GNU Guix: A Glimpse Into the Future

Published 2021-1-25
by Ryan Sundberg

GNU Guix is an operating system project sponsored by the Free Software Foundation which aims to develop a universal, verifiable package manager for the world's free software. It can build byte-for-byte verifiable packages from source, while redistributing the verified builds in binary form for efficiency.

A Reprogrammable Operating System

Guix is written in Guile Scheme (including the init system, Shepherd). These two properties make Guix a self-hosted environment, similar to older lisp machines and smalltalk environments, with an operating system that can be used to reprogram itself. Guix can be hacked on directly in its source code, or extended by linking it with other Guile programs. By extending Guix in this way, we can write our own programs that specify entire Guix operating systems. Finally, we can render those operating systems into disk images for production use, or redeploy them to live machines via ssh.

Not Just an Operating System

Since we can write our own scheme programs now using Guix (programs which produce entire operating systems from a few lines of code), we can abstract to a higher order of magnitude by defining entire clusters of machines in our guile programs.

Some of the new things we can do with clusters:

  • Program entire classes of machines at a time
  • Generate static networks to link hosts together
  • Ship custom kernels, system patches, and security configurations.

Developer Centric

While it can produce verifiable operating system images, Guix is also capable of reproducing development and build environments. This allows developers to jump right in to a project without resolving through frustrating dependency problems. It also maintains the system naturally over time as the effects of software "decay" are reduced because of its hermetic package management system, which requires all package to be able to build offline once their sources have been downloaded. Finally, since all sources are available, and packages build from a DAG of their inputs, it allows us to patch deeply into system libraries and components when necessary, and let the build system regenerate a new environment with our patches included.

Some of the new things for Developers

  • Provide consistent developer environments
  • Reduces effects of bit rot from upstream vendors
  • Allows patching deep into the system where it is necessary

Try It Out

Guix comes as a standalone package manager for Linux (and MacOS), and as Guix System Distribution, an entire GNU/Linux operating system.

Download Guix

Discussion