 2264 | The @var{options} may be zero or more of the following: |
| 2265 | |
| 2266 | @table @code |
| 2267 | |
| 2268 | @item --expression=@var{expr} |
| 2269 | @itemx -e @var{expr} |
| 2270 | Build the package or derivation @var{expr} evaluates to. |
| 2271 | |
| 2272 | For example, @var{expr} may be @code{(@@ (gnu packages guile) |
| 2273 | guile-1.8)}, which unambiguously designates this specific variant of |
| 2274 | version 1.8 of Guile. |
| 2275 | |
| 2276 | Alternately, @var{expr} may be a G-expression, in which case it is used |
| 2277 | as a build program passed to @code{gexp->derivation} |
| 2278 | (@pxref{G-Expressions}). |
| 2279 | |
| 2280 | Lastly, @var{expr} may refer to a zero-argument monadic procedure |
| 2281 | (@pxref{The Store Monad}). The procedure must return a derivation as a |
| 2282 | monadic value, which is then passed through @code{run-with-store}. |
| 2283 | |
| 2284 | @item --source |
| 2285 | @itemx -S |
| 2286 | Build the packages' source derivations, rather than the packages |
| 2287 | themselves. |
| 2288 | |
| 2289 | For instance, @code{guix build -S gcc} returns something like |
| 2290 | @file{/gnu/store/@dots{}-gcc-4.7.2.tar.bz2}, which is GCC's source tarball. |
| 2291 | |
| 2292 | The returned source tarball is the result of applying any patches and |
| 2293 | code snippets specified in the package's @code{origin} (@pxref{Defining |
| 2294 | Packages}). |
| 2295 | |
| 2296 | @item --system=@var{system} |
| 2297 | @itemx -s @var{system} |
| 2298 | Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of |
| 2299 | the host's system type. |
| 2300 | |
| 2301 | An example use of this is on Linux-based systems, which can emulate |
| 2302 | different personalities. For instance, passing |
| 2303 | @code{--system=i686-linux} on an @code{x86_64-linux} system allows users |
| 2304 | to build packages in a complete 32-bit environment. |
| 2305 | |
| 2306 | @item --target=@var{triplet} |
| 2307 | @cindex cross-compilation |
| 2308 | Cross-build for @var{triplet}, which must be a valid GNU triplet, such |
| 2309 | as @code{"mips64el-linux-gnu"} (@pxref{Configuration Names, GNU |
| 2310 | configuration triplets,, configure, GNU Configure and Build System}). |
| 2311 | |
| 2312 | @item --with-source=@var{source} |
| 2313 | Use @var{source} as the source of the corresponding package. |
| 2314 | @var{source} must be a file name or a URL, as for @command{guix |
| 2315 | download} (@pxref{Invoking guix download}). |
| 2316 | |
| 2317 | The ``corresponding package'' is taken to be one specified on the |
| 2318 | command line whose name matches the base of @var{source}---e.g., if |
| 2319 | @var{source} is @code{/src/guile-2.0.10.tar.gz}, the corresponding |
| 2320 | package is @code{guile}. Likewise, the version string is inferred from |
| 2321 | @var{source}; in the previous example, it's @code{2.0.10}. |
| 2322 | |
| 2323 | This option allows users to try out versions of packages other than the |
| 2324 | one provided by the distribution. The example below downloads |
| 2325 | @file{ed-1.7.tar.gz} from a GNU mirror and uses that as the source for |
| 2326 | the @code{ed} package: |
| 2327 | |
| 2328 | @example |
| 2329 | guix build ed --with-source=mirror://gnu/ed/ed-1.7.tar.gz |
| 2330 | @end example |
| 2331 | |
| 2332 | As a developer, @code{--with-source} makes it easy to test release |
| 2333 | candidates: |
| 2334 | |
| 2335 | @example |
| 2336 | guix build guile --with-source=../guile-2.0.9.219-e1bb7.tar.xz |
| 2337 | @end example |
| 2338 | |
| 2339 | |
| 2340 | @item --derivations |
| 2341 | @itemx -d |
| 2342 | Return the derivation paths, not the output paths, of the given |
| 2343 | packages. |
| 2344 | |
| 2345 | @item --root=@var{file} |
| 2346 | @itemx -r @var{file} |
| 2347 | Make @var{file} a symlink to the result, and register it as a garbage |
| 2348 | collector root. |
| 2349 | |
| 2350 | @item --log-file |
| 2351 | Return the build log file names for the given |
| 2352 | @var{package-or-derivation}s, or raise an error if build logs are |
| 2353 | missing. |
| 2354 | |
| 2355 | This works regardless of how packages or derivations are specified. For |
| 2356 | instance, the following invocations are equivalent: |
| 2357 | |
| 2358 | @example |
| 2359 | guix build --log-file `guix build -d guile` |
| 2360 | guix build --log-file `guix build guile` |
| 2361 | guix build --log-file guile |
| 2362 | guix build --log-file -e '(@@ (gnu packages guile) guile-2.0)' |
| 2363 | @end example |
| 2364 | |
| 2365 | |
| 2366 | @end table |
| 2367 | |
| 2368 | @cindex common build options |
| 2369 | In addition, a number of options that control the build process are |
| 2370 | common to @command{guix build} and other commands that can spawn builds, |
| 2371 | such as @command{guix package} or @command{guix archive}. These are the |
| 2372 | following: |
| 2373 | |
| 2374 | @table @code |
| 2375 | |
| 2376 | @item --keep-failed |
| 2377 | @itemx -K |
| 2378 | Keep the build tree of failed builds. Thus, if a build fail, its build |
| 2379 | tree is kept under @file{/tmp}, in a directory whose name is shown at |
| 2380 | the end of the build log. This is useful when debugging build issues. |
| 2381 | |
| 2382 | @item --dry-run |
| 2383 | @itemx -n |
| 2384 | Do not build the derivations. |
| 2385 | |
| 2386 | @item --fallback |
| 2387 | When substituting a pre-built binary fails, fall back to building |
| 2388 | packages locally. |
| 2389 | |
| 2390 | @item --no-substitutes |
| 2391 | Do not use substitutes for build products. That is, always build things |
| 2392 | locally instead of allowing downloads of pre-built binaries |
| 2393 | (@pxref{Substitutes}). |
| 2394 | |
| 2395 | @item --no-build-hook |
| 2396 | Do not attempt to offload builds @i{via} the daemon's ``build hook'' |
| 2397 | (@pxref{Daemon Offload Setup}). That is, always build things locally |
| 2398 | instead of offloading builds to remote machines. |
| 2399 | |
| 2400 | @item --max-silent-time=@var{seconds} |
| 2401 | When the build or substitution process remains silent for more than |
| 2402 | @var{seconds}, terminate it and report a build failure. |
| 2403 | |
| 2404 | @item --timeout=@var{seconds} |
| 2405 | Likewise, when the build or substitution process lasts for more than |
| 2406 | @var{seconds}, terminate it and report a build failure. |
| 2407 | |
| 2408 | By default there is no timeout. This behavior can be restored with |
| 2409 | @code{--timeout=0}. |
| 2410 | |
| 2411 | @item --verbosity=@var{level} |
| 2412 | Use the given verbosity level. @var{level} must be an integer between 0 |
| 2413 | and 5; higher means more verbose output. Setting a level of 4 or more |
| 2414 | may be helpful when debugging setup issues with the build daemon. |
| 2415 | |
| 2416 | @item --cores=@var{n} |
| 2417 | @itemx -c @var{n} |
| 2418 | Allow the use of up to @var{n} CPU cores for the build. The special |
| 2419 | value @code{0} means to use as many CPU cores as available. |
| 2420 | |
| 2421 | @end table |
| 2422 | |
| 2423 | Behind the scenes, @command{guix build} is essentially an interface to |
| 2424 | the @code{package-derivation} procedure of the @code{(guix packages)} |
| 2425 | module, and to the @code{build-derivations} procedure of the @code{(guix |
| 2426 | store)} module. |
| 2427 | |
| 2428 | @node Invoking guix download |
| 2429 | @section Invoking @command{guix download} |
| 2430 | |
| 2431 | When writing a package definition, developers typically need to download |
| 2432 | the package's source tarball, compute its SHA256 hash, and write that |
| 2433 | hash in the package definition (@pxref{Defining Packages}). The |
| 2434 | @command{guix download} tool helps with this task: it downloads a file |
| 2435 | from the given URI, adds it to the store, and prints both its file name |
| 2436 | in the store and its SHA256 hash. |
| 2437 | |
| 2438 | The fact that the downloaded file is added to the store saves bandwidth: |
| 2439 | when the developer eventually tries to build the newly defined package |
| 2440 | with @command{guix build}, the source tarball will not have to be |
| 2441 | downloaded again because it is already in the store. It is also a |
| 2442 | convenient way to temporarily stash files, which may be deleted |
| 2443 | eventually (@pxref{Invoking guix gc}). |
| 2444 | |
| 2445 | The @command{guix download} command supports the same URIs as used in |
| 2446 | package definitions. In particular, it supports @code{mirror://} URIs. |
| 2447 | @code{https} URIs (HTTP over TLS) are supported @emph{provided} the |
| 2448 | Guile bindings for GnuTLS are available in the user's environment; when |
| 2449 | they are not available, an error is raised. |
| 2450 | |
| 2451 | The following option is available: |
| 2452 | |
| 2453 | @table @code |
| 2454 | @item --format=@var{fmt} |
| 2455 | @itemx -f @var{fmt} |
| 2456 | Write the hash in the format specified by @var{fmt}. For more |
| 2457 | information on the valid values for @var{fmt}, @ref{Invoking guix hash}. |
| 2458 | @end table |
| 2459 | |
| 2460 | @node Invoking guix hash |
| 2461 | @section Invoking @command{guix hash} |
| 2462 | |
| 2463 | The @command{guix hash} command computes the SHA256 hash of a file. |
| 2464 | It is primarily a convenience tool for anyone contributing to the |
| 2465 | distribution: it computes the cryptographic hash of a file, which can be |
| 2466 | used in the definition of a package (@pxref{Defining Packages}). |
| 2467 | |
| 2468 | The general syntax is: |
| 2469 | |
| 2470 | @example |
| 2471 | guix hash @var{option} @var{file} |
| 2472 | @end example |
| 2473 | |
| 2474 | @command{guix hash} has the following option: |
| 2475 | |
| 2476 | @table @code |
| 2477 | |
| 2478 | @item --format=@var{fmt} |
| 2479 | @itemx -f @var{fmt} |
| 2480 | Write the hash in the format specified by @var{fmt}. |
| 2481 | |
| 2482 | Supported formats: @code{nix-base32}, @code{base32}, @code{base16} |
| 2483 | (@code{hex} and @code{hexadecimal} can be used as well). |
| 2484 | |
| 2485 | If the @option{--format} option is not specified, @command{guix hash} |
| 2486 | will output the hash in @code{nix-base32}. This representation is used |
| 2487 | in the definitions of packages. |
| 2488 | |
| 2489 | @item --recursive |
| 2490 | @itemx -r |
| 2491 | Compute the hash on @var{file} recursively. |
| 2492 | |
| 2493 | In this case, the hash is computed on an archive containing @var{file}, |
| 2494 | including its children if it is a directory. Some of @var{file}'s |
| 2495 | meta-data is part of the archive; for instance, when @var{file} is a |
| 2496 | regular file, the hash is different depending on whether @var{file} is |
| 2497 | executable or not. Meta-data such as time stamps has no impact on the |
| 2498 | hash (@pxref{Invoking guix archive}). |
| 2499 | @c FIXME: Replace xref above with xref to an ``Archive'' section when |
| 2500 | @c it exists. |
| 2501 | |
| 2502 | @end table |
| 2503 | |
| 2504 | @node Invoking guix refresh |
| 2505 | @section Invoking @command{guix refresh} |
| 2506 | |
| 2507 | The primary audience of the @command{guix refresh} command is developers |
| 2508 | of the GNU software distribution. By default, it reports any packages |
| 2509 | provided by the distribution that are outdated compared to the latest |
| 2510 | upstream version, like this: |
| 2511 | |
| 2512 | @example |
| 2513 | $ guix refresh |
| 2514 | gnu/packages/gettext.scm:29:13: gettext would be upgraded from 0.18.1.1 to 0.18.2.1 |
| 2515 | gnu/packages/glib.scm:77:12: glib would be upgraded from 2.34.3 to 2.37.0 |
| 2516 | @end example |
| 2517 | |
| 2518 | It does so by browsing each package's FTP directory and determining the |
