Next: Запуск guix deploy, Previous: Настройка загрузчика, Up: Конфигурирование системы [Contents][Index]
guix system
Once you have written an operating system declaration as seen in the
previous section, it can be instantiated using the guix
system
command. The synopsis is:
guix system options… action file
file must be the name of a file containing an operating-system
declaration. action specifies how the operating system is
instantiated. Currently the following values are supported:
search
Display available service type definitions that match the given regular expressions, sorted by relevance:
$ guix system search console name: console-fonts location: gnu/services/base.scm:806:2 extends: shepherd-root description: Install the given fonts on the specified ttys (fonts are per + virtual console on GNU/Linux). The value of this service is a list of + tty/font pairs. The font can be the name of a font provided by the `kbd' + package or any valid argument to `setfont', as in this example: + + '(("tty1" . "LatGrkCyr-8x16") + ("tty2" . (file-append + font-tamzen + "/share/kbd/consolefonts/TamzenForPowerline10x20.psf")) + ("tty3" . (file-append + font-terminus + "/share/consolefonts/ter-132n"))) ; for HDPI relevance: 9 name: mingetty location: gnu/services/base.scm:1190:2 extends: shepherd-root description: Provide console login using the `mingetty' program. relevance: 2 name: login location: gnu/services/base.scm:860:2 extends: pam description: Provide a console log-in service as specified by its + configuration value, a `login-configuration' object. relevance: 2 …
As for guix package --search
, the result is written in
recutils
format, which makes it easy to filter the output
(see GNU recutils databases in GNU recutils manual).
reconfigure
Build the operating system described in file, activate it, and switch to it28.
Примечание: It is highly recommended to run
guix pull
once before you runguix system reconfigure
for the first time (see Запуск guix pull). Failing to do that you would see an older version of Guix oncereconfigure
has completed.
This effects all the configuration specified in file: user accounts,
system services, global package list, setuid programs, etc. The command
starts system services specified in file that are not currently
running; if a service is currently running this command will arrange for it
to be upgraded the next time it is stopped (e.g. by herd stop X
or
herd restart X
).
This command creates a new generation whose number is one greater than the
current generation (as reported by guix system list-generations
).
If that generation already exists, it will be overwritten. This behavior
mirrors that of guix package
(see Вызов guix package).
It also adds a bootloader menu entry for the new OS configuration, —unless --no-bootloader is passed. For GRUB, it moves entries for older configurations to a submenu, allowing you to choose an older system generation at boot time should you need it.
Upon completion, the new system is deployed under /run/current-system. This directory contains provenance meta-data: the list of channels in use (see Каналы) and file itself, when available. You can view it by running:
guix system describe
This information is useful should you later want to inspect how this particular generation was built. In fact, assuming file is self-contained, you can later rebuild generation n of your operating system with:
guix time-machine \ -C /var/guix/profiles/system-n-link/channels.scm -- \ system reconfigure \ /var/guix/profiles/system-n-link/configuration.scm
You can think of it as some sort of built-in version control! Your system is
not just a binary artifact: it carries its own source. See provenance-service-type
, for more information on
provenance tracking.
By default, reconfigure
prevents you from downgrading your
system, which could (re)introduce security vulnerabilities and also cause
problems with “stateful” services such as database management systems.
You can override that behavior by passing --allow-downgrades.
switch-generation
Switch to an existing system generation. This action atomically switches the system profile to the specified system generation. It also rearranges the system’s existing bootloader menu entries. It makes the menu entry for the specified system generation the default, and it moves the entries for the other generations to a submenu, if supported by the bootloader being used. The next time the system boots, it will use the specified system generation.
The bootloader itself is not being reinstalled when using this command. Thus, the installed bootloader is used with an updated configuration file.
The target generation can be specified explicitly by its generation number. For example, the following invocation would switch to system generation 7:
guix system switch-generation 7
The target generation can also be specified relative to the current
generation with the form +N
or -N
, where +3
means “3
generations ahead of the current generation,” and -1
means “1
generation prior to the current generation.” When specifying a negative
value such as -1
, you must precede it with --
to prevent it
from being parsed as an option. For example:
guix system switch-generation -- -1
Currently, the effect of invoking this action is only to switch the
system profile to an existing generation and rearrange the bootloader menu
entries. To actually start using the target system generation, you must
reboot after running this action. In the future, it will be updated to do
the same things as reconfigure
, like activating and deactivating
services.
This action will fail if the specified generation does not exist.
roll-back
Switch to the preceding system generation. The next time the system boots,
it will use the preceding system generation. This is the inverse of
reconfigure
, and it is exactly the same as invoking
switch-generation
with an argument of -1
.
Currently, as with switch-generation
, you must reboot after
running this action to actually start using the preceding system generation.
delete-generations
Delete system generations, making them candidates for garbage collection (see Вызов guix gc, for information on how to run the “garbage collector”).
