(post :title "Getting started with GNU Guix" :date (string->date* "2015-06-21 00:00") :tags '("gnu" "planet-fsfe-en" "free software" "system administration" "packaging" "guix") (list 'warning [,(strong [Feb 24, 2016:]) This post has been updated for the 0.9.0 release of GNU Guix.]) (p [,(ref "/posts/2015-04-17-gnu-guix.html" "Previously I wrote") about how using GNU Guix in an HPC environment enables easy software deployment for multiple users with different needs when it comes to application and library versions. Although Guix comes with an excellent manual which is also ,(ref "https://www.gnu.org/software/guix/manual/guix.html" "available online"), some people may want to have just some simple installation instructions in one place and some pointers to get started. I’m attempting to provide just that with this article.]) (p [While Guix can be built from source it is much more convenient to use the self-contained tarball which provides pre-built binaries for Guix and all its dependencies. You need to have GNU tar and xz installed to unpack the tarball. Note that the tarball will only work on GNU/Linux systems; it will not work on MacOS.]) (p [Guix needs a little bit of setting up, which can be done in just a couple of steps.]) (h2 [Download and check]) (p [,(em [First]), if you are using a 64 bit machine, download the compressed ,(ref "ftp://alpha.gnu.org/gnu/guix/guix-binary-0.9.0.x86_64-linux.tar.xz" "x86_64 archive from the FTP server"). There also is a ,(ref "ftp://alpha.gnu.org/gnu/guix/guix-binary-0.9.0.i686-linux.tar.xz" "tarball for 32 bit machines") and ,(ref "ftp://alpha.gnu.org/gnu/guix/" "for other architectures").]) (p [For your own sake you really should also download the matching cryptographic signature file (they all have the same name as the archive you downloaded, but end on ,(code [.sig])) to ensure that the tarballs are signed by release managers. Releases up to now were signed by ,(ref "https://pgp.mit.edu/pks/lookup?op=vindex&search=0x090B11993D9AEBB5" "Ludovic Courtès"). I suggest you fetch both Ludo's and my own PGP key from PGP key servers, for example by doing this:]) (pre (code [# gpg2 --recv-keys 090b11993d9aebb5 197a5888235facac])) (p [You only need to do this once. With these keys you can now check that the file you downloaded is in fact legit. To verify that the file is indeed signed by the release manager and the signature is valid following command in the same directory that holds the tarball and the signature file:]) (pre (code [# gpg2 --verify guix-binary-0.9.0.x86_64-linux.tar.xz.sig])) (p [If you see something like “Good signature from "Ludovic Courtès ” you’re safe (according to your trust in the keys you downloaded).]) (h2 [Unpacking the archive]) (p [,(em [Second]), unpack the archive as root in the root directory:]) (pre (code [# cd / # tar xf guix-binary-0.9.0.SYSTEM.tar.xz])) (p [This creates a pre-populated store at ,(code [/gnu/store]) (containing the “guix” package and the complete dependency graph), the ,(em [local state directory]) ,(code [/var/guix]), and a Guix profile for the root user at ,(code [/root/.guix-profile]), which contains the guix command line tools and the daemon.]) (h2 [Create dedicated build users]) (p [,(em [Third]), create a build user pool, as root:]) (pre (code [# groupadd --system guix-builder # for i in `seq 1 10`; do useradd -g guix-builder -G guix-builder \ -d /var/empty -s `which nologin` \ -c "Guix build user $i" --system \ guix-builder$i; done])) (p [These are the restricted user accounts which are used by the daemon to build software in a controlled environment. You may not need ten, but it’s a good default.]) (h2 [Run the build daemon]) (p [,(em [Fourth]), run the daemon and tell it about the ,(code [guix-builder]) group:]) (pre (code [# /root/.guix-profile/bin/guix-daemon --build-users-group=guix-builder])) (p [Note that this is a server process, so it will never return. I suggest turning this into a system service and keep it running in the background at all times. The archive unpacks a Systemd service file to ,(code [/gnu/store/632msbms2yald...-guix-0.9.0/lib/systemd/system/guix-daemon.service]), which you can just copy to ,(code [/etc/systemd/system/]); run the following commands to start and enable the service:]) (pre (code [# systemctl daemon-reload # systemctl enable guix-daemon # systemctl start guix-daemon])) (p [The daemon is responsible to handle build requests from users, so it is essential that it keeps running.]) (p [Since building all software locally can take a very long time, the GNU Guix build farm hydra.gnu.org is by default authorised as a source for so-called binary substitutes.]) (p [Note that hydra.gnu.org isn’t at all special. Packages are built there continuously from source. Guix is flexible and can pull binary substitutes from other locations as long as you authorise them. Check the Guix Info manual for more information about substitutes.]) (h2 [Guix for everyone]) (p [,(em [Fifth]), make the ,(code [guix]) command available to other users on the machine by linking it to a location everyone can access, such as ,(code [/usr/local/bin]).]) (pre (code [# mkdir -p /usr/local/bin # cd /usr/local/bin # ln -s /root/.guix-profile/bin/guix])) (p [Now any user—not just the almighty root—can install software by invoking ,(code [guix package -i whatever]). Yay!]) (h2 [Where to go from here]) (p [Congratulations! You now have a fully functional installation of the Guix package manager.]) (p [To get the latest package recipes for Guix just run ,(code [guix pull]), which will download and compile the most recent development version for the current user. This allows users (including root) to all have a different version of Guix.]) (p [I recommend reading the excellent Guix reference manual, which is ,(ref "https://www.gnu.org/software/guix/manual/guix.html" "available on the web") and, of course, included as an Info document in your Guix installation. If you don’t have Emacs—the best Info reader, which also happens to be an excellent text editor—I encourage you to install it from Guix; it is just a ,(code [guix package -i emacs]) away!]) (p [If you have questions that are not covered by the manual feel free to chat with members of the Guix community ,(ref "https://webchat.freenode.net/?channels=#guix" "on IRC in the #guix channel on Freenode"). For matters relating to using Guix in a bioinformatics environment you are welcome to subscribe and write to the ,(ref "http://lists.open-bio.org/mailman/listinfo/bio-packaging" "mailing list bio-packaging@mailman.open-bio.org").]))