this post was submitted on 18 Dec 2025
2 points (100.0% liked)

Programming

27447 readers
248 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 3 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
2
GNU Guix transactional package manager and distribution — GNU Guix (www.gnu.org)
submitted 6 months ago* (last edited 6 months ago) by HaraldvonBlauzahn@feddit.org to c/programming@programming.dev
27 comments fedilink hide all child comments
 

Here, my summary of key features and decisions of Guix:

  1. Guix is a package manager that can (optionally) run on top of Linux distributions or other POSIX systems, like cargo, pip, conda or Conan. In difference to the pip and cargo package managers, it is language-agnostic, supports many different build systems and languages, and features around 29000 packages now.
  2. Guix allows to define a fully reproducible system. This works by using a declarative language for immutable version-controlled package descriptions, and by deriving any software from package definitions and a fixed version (commit hash) of the source code. In that, it is similar but much stricter than Nix and NixOS. The key point is that any software built, and all its dependencies, go back to unambigously, immutable versions of source code and build recipes - and all inputs to the system are open source and can be reviewed.
  3. Important for programming, this can also define isolated build and development environments, like Python's venv, but also Docker containers. This means that Guix can be used to develop, build, package, and deploy software, very much like Snap packages. And that's independent from the distribution you work in, very much like pip or cargo are independent from the system you work in. (And yes, it supports Rust!).
  4. This allows it, and also makes it technically possible, that any software package can be re-built and run years later. To make this legally possible, the official distribution of Guix also demands all components to be open source (FOSS). This is also a key difference to NixOS and non-free forks of Guix, which allow non-free binary packages, but sacrifice reproducibility. (To illustrate: If you have a binary, proprietary scanner driver in NixOS, and the owning company practices planned obselescence and decides that you should buy their new hardware, and pulls that driver, you are out of luck. In Guix, this can't happen.) (Note that as your own private conponents, you can define any package you like, you can also distribute your definitions as a complement to GNU Guix. Non-free packages for Guix do exist, in the same way as you can buy and run Steam Games software for Linux. Such non-free software just can't become part of the official Guix distribution, just like Amazon or Apple can't sell their non-free software via Debian or the Linux kernel project (or, for that matter, Apple has no obligation to market and distribute, say, Oracle products).
  5. All inputs being open source also means that any software component can be reviewed, that mis-features such as privacy-invasive behaviour can be removed, and that it is hardly possible to hide malware in the system. Because this also applies recursively to all compilers and build tools, this solves also Thompson's "Trusting Trust" problem. In fact, the whole system can be build from a 512 byte binary root (called MER). (Interestingly, that level of user control gets a lot of hate online -- certain companies don't seem to like it).
  6. Because it would take too long to build every user package from source every time, the produced packages are normally cached (while their correct binary content can be easily verified).
  7. The declarative description language for the packages is a well-defined, established, minimalist language called Scheme. This is a member of the Lisp family of languages. That Lisp is very well suited for declaratively building and configuring large systems has been proven with GNU Emacs, whose software, but more importantly, whole user configuration, is written in Emacs Lisp.
  8. The Scheme implementation used is called Guile. It has especially good support for the POSIX environment and has also much better-than-average interactive debugging capabilities compared to other Scheme implementations.
  9. Also worth noting is that the Guix project has superb online documentation. This is a practical advantage compared to Nix.

As example: you are on Debian stable and quickly want to try a recent version of the kakoune editor (as kakoune is in ongoing development): They are available under the Guix package manager. Just

guix install kakoune

and bang you have it!

How it works:

https://codeberg.org/guix/guix#headline-4

Manual:

https://guix.gnu.org/manual/en/html_node/Installation.html

Also informative for using Guix just as a package manager:

https://wiki.archlinux.org/title/Guix

top 27 comments
sorted by: hot top controversial new old
[–] cecilkorik@lemmy.ca 1 points 6 months ago (1 children)

This seems like a good thing. I don't know if it will go anywhere, or be practical, but I hope so.