| 2519 | highest version number of the source tarballs |
| 2520 | therein@footnote{Currently, this only works for GNU packages.}. |
| 2521 | |
| 2522 | When passed @code{--update}, it modifies distribution source files to |
| 2523 | update the version numbers and source tarball hashes of those packages' |
| 2524 | recipes (@pxref{Defining Packages}). This is achieved by downloading |
| 2525 | each package's latest source tarball and its associated OpenPGP |
| 2526 | signature, authenticating the downloaded tarball against its signature |
| 2527 | using @command{gpg}, and finally computing its hash. When the public |
| 2528 | key used to sign the tarball is missing from the user's keyring, an |
| 2529 | attempt is made to automatically retrieve it from a public key server; |
| 2530 | when it's successful, the key is added to the user's keyring; otherwise, |
| 2531 | @command{guix refresh} reports an error. |
| 2532 | |
| 2533 | The following options are supported: |
| 2534 | |
| 2535 | @table @code |
| 2536 | |
| 2537 | @item --update |
| 2538 | @itemx -u |
| 2539 | Update distribution source files (package recipes) in place. |
| 2540 | @ref{Defining Packages}, for more information on package definitions. |
| 2541 | |
| 2542 | @item --select=[@var{subset}] |
| 2543 | @itemx -s @var{subset} |
| 2544 | Select all the packages in @var{subset}, one of @code{core} or |
| 2545 | @code{non-core}. |
| 2546 | |
| 2547 | The @code{core} subset refers to all the packages at the core of the |
| 2548 | distribution---i.e., packages that are used to build ``everything |
| 2549 | else''. This includes GCC, libc, Binutils, Bash, etc. Usually, |
| 2550 | changing one of these packages in the distribution entails a rebuild of |
| 2551 | all the others. Thus, such updates are an inconvenience to users in |
| 2552 | terms of build time or bandwidth used to achieve the upgrade. |
| 2553 | |
| 2554 | The @code{non-core} subset refers to the remaining packages. It is |
| 2555 | typically useful in cases where an update of the core packages would be |
| 2556 | inconvenient. |
| 2557 | |
| 2558 | @end table |
| 2559 | |
| 2560 | In addition, @command{guix refresh} can be passed one or more package |
| 2561 | names, as in this example: |
| 2562 | |
| 2563 | @example |
| 2564 | guix refresh -u emacs idutils |
| 2565 | @end example |
| 2566 | |
| 2567 | @noindent |
| 2568 | The command above specifically updates the @code{emacs} and |
| 2569 | @code{idutils} packages. The @code{--select} option would have no |
| 2570 | effect in this case. |
| 2571 | |
| 2572 | When considering whether to upgrade a package, it is sometimes |
| 2573 | convenient to know which packages would be affected by the upgrade and |
| 2574 | should be checked for compatibility. For this the following option may |
| 2575 | be used when passing @command{guix refresh} one or more package names: |
| 2576 | |
| 2577 | @table @code |
| 2578 | |
| 2579 | @item --list-dependent |
| 2580 | @itemx -l |
| 2581 | List top-level dependent packages that would need to be rebuilt as a |
| 2582 | result of upgrading one or more packages. |
| 2583 | |
| 2584 | @end table |
| 2585 | |
| 2586 | Be aware that the @code{--list-dependent} option only |
| 2587 | @emph{approximates} the rebuilds that would be required as a result of |
| 2588 | an upgrade. More rebuilds might be required under some circumstances. |
| 2589 | |
| 2590 | @example |
| 2591 | $ guix refresh --list-dependent flex |
| 2592 | Building the following 120 packages would ensure 213 dependent packages are rebuilt: |
| 2593 | hop-2.4.0 geiser-0.4 notmuch-0.18 mu-0.9.9.5 cflow-1.4 idutils-4.6 @dots{} |
| 2594 | @end example |
| 2595 | |
| 2596 | The command above lists a set of packages that could be built to check |
| 2597 | for compatibility with an upgraded @code{flex} package. |
| 2598 | |
| 2599 | The following options can be used to customize GnuPG operation: |
| 2600 | |
| 2601 | @table @code |
| 2602 | |
| 2603 | @item --key-server=@var{host} |
| 2604 | Use @var{host} as the OpenPGP key server when importing a public key. |
| 2605 | |
| 2606 | @item --gpg=@var{command} |
| 2607 | Use @var{command} as the GnuPG 2.x command. @var{command} is searched |
| 2608 | for in @code{$PATH}. |
| 2609 | |
| 2610 | @end table |
| 2611 | |
| 2612 | |
| 2613 | @c ********************************************************************* |
| 2614 | @node GNU Distribution |
| 2615 | @chapter GNU Distribution |
| 2616 | |
| 2617 | Guix comes with a distribution of free software@footnote{The term |
| 2618 | ``free'' here refers to the |
| 2619 | @url{http://www.gnu.org/philosophy/free-sw.html,freedom provided to |
| 2620 | users of that software}.} that forms the basis of the GNU system. This |
| 2621 | includes core GNU packages such as GNU libc, GCC, and Binutils, as well |
| 2622 | as many GNU and non-GNU applications. The complete list of available |
| 2623 | packages can be browsed |
| 2624 | @url{http://www.gnu.org/software/guix/package-list.html,on-line} or by |
| 2625 | running @command{guix package} (@pxref{Invoking guix package}): |
| 2626 | |
| 2627 | @example |
| 2628 | guix package --list-available |
| 2629 | @end example |
| 2630 | |
| 2631 | Our goal is to build a practical 100% free software distribution of |
| 2632 | Linux-based and other variants of GNU, with a focus on the promotion and |
| 2633 | tight integration of GNU components, and an emphasis on programs and |
| 2634 | tools that help users exert that freedom. |
| 2635 | |
| 2636 | The GNU distribution is currently available on the following platforms: |
| 2637 | |
| 2638 | @table @code |
| 2639 | |
| 2640 | @item x86_64-linux |
| 2641 | Intel/AMD @code{x86_64} architecture, Linux-Libre kernel; |
| 2642 | |
| 2643 | @item i686-linux |
| 2644 | Intel 32-bit architecture (IA32), Linux-Libre kernel; |
| 2645 | |
| 2646 | @item mips64el-linux |
| 2647 | little-endian 64-bit MIPS processors, specifically the Loongson series, |
| 2648 | n32 application binary interface (ABI), and Linux-Libre kernel. |
| 2649 | |
| 2650 | @end table |
| 2651 | |
| 2652 | @noindent |
| 2653 | For information on porting to other architectures or kernels, |
| 2654 | @xref{Porting}. |
| 2655 | |
| 2656 | @menu |
| 2657 | * System Installation:: Installing the whole operating system. |
| 2658 | * System Configuration:: Configuring a GNU system. |
| 2659 | * Installing Debugging Files:: Feeding the debugger. |
| 2660 | * Package Modules:: Packages from the programmer's viewpoint. |
| 2661 | * Packaging Guidelines:: Growing the distribution. |
| 2662 | * Bootstrapping:: GNU/Linux built from scratch. |
| 2663 | * Porting:: Targeting another platform or kernel. |
| 2664 | @end menu |
| 2665 | |
| 2666 | Building this distribution is a cooperative effort, and you are invited |
| 2667 | to join! @ref{Contributing}, for information about how you can help. |
| 2668 | |
| 2669 | @node System Installation |
| 2670 | @section System Installation |
| 2671 | |
| 2672 | This section explains how to install the complete GNU operating system |
| 2673 | on a machine. The Guix package manager can also be installed on top of |
| 2674 | a running GNU/Linux system, @ref{Installation}. |
| 2675 | |
| 2676 | @ifinfo |
| 2677 | @c This paragraph is for people reading this from tty2 of the |
| 2678 | @c installation image. |
| 2679 | You're reading this documentation with an Info reader. For details on |
| 2680 | how to use it, hit the @key{RET} key (``return'' or ``enter'') on the |
| 2681 | link that follows: @ref{Help,,, info, Info: An Introduction}. Hit |
| 2682 | @kbd{l} afterwards to come back here. |
| 2683 | @end ifinfo |
| 2684 | |
| 2685 | @subsection Limitations |
| 2686 | |
| 2687 | As of version @value{VERSION}, GNU@tie{}Guix and the GNU system |
| 2688 | distribution are alpha software. It may contain bugs and lack important |
| 2689 | features. Thus, if you are looking for a stable production system that |
| 2690 | respects your freedom as a computer user, a good solution at this point |
| 2691 | is to consider @url{http://www.gnu.org/distros/free-distros.html, one of |
| 2692 | more established GNU/Linux distributions}. We hope you can soon switch |
| 2693 | to the GNU system without fear, of course. In the meantime, you can |
| 2694 | also keep using your distribution and try out the package manager on top |
| 2695 | of it (@pxref{Installation}). |
| 2696 | |
| 2697 | Before you proceed with the installation, be aware of the following |
| 2698 | noteworthy limitations applicable to version @value{VERSION}: |
| 2699 | |
| 2700 | @itemize |
| 2701 | @item |
| 2702 | The installation process does not include a graphical user interface and |
| 2703 | requires familiarity with GNU/Linux (see the following subsections to |
| 2704 | get a feel of what that means.) |
| 2705 | |
| 2706 | @item |
| 2707 | The system does not yet provide graphical desktop environments such as |
| 2708 | GNOME and KDE. |
| 2709 | |
| 2710 | @item |
| 2711 | Support for encrypted disks, the Logical Volume Manager (LVM), and swap |
| 2712 | devices is missing. |
| 2713 | |
| 2714 | @item |
| 2715 | Few system services are currently supported out-of-the-box |
| 2716 | (@pxref{Services}). |
| 2717 | |
| 2718 | @item |
| 2719 | On the order of 1,000 packages are available, which means that you may |
| 2720 | occasionally find that a useful package is missing. |
| 2721 | @end itemize |
| 2722 | |
| 2723 | You've been warned. But more than a disclaimer, this is an invitation |
| 2724 | to report issues (and success stories!), and join us in improving it. |
| 2725 | @xref{Contributing}, for more info. |
| 2726 | |
| 2727 | @subsection USB Stick Installation |
| 2728 | |
| 2729 | An installation image for USB sticks can be downloaded from |
| 2730 | @url{ftp://alpha.gnu.org/gnu/guix/gnu-usb-install-@value{VERSION}.@var{system}.xz}, |
| 2731 | where @var{system} is one of: |
| 2732 | |
| 2733 | @table @code |
| 2734 | @item x86_64-linux |
| 2735 | for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs; |
| 2736 | |
| 2737 | @item i686-linux |
| 2738 | for a 32-bit GNU/Linux system on Intel-compatible CPUs. |
| 2739 | @end table |
| 2740 | |
| 2741 | This image contains a single partition with the tools necessary for an |
| 2742 | installation. It is meant to be copied @emph{as is} to a large-enough |
| 2743 | USB stick. |
| 2744 | |
| 2745 | To copy the image to a USB stick, follow these steps: |
| 2746 | |
| 2747 | @enumerate |
| 2748 | @item |
| 2749 | Decompress the image using the @command{xz} command: |
| 2750 | |
| 2751 | @example |
| 2752 | xz -d gnu-usb-install-@value{VERSION}.@var{system}.xz |
| 2753 | @end example |
| 2754 | |
| 2755 | @item |
| 2756 | Insert a USB stick of 1@tie{}GiB or more in your machine, and determine |
| 2757 | its device name. Assuming that USB stick is known as @file{/dev/sdX}, |
| 2758 | copy the image with: |
| 2759 | |
| 2760 | @example |
| 2761 | dd if=gnu-usb-install-20140629.x86_64 of=/dev/sdX |
| 2762 | @end example |
| 2763 | |
| 2764 | Access to @file{/dev/sdX} usually requires root privileges. |
| 2765 | @end enumerate |
| 2766 | |
| 2767 | Once this is done, you should be able to reboot the system and boot from |
| 2768 | the USB stick. The latter usually requires you to get in the BIOS' boot |
| 2769 | menu, where you can choose to boot from the USB stick. |
| 2770 | |
| 2771 | @subsection Preparing for Installation |
| 2772 | |
| 2773 | Once you have successfully booted the image on the USB stick, you should |
| 2774 | end up with a root prompt. Several console TTYs are configured and can |
| 2775 | be used to run commands as root. TTY2 shows this documentation, |
