posts/2015-06-21-getting-started-with-guix.skr


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

(post
 :title "Getting started with GNU Guix"
 :date (string->date* "2015-06-21 00:00")
 :tags '("gnu"
         "planet-fsfe-en"
         "free software"
         "system administration"
         "packaging"
         "guix")

 (list 'warning [,(strong [Feb 24, 2016:])
   This post has been updated for the 0.9.0 release of GNU Guix.])

 (p [,(ref "/posts/2015-04-17-gnu-guix.html" "Previously I wrote")
     about how using GNU Guix in an HPC environment enables easy
     software deployment for multiple users with different needs when
     it comes to application and library versions.  Although Guix comes
     with an excellent manual which is also ,(ref
     "https://www.gnu.org/software/guix/manual/guix.html" "available
     online"), some people may want to have just some simple
     installation instructions in one place and some pointers to get
     started.  I’m attempting to provide just that with this article.])
 
 (p [While Guix can be built from source it is much more convenient to
     use the self-contained tarball which provides pre-built binaries
     for Guix and all its dependencies.  You need to have GNU tar and
     xz installed to unpack the tarball.  Note that the tarball will
     only work on GNU/Linux systems; it will not work on MacOS.])

 (p [Guix needs a little bit of setting up, which can be done in just
     a couple of steps.])

 
 (h2 [Download and check])
 
 (p [,(em [First]), if you are using a 64 bit machine, download the
     compressed ,(ref
     "ftp://alpha.gnu.org/gnu/guix/guix-binary-0.9.0.x86_64-linux.tar.xz"
     "x86_64 archive from the FTP server").  There also is a ,(ref
     "ftp://alpha.gnu.org/gnu/guix/guix-binary-0.9.0.i686-linux.tar.xz"
     "tarball for 32 bit machines") and ,(ref
     "ftp://alpha.gnu.org/gnu/guix/" "for other architectures").])

 (p [For your own sake you really should also download the matching
     cryptographic signature file (they all have the same name as the
     archive you downloaded, but end on ,(code [.sig])) to ensure that
     the tarballs are signed by release managers.  Releases up to now
     were signed by ,(ref
     "https://pgp.mit.edu/pks/lookup?op=vindex&search=0x090B11993D9AEBB5"
     "Ludovic Courtès").  I suggest you fetch both Ludo's and my own
     PGP key from PGP key servers, for example by doing this:])

 (pre (code [# gpg2 --recv-keys 090b11993d9aebb5 197a5888235facac]))
 
 (p [You only need to do this once.  With these keys you can now check
     that the file you downloaded is in fact legit.  To verify that
     the file is indeed signed by the release manager and the
     signature is valid following command in the same directory that
     holds the tarball and the signature file:])

 (pre (code [# gpg2 --verify guix-binary-0.9.0.x86_64-linux.tar.xz.sig]))

 (p [If you see something like “Good signature from "Ludovic Courtès
     <ludo@gnu.org>” you’re safe (according to your trust in the keys you
     downloaded).])


 (h2 [Unpacking the archive])

 (p [,(em [Second]), unpack the archive as root in the root directory:])
 
 (pre (code [# cd /
# tar xf guix-binary-0.9.0.SYSTEM.tar.xz]))
 
 (p [This creates a pre-populated store at ,(code [/gnu/store])
     (containing the “guix” package and the complete dependency graph),
     the ,(em [local state directory]) ,(code [/var/guix]), and a Guix
     profile for the root user at ,(code [/root/.guix-profile]), which
     contains the guix command line tools and the daemon.])


 (h2 [Create dedicated build users])
 
 (p [,(em [Third]), create a build user pool, as root:])
 
 (pre (code [# groupadd --system guix-builder
# for i in `seq 1 10`;
  do
    useradd -g guix-builder -G guix-builder           \
            -d /var/empty -s `which nologin`          \
            -c "Guix build user $i" --system          \
            guix-builder$i;
  done]))
 
 (p [These are the restricted user accounts which are used by the
     daemon to build software in a controlled environment.  You may not
     need ten, but it’s a good default.])


 (h2 [Run the build daemon])
 
 (p [,(em [Fourth]), run the daemon and tell it about the ,(code
     [guix-builder]) group:])
 
 (pre (code [# /root/.guix-profile/bin/guix-daemon --build-users-group=guix-builder]))
 
 (p [Note that this is a server process, so it will never return.  I
     suggest turning this into a system service and keep it running in
     the background at all times.  The archive unpacks a Systemd
     service file to ,(code
     [/gnu/store/632msbms2yald...-guix-0.9.0/lib/systemd/system/guix-daemon.service]),
     which you can just copy to ,(code [/etc/systemd/system/]); run
     the following commands to start and enable the service:])

 (pre (code [# systemctl daemon-reload
# systemctl enable guix-daemon
# systemctl start guix-daemon]))

 (p [The daemon is responsible to handle build requests from users, so
     it is essential that it keeps running.])

 (p [Since building all software locally can take a very long time,
     the GNU Guix build farm hydra.gnu.org is by default authorised as
     a source for so-called binary substitutes.])

 (p [Note that hydra.gnu.org isn’t at all special.  Packages are built
     there continuously from source.  Guix is flexible and can pull
     binary substitutes from other locations as long as you authorise
     them.  Check the Guix Info manual for more information about
     substitutes.])


 (h2 [Guix for everyone])

 (p [,(em [Fifth]), make the ,(code [guix]) command available to other users
     on the machine by linking it to a location everyone can access,
     such as ,(code [/usr/local/bin]).])
 
 (pre (code [# mkdir -p /usr/local/bin
# cd /usr/local/bin
# ln -s /root/.guix-profile/bin/guix]))
 
 (p [Now any user—not just the almighty root—can install software by
     invoking ,(code [guix package -i whatever]).  Yay!])

 
 (h2 [Where to go from here])
 
 (p [Congratulations!  You now have a fully functional installation of
     the Guix package manager.])
 
 (p [To get the latest package recipes for Guix just run ,(code [guix
     pull]), which will download and compile the most recent
     development version for the current user.  This allows users
     (including root) to all have a different version of Guix.])
 
 (p [I recommend reading the excellent Guix reference manual, which is
     ,(ref "https://www.gnu.org/software/guix/manual/guix.html"
     "available on the web") and, of course, included as an Info
     document in your Guix installation.  If you don’t have Emacs—the
     best Info reader, which also happens to be an excellent text
     editor—I encourage you to install it from Guix; it is just a
     ,(code [guix package -i emacs]) away!])
 
 (p [If you have questions that are not covered by the manual feel free
     to chat with members of the Guix community ,(ref
     "https://webchat.freenode.net/?channels=#guix" "on IRC in the
     #guix channel on Freenode").  For matters relating to using Guix
     in a bioinformatics environment you are welcome to subscribe and
     write to the ,(ref
     "http://lists.open-bio.org/mailman/listinfo/bio-packaging"
     "mailing list bio-packaging@mailman.open-bio.org").]))