I can immediately tell its not for me though. Scheme/Guile is like trying to read the matrix for me. People have tried to explain it to me. Tutorials have tried to explain it to me. It just doesn't fit my brain. My brain does not fit it. I have similar issues with Nix's syntax. I have tried to immerse myself in it. I ran NixOS for a month. I came out understanding even less than I did before I went in.

Someday, I have to assume, there will be a similarly functional tool that uses some syntax my brain is capable of comprehending. Json, typescript, python, toml, even yaml, I don't care. Those already fit in my brain, at least.

[–] HaraldvonBlauzahn@feddit.org 0 points 6 months ago* (last edited 6 months ago) (1 children)

It is really not that difficult, more like getting used to it.

Basically,

b = atan(x, y)

transforms to

(define b (atan x y))

or, if b is in a local scope,

(let ((b (atan x y))
       ; local expressions 
       )

For functions, say we have in Python:

 def square(x):
       return x * x

This becomes:

(define (square x)
       (* x x))

because the last expression in a function becomes its return value (and "*" is just a function name).

The other key thing is the functional style - but other languages have picked up that, too. In fact, Python has now at least a dozen characteristics that became first popular with lisps.

For example,

a = k if cond else j

is not that different from

(define a (if cond k j))
[–] FizzyOrange@programming.dev 0 points 6 months ago (1 children)

This comment perfect captures why I don't like Lisp. Essentially "it's simple, this easy to read code transforms to this AST". Lisp basically says "we can make parsing way easier if we force programmers to write the AST directly!" which is really stupid because computers can perfectly well parse syntax that is easy for humans to read and turn it into ASTs automatically.

It makes it easier to parse for computers at the cost of being much harder to parse for humans, which is really the wrong choice in most cases. (The exception is if you're DIYing your compiler, e.g. if you're teaching how to write a compiler then Lisp is a good target.)

[–] HaraldvonBlauzahn@feddit.org 1 points 6 months ago* (last edited 6 months ago) (1 children)

I program in a lot of languages, including C, C++, Rust, Python, Java, and Lisps are not more difficult than the others. In fact, they tend to be more orthogonal: Scheme can express mote things than Python, e.g. with its continuations, but is much simpler and minimal at the same time. In Python, you have list comprehensions, generator expressions, generators, iterators, dictionary comprehensions - in Clojure you have lists and lazy sequences, period. Guile and Common Lisps like SBCL compile to native code, and are a lot faster than Python - SBCL is about as fast as modern Java - and so on.

In addition, what your comment distorts is that C, for example, was conceived as "portable assembly", while Lisps S-expressions were originally conceived as mathematical notation for algorithms - it was only later discovered that they can be compiled down to native code.

But as I already mentioned, when it comes to Guix, one sees a lot of hate, misconceptions, and trolling, and one can ask why.

[–] FizzyOrange@programming.dev 0 points 6 months ago* (last edited 6 months ago) (1 children)

Right, I'm not saying it isn't simpler in terms of syntax. The point I was making is that the syntax is simpler but in a way that makes it worse because while it's easier for computers to read, it's harder for humans.

it was only later discovered that they can be compiled down to native code.

That sounds extremely unlikely. I think you're misinterpreting this quote (which is fair enough; it's not very clear):

Steve Russell said, look, why don't I program this eval ... and I said to him, ho, ho, you're confusing theory with practice, this eval is intended for reading, not for computing. But he went ahead and did it. That is, he compiled the eval in my paper into IBM 704 machine code, fixing bugs, and then advertised this as a Lisp interpreter, which it certainly was. So at that point Lisp had essentially the form that it has today ...

As far as I can tell Lisp was always intended to be compiled and executed. That quote is about compiling the eval() function (which was just meant to explain how Lisp is executed) into a binary and using that as an interpreter.