| 2776 | browsable using the Info reader commands (@pxref{Help,,, info, Info: An |
| 2777 | Introduction}). |
| 2778 | |
| 2779 | To install the system, you would: |
| 2780 | |
| 2781 | @enumerate |
| 2782 | |
| 2783 | @item |
| 2784 | Configure the network, by running @command{dhclient eth0} (to get an |
| 2785 | automatically assigned IP address from the wired network interface |
| 2786 | controller), or using the @command{ifconfig} command. |
| 2787 | |
| 2788 | The system automatically loads drivers for your network interface |
| 2789 | controllers. |
| 2790 | |
| 2791 | Setting up network access is almost always a requirement because the |
| 2792 | image does not contain all the software and tools that may be needed. |
| 2793 | |
| 2794 | @item |
| 2795 | Unless this has already been done, you must partition and format the |
| 2796 | target partitions. |
| 2797 | |
| 2798 | Preferably, assign partitions a label so that you can easily and |
| 2799 | reliably refer to them in @code{file-system} declarations (@pxref{File |
| 2800 | Systems}). This is typically done using the @code{-L} option of |
| 2801 | @command{mkfs.ext4} and related commands. |
| 2802 | |
| 2803 | The installation image includes Parted (@pxref{Overview,,, parted, GNU |
| 2804 | Parted User Manual}), @command{fdisk}, and e2fsprogs, the suite of tools |
| 2805 | to manipulate ext2/ext3/ext4 file systems. |
| 2806 | |
| 2807 | @item |
| 2808 | Once that is done, mount the target root partition under @file{/mnt}. |
| 2809 | |
| 2810 | @item |
| 2811 | Lastly, run @code{deco start cow-store /mnt}. |
| 2812 | |
| 2813 | This will make @file{/gnu/store} copy-on-write, such that packages added |
| 2814 | to it during the installation phase will be written to the target disk |
| 2815 | rather than kept in memory. |
| 2816 | |
| 2817 | @end enumerate |
| 2818 | |
| 2819 | |
| 2820 | @subsection Proceeding with the Installation |
| 2821 | |
| 2822 | With the target partitions ready, you now have to edit a file and |
| 2823 | provide the declaration of the operating system to be installed. To |
| 2824 | that end, the installation system comes with two text editors: GNU nano |
| 2825 | (@pxref{Top,,, nano, GNU nano Manual}), and GNU Zile, an Emacs clone. |
| 2826 | It is better to store that file on the target root file system, say, as |
| 2827 | @file{/mnt/etc/config.scm}. |
| 2828 | |
| 2829 | A minimal operating system configuration, with just the bare minimum and |
| 2830 | only a root account would look like this: |
| 2831 | |
| 2832 | @example |
| 2833 | (use-modules (gnu)) |
| 2834 | |
| 2835 | (operating-system |
| 2836 | (host-name "foo") |
| 2837 | (timezone "Europe/Paris") |
| 2838 | (locale "en_US.UTF-8") |
| 2839 | |
| 2840 | ;; Assuming /dev/sdX is the target hard disk, and /dev/sdX1 the |
| 2841 | ;; target root file system. |
| 2842 | (bootloader (grub-configuration (device "/dev/sdX"))) |
| 2843 | (file-systems (cons (file-system |
| 2844 | (device "/dev/sdX1") |
| 2845 | (mount-point "/") |
| 2846 | (type "ext4")) |
| 2847 | %base-file-systems))) |
| 2848 | @end example |
| 2849 | |
| 2850 | @noindent |
| 2851 | For more information on @code{operating-system} declarations, |
| 2852 | @xref{Using the Configuration System}. |
| 2853 | |
| 2854 | Once that is done, the new system must be initialized (remember that the |
| 2855 | target root file system is mounted under @file{/mnt}): |
| 2856 | |
| 2857 | @example |
| 2858 | guix system init /mnt/etc/config.scm /mnt |
| 2859 | @end example |
| 2860 | |
| 2861 | @noindent |
| 2862 | This will copy all the necessary files, and install GRUB on |
| 2863 | @file{/dev/sdX}, unless you pass the @option{--no-grub} option. For |
| 2864 | more information, @xref{Invoking guix system}. This command may trigger |
| 2865 | downloads or builds of missing packages, which can take some time. |
| 2866 | |
| 2867 | Once that command has completed---and hopefully succeeded!---you can |
| 2868 | unmount @file{/mnt} and boot into the new system. Cross fingers, and |
| 2869 | join us on @code{#guix} on the Freenode IRC network or on |
| 2870 | @file{guix-devel@@gnu.org} to share your experience---good or not so |
| 2871 | good. |
| 2872 | |
| 2873 | @subsection Building the Installation Image |
| 2874 | |
| 2875 | The installation image described above was built using the @command{guix |
| 2876 | system} command, specifically: |
| 2877 | |
| 2878 | @example |
| 2879 | guix system disk-image --image-size=800MiB gnu/system/install.scm |
| 2880 | @end example |
| 2881 | |
| 2882 | @xref{Invoking guix system}, for more information. See |
| 2883 | @file{gnu/system/install.scm} in the source tree for more information |
| 2884 | about the installation image. |
| 2885 | |
| 2886 | @node System Configuration |
| 2887 | @section System Configuration |
| 2888 | |
| 2889 | @cindex system configuration |
| 2890 | The GNU system supports a consistent whole-system configuration |
| 2891 | mechanism. By that we mean that all aspects of the global system |
| 2892 | configuration---such as the available system services, timezone and |
| 2893 | locale settings, user accounts---are declared in a single place. Such |
| 2894 | a @dfn{system configuration} can be @dfn{instantiated}---i.e., effected. |
| 2895 | |
| 2896 | One of the advantages of putting all the system configuration under the |
| 2897 | control of Guix is that it supports transactional system upgrades, and |
| 2898 | makes it possible to roll-back to a previous system instantiation, |
| 2899 | should something go wrong with the new one (@pxref{Features}). Another |
| 2900 | one is that it makes it easy to replicate the exact same configuration |
| 2901 | across different machines, or at different points in time, without |
| 2902 | having to resort to additional administration tools layered on top of |
| 2903 | the system's own tools. |
| 2904 | @c Yes, we're talking of Puppet, Chef, & co. here. ↑ |
| 2905 | |
| 2906 | This section describes this mechanism. First we focus on the system |
| 2907 | administrator's viewpoint---explaining how the system is configured and |
| 2908 | instantiated. Then we show how this mechanism can be extended, for |
| 2909 | instance to support new system services. |
| 2910 | |
| 2911 | @menu |
| 2912 | * Using the Configuration System:: Customizing your GNU system. |
| 2913 | * File Systems:: Configuring file system mounts. |
| 2914 | * User Accounts:: Specifying user accounts. |
| 2915 | * Services:: Specifying system services. |
| 2916 | * Setuid Programs:: Programs running with root privileges. |
| 2917 | * Initial RAM Disk:: Linux-Libre bootstrapping. |
| 2918 | * Invoking guix system:: Instantiating a system configuration. |
| 2919 | * Defining Services:: Adding new service definitions. |
| 2920 | @end menu |
| 2921 | |
| 2922 | @node Using the Configuration System |
| 2923 | @subsection Using the Configuration System |
| 2924 | |
| 2925 | The operating system is configured by providing an |
| 2926 | @code{operating-system} declaration in a file that can then be passed to |
| 2927 | the @command{guix system} command (@pxref{Invoking guix system}). A |
| 2928 | simple setup, with the default system services, the default Linux-Libre |
| 2929 | kernel, initial RAM disk, and boot loader looks like this: |
| 2930 | |
| 2931 | @findex operating-system |
| 2932 | @lisp |
| 2933 | (use-modules (gnu) ; for 'user-account', '%base-services', etc. |
| 2934 | (gnu packages emacs) ; for 'emacs' |
| 2935 | (gnu services ssh)) ; for 'lsh-service' |
| 2936 | |
| 2937 | (operating-system |
| 2938 | (host-name "komputilo") |
| 2939 | (timezone "Europe/Paris") |
| 2940 | (locale "fr_FR.UTF-8") |
| 2941 | (bootloader (grub-configuration |
| 2942 | (device "/dev/sda"))) |
| 2943 | (file-systems (cons (file-system |
| 2944 | (device "/dev/sda1") ; or partition label |
| 2945 | (mount-point "/") |
| 2946 | (type "ext3")) |
| 2947 | %base-file-systems)) |
| 2948 | (users (list (user-account |
| 2949 | (name "alice") |
| 2950 | (password "") |
| 2951 | (uid 1000) (group 100) |
| 2952 | (comment "Bob's sister") |
| 2953 | (home-directory "/home/alice")))) |
| 2954 | (packages (cons emacs %base-packages)) |
| 2955 | (services (cons (lsh-service #:port 2222 #:allow-root-login? #t) |
| 2956 | %base-services))) |
| 2957 | @end lisp |
| 2958 | |
| 2959 | This example should be self-describing. Some of the fields defined |
| 2960 | above, such as @code{host-name} and @code{bootloader}, are mandatory. |
| 2961 | Others, such as @code{packages} and @code{services}, can be omitted, in |
| 2962 | which case they get a default value. |
| 2963 | |
| 2964 | @vindex %base-packages |
| 2965 | The @code{packages} field lists |
| 2966 | packages that will be globally visible on the system, for all user |
| 2967 | accounts---i.e., in every user's @code{PATH} environment variable---in |
| 2968 | addition to the per-user profiles (@pxref{Invoking guix package}). The |
| 2969 | @var{%base-packages} variable provides all the tools one would expect |
| 2970 | for basic user and administrator tasks---including the GNU Core |
| 2971 | Utilities, the GNU Networking Utilities, the GNU Zile lightweight text |
| 2972 | editor, @command{find}, @command{grep}, etc. The example above adds |
| 2973 | Emacs to those, taken from the @code{(gnu packages emacs)} module |
| 2974 | (@pxref{Package Modules}). |
| 2975 | |
| 2976 | @vindex %base-services |
| 2977 | The @code{services} field lists @dfn{system services} to be made |
| 2978 | available when the system starts (@pxref{Services}). |
| 2979 | The @code{operating-system} declaration above specifies that, in |
| 2980 | addition to the basic services, we want the @command{lshd} secure shell |
| 2981 | daemon listening on port 2222, and allowing remote @code{root} logins |
| 2982 | (@pxref{Invoking lshd,,, lsh, GNU lsh Manual}). Under the hood, |
| 2983 | @code{lsh-service} arranges so that @code{lshd} is started with the |
| 2984 | right command-line options, possibly with supporting configuration files |
| 2985 | generated as needed (@pxref{Defining Services}). |
| 2986 | |
| 2987 | Assuming the above snippet is stored in the @file{my-system-config.scm} |
| 2988 | file, the @command{guix system reconfigure my-system-config.scm} command |
| 2989 | instantiates that configuration, and makes it the default GRUB boot |
| 2990 | entry (@pxref{Invoking guix system}). The normal way to change the |
| 2991 | system's configuration is by updating this file and re-running the |
| 2992 | @command{guix system} command. |
| 2993 | |
| 2994 | At the Scheme level, the bulk of an @code{operating-system} declaration |
| 2995 | is instantiated with the following monadic procedure (@pxref{The Store |
| 2996 | Monad}): |
| 2997 | |
| 2998 | @deffn {Monadic Procedure} operating-system-derivation os |
| 2999 | Return a derivation that builds @var{os}, an @code{operating-system} |
| 3000 | object (@pxref{Derivations}). |
| 3001 | |
| 3002 | The output of the derivation is a single directory that refers to all |
| 3003 | the packages, configuration files, and other supporting files needed to |
| 3004 | instantiate @var{os}. |
| 3005 | @end deffn |
| 3006 | |
| 3007 | @node File Systems |
| 3008 | @subsection File Systems |
| 3009 | |
| 3010 | The list of file systems to be mounted is specified in the |
| 3011 | @code{file-systems} field of the operating system's declaration |
| 3012 | (@pxref{Using the Configuration System}). Each file system is declared |
| 3013 | using the @code{file-system} form, like this: |
| 3014 | |
| 3015 | @example |
| 3016 | (file-system |
| 3017 | (mount-point "/home") |
| 3018 | (device "/dev/sda3") |
| 3019 | (type "ext4")) |
