---

5.3.7 Касательно проверенных бинарников

Today, each individual’s control over their own computing is at the mercy of institutions, corporations, and groups with enough power and determination to subvert the computing infrastructure and exploit its weaknesses. While using substitutes can be convenient, we encourage users to also build on their own, or even run their own build farm, such that the project run substitute servers are less of an interesting target. One way to help is by publishing the software you build using guix publish so that others have one more choice of server to download substitutes from (see Вызов guix publish).

Guix has the foundations to maximize build reproducibility (see Особенности). In most cases, independent builds of a given package or derivation should yield bit-identical results. Thus, through a diverse set of independent package builds, we can strengthen the integrity of our systems. The guix challenge command aims to help users assess substitute servers, and to assist developers in finding out about non-deterministic package builds (see Вызов guix challenge). Similarly, the --check option of guix build allows users to check whether previously-installed substitutes are genuine by rebuilding them locally (see guix build --check). To force a full rebuild of a package (ignoring security updates via grafts (see Обновления безопасности), if any grafts exist—which is not always the case), use --check together with --no-grafts (see --no-grafts). Because grafts are built as their own derivation, if the package you want to rebuild is subject to being grafted, merely using --check will only rebuild the grafting derivation, and not actually recompile the package.

Мы хотим, чтобы Guix в будущем поддерживал публикации и запросы бинарников от/для пользователей в формате равноправного обмена (peer-to-peer). Если вы желаете обсудить этот проект, присоединяйтесь к нам guix-devel@gnu.org.