I want to try out Elixir so I set out to install it using Guix. My first attempt to install an isolated environment was to use

guix shell --network --container elixir

but unfortunately the elixir command had unsatisified runtime dependancies

/gnu/store/35vlyiqbsj7xbfq99yxx042nklfldix2-elixir-1.18.3/lib/elixir/bin/elixir: line 65: dirname: command not found
/gnu/store/35vlyiqbsj7xbfq99yxx042nklfldix2-elixir-1.18.3/lib/elixir/bin/elixir: line 66: basename: command not found

These commands I found are added by the coreutils package so I added it to my list.

guix shell --network --container coreutils elixir

Unfortunately running mix now we end up with a locale error though.

mix deps.get
# warning: the VM is running with native name encoding of latin1 which may cause Elixir to malfunction as it expects utf8. Please ensure your locale is set to UTF-8 (which can be verified by running "locale" in your shell) or set the ELIXIR_ERL_OPTIONS="+fnu" environment variable
** (ArgumentError) attempting to load configuration config/dev.exs recursively
    (elixir 1.18.3) lib/config.ex:344: Config.import_config!/3
    (stdlib 6.2.2) erl_eval.erl:919: :erl_eval.do_apply/7
    (stdlib 6.2.2) erl_eval.erl:271: :erl_eval.exprs/6
    (elixir 1.18.3) lib/code.ex:572: Code.validated_eval_string/3

Even more unfortunate is the fact that the locale command is not available in our environment to inspect the situation. But we can add that by adding, for what I assume to be historical reasons, gcc-toolchain to the container. Listing all the available locales shows us we have little to choose from though.

guix shell --network --container coreutils gcc-toolchain elixir
locale -a
# C
# POSIX

Adding glibc-locales to our dependency list does not alleviate the situation.

guix shell --network --container coreutils gcc-toolchain glibc-locales elixir
locale -a
# C
# POSIX

This is how far I've gotten so far. The whole locale thing could be a red herring of course. Any ideas on how to proceed?

I followed the advice from https://unix.stackexchange.com/questions/786259/guix-how-to-set-one-file-system-as-a-dependency-of-another-or-mount-one-devi , but it's halfway working for me. In my case, I still have to type the password before the GRUB menu. The second time during Linux boot, decryption happens automatically, so part of it succeeds.. When I ran guix system build, I saw a warning like 'possibly unbound variable mount-file-system'. My configuration right now

(apply raw-initrd
       (append (list file-systems) all-key-arguments
               (list
                #:pre-mount #~(begin
                                (use-modules ((gnu build
                                                   file-systems)
                                              #:select (mount-file-system)))
                                (mount-file-system (file-system
                                                     (mount-point
                                                      "/early-mnt")
                                                     (device (file-system-label
                                                              "USBDRIVE"))
                                                     (type "ext4"))
                                                   ;; This is needed otherwise the mount point
                                                   ;; will be prefixed by '/root'
                                                   #:root ""))
                #:helper-packages (append helper-packages
                                          (file-system-packages
                                           file-systems
                                           #:volatile-root?
                                           volatile-root?)
                                          (if keyboard-layout
                                              (list
                                               loadkeys-static)
                                              '())))))))

Say I have a LUKS partition which encrypts the root file system and whose key resides in another file system.

(mapped-devices (list
    (mapped-device
        (type (luks-device-mapping-with-options #:key-file "/early-mount/luks-key"))
        (source "/dev/sda1")
        (target "operating-system")
    )
))

How can I instruct Guix via the config.scm file to mount the second file system before the LUKS decrytion step? ### Attempt #1 I tried setting (needed-for-boot? #t) on the second file system but inspecting the generated initrd script it still tries to decrypt before mounting.