| 3020 | @end example |
| 3021 | |
| 3022 | As usual, some of the fields are mandatory---those shown in the example |
| 3023 | above---while others can be omitted. These are described below. |
| 3024 | |
| 3025 | @deftp {Data Type} file-system |
| 3026 | Objects of this type represent file systems to be mounted. They |
| 3027 | contain the following members: |
| 3028 | |
| 3029 | @table @asis |
| 3030 | @item @code{type} |
| 3031 | This is a string specifying the type of the file system---e.g., |
| 3032 | @code{"ext4"}. |
| 3033 | |
| 3034 | @item @code{mount-point} |
| 3035 | This designates the place where the file system is to be mounted. |
| 3036 | |
| 3037 | @item @code{device} |
| 3038 | This names the ``source'' of the file system. By default it is the name |
| 3039 | of a node under @file{/dev}, but its meaning depends on the @code{title} |
| 3040 | field described below. |
| 3041 | |
| 3042 | @item @code{title} (default: @code{'device}) |
| 3043 | This is a symbol that specifies how the @code{device} field is to be |
| 3044 | interpreted. |
| 3045 | |
| 3046 | When it is the symbol @code{device}, then the @code{device} field is |
| 3047 | interpreted as a file name; when it is @code{label}, then @code{device} |
| 3048 | is interpreted as a partition label name; when it is @code{uuid}, |
| 3049 | @code{device} is interpreted as a partition unique identifier (UUID). |
| 3050 | |
| 3051 | The @code{label} and @code{uuid} options offer a way to refer to disk |
| 3052 | partitions without having to hard-code their actual device name. |
| 3053 | |
| 3054 | @item @code{flags} (default: @code{'()}) |
| 3055 | This is a list of symbols denoting mount flags. Recognized flags |
| 3056 | include @code{read-only}, @code{bind-mount}, @code{no-dev} (disallow |
| 3057 | access to special files), @code{no-suid} (ignore setuid and setgid |
| 3058 | bits), and @code{no-exec} (disallow program execution.) |
| 3059 | |
| 3060 | @item @code{options} (default: @code{#f}) |
| 3061 | This is either @code{#f}, or a string denoting mount options. |
| 3062 | |
| 3063 | @item @code{needed-for-boot?} (default: @code{#f}) |
| 3064 | This Boolean value indicates whether the file system is needed when |
| 3065 | booting. If that is true, then the file system is mounted when the |
| 3066 | initial RAM disk (initrd) is loaded. This is always the case, for |
| 3067 | instance, for the root file system. |
| 3068 | |
| 3069 | @item @code{check?} (default: @code{#t}) |
| 3070 | This Boolean indicates whether the file system needs to be checked for |
| 3071 | errors before being mounted. |
| 3072 | |
| 3073 | @item @code{create-mount-point?} (default: @code{#f}) |
| 3074 | When true, the mount point is created if it does not exist yet. |
| 3075 | |
| 3076 | @end table |
| 3077 | @end deftp |
| 3078 | |
| 3079 | The @code{(gnu system file-systems)} exports the following useful |
| 3080 | variables. |
| 3081 | |
| 3082 | @defvr {Scheme Variable} %base-file-systems |
| 3083 | These are essential file systems that are required on normal systems, |
| 3084 | such as @var{%devtmpfs-file-system} (see below.) Operating system |
| 3085 | declarations should always contain at least these. |
| 3086 | @end defvr |
| 3087 | |
| 3088 | @defvr {Scheme Variable} %devtmpfs-file-system |
| 3089 | The @code{devtmpfs} file system to be mounted on @file{/dev}. This is a |
| 3090 | requirement for udev (@pxref{Base Services, @code{udev-service}}). |
| 3091 | @end defvr |
| 3092 | |
| 3093 | @defvr {Scheme Variable} %pseudo-terminal-file-system |
| 3094 | This is the file system to be mounted as @file{/dev/pts}. It supports |
| 3095 | @dfn{pseudo-terminals} created @i{via} @code{openpty} and similar |
| 3096 | functions (@pxref{Pseudo-Terminals,,, libc, The GNU C Library Reference |
| 3097 | Manual}). Pseudo-terminals are used by terminal emulators such as |
| 3098 | @command{xterm}. |
| 3099 | @end defvr |
| 3100 | |
| 3101 | @defvr {Scheme Variable} %shared-memory-file-system |
| 3102 | This file system is mounted as @file{/dev/shm} and is used to support |
| 3103 | memory sharing across processes (@pxref{Memory-mapped I/O, |
| 3104 | @code{shm_open},, libc, The GNU C Library Reference Manual}). |
| 3105 | @end defvr |
| 3106 | |
| 3107 | @defvr {Scheme Variable} %binary-format-file-system |
| 3108 | The @code{binfmt_misc} file system, which allows handling of arbitrary |
| 3109 | executable file types to be delegated to user space. This requires the |
| 3110 | @code{binfmt.ko} kernel module to be loaded. |
| 3111 | @end defvr |
| 3112 | |
| 3113 | @defvr {Scheme Variable} %fuse-control-file-system |
| 3114 | The @code{fusectl} file system, which allows unprivileged users to mount |
| 3115 | and unmount user-space FUSE file systems. This requires the |
| 3116 | @code{fuse.ko} kernel module to be loaded. |
| 3117 | @end defvr |
| 3118 | |
| 3119 | @node User Accounts |
| 3120 | @subsection User Accounts |
| 3121 | |
| 3122 | User accounts are specified with the @code{user-account} form: |
| 3123 | |
| 3124 | @example |
| 3125 | (user-account |
| 3126 | (name "alice") |
| 3127 | (group "users") |
| 3128 | (supplementary-groups '("wheel")) ; allow use of sudo, etc. |
| 3129 | (comment "Bob's sister") |
| 3130 | (home-directory "/home/alice")) |
| 3131 | @end example |
| 3132 | |
| 3133 | @deftp {Data Type} user-account |
| 3134 | Objects of this type represent user accounts. The following members may |
| 3135 | be specified: |
| 3136 | |
| 3137 | @table @asis |
| 3138 | @item @code{name} |
| 3139 | The name of the user account. |
| 3140 | |
| 3141 | @item @code{group} |
| 3142 | This is the name (a string) or identifier (a number) of the user group |
| 3143 | this account belongs to. |
| 3144 | |
| 3145 | @item @code{supplementary-groups} (default: @code{'()}) |
| 3146 | Optionally, this can be defined as a list of group names that this |
| 3147 | account belongs to. |
| 3148 | |
| 3149 | @item @code{uid} (default: @code{#f}) |
| 3150 | This is the user ID for this account (a number), or @code{#f}. In the |
| 3151 | latter case, a number is automatically chosen by the system when the |
| 3152 | account is created. |
| 3153 | |
| 3154 | @item @code{comment} (default: @code{""}) |
| 3155 | A comment about the account, such as the account's owner full name. |
| 3156 | |
| 3157 | @item @code{home-directory} |
| 3158 | This is the name of the home directory for the account. |
| 3159 | |
| 3160 | @item @code{shell} (default: Bash) |
| 3161 | This is a G-expression denoting the file name of a program to be used as |
| 3162 | the shell (@pxref{G-Expressions}). |
| 3163 | |
| 3164 | @item @code{system?} (default: @code{#f}) |
| 3165 | This Boolean value indicates whether the account is a ``system'' |
| 3166 | account. System accounts are sometimes treated specially; for instance, |
| 3167 | graphical login managers do not list them. |
| 3168 | |
| 3169 | @item @code{password} (default: @code{#f}) |
| 3170 | Unless @code{#f}, this is the password to be used for the account. |
| 3171 | |
| 3172 | @end table |
| 3173 | @end deftp |
| 3174 | |
| 3175 | User group declarations are even simpler: |
| 3176 | |
| 3177 | @example |
| 3178 | (user-group (name "students")) |
| 3179 | @end example |
| 3180 | |
| 3181 | @deftp {Data Type} user-group |
| 3182 | This type is for, well, user groups. There are just a few fields: |
| 3183 | |
| 3184 | @table @asis |
| 3185 | @item @code{name} |
| 3186 | The group's name. |
| 3187 | |
| 3188 | @item @code{id} (default: @code{#f}) |
| 3189 | The group identifier (a number). If @code{#f}, a new number is |
| 3190 | automatically allocated when the group is created. |
| 3191 | |
| 3192 | @item @code{password} (default: @code{#f}) |
| 3193 | What, user groups can have a password? Well, apparently yes. Unless |
| 3194 | @code{#f}, this field specifies the group's password. |
| 3195 | |
| 3196 | @end table |
| 3197 | @end deftp |
| 3198 | |
| 3199 | For convenience, a variable lists all the basic user groups one may |
| 3200 | expect: |
| 3201 | |
| 3202 | @defvr {Scheme Variable} %base-groups |
| 3203 | This is the list of basic user groups that users and/or packages expect |
| 3204 | to be present on the system. This includes groups such as ``root'', |
| 3205 | ``wheel'', and ``users'', as well as groups used to control access to |
| 3206 | specific devices such as ``audio'', ``disk'', and ``cdrom''. |
| 3207 | @end defvr |
| 3208 | |
| 3209 | |
| 3210 | @node Services |
| 3211 | @subsection Services |
| 3212 | |
| 3213 | @cindex system services |
| 3214 | An important part of preparing an @code{operating-system} declaration is |
| 3215 | listing @dfn{system services} and their configuration (@pxref{Using the |
| 3216 | Configuration System}). System services are typically daemons launched |
| 3217 | when the system boots, or other actions needed at that time---e.g., |
| 3218 | configuring network access. They are managed by GNU@tie{}dmd |
| 3219 | (@pxref{Introduction,,, dmd, GNU dmd Manual}). |
| 3220 | |
| 3221 | The following sections document the available services, starting with |
| 3222 | the core services. |
| 3223 | |
| 3224 | @menu |
| 3225 | * Base Services:: Essential system services. |
| 3226 | * Networking Services:: Network setup, SSH daemon, etc. |
| 3227 | * X Window:: Graphical display. |
| 3228 | @end menu |
| 3229 | |
| 3230 | @node Base Services |
| 3231 | @subsubsection Base Services |
| 3232 | |
| 3233 | The @code{(gnu services base)} module provides definitions for the basic |
| 3234 | services that one expects from the system. The services exported by |
| 3235 | this module are listed below. |
| 3236 | |
| 3237 | @defvr {Scheme Variable} %base-services |
| 3238 | This variable contains a list of basic services@footnote{Technically, |
| 3239 | this is a list of monadic services. @xref{The Store Monad}.} one would |
| 3240 | expect from the system: a login service (mingetty) on each tty, syslogd, |
| 3241 | libc's name service cache daemon (nscd), the udev device manager, and |
| 3242 | more. |
| 3243 | |
| 3244 | This is the default value of the @code{services} field of |
| 3245 | @code{operating-system} declarations. Usually, when customizing a |
| 3246 | system, you will want to append services to @var{%base-services}, like |
| 3247 | this: |
| 3248 | |
| 3249 | @example |
| 3250 | (cons* (avahi-service) (lshd-service) %base-services) |
| 3251 | @end example |
| 3252 | @end defvr |
| 3253 | |
| 3254 | @deffn {Monadic Procedure} host-name-service @var{name} |
| 3255 | Return a service that sets the host name to @var{name}. |
| 3256 | @end deffn |
| 3257 | |
| 3258 | @deffn {Monadic Procedure} mingetty-service @var{tty} [#:motd] @ |
| 3259 | [#:auto-login #f] [#:login-program] [#:login-pause? #f] @ |
| 3260 | [#:allow-empty-passwords? #f] |
| 3261 | Return a service to run mingetty on @var{tty}. |
| 3262 | |
| 3263 | When @var{allow-empty-passwords?} is true, allow empty log-in password. When |
| 3264 | @var{auto-login} is true, it must be a user name under which to log-in |
| 3265 | automatically. @var{login-pause?} can be set to @code{#t} in conjunction with |
| 3266 | @var{auto-login}, in which case the user will have to press a key before the |
| 3267 | login shell is launched. |
| 3268 | |
| 3269 | When true, @var{login-program} is a gexp or a monadic gexp denoting the name |
| 3270 | of the log-in program (the default is the @code{login} program from the Shadow |
| 3271 | tool suite.) |
| 3272 | |
| 3273 | @var{motd} is a monadic value containing a text file to use as |
| 3274 | the ``message of the day''. |
| 3275 | @end deffn |
| 3276 | |
| 3277 | @deffn {Monadic Procedure} nscd-service [#:glibc glibc] |