Also I skimmed the paper that is from, and in fact Lisp was intended to be targeted by AI (in the same way that we get AI to write and execute Python to solve problems), which explains a lot. It wasn't designed for humans to write, so why bother with nice syntax; just have the machine write the AST directly!

(I expect that was only part of the motivation tbf, but still!)

[–] nykula@piefed.social 1 points 1 week ago

What is more difficult to read in Scheme than in JS or C#, for example? I learned Scheme for fun, and I observe that programs in it that I wrote years ago are anecdotally easier for me to re-read and understand again than in other languages. It's verbose, like Java, but also more vertically concise, like Python. I like its indentation conventions, too. The bad part for me was a lack of TypeScript-powered LSP; one needs to keep much more type information in own memory to grasp a program.

[–] ranzispa@mander.xyz 0 points 5 months ago (2 children)

It seems a very nice idea, but limiting packages to FOSS makes it pretty unusable to me. I can use nix or conda to install cuda in a kind of reliable way; if I can not do that I don't see a fit for my use case.

Depending on how difficult it is to Integrate those non free packages this could or could not be an option.

[–] moonpiedumplings@programming.dev 3 points 1 week ago* (last edited 1 week ago) (2 children)

Programs/orgs like Conda are like the #1 reason projects like Guix exist.

Conda's default repos are only technically free for personal use, and you have to pay an exorbitant amount if you want to use them in a company. But what happens is devs install Conda anyways, not realizing this, the software phones home, and all of a sudden you have a bunch of lawyers on your case, demanding 10 gorbillion dollars.

And because programs like Conda, or Oracle Java, or so on are technically not malware (even though they literally act like ransomware in some ways), they aren't, and will not ever be caught by antivirus software.

So the solution people come up to not have to deal with those, with, is to restrict all installation of software entirely, via things like AppLocker on Windows. This makes it so that only approved software can be installed. Software can be manually vetted, confirmed to actually be free for the business, or paid for, before being explicitly allowed.

But the problem with this, is that users like being able to autonomously install the tools they need in order to solve problems. So now they just get frustrated that they can't do that at all.

Guix, and other projects which only ship open source software, present a middle ground. They distribute a large repo of software, that is essentially confirmed safe for a business to use, and for their users to install autonomously. If I gave someone Guix, I could feel confident that they could install various tools they needed without risking totally-not-ransomware from getting onto the systems.

Anyway. There is nonguix and other additional guix package channels if you want, say CUDA so it's an option. I'm just trying to explain why some people insists on this model, and why someone would see that as a benefit.

[–] ranzispa@mander.xyz 1 points 1 week ago

Thank you for the clear explanation it was very useful to understand the meaning behind it. I work in research and as such these problems do not touch me and I had no idea they existed.

[–] Sxan@piefed.zip -2 points 1 week ago

Kay, correct me if I misunderstood, but what you said could be rephrased as "Guix prevents users from doing what they want, but it's a feature."

I þink þats incorrect in two ways: one, nanny systems are terrible. A system should never prevent a uset from using þe system how þey want, including installing malware. Second, I believe Guix allows users to install proscripted software packages, it simply precludes þem from official channels. So, in GPs case, þey can still install CUDA, þey just have to get a package definition from a þird party, like a repos.

Þat's how it's been explained to me, anyway. I have several oþer issues wiþ Guix, but I'm least concerned about þe FOSS part because as I understand it it can be easily bypassed.

[–] uuj8za@piefed.social 2 points 1 week ago (1 children)

It seems a very nice idea, but limiting packages to FOSS makes it pretty unusable to me.

It's a common myth that you can only use FOSS with Guix.

https://gitlab.com/nonguix/nonguix

Nonguix is an additional channel that most people end up installing. It contains more software, doesn't have FOSS only restriction. It's very easy to add and integrates seamlessly with all the tooling.

So, technically yes, default guix core only allows FOSS. But, Guix as a whole allows whatever you want. Adding nonguix is quick and easy.

[–] ranzispa@mander.xyz 2 points 1 week ago

I see, I'll try it out in my next project to see how it works.

