Getting started with GNU Guix

Previously I wrote about how using GNU Guix in an HPC environment enables easy software deployment for multiple users with different needs when it comes to application and library versions. Although Guix comes with an excellent manual which is also available online, some people may want to have just some simple installation instructions in one place and some pointers to get started. I’m attempting to provide just that with this article.

While Guix can be built from source it is much more convenient to use the self-contained tarball which provides pre-built binaries for Guix and all its dependencies. You need to have GNU tar and xz installed to unpack the tarball. Note that the tarball will only work on GNU/Linux systems; it will not work on MacOS.

Guix needs a little bit of setting up, which can be done in just a couple of steps.

Download and check

First, if you are using a 64 bit machine, download the compressed x86_64 archive from the FTP server. There also is a tarball for 32 bit machines and for other architectures.

For your own sake you really should also download the matching cryptographic signature file (they all have the same name as the archive you downloaded, but end on .sig) to ensure that the tarballs are signed by release managers. Releases up to now were signed by Ludovic Courtès. I suggest you fetch both Ludo's and my own PGP key from PGP key servers, for example by doing this:

# gpg2 --recv-keys 090b11993d9aebb5 197a5888235facac

You only need to do this once. With these keys you can now check that the file you downloaded is in fact legit. To verify that the file is indeed signed by the release manager and the signature is valid following command in the same directory that holds the tarball and the signature file:

# gpg2 --verify guix-binary-0.9.0.x86_64-linux.tar.xz.sig

If you see something like “Good signature from "Ludovic Courtès <ludo@gnu.org>” you’re safe (according to your trust in the keys you downloaded).

Unpacking the archive

Second, unpack the archive as root in the root directory:

# cd /
# tar xf guix-binary-0.9.0.SYSTEM.tar.xz

This creates a pre-populated store at /gnu/store (containing the “guix” package and the complete dependency graph), the local state directory /var/guix, and a Guix profile for the root user at /root/.guix-profile, which contains the guix command line tools and the daemon.

Create dedicated build users

Third, create a build user pool, as root:

# groupadd --system guix-builder
# for i in `seq 1 10`;
  do
    useradd -g guix-builder -G guix-builder           
            -d /var/empty -s `which nologin`          
            -c "Guix build user $i" --system          
            guix-builder$i;
  done

These are the restricted user accounts which are used by the daemon to build software in a controlled environment. You may not need ten, but it’s a good default.

Run the build daemon

Fourth, run the daemon and tell it about the guix-builder group:

# /root/.guix-profile/bin/guix-daemon --build-users-group=guix-builder

Note that this is a server process, so it will never return. I suggest turning this into a system service and keep it running in the background at all times. The archive unpacks a Systemd service file to /gnu/store/632msbms2yald...-guix-0.9.0/lib/systemd/system/guix-daemon.service, which you can just copy to /etc/systemd/system/; run the following commands to start and enable the service:

# systemctl daemon-reload
# systemctl enable guix-daemon
# systemctl start guix-daemon

The daemon is responsible to handle build requests from users, so it is essential that it keeps running.

Since building all software locally can take a very long time, the GNU Guix build farm hydra.gnu.org is by default authorised as a source for so-called binary substitutes.

Note that hydra.gnu.org isn’t at all special. Packages are built there continuously from source. Guix is flexible and can pull binary substitutes from other locations as long as you authorise them. Check the Guix Info manual for more information about substitutes.

Guix for everyone

Fifth, make the guix command available to other users on the machine by linking it to a location everyone can access, such as /usr/local/bin.

# mkdir -p /usr/local/bin
# cd /usr/local/bin
# ln -s /root/.guix-profile/bin/guix

Now any user—not just the almighty root—can install software by invoking guix package -i whatever. Yay!

Where to go from here

Congratulations! You now have a fully functional installation of the Guix package manager.

To get the latest package recipes for Guix just run guix pull, which will download and compile the most recent development version for the current user. This allows users (including root) to all have a different version of Guix.

I recommend reading the excellent Guix reference manual, which is available on the web and, of course, included as an Info document in your Guix installation. If you don’t have Emacs—the best Info reader, which also happens to be an excellent text editor—I encourage you to install it from Guix; it is just a guix package -i emacs away!

If you have questions that are not covered by the manual feel free to chat with members of the Guix community on IRC in the #guix channel on Freenode. For matters relating to using Guix in a bioinformatics environment you are welcome to subscribe and write to the mailing list bio-packaging@mailman.open-bio.org.

← other posts