| 3278 | Return a service that runs libc's name service cache daemon (nscd). |
| 3279 | @end deffn |
| 3280 | |
| 3281 | @deffn {Monadic Procedure} syslog-service |
| 3282 | Return a service that runs @code{syslogd} with reasonable default |
| 3283 | settings. |
| 3284 | @end deffn |
| 3285 | |
| 3286 | @deffn {Monadic Procedure} guix-service [#:guix guix] @ |
| 3287 | [#:builder-group "guixbuild"] [#:build-accounts 10] @ |
| 3288 | [#:authorize-hydra-key? #f] [#:use-substitutes? #t] @ |
| 3289 | [#:extra-options '()] |
| 3290 | Return a service that runs the build daemon from @var{guix}, and has |
| 3291 | @var{build-accounts} user accounts available under @var{builder-group}. |
| 3292 | |
| 3293 | When @var{authorize-hydra-key?} is true, the @code{hydra.gnu.org} public key |
| 3294 | provided by @var{guix} is authorized upon activation, meaning that substitutes |
| 3295 | from @code{hydra.gnu.org} are used by default. |
| 3296 | |
| 3297 | If @var{use-substitutes?} is false, the daemon is run with |
| 3298 | @option{--no-substitutes} (@pxref{Invoking guix-daemon, |
| 3299 | @option{--no-substitutes}}). |
| 3300 | |
| 3301 | Finally, @var{extra-options} is a list of additional command-line options |
| 3302 | passed to @command{guix-daemon}. |
| 3303 | @end deffn |
| 3304 | |
| 3305 | @deffn {Monadic Procedure} udev-service [#:udev udev] |
| 3306 | Run @var{udev}, which populates the @file{/dev} directory dynamically. |
| 3307 | @end deffn |
| 3308 | |
| 3309 | |
| 3310 | @node Networking Services |
| 3311 | @subsubsection Networking Services |
| 3312 | |
| 3313 | The @code{(gnu system networking)} module provides services to configure |
| 3314 | the network interface. |
| 3315 | |
| 3316 | @deffn {Monadic Procedure} static-networking-service @var{interface} @var{ip} @ |
| 3317 | [#:gateway #f] [#:name-services @code{'()}] |
| 3318 | Return a service that starts @var{interface} with address @var{ip}. If |
| 3319 | @var{gateway} is true, it must be a string specifying the default network |
| 3320 | gateway. |
| 3321 | @end deffn |
| 3322 | |
| 3323 | @deffn {Monadic Procedure} tor-service [#:tor tor] |
| 3324 | Return a service to run the @uref{https://torproject.org,Tor} daemon. |
| 3325 | |
| 3326 | The daemon runs with the default settings (in particular the default exit |
| 3327 | policy) as the @code{tor} unprivileged user. |
| 3328 | @end deffn |
| 3329 | |
| 3330 | In addition, @code{(gnu system ssh)} provides the following service. |
| 3331 | |
| 3332 | @deffn {Monadic Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @ |
| 3333 | [#:interfaces '()] [#:port-number 22] @ |
| 3334 | [#:allow-empty-passwords? #f] [#:root-login? #f] @ |
| 3335 | [#:syslog-output? #t] [#:x11-forwarding? #t] @ |
| 3336 | [#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @ |
| 3337 | [public-key-authentication? #t] [#:initialize? #f] |
| 3338 | Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}. |
| 3339 | @var{host-key} must designate a file containing the host key, and readable |
| 3340 | only by root. |
| 3341 | |
| 3342 | When @var{initialize?} is true, automatically create the seed and host key |
| 3343 | upon service activation if they do not exist yet. This may take long and |
| 3344 | require interaction. |
| 3345 | |
| 3346 | When @var{interfaces} is empty, lshd listens for connections on all the |
| 3347 | network interfaces; otherwise, @var{interfaces} must be a list of host names |
| 3348 | or addresses. |
| 3349 | |
| 3350 | @var{allow-empty-passwords?} specifies whether to accepts log-ins with empty |
| 3351 | passwords, and @var{root-login?} specifies whether to accepts log-ins as |
| 3352 | root. |
| 3353 | |
| 3354 | The other options should be self-descriptive. |
| 3355 | @end deffn |
| 3356 | |
| 3357 | @node X Window |
| 3358 | @subsubsection X Window |
| 3359 | |
| 3360 | Support for the X Window graphical display system---specifically |
| 3361 | Xorg---is provided by the @code{(gnu services xorg)} module. Note that |
| 3362 | there is no @code{xorg-service} procedure. Instead, the X server is |
| 3363 | started by the @dfn{login manager}, currently SLiM. |
| 3364 | |
| 3365 | @deffn {Monadic Procedure} slim-service [#:allow-empty-passwords? #f] @ |
| 3366 | [#:auto-login? #f] [#:default-user ""] [#:startx] |
| 3367 | Return a service that spawns the SLiM graphical login manager, which in |
| 3368 | turn starts the X display server with @var{startx}, a command as returned by |
| 3369 | @code{xorg-start-command}. |
| 3370 | |
| 3371 | When @var{allow-empty-passwords?} is true, allow logins with an empty |
| 3372 | password. When @var{auto-login?} is true, log in automatically as |
| 3373 | @var{default-user}. |
| 3374 | @end deffn |
| 3375 | |
| 3376 | |
| 3377 | @node Setuid Programs |
| 3378 | @subsection Setuid Programs |
| 3379 | |
| 3380 | @cindex setuid programs |
| 3381 | Some programs need to run with ``root'' privileges, even when they are |
| 3382 | launched by unprivileged users. A notorious example is the |
| 3383 | @command{passwd} programs, which can users can run to change their |
| 3384 | password, and which requires write access to the @file{/etc/passwd} and |
| 3385 | @file{/etc/shadow} files---something normally restricted to root, for |
| 3386 | obvious security reasons. To address that, these executables are |
| 3387 | @dfn{setuid-root}, meaning that they always run with root privileges |
| 3388 | (@pxref{How Change Persona,,, libc, The GNU C Library Reference Manual}, |
| 3389 | for more info about the setuid mechanisms.) |
| 3390 | |
| 3391 | The store itself @emph{cannot} contain setuid programs: that would be a |
| 3392 | security issue since any user on the system can write derivations that |
| 3393 | populate the store (@pxref{The Store}). Thus, a different mechanism is |
| 3394 | used: instead of changing the setuid bit directly on files that are in |
| 3395 | the store, we let the system administrator @emph{declare} which programs |
| 3396 | should be setuid root. |
| 3397 | |
| 3398 | The @code{setuid-programs} field of an @code{operating-system} |
| 3399 | declaration contains a list of G-expressions denoting the names of |
| 3400 | programs to be setuid-root (@pxref{Using the Configuration System}). |
| 3401 | For instance, the @command{passwd} program, which is part of the Shadow |
| 3402 | package, can be designated by this G-expression (@pxref{G-Expressions}): |
| 3403 | |
| 3404 | @example |
| 3405 | #~(string-append #$shadow "/bin/passwd") |
| 3406 | @end example |
| 3407 | |
| 3408 | A default set of setuid programs is defined by the |
| 3409 | @code{%setuid-programs} variable of the @code{(gnu system)} module. |
| 3410 | |
| 3411 | @defvr {Scheme Variable} %setuid-programs |
| 3412 | A list of G-expressions denoting common programs that are setuid-root. |
| 3413 | |
| 3414 | The list includes commands such as @command{passwd}, @command{ping}, |
| 3415 | @command{su}, and @command{sudo}. |
| 3416 | @end defvr |
| 3417 | |
| 3418 | Under the hood, the actual setuid programs are created in the |
| 3419 | @file{/run/setuid-programs} directory at system activation time. The |
| 3420 | files in this directory refer to the ``real'' binaries, which are in the |
| 3421 | store. |
| 3422 | |
| 3423 | |
| 3424 | @node Initial RAM Disk |
| 3425 | @subsection Initial RAM Disk |
| 3426 | |
| 3427 | @cindex initial RAM disk (initrd) |
| 3428 | @cindex initrd (initial RAM disk) |
| 3429 | For bootstrapping purposes, the Linux-Libre kernel is passed an |
| 3430 | @dfn{initial RAM disk}, or @dfn{initrd}. An initrd contains a temporary |
| 3431 | root file system, as well as an initialization script. The latter is |
| 3432 | responsible for mounting the real root file system, and for loading any |
| 3433 | kernel modules that may be needed to achieve that. |
| 3434 | |
| 3435 | The @code{initrd} field of an @code{operating-system} declaration allows |
| 3436 | you to specify which initrd you would like to use. The @code{(gnu |
| 3437 | system linux-initrd)} module provides two ways to build an initrd: the |
| 3438 | high-level @code{base-initrd} procedure, and the low-level |
| 3439 | @code{expression->initrd} procedure. |
| 3440 | |
| 3441 | The @code{base-initrd} procedure is intended to cover most common uses. |
| 3442 | For example, if you want to add a bunch of kernel modules to be loaded |
| 3443 | at boot time, you can define the @code{initrd} field of the operating |
| 3444 | system declaration like this: |
| 3445 | |
| 3446 | @example |
| 3447 | (initrd (cut base-initrd <> |
| 3448 | #:extra-modules '("my.ko" "modules.ko"))) |
| 3449 | @end example |
| 3450 | |
| 3451 | It also handles common use cases that involves using the system as a |
| 3452 | QEMU guest, or as a ``live'' system whose root file system is volatile. |
| 3453 | |
| 3454 | @deffn {Monadic Procedure} base-initrd @var{file-systems} @ |
| 3455 | [#:qemu-networking? #f] [#:virtio? #f] [#:volatile-root? #f] @ |
| 3456 | [#:extra-modules '()] |
| 3457 | Return a monadic derivation that builds a generic initrd. @var{file-systems} is |
| 3458 | a list of file-systems to be mounted by the initrd, possibly in addition to |
| 3459 | the root file system specified on the kernel command line via @code{--root}. |
| 3460 | |
| 3461 | When @var{qemu-networking?} is true, set up networking with the standard QEMU |
| 3462 | parameters. When @var{virtio?} is true, load additional modules so the initrd can |
| 3463 | be used as a QEMU guest with para-virtualized I/O drivers. |
| 3464 | |
| 3465 | When @var{volatile-root?} is true, the root file system is writable but any changes |
| 3466 | to it are lost. |
| 3467 | |
| 3468 | The initrd is automatically populated with all the kernel modules necessary |
| 3469 | for @var{file-systems} and for the given options. However, additional kernel |
| 3470 | modules can be listed in @var{extra-modules}. They will be added to the initrd, and |
| 3471 | loaded at boot time in the order in which they appear. |
| 3472 | @end deffn |
| 3473 | |
| 3474 | Needless to say, the initrds we produce and use embed a |
| 3475 | statically-linked Guile, and the initialization program is a Guile |
| 3476 | program. That gives a lot of flexibility. The |
| 3477 | @code{expression->initrd} procedure builds such an initrd, given the |
| 3478 | program to run in that initrd. |
| 3479 | |
| 3480 | @deffn {Monadic Procedure} expression->initrd @var{exp} @ |
| 3481 | [#:guile %guile-static-stripped] [#:name "guile-initrd"] @ |
| 3482 | [#:modules '()] [#:to-copy '()] [#:linux #f] @ |
| 3483 | [#:linux-modules '()] |
| 3484 | Return a derivation that builds a Linux initrd (a gzipped cpio archive) |
| 3485 | containing @var{guile} and that evaluates @var{exp}, a G-expression, |
| 3486 | upon booting. |
| 3487 | |
| 3488 | @var{linux-modules} is a list of @file{.ko} file names to be copied from |
| 3489 | @var{linux} into the initrd. @var{to-copy} is a list of additional |
| 3490 | derivations or packages to copy to the initrd. @var{modules} is a list |
| 3491 | of Guile module names to be embedded in the initrd. |
| 3492 | @end deffn |
| 3493 | |
| 3494 | @node Invoking guix system |
| 3495 | @subsection Invoking @code{guix system} |
| 3496 | |
| 3497 | Once you have written an operating system declaration, as seen in the |
| 3498 | previous section, it can be @dfn{instantiated} using the @command{guix |
| 3499 | system} command. The synopsis is: |
| 3500 | |
| 3501 | @example |
| 3502 | guix system @var{options}@dots{} @var{action} @var{file} |
| 3503 | @end example |
| 3504 | |
| 3505 | @var{file} must be the name of a file containing an |