This works in the same way as ‘guix package --delete-generations’ (see --delete-generations). With no arguments, all system generations but the current one are deleted:
guix system delete-generations
You can also select the generations you want to delete. The example below deletes all the system generations that are more than two month old:
guix system delete-generations 2m
Running this command automatically reinstalls the bootloader with an updated list of menu entries—e.g., the “old generations” sub-menu in GRUB no longer lists the generations that have been deleted.
build
Build the derivation of the operating system, which includes all the configuration files and programs needed to boot and run the system. This action does not actually install anything.
init
Populate the given directory with all the files necessary to run the operating system specified in file. This is useful for first-time installations of Guix System. For instance:
guix system init my-os-config.scm /mnt
copies to /mnt all the store items required by the configuration specified in my-os-config.scm. This includes configuration files, packages, and so on. It also creates other essential files needed for the system to operate correctly—e.g., the /etc, /var, and /run directories, and the /bin/sh file.
This command also installs bootloader on the target specified in my-os-config, unless the --no-bootloader option was passed.
vm
Build a virtual machine that contains the operating system declared in file, and return a script to run that virtual machine (VM).
Примечание: The
vm
action and others below can use KVM support in the Linux-libre kernel. Specifically, if the machine has hardware virtualization support, the corresponding KVM kernel module should be loaded, and the /dev/kvm device node must exist and be readable and writable by the user and by the build users of the daemon (see Установка окружения сборки).
Arguments given to the script are passed to QEMU as in the example below, which enables networking and requests 1 GiB of RAM for the emulated machine:
$ /gnu/store/…-run-vm.sh -m 1024 -smp 2 -net user,model=virtio-net-pci
The VM shares its store with the host system.
Additional file systems can be shared between the host and the VM using the --share and --expose command-line options: the former specifies a directory to be shared with write access, while the latter provides read-only access to the shared directory.
The example below creates a VM in which the user’s home directory is accessible read-only, and where the /exchange directory is a read-write mapping of $HOME/tmp on the host:
guix system vm my-config.scm \ --expose=$HOME --share=$HOME/tmp=/exchange
On GNU/Linux, the default is to boot directly to the kernel; this has the advantage of requiring only a very tiny root disk image since the store of the host can then be mounted.
The --full-boot option forces a complete boot sequence, starting with the bootloader. This requires more disk space since a root image containing at least the kernel, initrd, and bootloader data files must be created. The --image-size option can be used to specify the size of the image.
image
docker-image
Return a virtual machine, disk image, or Docker image of the operating
system declared in file that stands alone. By default, guix
system
estimates the size of the image needed to store the system, but you
can use the --image-size option to specify a value. Docker images
are built to contain exactly what they need, so the --image-size
option is ignored in the case of docker-image
.
The image
command can produce various image types. The image type
can be selected using the --image-type option. It defaults to
efi-raw
. When its value is iso9660
, the --label
option can be used to specify a volume ID with image
. By default,
the root file system of a disk image is mounted non-volatile; the
--volatile option can be provided to make it volatile instead.
When using image
, the bootloader installed on the generated image is
taken from the provided operating-system
definition. The following
example demonstrates how to generate an image that uses the
grub-efi-bootloader
bootloader and boot it with QEMU:
image=$(guix system image --image-type=qcow2 \ gnu/system/examples/lightweight-desktop.tmpl) cp $image /tmp/my-image.qcow2 chmod +w /tmp/my-image.qcow2 qemu-system-x86_64 -enable-kvm -hda /tmp/my-image.qcow2 -m 1000 \ -bios $(guix build ovmf)/share/firmware/ovmf_x64.bin
When using the efi-raw
image type, a raw disk image is produced; it
can be copied as is to a USB stick, for instance. Assuming /dev/sdc
is the device corresponding to a USB stick, one can copy the image to it
using the following command:
# dd if=$(guix system image my-os.scm) of=/dev/sdc status=progress
The --list-image-types
command lists all the available image types.
When using the qcow2
image type, the returned image is in qcow2
format, which the QEMU emulator can efficiently use. See Запуск Guix на виртуальной машине, for more information on how to run the image in a virtual machine. The
grub-bootloader
bootloader is always used independently of what is
declared in the operating-system
file passed as argument. This is to
make it easier to work with QEMU, which uses the SeaBIOS BIOS by default,
expecting a bootloader to be installed in the Master Boot Record (MBR).
When using docker-image
, a Docker image is produced. Guix builds the
image from scratch, not from a pre-existing Docker base image. As a result,
it contains exactly what you define in the operating system
configuration file. You can then load the image and launch a Docker
container using commands like the following:
image_id="$(docker load < guix-system-docker-image.tar.gz)" container_id="$(docker create $image_id)" docker start $container_id
This command starts a new Docker container from the specified image. It
will boot the Guix system in the usual manner, which means it will start any
services you have defined in the operating system configuration. You can
get an interactive shell running in the container using docker
exec
:
docker exec -ti $container_id /run/current-system/profile/bin/bash --login
Depending on what you run in the Docker container, it may be necessary to
give the container additional permissions. For example, if you intend to
build software using Guix inside of the Docker container, you may need to
pass the --privileged option to docker create
.
