From ebde1de7a2132333f6253cbe1823c88767626665 Mon Sep 17 00:00:00 2001 From: David Thompson Date: Sun, 25 Mar 2018 10:49:21 -0400 Subject: Update lp2018 talk. --- .../distracted-boyfriend.png | Bin 0 -> 380604 bytes 2018-03-25-guix-libreplanet/guile-logo.png | Bin 0 -> 11808 bytes 2018-03-25-guix-libreplanet/guix-libreplanet.org | 212 ++++++++++++++++++--- 2018-03-25-guix-libreplanet/guix-libreplanet.pdf | Bin 315346 -> 1572504 bytes 2018-03-25-guix-libreplanet/oh-no.jpg | Bin 0 -> 153639 bytes 2018-03-25-guix-libreplanet/package-install.png | Bin 0 -> 313995 bytes 6 files changed, 185 insertions(+), 27 deletions(-) create mode 100644 2018-03-25-guix-libreplanet/distracted-boyfriend.png create mode 100644 2018-03-25-guix-libreplanet/guile-logo.png create mode 100644 2018-03-25-guix-libreplanet/oh-no.jpg create mode 100644 2018-03-25-guix-libreplanet/package-install.png (limited to '2018-03-25-guix-libreplanet') diff --git a/2018-03-25-guix-libreplanet/distracted-boyfriend.png b/2018-03-25-guix-libreplanet/distracted-boyfriend.png new file mode 100644 index 0000000..c27b619 Binary files /dev/null and b/2018-03-25-guix-libreplanet/distracted-boyfriend.png differ diff --git a/2018-03-25-guix-libreplanet/guile-logo.png b/2018-03-25-guix-libreplanet/guile-logo.png new file mode 100644 index 0000000..4edcc16 Binary files /dev/null and b/2018-03-25-guix-libreplanet/guile-logo.png differ diff --git a/2018-03-25-guix-libreplanet/guix-libreplanet.org b/2018-03-25-guix-libreplanet/guix-libreplanet.org index 10a4594..fd5f2db 100644 --- a/2018-03-25-guix-libreplanet/guix-libreplanet.org +++ b/2018-03-25-guix-libreplanet/guix-libreplanet.org @@ -47,27 +47,32 @@ a wonderful set of rights, but often *difficult to exercise in practice* + \begin{center} + \includegraphics[width=10cm]{distracted-boyfriend.png} + \end{center} + * common issues - figuring out how to view the exact source for a running program is - tricky + figuring out how to view the exact source for a running program can + be tricky - - + - source packages are good but are a bit arcane * common issues building from source is difficult or sometimes impossible + - dependency hell - non-standard build system - build scripts make assumptions that aren't true for your system + - need multiple package managers * common issues - sharing source or binaries has many pitfalls + sharing binaries can be tricky, too - - dependency hell - - incompatible libraries between systems - - high barrier to entry for common package managers + - high barrier to entry for common package formats + - binary bundles are convenient, but problematic * common issues @@ -102,15 +107,15 @@ - per-user profiles - atomic updates and rollbacks - reproducible builds - - tools for many use-cases + - source-based with transparent binary downloads * unprivileged package management users can build and install software *without root privileges* - tired: =sudo apt install emacs= - - wired: =guix package -i emacs= + \begin{center} + \includegraphics[width=8cm]{package-install.png} + \end{center} * per-user profiles @@ -130,6 +135,10 @@ oh no, the new version of Emacs is broken! + \begin{center} + \includegraphics[width=4cm]{oh-no.jpg} + \end{center} + =guix package --roll-back= * transactional upgrades and rollbacks @@ -143,6 +152,15 @@ no worries, just reboot and select the previous, working version from the bootloader menu +* a note about binaries + + there is *no central point of trust* for receiving + pre-built binaries (we call them *substitutes*) + + Guix is a *source-based* package manager, but will *transparently* + download pre-built binaries from a trusted third party, if + available. + * inspecting source code quickly grab the source code for a package: @@ -163,10 +181,21 @@ * sharing packages - =guix build -L ~/daves-packages foo= + =guix build -L ~/my-packages foo= +* development environments + + =guix environment= is like Python’s virtualenv, Ruby’s rvm, Node’s + nvm, etc. but for *everything* + + quick example: play with a Ruby REPL without installing Ruby + + #+BEGIN_SRC sh + guix environment --ad-hoc ruby -- irb + #+END_SRC + * sharing development environments #+BEGIN_SRC scheme @@ -185,11 +214,58 @@ =guix environment --manifest=guix.scm= -* experimenting in isolated environments +* containerized environments + + experiment in an environment that is isolated from the rest of the + system + + example: a relatively constrained web browser - how about a container? + #+BEGIN_SRC sh + guix environment --ad-hoc icecat \ + --container \ + --network \ + --share=$HOME/.mozilla \ + --share=$HOME/Downloads \ + --expose=/tmp/.X11-unix + + $ DISPLAY=:0.0 icecat + #+END_SRC - =guix environment –-container --ad-hoc ruby -- irb= +* containerized environments (advanced) + + #+latex: \tiny{ + #+BEGIN_SRC sh + # Create a Guix container that shares the host's network devices, + # GnuPG config, SSH config, and MySQL socket directory. The container + # includes all of the software that is needed to build the gem set + # with Bundler. + guix environment --container --network \ + --share=$HOME/.gnupg --share=$HOME/.ssh --share=/run/mysqld --share=$HOME/Code \ + --ad-hoc ruby@2.2 mariadb imagemagick libxml2 libxslt gcc-toolchain@4.9 \ + gcc@4.9:lib make git coreutils openssh libffi pkg-config which sed gawk \ + openssl grep findutils procps nss-certs sqlite inetutils rsync gnupg \ + pinentry-tty + # Tweak the environment such that Ruby gems end up in the right place + # and their binaries can be found. + export GEM_HOME=$PWD/.gems + export PATH=$GEM_HOME/bin:$PATH + export LD_LIBRARY_PATH=$LIBRARY_PATH + export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh + gpg-agent --daemon --enable-ssh-support --default-cache-ttl=10800 \ + --pinentry-program=$(which pinentry-tty) + # Create gem directory. + mkdir -p .gems + # Create /usr/bin/env so Ruby scripts work. + mkdir -p /usr/bin && ln -s $(which env) /usr/bin/env + # Bundle! + gem install bundler + bundle config build.nokogiri --use-system-libraries --with-xml2-include=$C_INCLUDE_PATH/libxml2 + bundle + # Start the server! + rails server + #+END_SRC + #+latex: } * sharing system configurations @@ -239,6 +315,10 @@ hello #+END_SRC + host your own Guix LAN party! + + \tiny{(okay that sounds kinda boring)} + * reproducible builds reproducible builds produce *bit-identical binaries* when performed @@ -249,11 +329,13 @@ * reproducible builds - this is a *cross-distro effort*, but Guix facilitates - reproducibility more than others + this is a *cross-distro effort*, but Guix was built to facilitate + reproducibility from the beginning see Chris Lamb's talk /“You think you're not a target? A tale of - three developers...”/ from yesterday for more perspective + three developers...”/ from yesterday for a deeper dive + + \center\huge{https://reproducible-builds.org} * reproducible builds @@ -267,7 +349,24 @@ is this build compromised? - =guix challenge= + #+BEGIN_SRC sh + guix challenge emacs \ + --substitute-urls=\ + "https://mirror.hydra.gnu.org \ + https://bobs-questionable-binaries.biz" + #+END_SRC + +* reasons for mismatched binaries + + innocent build nondeterminism: + - timestamps + - hardware differences + - build directories + - bad parallelism + + *or maybe…* + + - malicious tampering * customize packages @@ -311,23 +410,30 @@ * interoperate with other systems - or maybe you want something like snap or flatpak? + or maybe you want something similar to snap or flatpak? make a tarball bundle that anyone can extract