| 3506 | @code{operating-system} declaration. @var{action} specifies how the |
| 3507 | operating system is instantiate. Currently the following values are |
| 3508 | supported: |
| 3509 | |
| 3510 | @table @code |
| 3511 | @item reconfigure |
| 3512 | Build the operating system described in @var{file}, activate it, and |
| 3513 | switch to it@footnote{This action is usable only on systems already |
| 3514 | running GNU.}. |
| 3515 | |
| 3516 | This effects all the configuration specified in @var{file}: user |
| 3517 | accounts, system services, global package list, setuid programs, etc. |
| 3518 | |
| 3519 | It also adds a GRUB menu entry for the new OS configuration, and moves |
| 3520 | entries for older configurations to a submenu---unless |
| 3521 | @option{--no-grub} is passed. |
| 3522 | |
| 3523 | @item build |
| 3524 | Build the operating system's derivation, which includes all the |
| 3525 | configuration files and programs needed to boot and run the system. |
| 3526 | This action does not actually install anything. |
| 3527 | |
| 3528 | @item init |
| 3529 | Populate the given directory with all the files necessary to run the |
| 3530 | operating system specified in @var{file}. This is useful for first-time |
| 3531 | installations of the GNU system. For instance: |
| 3532 | |
| 3533 | @example |
| 3534 | guix system init my-os-config.scm /mnt |
| 3535 | @end example |
| 3536 | |
| 3537 | copies to @file{/mnt} all the store items required by the configuration |
| 3538 | specified in @file{my-os-config.scm}. This includes configuration |
| 3539 | files, packages, and so on. It also creates other essential files |
| 3540 | needed for the system to operate correctly---e.g., the @file{/etc}, |
| 3541 | @file{/var}, and @file{/run} directories, and the @file{/bin/sh} file. |
| 3542 | |
| 3543 | This command also installs GRUB on the device specified in |
| 3544 | @file{my-os-config}, unless the @option{--no-grub} option was passed. |
| 3545 | |
| 3546 | @item vm |
| 3547 | @cindex virtual machine |
| 3548 | Build a virtual machine that contain the operating system declared in |
| 3549 | @var{file}, and return a script to run that virtual machine (VM). |
| 3550 | |
| 3551 | The VM shares its store with the host system. |
| 3552 | |
| 3553 | @item vm-image |
| 3554 | @itemx disk-image |
| 3555 | Return a virtual machine or disk image of the operating system declared |
| 3556 | in @var{file} that stands alone. Use the @option{--image-size} option |
| 3557 | to specify the size of the image. |
| 3558 | |
| 3559 | When using @code{vm-image}, the returned image is in qcow2 format, which |
| 3560 | the QEMU emulator can efficiently use. |
| 3561 | |
| 3562 | When using @code{disk-image}, a raw disk image is produced; it can be |
| 3563 | copied as is to a USB stick, for instance. Assuming @code{/dev/sdc} is |
| 3564 | the device corresponding to a USB stick, one can copy the image on it |
| 3565 | using the following command: |
| 3566 | |
| 3567 | @example |
| 3568 | # dd if=$(guix system disk-image my-os.scm) of=/dev/sdc |
| 3569 | @end example |
| 3570 | |
| 3571 | @end table |
| 3572 | |
| 3573 | @var{options} can contain any of the common build options provided by |
| 3574 | @command{guix build} (@pxref{Invoking guix build}). In addition, |
| 3575 | @var{options} can contain one of the following: |
| 3576 | |
| 3577 | @table @option |
| 3578 | @item --system=@var{system} |
| 3579 | @itemx -s @var{system} |
| 3580 | Attempt to build for @var{system} instead of the host's system type. |
| 3581 | This works as per @command{guix build} (@pxref{Invoking guix build}). |
| 3582 | |
| 3583 | @item --image-size=@var{size} |
| 3584 | For the @code{vm-image} and @code{disk-image} actions, create an image |
| 3585 | of the given @var{size}. @var{size} may be a number of bytes, or it may |
| 3586 | include a unit as a suffix, such as @code{MiB} for mebibytes and |
| 3587 | @code{GB} for gigabytes. |
| 3588 | @end table |
| 3589 | |
| 3590 | Note that all the actions above, except @code{build} and @code{init}, |
| 3591 | rely on KVM support in the Linux-Libre kernel. Specifically, the |
| 3592 | machine should have hardware virtualization support, the corresponding |
| 3593 | KVM kernel module should be loaded, and the @file{/dev/kvm} device node |
| 3594 | must exist and be readable and writable by the user and by the daemon's |
| 3595 | build users. |
| 3596 | |
| 3597 | @node Defining Services |
| 3598 | @subsection Defining Services |
| 3599 | |
| 3600 | The @code{(gnu services @dots{})} modules define several procedures that allow |
| 3601 | users to declare the operating system's services (@pxref{Using the |
| 3602 | Configuration System}). These procedures are @emph{monadic |
| 3603 | procedures}---i.e., procedures that return a monadic value in the store |
| 3604 | monad (@pxref{The Store Monad}). For examples of such procedures, |
| 3605 | @xref{Services}. |
| 3606 | |
| 3607 | @cindex service definition |
| 3608 | The monadic value returned by those procedures is a @dfn{service |
| 3609 | definition}---a structure as returned by the @code{service} form. |
| 3610 | Service definitions specifies the inputs the service depends on, and an |
| 3611 | expression to start and stop the service. Behind the scenes, service |
| 3612 | definitions are ``translated'' into the form suitable for the |
| 3613 | configuration file of dmd, the init system (@pxref{Services,,, dmd, GNU |
| 3614 | dmd Manual}). |
| 3615 | |
| 3616 | As an example, here is what the @code{nscd-service} procedure looks |
| 3617 | like: |
| 3618 | |
| 3619 | @lisp |
| 3620 | (define (nscd-service) |
| 3621 | (with-monad %store-monad |
| 3622 | (return (service |
| 3623 | (documentation "Run libc's name service cache daemon.") |
| 3624 | (provision '(nscd)) |
| 3625 | (activate #~(begin |
| 3626 | (use-modules (guix build utils)) |
| 3627 | (mkdir-p "/var/run/nscd"))) |
| 3628 | (start #~(make-forkexec-constructor |
| 3629 | (string-append #$glibc "/sbin/nscd") |
| 3630 | "-f" "/dev/null" "--foreground")) |
| 3631 | (stop #~(make-kill-destructor)) |
| 3632 | (respawn? #f))))) |
| 3633 | @end lisp |
| 3634 | |
| 3635 | @noindent |
| 3636 | The @code{activate}, @code{start}, and @code{stop} fields are G-expressions |
| 3637 | (@pxref{G-Expressions}). The @code{activate} field contains a script to |
| 3638 | run at ``activation'' time; it makes sure that the @file{/var/run/nscd} |
| 3639 | directory exists before @command{nscd} is started. |
| 3640 | |
| 3641 | The @code{start} and @code{stop} fields refer to dmd's facilities to |
| 3642 | start and stop processes (@pxref{Service De- and Constructors,,, dmd, |
| 3643 | GNU dmd Manual}). The @code{provision} field specifies the name under |
| 3644 | which this service is known to dmd, and @code{documentation} specifies |
| 3645 | on-line documentation. Thus, the commands @command{deco start ncsd}, |
| 3646 | @command{deco stop nscd}, and @command{deco doc nscd} will do what you |
| 3647 | would expect (@pxref{Invoking deco,,, dmd, GNU dmd Manual}). |
| 3648 | |
| 3649 | |
| 3650 | @node Installing Debugging Files |
| 3651 | @section Installing Debugging Files |
| 3652 | |
| 3653 | @cindex debugging files |
| 3654 | Program binaries, as produced by the GCC compilers for instance, are |
| 3655 | typically written in the ELF format, with a section containing |
| 3656 | @dfn{debugging information}. Debugging information is what allows the |
| 3657 | debugger, GDB, to map binary code to source code; it is required to |
| 3658 | debug a compiled program in good conditions. |
| 3659 | |
| 3660 | The problem with debugging information is that is takes up a fair amount |
| 3661 | of disk space. For example, debugging information for the GNU C Library |
| 3662 | weighs in at more than 60 MiB. Thus, as a user, keeping all the |
| 3663 | debugging info of all the installed programs is usually not an option. |
| 3664 | Yet, space savings should not come at the cost of an impediment to |
| 3665 | debugging---especially in the GNU system, which should make it easier |
| 3666 | for users to exert their computing freedom (@pxref{GNU Distribution}). |
| 3667 | |
| 3668 | Thankfully, the GNU Binary Utilities (Binutils) and GDB provide a |
| 3669 | mechanism that allows users to get the best of both worlds: debugging |
| 3670 | information can be stripped from the binaries and stored in separate |
| 3671 | files. GDB is then able to load debugging information from those files, |
| 3672 | when they are available (@pxref{Separate Debug Files,,, gdb, Debugging |
| 3673 | with GDB}). |
| 3674 | |
| 3675 | The GNU distribution takes advantage of this by storing debugging |
| 3676 | information in the @code{lib/debug} sub-directory of a separate package |
| 3677 | output unimaginatively called @code{debug} (@pxref{Packages with |
| 3678 | Multiple Outputs}). Users can choose to install the @code{debug} output |
| 3679 | of a package when they need it. For instance, the following command |
| 3680 | installs the debugging information for the GNU C Library and for GNU |
| 3681 | Guile: |
| 3682 | |
| 3683 | @example |
| 3684 | guix package -i glibc:debug guile:debug |
| 3685 | @end example |
| 3686 | |
| 3687 | GDB must then be told to look for debug files in the user's profile, by |
| 3688 | setting the @code{debug-file-directory} variable (consider setting it |
| 3689 | from the @file{~/.gdbinit} file, @pxref{Startup,,, gdb, Debugging with |
| 3690 | GDB}): |
| 3691 | |
| 3692 | @example |
| 3693 | (gdb) set debug-file-directory ~/.guix-profile/lib/debug |
| 3694 | @end example |
| 3695 | |
| 3696 | From there on, GDB will pick up debugging information from the |
| 3697 | @code{.debug} files under @file{~/.guix-profile/lib/debug}. |
| 3698 | |
| 3699 | In addition, you will most likely want GDB to be able to show the source |
| 3700 | code being debugged. To do that, you will have to unpack the source |
| 3701 | code of the package of interest (obtained with @code{guix build |
| 3702 | --source}, @pxref{Invoking guix build}), and to point GDB to that source |
| 3703 | directory using the @code{directory} command (@pxref{Source Path, |
| 3704 | @code{directory},, gdb, Debugging with GDB}). |
| 3705 | |
| 3706 | @c XXX: keep me up-to-date |
| 3707 | The @code{debug} output mechanism in Guix is implemented by the |
| 3708 | @code{gnu-build-system} (@pxref{Build Systems}). Currently, it is |
| 3709 | opt-in---debugging information is available only for those packages |
| 3710 | whose definition explicitly declares a @code{debug} output. This may be |
| 3711 | changed to opt-out in the future, if our build farm servers can handle |
| 3712 | the load. To check whether a package has a @code{debug} output, use |
| 3713 | @command{guix package --list-available} (@pxref{Invoking guix package}). |
| 3714 | |
| 3715 | |
| 3716 | @node Package Modules |
| 3717 | @section Package Modules |
| 3718 | |
| 3719 | From a programming viewpoint, the package definitions of the |
| 3720 | GNU distribution are provided by Guile modules in the @code{(gnu packages |
| 3721 | @dots{})} name space@footnote{Note that packages under the @code{(gnu |
| 3722 | packages @dots{})} module name space are not necessarily ``GNU |
| 3723 | packages''. This module naming scheme follows the usual Guile module |
| 3724 | naming convention: @code{gnu} means that these modules are distributed |
| 3725 | as part of the GNU system, and @code{packages} identifies modules that |
| 3726 | define packages.} (@pxref{Modules, Guile modules,, guile, GNU Guile |
| 3727 | Reference Manual}). For instance, the @code{(gnu packages emacs)} |
| 3728 | module exports a variable named @code{emacs}, which is bound to a |