Last, the --network option applies to guix system
docker-image
: it produces an image where network is supposedly shared with
the host, and thus without services like nscd or NetworkManager.
контейнер
Return a script to run the operating system declared in file within a container. Containers are a set of lightweight isolation mechanisms provided by the kernel Linux-libre. Containers are substantially less resource-demanding than full virtual machines since the kernel, shared objects, and other resources can be shared with the host system; this also means they provide thinner isolation.
Currently, the script must be run as root in order to support more than a single user and group. The container shares its store with the host system.
As with the vm
action (see guix system vm), additional file
systems to be shared between the host and container can be specified using
the --share and --expose options:
guix system container my-config.scm \ --expose=$HOME --share=$HOME/tmp=/exchange
Примечание: This option requires Linux-libre 3.19 or newer.
options can contain any of the common build options (see Стандартные параметры сборки). In addition, options can contain one of the following:
Consider the operating-system expr evaluates to. This is an alternative to specifying a file which evaluates to an operating system. This is used to generate the Guix system installer see Сборка установочного образа).
Attempt to build for system instead of the host system type. This
works as per guix build
(see Запуск guix build).
Return the derivation file name of the given operating system without building anything.
As discussed above, guix system init
and guix system
reconfigure
always save provenance information via a dedicated service
(see provenance-service-type
). However, other
commands don’t do that by default. If you wish to, say, create a virtual
machine image that contains provenance information, you can run:
guix system image -t qcow2 --save-provenance config.scm
That way, the resulting image will effectively “embed its own source” in the form of meta-data in /run/current-system. With that information, one can rebuild the image to make sure it really contains what it pretends to contain; or they could use that to derive a variant of the image.
For the image
action, create an image with given type.
When this option is omitted, guix system
uses the efi-raw
image type.
--image-type=iso9660 produces an ISO-9660 image, suitable for burning on CDs and DVDs.
For the image
action, create an image of the given size.
size may be a number of bytes, or it may include a unit as a suffix
(see size specifications in GNU Coreutils).
When this option is omitted, guix system
computes an estimate of
the image size as a function of the size of the system declared in
file.
For the container
action, allow containers to access the host
network, that is, do not create a network namespace.
Make file a symlink to the result, and register it as a garbage collector root.
Skip pre-installation safety checks.
By default, guix system init
and guix system reconfigure
perform safety checks: they make sure the file systems that appear in the
operating-system
declaration actually exist (see Файловые системы),
and that any Linux kernel modules that may be needed at boot time are listed
in initrd-modules
(see Начальный RAM-диск). Passing this option
skips these tests altogether.
Instruct guix system reconfigure
to allow system downgrades.
By default, reconfigure
prevents you from downgrading your
system. It achieves that by comparing the provenance info of your system
(shown by guix system describe
) with that of your guix
command (shown by guix describe
). If the commits for
guix
are not descendants of those used for your system,
guix system reconfigure
errors out. Passing
--allow-downgrades allows you to bypass these checks.
Примечание: Прежде чем использовать --allow-downgrades, убедитесь, что вы понимаете его последствия для безопасности.
Apply strategy when an error occurs when reading file. strategy may be one of the following:
nothing-special
Report the error concisely and exit. This is the default strategy.
backtrace
Likewise, but also display a backtrace.
debug
Report the error and enter Guile’s debugger. From there, you can run
commands such as ,bt
to get a backtrace, ,locals
to display
local variable values, and more generally inspect the state of the program.
See Debug Commands in GNU Guile Reference Manual, for a list of
available debugging commands.
Once you have built, configured, re-configured, and re-re-configured your Guix installation, you may find it useful to list the operating system generations available on disk—and that you can choose from the bootloader boot menu:
describe
Describe the current system generation: its file name, the kernel and bootloader used, etc., as well as provenance information when available.
list-generations
List a summary of each generation of the operating system available on disk,
in a human-readable way. This is similar to the --list-generations
option of guix package
(see Вызов guix package).
Optionally, one can specify a pattern, with the same syntax that is used in
guix package --list-generations
, to restrict the list of
generations displayed. For instance, the following command displays
generations that are up to 10 days old:
$ guix system list-generations 10d
The guix system
command has even more to offer! The following
sub-commands allow you to visualize how your system services relate to each
other:
extension-graph
Emit to standard output the service extension graph of the operating
system defined in file (see Структура сервисов, for more
information on service extensions). By default the output is in
Dot/Graphviz format, but you can choose a different format with
--graph-backend, as with guix graph
(see --backend):
The command:
$ guix system extension-graph file | xdot -
shows the extension relations among services.
shepherd-graph
Emit to standard output the dependency graph of shepherd services of the operating system defined in file. See Сервисы Shepherd, for more information and for an example graph.
Again, the default output format is Dot/Graphviz, but you can pass --graph-backend to select a different one.
This action (and the related actions switch-generation
and roll-back
) are usable only on systems already running Guix
System.
Next: Запуск guix deploy, Previous: Настройка загрузчика, Up: Конфигурирование системы [Contents][Index]