on their GNU/Linux system: =guix pack guile emacs geiser= -* interoperate with other systems +* import foreign packages or maybe you want assistance translating foreign packages into Guix packages: - =guix import pypi flask= + #+BEGIN_SRC sh + guix import pypi flask + guix import gem pry + guix import elpa magit + #+END_SRC + + and many more (CRAN, CPAN, Crate, etc.) * literally: embedded - GuixSD now runs on the Beaglebone Black single-board computer! + fun fact: GuixSD now runs on the Beaglebone Black single-board + computer! #+latex: \scriptsize{ #+BEGIN_SRC scheme @@ -348,22 +454,72 @@ #+END_SRC #+latex: } + hopefully more ARM systems coming soon! + * extending guix + \begin{center} + \includegraphics[width=4cm]{guile-logo.png} + \end{center} + GuixSD is essentially a big Scheme library - with a little Scheme know-how its easy to write new tools that use - the exact same APIs that the core Guix tools use + with a little Scheme know-how its easy to write new packages, + services, and tools that use the exact same APIs that the core Guix + tools use + +* extending guix (silly example) + + #+latex: \tiny{ + #+BEGIN_SRC scheme + > (use-modules (guix packages) (gnu packages emacs)) + > (for-each (lambda (name) + (display (string-append "hey, " name "! You're an Emacs dependency!\n"))) + (sort (map car (package-inputs emacs)) string<)) + + hey, acl! You're an Emacs dependency! + hey, alsa-lib! You're an Emacs dependency! + hey, dbus! You're an Emacs dependency! + hey, giflib! You're an Emacs dependency! + hey, gnutls! You're an Emacs dependency! + hey, gtk+! You're an Emacs dependency! + hey, imagemagick! You're an Emacs dependency! + hey, libice! You're an Emacs dependency! + hey, libjpeg! You're an Emacs dependency! + hey, libotf! You're an Emacs dependency! + hey, libpng! You're an Emacs dependency! + hey, librsvg! You're an Emacs dependency! + hey, libsm! You're an Emacs dependency! + hey, libtiff! You're an Emacs dependency! + hey, libx11! You're an Emacs dependency! + hey, libxft! You're an Emacs dependency! + hey, libxml2! You're an Emacs dependency! + hey, libxpm! You're an Emacs dependency! + hey, m17n-lib! You're an Emacs dependency! + hey, ncurses! You're an Emacs dependency! + hey, zlib! You're an Emacs dependency! + #+END_SRC + #+latex: } + +* the stack + + Core components written in Scheme: + + - initial RAM disk + - init system (GNU Shepherd) + - package manager * the freedom to contribute - GNU Guix is a welcoming community: + The GNU Guix project has a welcoming community: - - we have a *code of conduct* and *enforce* it + - we have a *code of conduct* - we have started seeking new contributors via *Outreachy* - we participate in *Google Summer of Code* every year - oh, and no copyright assignment (in case you were wondering) + we need your help to bring GuixSD to a wider audience! + join us! * thanks! @@ -378,3 +534,5 @@ © 2018 David Thompson Licensed under Creative Commons Attribution Share-Alike 4.0 + + (sans the memes which I use under fair-use) diff --git a/2018-03-25-guix-libreplanet/guix-libreplanet.pdf b/2018-03-25-guix-libreplanet/guix-libreplanet.pdf index d7a49e0..bbed0ea 100644 Binary files a/2018-03-25-guix-libreplanet/guix-libreplanet.pdf and b/2018-03-25-guix-libreplanet/guix-libreplanet.pdf differ diff --git a/2018-03-25-guix-libreplanet/oh-no.jpg b/2018-03-25-guix-libreplanet/oh-no.jpg new file mode 100644 index 0000000..6ffeab8 Binary files /dev/null and b/2018-03-25-guix-libreplanet/oh-no.jpg differ diff --git a/2018-03-25-guix-libreplanet/package-install.png b/2018-03-25-guix-libreplanet/package-install.png new file mode 100644 index 0000000..4d6d1a8 Binary files /dev/null and b/2018-03-25-guix-libreplanet/package-install.png differ -- cgit v1.2.3