| 3729 | @code{<package>} object (@pxref{Defining Packages}). |
| 3730 | |
| 3731 | The @code{(gnu packages @dots{})} module name space is special: it is |
| 3732 | automatically scanned for packages by the command-line tools. For |
| 3733 | instance, when running @code{guix package -i emacs}, all the @code{(gnu |
| 3734 | packages @dots{})} modules are scanned until one that exports a package |
| 3735 | object whose name is @code{emacs} is found. This package search |
| 3736 | facility is implemented in the @code{(gnu packages)} module. |
| 3737 | |
| 3738 | Users can store package definitions in modules with different |
| 3739 | names---e.g., @code{(my-packages emacs)}. In that case, commands such |
| 3740 | as @command{guix package} and @command{guix build} have to be used with |
| 3741 | the @code{-e} option so that they know where to find the package. |
| 3742 | |
| 3743 | The distribution is fully @dfn{bootstrapped} and @dfn{self-contained}: |
| 3744 | each package is built based solely on other packages in the |
| 3745 | distribution. The root of this dependency graph is a small set of |
| 3746 | @dfn{bootstrap binaries}, provided by the @code{(gnu packages |
| 3747 | bootstrap)} module. For more information on bootstrapping, |
| 3748 | @ref{Bootstrapping}. |
| 3749 | |
| 3750 | @node Packaging Guidelines |
| 3751 | @section Packaging Guidelines |
| 3752 | |
| 3753 | The GNU distribution is nascent and may well lack some of your favorite |
| 3754 | packages. This section describes how you can help make the distribution |
| 3755 | grow. @xref{Contributing}, for additional information on how you can |
| 3756 | help. |
| 3757 | |
| 3758 | Free software packages are usually distributed in the form of |
| 3759 | @dfn{source code tarballs}---typically @file{tar.gz} files that contain |
| 3760 | all the source files. Adding a package to the distribution means |
| 3761 | essentially two things: adding a @dfn{recipe} that describes how to |
| 3762 | build the package, including a list of other packages required to build |
| 3763 | it, and adding @dfn{package meta-data} along with that recipe, such as a |
| 3764 | description and licensing information. |
| 3765 | |
| 3766 | In Guix all this information is embodied in @dfn{package definitions}. |
| 3767 | Package definitions provide a high-level view of the package. They are |
| 3768 | written using the syntax of the Scheme programming language; in fact, |
| 3769 | for each package we define a variable bound to the package definition, |
| 3770 | and export that variable from a module (@pxref{Package Modules}). |
| 3771 | However, in-depth Scheme knowledge is @emph{not} a prerequisite for |
| 3772 | creating packages. For more information on package definitions, |
| 3773 | @ref{Defining Packages}. |
| 3774 | |
| 3775 | Once a package definition is in place, stored in a file in the Guix |
| 3776 | source tree, it can be tested using the @command{guix build} command |
| 3777 | (@pxref{Invoking guix build}). For example, assuming the new package is |
| 3778 | called @code{gnew}, you may run this command from the Guix build tree: |
| 3779 | |
| 3780 | @example |
| 3781 | ./pre-inst-env guix build gnew --keep-failed |
| 3782 | @end example |
| 3783 | |
| 3784 | Using @code{--keep-failed} makes it easier to debug build failures since |
| 3785 | it provides access to the failed build tree. Another useful |
| 3786 | command-line option when debugging is @code{--log-file}, to access the |
| 3787 | build log. |
| 3788 | |
| 3789 | If the package is unknown to the @command{guix} command, it may be that |
| 3790 | the source file contains a syntax error, or lacks a @code{define-public} |
| 3791 | clause to export the package variable. To figure it out, you may load |
| 3792 | the module from Guile to get more information about the actual error: |
| 3793 | |
| 3794 | @example |
| 3795 | ./pre-inst-env guile -c '(use-modules (gnu packages gnew))' |
| 3796 | @end example |
| 3797 | |
| 3798 | Once your package builds correctly, please send us a patch |
| 3799 | (@pxref{Contributing}). Well, if you need help, we will be happy to |
| 3800 | help you too. Once the patch is committed in the Guix repository, the |
| 3801 | new package automatically gets built on the supported platforms by |
| 3802 | @url{http://hydra.gnu.org/gnu/master, our continuous integration |
| 3803 | system}. |
| 3804 | |
| 3805 | @cindex substituter |
| 3806 | Users can obtain the new package definition simply by running |
| 3807 | @command{guix pull} (@pxref{Invoking guix pull}). When |
| 3808 | @code{hydra.gnu.org} is done building the package, installing the |
| 3809 | package automatically downloads binaries from there |
| 3810 | (@pxref{Substitutes}). The only place where human intervention is |
| 3811 | needed is to review and apply the patch. |
| 3812 | |
| 3813 | |
| 3814 | @menu |
| 3815 | * Software Freedom:: What may go into the distribution. |
| 3816 | * Package Naming:: What's in a name? |
| 3817 | * Version Numbers:: When the name is not enough. |
| 3818 | * Python Modules:: Taming the snake. |
| 3819 | * Perl Modules:: Little pearls. |
| 3820 | @end menu |
| 3821 | |
| 3822 | @node Software Freedom |
| 3823 | @subsection Software Freedom |
| 3824 | |
| 3825 | @c Adapted from http://www.gnu.org/philosophy/philosophy.html. |
| 3826 | |
| 3827 | The GNU operating system has been developed so that users can have |
| 3828 | freedom in their computing. GNU is @dfn{free software}, meaning that |
| 3829 | users have the @url{http://www.gnu.org/philosophy/free-sw.html,four |
| 3830 | essential freedoms}: to run the program, to study and change the program |
| 3831 | in source code form, to redistribute exact copies, and to distribute |
| 3832 | modified versions. Packages found in the GNU distribution provide only |
| 3833 | software that conveys these four freedoms. |
| 3834 | |
| 3835 | In addition, the GNU distribution follow the |
| 3836 | @url{http://www.gnu.org/distros/free-system-distribution-guidelines.html,free |
| 3837 | software distribution guidelines}. Among other things, these guidelines |
| 3838 | reject non-free firmware, recommendations of non-free software, and |
| 3839 | discuss ways to deal with trademarks and patents. |
| 3840 | |
| 3841 | Some packages contain a small and optional subset that violates the |
| 3842 | above guidelines, for instance because this subset is itself non-free |
| 3843 | code. When that happens, the offending items are removed with |
| 3844 | appropriate patches or code snippets in the package definition's |
| 3845 | @code{origin} form (@pxref{Defining Packages}). That way, @code{guix |
| 3846 | build --source} returns the ``freed'' source rather than the unmodified |
| 3847 | upstream source. |
| 3848 | |
| 3849 | |
| 3850 | @node Package Naming |
| 3851 | @subsection Package Naming |
| 3852 | |
| 3853 | A package has actually two names associated with it: |
| 3854 | First, there is the name of the @emph{Scheme variable}, the one following |
| 3855 | @code{define-public}. By this name, the package can be made known in the |
| 3856 | Scheme code, for instance as input to another package. Second, there is |
| 3857 | the string in the @code{name} field of a package definition. This name |
| 3858 | is used by package management commands such as |
| 3859 | @command{guix package} and @command{guix build}. |
| 3860 | |
| 3861 | Both are usually the same and correspond to the lowercase conversion of |
| 3862 | the project name chosen upstream, with underscores replaced with |
| 3863 | hyphens. For instance, GNUnet is available as @code{gnunet}, and |
| 3864 | SDL_net as @code{sdl-net}. |
| 3865 | |
| 3866 | We do not add @code{lib} prefixes for library packages, unless these are |
| 3867 | already part of the official project name. But see @pxref{Python |
| 3868 | Modules} and @ref{Perl Modules} for special rules concerning modules for |
| 3869 | the Python and Perl languages. |
| 3870 | |
| 3871 | |
| 3872 | @node Version Numbers |
| 3873 | @subsection Version Numbers |
| 3874 | |
| 3875 | We usually package only the latest version of a given free software |
| 3876 | project. But sometimes, for instance for incompatible library versions, |
| 3877 | two (or more) versions of the same package are needed. These require |
| 3878 | different Scheme variable names. We use the name as defined |
| 3879 | in @ref{Package Naming} |
| 3880 | for the most recent version; previous versions use the same name, suffixed |
| 3881 | by @code{-} and the smallest prefix of the version number that may |
| 3882 | distinguish the two versions. |
| 3883 | |
| 3884 | The name inside the package definition is the same for all versions of a |
| 3885 | package and does not contain any version number. |
| 3886 | |
| 3887 | For instance, the versions 2.24.20 and 3.9.12 of GTK+ may be packaged as follows: |
| 3888 | |
| 3889 | @example |
| 3890 | (define-public gtk+ |
| 3891 | (package |
| 3892 | (name "gtk+") |
| 3893 | (version "3.9.12") |
| 3894 | ...)) |
| 3895 | (define-public gtk+-2 |
| 3896 | (package |
| 3897 | (name "gtk+") |
| 3898 | (version "2.24.20") |
| 3899 | ...)) |
| 3900 | @end example |
| 3901 | If we also wanted GTK+ 3.8.2, this would be packaged as |
| 3902 | @example |
| 3903 | (define-public gtk+-3.8 |
| 3904 | (package |
| 3905 | (name "gtk+") |
| 3906 | (version "3.8.2") |
| 3907 | ...)) |
| 3908 | @end example |
| 3909 | |
| 3910 | |
| 3911 | @node Python Modules |
| 3912 | @subsection Python Modules |
| 3913 | |
| 3914 | We currently package Python 2 and Python 3, under the Scheme variable names |
| 3915 | @code{python-2} and @code{python} as explained in @ref{Version Numbers}. |
| 3916 | To avoid confusion and naming clashes with other programming languages, it |
| 3917 | seems desirable that the name of a package for a Python module contains |
| 3918 | the word @code{python}. |
| 3919 | |
| 3920 | Some modules are compatible with only one version of Python, others with both. |
| 3921 | If the package Foo compiles only with Python 3, we name it |
| 3922 | @code{python-foo}; if it compiles only with Python 2, we name it |
| 3923 | @code{python2-foo}. If it is compatible with both versions, we create two |
| 3924 | packages with the corresponding names. |
| 3925 | |
| 3926 | If a project already contains the word @code{python}, we drop this; |
| 3927 | for instance, the module python-dateutil is packaged under the names |
| 3928 | @code{python-dateutil} and @code{python2-dateutil}. |
| 3929 | |
| 3930 | |
| 3931 | @node Perl Modules |
| 3932 | @subsection Perl Modules |
| 3933 | |
| 3934 | Perl programs standing for themselves are named as any other package, |
| 3935 | using the lowercase upstream name. |
| 3936 | For Perl packages containing a single class, we use the lowercase class name, |
| 3937 | replace all occurrences of @code{::} by dashes and prepend the prefix |
| 3938 | @code{perl-}. |
| 3939 | So the class @code{XML::Parser} becomes @code{perl-xml-parser}. |
| 3940 | Modules containing several classes keep their lowercase upstream name and |
| 3941 | are also prepended by @code{perl-}. Such modules tend to have the word |
| 3942 | @code{perl} somewhere in their name, which gets dropped in favor of the |
| 3943 | prefix. For instance, @code{libwww-perl} becomes @code{perl-libwww}. |
| 3944 | |
| 3945 | |
| 3946 | |
| 3947 | @node Bootstrapping |
| 3948 | @section Bootstrapping |
| 3949 | |
| 3950 | @c Adapted from the ELS 2013 paper. |
| 3951 | |
| 3952 | @cindex bootstrapping |
| 3953 | |
| 3954 | Bootstrapping in our context refers to how the distribution gets built |
| 3955 | ``from nothing''. Remember that the build environment of a derivation |
