diff options
1 files changed, 217 insertions, 0 deletions
diff --git a/ b/
new file mode 100644
index 0000000..b5c4377
--- /dev/null
+++ b/
@@ -0,0 +1,217 @@
+#+TITLE: Functional Package and Configuration Management with GNU Guix
+#+AUTHOR: David Thompson
+#+DATE: Wednesday, January 20th, 2016
+#+OPTIONS: H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
+#+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
+#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:
+#+startup: beamer
+#+LaTeX_CLASS: beamer
+#+LaTeX_CLASS_OPTIONS: [bigger]
+#+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %4BEAMER_col(Col) %10BEAMER_extra(Extra)
+#+LATEX_HEADER: \beamertemplatenavigationsymbolsempty
+* About me
+ - GNU project volunteer
+ - GNU Guile user and contributor since 2012
+ - GNU Guix user since 2013
+ - Day job: Ruby + JavaScript web development / "DevOps"
+* Overview
+ - Problems with application packaging and deployment
+ - Intro to functional package and configuration management
+ - Towards the future
+ - How you can help
+* Preface: User autonomy and control
+ It is becoming increasingly difficult to have control over your own
+ computing:
+ - Growing number of applications that cannot be reasonably packaged
+ for GNU/Linux distributions
+ - Self-hosting web applications requires too much time and effort
+ - Growing number of projects recommend installation via =curl | sudo
+ bash= or otherwise avoid using system package managers
+ - Users unable to verify that a given binary corresponds to the
+ source code
+ This is bad for desktop users and system administrators alike.
+* Problems with package management
+ - Global state (=/usr=) that prevents multiple versions of a package
+ from coexisting
+ - Non-atomic installation, removal, upgrade of software
+ - Nondeterminstic package builds
+ - Proliferation of language-specific package managers
+ - Reliance on pre-built binaries that few can build from source
+ - Binary bundles (a la OmniBus) complicate secure system maintenance
+ - System package managers do not allow unprivileged operation
+* Problems with mainstream configuration management
+ - Imperative paradigm makes software overly-complex and brittle
+ (idempotence is hard)
+ - Promotes one disk image per application to cover up underlying
+ package management mess
+ - Made primarily for developers for server maintenance, but all
+ users could benefit
+* Qualities of good software
+ - System integration
+ - Reproducibility
+ - Security
+* System integration
+ - Use the system package manager!
+ - Not uncommon for today's web applications to require 2 or more
+ package managers to get all dependencies
+* Reproducibility
+ - Growing number of free software projects that no one knows how to
+ build from source
+* Security
+* Solutions?
+ - Ansible?
+ - Docker?
+ - OmniBus?
+* Functional package management
+* What does it mean?
+ Treating package builds as functions, in the mathematical sense...
+* Why?
+* What's wrong with dpkg/yum/pacman/etc.?
+ Lack of transactional updates, rollbacks, unprivileged package
+ management
+* What about Docker?
+ Trusting random binaries, non-reproducible, no provenance, opaque
+ disk images...
+* Reproducible builds
+* What are they?
+* Why is it important for security and freedom?
+ guix challenge
+* GuixSD: Configuration management
+ guix system, declarative interface, fully free, system rollback
+* Choice of language
+* Off the beaten path
+ Guix takes a different approach than a lot of other
+ package/configuration managers
+* Embedded vs. External DSLs
+ Using an extensible programming language as a host has several
+ advantages compared to external DSLs:
+ - No new parser, interpreter/compiler, editor tools, etc. to
+ maintain
+ - Access to all available libraries of the host language
+ - Extensions to the host language can be used as a library by
+ others
+ Not all general-purpose programming languages are suitable for
+ embedding new languages, [fn:1] so which did we choose?
+* Guile Scheme
+ - GNU Guile is a Scheme implementation and the official extension
+ language of the GNU project
+ - It's a great choice for EDSLs because of Scheme's hygienic macro
+ system
+ - It's a great choice for Guix because purely functional
+ programming is well-supported in Scheme
+* Guile all the way down
+ Guix uses Guile for nearly everything:
+ - Initial RAM disk
+ - Init system (GNU Shepherd, formerly GNU dmd)
+ - Package recipes (including build scripts!)
+ - Command line tools
+ - Low-level POSIX/Linux utilities (such as =call-with-container=)
+* Guix as a library
+ Guix is a big collection of Guile modules.
+ Packages are first-class Scheme objects.
+ Anyone can use Guix as a library to write new Guile programs that
+ manipulate package recipes, create new user interfaces (like a web
+ UI), etc.
+* Development environments
+ guix environment
+* UIs
+ CLI, Emacs, web prototype
+* The trouble with language-specific package managers
+ Why Guix is better, how to pull in foreign packages with guix
+ import, update them with guix refresh
+* Project status
+* Join us!
+ - Chat with us in the =#guix= channel on Freenode or on the
+ mailing list
+ -
+* Thank you!
+ Any questions?
+* Legal
+ © 2016 David Thompson <>
+ This presentation is licensed under the Creative Common Attribute
+ Share-Alike 4.0 International license.
+* Footnotes
+[fn:1] "How to be a good host: miniKanren as a case study" \newline
+Dan Friedman and Jason Hemann