1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
#+TITLE: Functional Package and Configuration Management with GNU Guix
#+AUTHOR: David Thompson
#+EMAIL: davet@gnu.org
#+DATE: Wednesday, January 20th, 2016
#+DESCRIPTION:
#+KEYWORDS:
#+LANGUAGE: en
#+OPTIONS: H:1 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
#+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc
#+INFOJS_OPT: view:nil toc:nil ltoc:t mouse:underline buttons:0 path:http://orgmode.org/org-info.js
#+EXPORT_SELECT_TAGS: export
#+EXPORT_EXCLUDE_TAGS: noexport
#+LINK_UP:
#+LINK_HOME:
#+startup: beamer
#+LaTeX_CLASS: beamer
#+LaTeX_CLASS_OPTIONS: [bigger]
#+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %4BEAMER_col(Col) %10BEAMER_extra(Extra)
#+LATEX_HEADER: \beamertemplatenavigationsymbolsempty
* About me
- GNU project volunteer
- GNU Guile user and contributor since 2012
- GNU Guix user since 2013
- Day job: Ruby + JavaScript web development / "DevOps"
* Overview
- Problems with application packaging and deployment
- Intro to functional package and configuration management
- Towards the future
- How you can help
* Preface: User autonomy and control
It is becoming increasingly difficult to have control over your own
computing:
- Growing number of applications that cannot be reasonably packaged
for GNU/Linux distributions
- Self-hosting web applications requires too much time and effort
- Growing number of projects recommend installation via =curl | sudo
bash= or otherwise avoid using system package managers
- Users unable to verify that a given binary corresponds to the
source code
This is bad for desktop users and system administrators alike.
* Problems with package management
- Global state (=/usr=) that prevents multiple versions of a package
from coexisting
- Non-atomic installation, removal, upgrade of software
- Nondeterminstic package builds
- Proliferation of language-specific package managers
- Reliance on pre-built binaries that few can build from source
- Binary bundles (a la OmniBus) complicate secure system maintenance
- System package managers do not allow unprivileged operation
* Problems with mainstream configuration management
- Imperative paradigm makes software overly-complex and brittle
(idempotence is hard)
- Promotes one disk image per application to cover up underlying
package management mess
- Made primarily for developers for server maintenance, but all
users could benefit
* Qualities of good software
- System integration
- Reproducibility
- Security
* System integration
- Use the system package manager!
- Not uncommon for today's web applications to require 2 or more
package managers to get all dependencies
* Reproducibility
- Growing number of free software projects that no one knows how to
build from source
* Security
* Solutions?
- Ansible?
- Docker?
- OmniBus?
* Functional package management
* What does it mean?
Treating package builds as functions, in the mathematical sense...
* Why?
* What's wrong with dpkg/yum/pacman/etc.?
Lack of transactional updates, rollbacks, unprivileged package
management
* What about Docker?
Trusting random binaries, non-reproducible, no provenance, opaque
disk images...
* Reproducible builds
* What are they?
* Why is it important for security and freedom?
reproducible-builds.org
guix challenge
* GuixSD: Configuration management
guix system, declarative interface, fully free, system rollback
* Choice of language
* Off the beaten path
Guix takes a different approach than a lot of other
package/configuration managers
* Embedded vs. External DSLs
Using an extensible programming language as a host has several
advantages compared to external DSLs:
- No new parser, interpreter/compiler, editor tools, etc. to
maintain
- Access to all available libraries of the host language
- Extensions to the host language can be used as a library by
others
Not all general-purpose programming languages are suitable for
embedding new languages, [fn:1] so which did we choose?
* Guile Scheme
- GNU Guile is a Scheme implementation and the official extension
language of the GNU project
- It's a great choice for EDSLs because of Scheme's hygienic macro
system
- It's a great choice for Guix because purely functional
programming is well-supported in Scheme
* Guile all the way down
Guix uses Guile for nearly everything:
- Initial RAM disk
- Init system (GNU Shepherd, formerly GNU dmd)
- Package recipes (including build scripts!)
- Command line tools
- Low-level POSIX/Linux utilities (such as =call-with-container=)
* Guix as a library
Guix is a big collection of Guile modules.
Packages are first-class Scheme objects.
Anyone can use Guix as a library to write new Guile programs that
manipulate package recipes, create new user interfaces (like a web
UI), etc.
* Development environments
guix environment
* UIs
CLI, Emacs, web prototype
* The trouble with language-specific package managers
Why Guix is better, how to pull in foreign packages with guix
import, update them with guix refresh
* Project status
* Join us!
- Chat with us in the =#guix= channel on Freenode or on the
=guix-devel@gnu.org= mailing list
-
* Thank you!
Any questions?
* Legal
© 2016 David Thompson <davet@gnu.org>
This presentation is licensed under the Creative Common Attribute
Share-Alike 4.0 International license.
* Footnotes
[fn:1] "How to be a good host: miniKanren as a case study" \newline
Dan Friedman and Jason Hemann
https://www.youtube.com/watch?v=b9C3r3dQnNY
|