The GNU Guix 1.3 package manager and the GNU distribution based on it have been released.LinuxDownloadable images are available for installation on a USB flash drive (610 MB) and use in virtualization systems (972 MB). Supported architectures include i686, x86_64, Power9, armv7, and aarch64.
The distribution allows installation both as a standalone OS in virtualization systems, in containers and on regular hardware, and running in already installed GNU/Linux distributions.Linux, serving as a platform for deploying applications. The user is provided with features such as dependency management, repeatable builds, rootless operation, rollback to previous versions in case of problems, configuration management, environment cloning (creating an exact copy of the software environment on other computers), and more.
Main innovations:
- Initial support for the POWER9 architecture (powerpc64le-linux) has been implemented.
- It is possible to use a declarative deployment mode, in which, instead of a series of “guix install” and “guix remove” commands, a single command “guix package –manifest=manifest.scm” is run, defining in the manifest.scm file all applications that need to be installed. To generate a manifest based on an existing installation profile, the “guix package” command offers the “--export-manifest” and “--export-channels” options.
- Added the "--with-latest" package transformation option, useful for those who want to have the latest versions of programs, even if a ready-made package for Guix has not yet been generated for the application. Also added is the “--with-patch” option to build a series of packages with a patch applied to one or more of them.
- The “guix” commands implement the output of recommendations with suggestions for replacements in case of typos or the presence of alternative subcommands. $ guix package --export-manifests guix package: error: export-manifests: unrecognized option hint: Did you mean `export-manifest'?
- “Guix refresh” has added support for downloading updates from SourceForge hosting, as well as a generic-html mode for receiving updates from the project home page.
- Added a new command “guix import go” for recursively importing packages in the Go language, taking into account dependencies. The "guix import opam" command now supports Coq packages. The “guix import crate” takes into account semantic versioning in recursive loading mode. The "guix import nix" command has been removed.
- The installation of pre-built binary packages (substitute) has been optimized and the work of the “guix system init” command has been accelerated.
- Added "--profile" option to the "guix environment" command.
- Added "--discover" option to guix-daemon for local network discovery servers, which deliver assembled binary packages (substitute) using the mDNS/DNS-SD protocols. The "--advertise" option has been added to the "guix publish" command to allow announcements from servers to be sent.
- The ability to use the Zstd algorithm for packet compression has been implemented.
- In the “--verbosity=1” mode, the output of downloaded URLs is stopped.
- Instead of the “disk-image” and “vm-image” subcommands, the general “guix system image” command is proposed.
- In the distribution image for virtual machines Added support for SPICE protocol.
- An automatic installation mode has been added to the installation script.
- Added lvm-device-mapping service to support LVM volume manager (Linux Logical Volume Manager).
- Added “guix system image -t rock64-raw” mode for generating distribution images for Rock64 boards.
- The initrd has bcachefs support enabled by default.
- The CUPS print server has the "brlaser" service enabled by default to support Brother printers.
- Added new system services agate, cuirass-remote-worker, ipfs, keepalived, laminar, radicale, syncthing, transmission-daemon, wireguard, xorg-server.
- Versions of programs in 3100 packages were updated, 2009 new packages were added. Including updated versions of gcc 10.3.0, glibc 2.31, GNOME 3.34.5, gnupg 2.2.27, go 1.14.15, guile 3.0.5, icecat 78.10.0-guix0-preview1, icedtea 3.7.0, inkscape 1.0.2. 1.5.3, julia 6.4.7.2, libreoffice 5.11.15, linux-libre 4.11.1, ocaml 6.2.0, octave 14.0, openjdk 3.8.2, python 8.0, racket 1.51.0, rust 4.0.4, r 2.1.3, sbcl 4.16.0, Xfce 1.20.10 and xorg-server XNUMX.
- Fixed vulnerability CVE-2021-27851 in guix-daemon, which allows a local user to escalate their privileges on the system. The problem is that during the execution of the "guix build" command, the build directory remained writable and the user could create a hard link to a file owned by root and located outside the build directory, for example, "/etc/shadow". If the “--keep-failed” option was specified during the build, then in case of failure, guix-daemon changed the owner for the entire assembly tree to the current user, including hard links.
Recall that the GNU Guix package manager is based on the developments of the Nix project and, in addition to the typical package management functions, supports such features as transactional updates, the ability to roll back updates, work without obtaining superuser privileges, support for profiles associated with individual users, the ability to simultaneously install several versions of one programs, garbage collection tools (identifying and removing unused versions of packages). To define application build scripts and packaging rules, it is proposed to use a specialized high-level domain-specific language and Guile Scheme API components that allow you to perform all package management operations in the Scheme functional programming language.
The ability to use packages prepared for the Nix package manager and hosted in the Nixpkgs repository is supported. In addition to package operations, you can create scripts to manage application configuration. When a package is built, all associated dependencies are automatically downloaded and built. It is possible both to download ready-made binary packages from the repository, and build from source with all dependencies. Implemented tools to keep versions of installed programs up to date by organizing the installation of updates from an external repository.
The build environment for packages is formed as a container containing all the components necessary for the operation of applications, which allows you to create a set of packages that can work without regard to the composition of the base system environment of the distribution, in which Guix is used as an add-on. Dependencies can be determined between Guix packages by scanning the hash identifiers in the directory of installed packages to find the presence of already installed dependencies. Packages are installed in a separate directory tree or subdirectory in the user's directory, which allows it to coexist with other package managers and provide support for a wide range of existing distributions. For example, a package is installed as /nix/store/452a5978f3b0b426064a2b64a0c6f41-firefox-88.0.0/ where "452a59..." is a unique package ID used to control dependencies.
The distribution includes only free components and comes with the GNU kernel. Linux-Libre, cleaned of non-free binary firmware elements. GCC 9.3 is used for compilation. The GNU Shepherd service manager (formerly dmd), developed as an alternative to SysV-init with dependency support, is used as the initialization system. The Shepherd control daemon and utilities are written in Guile (an implementation of the Scheme language), which is also used to define service startup parameters. The base image supports console mode, but 17243 ready-to-install packages are available, including components of the X.Org-based graphics stack, the dwm and ratpoison window managers, the Xfce desktop, and a selection of graphical applications.
Source: opennet.ru
