GNU Guix 1.2.0 released
We are pleased to announce the release of GNU Guix version 1.2.0, right in time to celebrate the eighth anniversary of Guix!
The release comes with ISO-9660 installation
a virtual machine
and with tarballs to install the package manager on top of your
GNU/Linux distro, either from
Guix users can update by running
It’s been almost 7 months since the last release, during which 200 people contributed code and packages, and a number of people contributed to other important tasks—code review, system administration, translation, web site updates, Outreachy mentoring, you name it!
There’s been more than 10,200 commits in that time frame and it is the challenge of these release notes to summarize all that activity.
Before reading any further, sit back and play this very special release tune, Ode to One Two Oh (lyrics) brought to you by your friendly Guix team—see credits below!
A major highlight in this release is the ability to authenticate
channels, which probably makes Guix one of the safest ways to deliver
complete operating systems today. This was the missing link in our
“software supply chain” and we’re glad it’s now fixed. The end result
guix pull and related commands now cryptographically
authenticate channel code that they fetch; you cannot, for instance,
retrieve unauthorized commits to the official Guix repository. We
detailed the design and
back in July. The manual explains what you need to know as a
and as a channel
There’s also a new
guix git authenticate
to use this authentication mechanism for arbitrary Git repositories!
Coupled to that,
guix pull and
guix system reconfigure now detect
potential system downgrades or Guix downgrades and raise an error.
This ensures you cannot be tricked into downgrading the software in your
system, which could potentially reintroduce exploitable vulnerabilities
in the software you run.
With these safeguards in place, we have added an unattended upgrade
that, in a nutshell, runs
guix pull && guix system reconfigure
periodically. Unattended upgrades and peace of mind.
Another important change from a security perspective that we’re proud of is the reduction of binary seeds to 60 MiB on x86_64 and i686, thanks to tireless work on GNU Mes, Gash, and related software.
On the same security theme, the build daemon and
now accept new cryptographic hash functions (in particular SHA-3 and
BLAKE2s) for “fixed-output
far we were unconditionally using SHA256 hashes for source code.
We want Guix to be accessible and useful to a broad audience and that
has again been a guiding principle for this release. The graphical
and the script to install Guix on another
have both received bug fixes and usability improvements. First-time
users will appreciate the fact that
guix help now gives a clear
overview of the available commands, that
guix commands are less
verbose by default (they no longer display a lengthy list of things that
they’ll download), and that
guix pull displays a progress bar as it
updates its Git checkout.
guix system search, and
similar commands now invoke a pager automatically (
less by default),
addressing an oft-reported annoyance.
Performance improved in several places. Use of the new “baseline
compiler” that landed in
leads to reduced build times for Guix itself, which in turn means that
guix pull is much less resource-hungry. Performance got better in
areas, and more work is yet to
We’re giving users more flexibility on the command line, with the
addition of three package transformation
--with-debug-info (always debug in good
--without-tests. Transformations are now
recorded in the profile and replayed upon
guix upgrade. Furthermore,
those options now operate on the whole dependency graph, including
“implicit” inputs, allowing for transformations not possible before,
guix install --with-input=python=python2 python-itsdangerous
Last, the new
(guix transformations) module provides an interface
to the transformation options available at the command
which is useful if you want to use such transformations in a manifest.
The reference manual has been expanded: there’s a new “Getting Started” section, the “Programming Interface” section contains more info for packagers. We added code examples in many places; in the on-line copy of the manual, identifiers in those code snippets are clickable, linking to the right place in the Guix or Guile manuals.
Last but not least, the manual is fully translated into French, German, and Spanish, with partial translations in Russian and Chinese. Guix itself is fully translated in those three languages and partially translated in eleven other languages.
Packs, GNU/Hurd, disk images, services, …
But there’s more! If you’re interested in bringing applications from
Guix to Guix-less machines,
guix pack -RR
now supports a new ‘fakechroot’ execution engine for relocatable
packs, and the ability to choose among different engines at run time
GUIX_EXECUTION_ENGINE variable. The
improves performance compared to the
for hosts that do not support unprivileged user namespaces.
Support for whole-system cross-compilation—as in
guix system build --target=arm-linux-gnueabihf config.scm—has been
improved. That, together with a lot of porting work both for packages
and for the Guix System machinery, brings the
cross-compiled Guix GNU/Hurd system running as a virtual machine under
This in turn has let us start work on native GNU/Hurd support.
Related to this, the new
(gnu image) module implements a flexible
interface to operating system images; from the command line, it is
guix system disk-image --image-type=TYPE.
Several image types are supported: compressed ISO-9660, qcow2
containing ext4 partitions, ext2 with Hurd options, and so on. This is
currently implemented using
In addition to those already mentioned, a dozen of new system services are available, including services for Ganeti, LXQt, R Shiny, Gemini, and Guix Build Coordinator.
2,000 packages have been added, for a total of more than 15K packages; 3,652 were upgraded. The distribution comes with GNU libc 2.31, GCC 10.2, GNOME 3.34, Xfce 4.14.2, Linux-libre 5.9.3, and LibreOffice 22.214.171.124 to name a few. There’s also a new build system for packages built with Maven (bootstrapping Maven in Guix was the topic of a talk at the Guix Days last week).
lists additional noteworthy changes and bug fixes you may be interested
You can go ahead and download this new version and get in touch with us.
Speaking of which, our Debian ambassador told
that you will soon be able to
apt install guix if you’re on Debian or a
Ricardo Wurmus (grand stick, synthesizer, drums, vocals, lyrics) — Luis Felipe (illustration) — Vagrant Cascadian (Debian packaging, lyrics) — Festival (back vocals)
About GNU Guix
GNU Guix is a transactional package manager and an advanced distribution of the GNU system that respects user freedom. Guix can be used on top of any system running the Hurd or the Linux kernel, or it can be used as a standalone operating system distribution for i686, x86_64, ARMv7, and AArch64 machines.
In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. When used as a standalone GNU/Linux distribution, Guix offers a declarative, stateless approach to operating system configuration management. Guix is highly customizable and hackable through Guile programming interfaces and extensions to the Scheme language.