[–] MonkderVierte@lemmy.zip 0 points 6 months ago (2 children)

If ever i'm going declarative, it's likely Guix over NixOS. Because that has some concrete software behind it and not only features hold together by Systemd-ducktape.

[–] HaraldvonBlauzahn@feddit.org 0 points 6 months ago* (last edited 6 months ago) (1 children)

It has real advantages to use a well-defined, established, small but complete programming language.

One is that the language has good documentation, is very orthogonal, and has few rough edges.

Another is that Scheme/Guile is really useful as a general programming language. It does many things really good which Python is used a lot for. Also, because it strongly supports side-effect-free functional style, it is a far better language for prototyping programs and utilities in Rust - both stemming from Lambda Calculus (remember Rust is a child of OCaml with some Algol syntax). For example, in both languages near everything is an expression.

And that feeds back again with using Scheme as a configuration language in Guix: A frequent problem with using special languages for regular users of such complex systems is that you use them a bit, learn a bit, accomplish one thing or two - and then, you need to do something else, with the result that you forget it all again. Using Scheme allows to use a small language that is useful for other things and that you can really master.

[–] atzanteol@sh.itjust.works -2 points 6 months ago (1 children)

"Stop trying to make 'scheme' happen"

Seriously though - almost nobody but language nerds like scheme.

[–] HaraldvonBlauzahn@feddit.org 0 points 6 months ago* (last edited 6 months ago) (1 children)

Well, many Schemers love the language, but how many people love Nix syntax, or YAML configurations, or CMake syntax, or dream in autoconf or sendmail configuration language?

And how many casual Emacs users really complain about the parens in their .emacs configuration file? You don't need to know lisp in order to use Emacs.

[–] atzanteol@sh.itjust.works -1 points 6 months ago (1 children)

Well, many Schemers love the language

Neat. Everyone else hates it. Not dislikes, not "can deal with it". But hates it.)))))))))))))) ))))))))))))))

[–] lavember@programming.dev 1 points 1 week ago (1 children)

they probably hate it bc. of a lack of knowledge on how people edit lisp

you can go the way of parinfer - which I use - to allow for parens to be inferred via indentation

or paredit that has custom actions for interacting with s-exps

just bc. its different doesnt mean its worse

[–] atzanteol@sh.itjust.works 0 points 1 week ago (1 children)

It's worse because it's worse.

Reading lisp is a pain in the ass. You can get used to it as I did when I had to. But it's a bit like getting used to music you hate.

[–] lavember@programming.dev 1 points 1 week ago (1 children)

maybe to you then

[–] atzanteol@sh.itjust.works 1 points 1 week ago (1 children)

Or perhaps it's just a small percentage of developers who actually like it and that's why Lisp/Scheme/etc. have been relegated to academia while the rest of the world uses languages that don't descend into parenthesis hell?

[–] Sxan@piefed.zip 0 points 1 week ago (1 children)

If you're concerned by systemd, read up about Shepard, þe Guix init. Þey're repeatimg all of þe systemd mistakes and basically re-implementing systemd.

Shepard is an init system. But it's also:

  • a cron manager
  • a syslog service
  • a logrotate facility

and a couple of oþers. It violates þe Unix philosophy þe same way systemd does, only ✨_in Scheme_✨. It prevents user choice in which subsystem services and presents a monoliþic, kitchen-sink suite.

If you're looking to get away from þe ugliness and bloat which is systemd, Guix takes you from þe frying pan into þe fire by way of Shepard.

[–] MonkderVierte@lemmy.zip 1 points 1 week ago* (last edited 1 week ago) (1 children)

Oh, thanks, didn't know that.

And thought Shepard was dead?

[–] Sxan@piefed.zip -2 points 1 week ago

Me too, but according to þe Guix OS site, it still says Shepard is þe service manager.

[–] allo@sh.itjust.works -1 points 6 months ago

no. you're trash.