| 3956 | contains nothing but its declared inputs (@pxref{Introduction}). So |
| 3957 | there's an obvious chicken-and-egg problem: how does the first package |
| 3958 | get built? How does the first compiler get compiled? Note that this is |
| 3959 | a question of interest only to the curious hacker, not to the regular |
| 3960 | user, so you can shamelessly skip this section if you consider yourself |
| 3961 | a ``regular user''. |
| 3962 | |
| 3963 | @cindex bootstrap binaries |
| 3964 | The GNU system is primarily made of C code, with libc at its core. The |
| 3965 | GNU build system itself assumes the availability of a Bourne shell and |
| 3966 | command-line tools provided by GNU Coreutils, Awk, Findutils, `sed', and |
| 3967 | `grep'. Furthermore, build programs---programs that run |
| 3968 | @code{./configure}, @code{make}, etc.---are written in Guile Scheme |
| 3969 | (@pxref{Derivations}). Consequently, to be able to build anything at |
| 3970 | all, from scratch, Guix relies on pre-built binaries of Guile, GCC, |
| 3971 | Binutils, libc, and the other packages mentioned above---the |
| 3972 | @dfn{bootstrap binaries}. |
| 3973 | |
| 3974 | These bootstrap binaries are ``taken for granted'', though we can also |
| 3975 | re-create them if needed (more on that later). |
| 3976 | |
| 3977 | @unnumberedsubsec Preparing to Use the Bootstrap Binaries |
| 3978 | |
| 3979 | @c As of Emacs 24.3, Info-mode displays the image, but since it's a |
| 3980 | @c large image, it's hard to scroll. Oh well. |
| 3981 | @image{images/bootstrap-graph,6in,,Dependency graph of the early bootstrap derivations} |
| 3982 | |
| 3983 | The figure above shows the very beginning of the dependency graph of the |
| 3984 | distribution, corresponding to the package definitions of the @code{(gnu |
| 3985 | packages bootstrap)} module. At this level of detail, things are |
| 3986 | slightly complex. First, Guile itself consists of an ELF executable, |
| 3987 | along with many source and compiled Scheme files that are dynamically |
| 3988 | loaded when it runs. This gets stored in the @file{guile-2.0.7.tar.xz} |
| 3989 | tarball shown in this graph. This tarball is part of Guix's ``source'' |
| 3990 | distribution, and gets inserted into the store with @code{add-to-store} |
| 3991 | (@pxref{The Store}). |
| 3992 | |
| 3993 | But how do we write a derivation that unpacks this tarball and adds it |
| 3994 | to the store? To solve this problem, the @code{guile-bootstrap-2.0.drv} |
| 3995 | derivation---the first one that gets built---uses @code{bash} as its |
| 3996 | builder, which runs @code{build-bootstrap-guile.sh}, which in turn calls |
| 3997 | @code{tar} to unpack the tarball. Thus, @file{bash}, @file{tar}, |
| 3998 | @file{xz}, and @file{mkdir} are statically-linked binaries, also part of |
| 3999 | the Guix source distribution, whose sole purpose is to allow the Guile |
| 4000 | tarball to be unpacked. |
| 4001 | |
| 4002 | Once @code{guile-bootstrap-2.0.drv} is built, we have a functioning |
| 4003 | Guile that can be used to run subsequent build programs. Its first task |
| 4004 | is to download tarballs containing the other pre-built binaries---this |
| 4005 | is what the @code{.tar.xz.drv} derivations do. Guix modules such as |
| 4006 | @code{ftp-client.scm} are used for this purpose. The |
| 4007 | @code{module-import.drv} derivations import those modules in a directory |
| 4008 | in the store, using the original layout. The |
| 4009 | @code{module-import-compiled.drv} derivations compile those modules, and |
| 4010 | write them in an output directory with the right layout. This |
| 4011 | corresponds to the @code{#:modules} argument of |
| 4012 | @code{build-expression->derivation} (@pxref{Derivations}). |
| 4013 | |
| 4014 | Finally, the various tarballs are unpacked by the |
| 4015 | derivations @code{gcc-bootstrap-0.drv}, @code{glibc-bootstrap-0.drv}, |
| 4016 | etc., at which point we have a working C tool chain. |
| 4017 | |
| 4018 | |
| 4019 | @unnumberedsubsec Building the Build Tools |
| 4020 | |
| 4021 | @c TODO: Add a package-level dependency graph generated from (gnu |
| 4022 | @c packages base). |
| 4023 | |
| 4024 | Bootstrapping is complete when we have a full tool chain that does not |
| 4025 | depend on the pre-built bootstrap tools discussed above. This |
| 4026 | no-dependency requirement is verified by checking whether the files of |
| 4027 | the final tool chain contain references to the @file{/gnu/store} |
| 4028 | directories of the bootstrap inputs. The process that leads to this |
| 4029 | ``final'' tool chain is described by the package definitions found in |
| 4030 | the @code{(gnu packages base)} module. |
| 4031 | |
| 4032 | @c See <http://lists.gnu.org/archive/html/gnu-system-discuss/2012-10/msg00000.html>. |
| 4033 | The first tool that gets built with the bootstrap binaries is |
| 4034 | GNU Make, which is a prerequisite for all the following packages. |
| 4035 | From there Findutils and Diffutils get built. |
| 4036 | |
| 4037 | Then come the first-stage Binutils and GCC, built as pseudo cross |
| 4038 | tools---i.e., with @code{--target} equal to @code{--host}. They are |
| 4039 | used to build libc. Thanks to this cross-build trick, this libc is |
| 4040 | guaranteed not to hold any reference to the initial tool chain. |
| 4041 | |
| 4042 | From there the final Binutils and GCC are built. GCC uses @code{ld} |
| 4043 | from the final Binutils, and links programs against the just-built libc. |
| 4044 | This tool chain is used to build the other packages used by Guix and by |
| 4045 | the GNU Build System: Guile, Bash, Coreutils, etc. |
| 4046 | |
| 4047 | And voilà! At this point we have the complete set of build tools that |
| 4048 | the GNU Build System expects. These are in the @code{%final-inputs} |
| 4049 | variables of the @code{(gnu packages base)} module, and are implicitly |
| 4050 | used by any package that uses @code{gnu-build-system} (@pxref{Defining |
| 4051 | Packages}). |
| 4052 | |
| 4053 | |
| 4054 | @unnumberedsubsec Building the Bootstrap Binaries |
| 4055 | |
| 4056 | Because the final tool chain does not depend on the bootstrap binaries, |
| 4057 | those rarely need to be updated. Nevertheless, it is useful to have an |
| 4058 | automated way to produce them, should an update occur, and this is what |
| 4059 | the @code{(gnu packages make-bootstrap)} module provides. |
| 4060 | |
| 4061 | The following command builds the tarballs containing the bootstrap |
| 4062 | binaries (Guile, Binutils, GCC, libc, and a tarball containing a mixture |
| 4063 | of Coreutils and other basic command-line tools): |
| 4064 | |
| 4065 | @example |
| 4066 | guix build bootstrap-tarballs |
| 4067 | @end example |
| 4068 | |
| 4069 | The generated tarballs are those that should be referred to in the |
| 4070 | @code{(gnu packages bootstrap)} module mentioned at the beginning of |
| 4071 | this section. |
| 4072 | |
| 4073 | Still here? Then perhaps by now you've started to wonder: when do we |
| 4074 | reach a fixed point? That is an interesting question! The answer is |
| 4075 | unknown, but if you would like to investigate further (and have |
| 4076 | significant computational and storage resources to do so), then let us |
| 4077 | know. |
| 4078 | |
| 4079 | @node Porting |
| 4080 | @section Porting to a New Platform |
| 4081 | |
| 4082 | As discussed above, the GNU distribution is self-contained, and |
| 4083 | self-containment is achieved by relying on pre-built ``bootstrap |
| 4084 | binaries'' (@pxref{Bootstrapping}). These binaries are specific to an |
| 4085 | operating system kernel, CPU architecture, and application binary |
| 4086 | interface (ABI). Thus, to port the distribution to a platform that is |
| 4087 | not yet supported, one must build those bootstrap binaries, and update |
| 4088 | the @code{(gnu packages bootstrap)} module to use them on that platform. |
| 4089 | |
| 4090 | Fortunately, Guix can @emph{cross compile} those bootstrap binaries. |
| 4091 | When everything goes well, and assuming the GNU tool chain supports the |
| 4092 | target platform, this can be as simple as running a command like this |
| 4093 | one: |
| 4094 | |
| 4095 | @example |
| 4096 | guix build --target=armv5tel-linux-gnueabi bootstrap-tarballs |
| 4097 | @end example |
| 4098 | |
| 4099 | Once these are built, the @code{(gnu packages bootstrap)} module needs |
| 4100 | to be updated to refer to these binaries on the target platform. In |
| 4101 | addition, the @code{glibc-dynamic-linker} procedure in that module must |
| 4102 | be augmented to return the right file name for libc's dynamic linker on |
| 4103 | that platform; likewise, @code{system->linux-architecture} in @code{(gnu |
| 4104 | packages linux)} must be taught about the new platform. |
| 4105 | |
| 4106 | In practice, there may be some complications. First, it may be that the |
| 4107 | extended GNU triplet that specifies an ABI (like the @code{eabi} suffix |
| 4108 | above) is not recognized by all the GNU tools. Typically, glibc |
| 4109 | recognizes some of these, whereas GCC uses an extra @code{--with-abi} |
| 4110 | configure flag (see @code{gcc.scm} for examples of how to handle this). |
| 4111 | Second, some of the required packages could fail to build for that |
| 4112 | platform. Lastly, the generated binaries could be broken for some |
| 4113 | reason. |
| 4114 | |
| 4115 | |
| 4116 | @c ********************************************************************* |
| 4117 | @node Contributing |
| 4118 | @chapter Contributing |
| 4119 | |
| 4120 | This project is a cooperative effort, and we need your help to make it |
| 4121 | grow! Please get in touch with us on @email{guix-devel@@gnu.org} and |
| 4122 | @code{#guix} on the Freenode IRC network. We welcome ideas, bug |
| 4123 | reports, patches, and anything that may be helpful to the project. We |
| 4124 | particularly welcome help on packaging (@pxref{Packaging Guidelines}). |
| 4125 | |
| 4126 | Please see the |
| 4127 | @url{http://git.savannah.gnu.org/cgit/guix.git/tree/HACKING, |
| 4128 | @file{HACKING} file} that comes with the Guix source code for practical |
| 4129 | details about contributions. |
| 4130 | |
| 4131 | |
| 4132 | @c ********************************************************************* |
| 4133 | @node Acknowledgments |
| 4134 | @chapter Acknowledgments |
| 4135 | |
| 4136 | Guix is based on the Nix package manager, which was designed and |
| 4137 | implemented by Eelco Dolstra. Nix pioneered functional package |
| 4138 | management, and promoted unprecedented features, such as transactional |
| 4139 | package upgrades and rollbacks, per-user profiles, and referentially |
| 4140 | transparent build processes. Without this work, Guix would not exist. |
| 4141 | |
| 4142 | The Nix-based software distributions, Nixpkgs and NixOS, have also been |
| 4143 | an inspiration for Guix. |
| 4144 | |
| 4145 | @c ********************************************************************* |
| 4146 | @node GNU Free Documentation License |
| 4147 | @appendix GNU Free Documentation License |
| 4148 | |
| 4149 | @include fdl-1.3.texi |
| 4150 | |
| 4151 | @c ********************************************************************* |
| 4152 | @node Concept Index |
| 4153 | @unnumbered Concept Index |
| 4154 | @printindex cp |
| 4155 | |
| 4156 | @node Programming Index |
| 4157 | @unnumbered Programming Index |
| 4158 | @syncodeindex tp fn |
| 4159 | @syncodeindex vr fn |
| 4160 | @printindex fn |
| 4161 | |
| 4162 | @bye |
| 4163 | |
| 4164 | @c Local Variables: |
| 4165 | @c ispell-local-dictionary: "american"; |
| 4166 | @c End: |