(file-system
    (mount-point "/early-mount")
    (device (file-system-label "early-mount"))
    (type "ext4")
    (needed-for-boot? #t) ; This doesn't move it to #:pre-mount
)

### Attempt #2 Also tried setting the root file system's dependency via (filter) and (file-system-mount-point-predicate) but I get the error: > error: file-systems: unbound variable which makes sense because it's in the middle of defining (file-systems)

(file-systems (cons*
    (file-system ...) ; early-mount definition
    (file-system
        (mount-point "/")
        (device "/dev/mapper/operating-system")
        (type "ext4")
        (dependencies (cons*
            (filter
                (file-system-mount-point-predicate "/early-mount")
                file-systems ; This is currently being defined so it's not available yet
            )
            mapped-devices
        ))
    )
    %base-file-systems
))

### Attempt #3 Tried creating a local variable via (let) for the second file system with the intention of inserting it under (file-systems) as well as under the (dependencies) but I get the error: > error: (let ...): invalid field specifier

(let
    (
        (early-mount
            (file-system
                (mount-point "/early-mount")
                (device (file-system-label "early-mount"))
                (type "ext4")
                (needed-for-boot? #t)
            )
        )
    )
    (file-systems (cons*
        early-mount
        (file-system
            (mount-point "/")
            (device "/dev/mapper/operating-system")
            (type "ext4")
            (dependencies (cons*
                early-mount
                mapped-devices
            ))
        )
        %base-file-systems
    ))
)

### Attempt #4 Then tried repeating the second file system (file-system) entry and this actually allows me to deploy the config:

(file-systems (cons*
    (file-system ...) ; early-mount definition
    (file-system
        (mount-point "/")
        (device "/dev/mapper/operating-system")
        (type "ext4")
        (dependencies (cons*
            (file-system ...) ; early-mount definition, copy/pasted
            mapped-devices
        ))
    )
    %base-file-systems
))

however this tries to prompts me for the password during boot, leading me to believe that it wasn't able to mount /early-mount before trying to do the LUKS open.

I'm trying to build wine-staging from a custom Guix package definition (wine-10.scm) that I've created, based on the official Guix package definitions for Wine. My goal is to build a newer version of Wine (specifically 10.0-rc5) with the Wine-Staging patches applied. I'm using the following command:

guix build -L . wine-staging

With a custom .scm in current directory called wine-10.scm. My wine-10.scm file (simplified for brevity):

(define-module (wine-10)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix gexp)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix utils)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system meson)
  #:use-module (guix build-system trivial)
  #:use-module (gnu packages)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages audio)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages base)
  #:use-module (gnu packages bash)
  #:use-module (gnu packages bison)
  #:use-module (gnu packages cups)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages fontutils)
  #:use-module (gnu packages freedesktop)
  #:use-module (gnu packages flex)
  #:use-module (gnu packages image)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages ghostscript)
  #:use-module (gnu packages gl)
  #:use-module (gnu packages glib)
  #:use-module (gnu packages gstreamer)
  #:use-module (gnu packages gtk)
  #:use-module (gnu packages kerberos)
  #:use-module (gnu packages libusb)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages mingw)
  #:use-module (gnu packages openldap)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pulseaudio)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages mp3)
  #:use-module (gnu packages photo)
  #:use-module (gnu packages samba)
  #:use-module (gnu packages scanner)
  #:use-module (gnu packages sdl)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages video)
  #:use-module (gnu packages vulkan)
  #:use-module (gnu packages xdisorg)
  #:use-module (gnu packages xml)
  #:use-module (gnu packages xorg)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-1)

(define-public wine-minimal
  (package
    (name "wine-minimal")
    (version "10.0-rc5")
    (source
     (origin
       (method url-fetch)
       (uri (let ((dir "10.0/"))
              (string-append "https://dl.winehq.org/wine/source/ " dir
                             "wine-" version ".tar.xz")))
       (sha256
        (base32 "1lkfjx6sfscq50hhxqq7g3r8wyv6ji1pykak3p1d9lh7bixlz2gc"))))
    (properties '((upstream-name . "wine")))
    (build-system gnu-build-system)
    (native-inputs (list bison flex))
    (inputs `())
    (arguments
     (list
      #:system (match (%current-system)
                 ((or "armhf-linux" "aarch64-linux") "armhf-linux")
                 (_ "i686-linux"))
       #:tests? #f
       #:make-flags
       #~(list "SHELL=bash"
               (string-append "libdir=" #$output "/lib/wine32"))
       #:phases
       #~(modify-phases %standard-phases
           (add-after 'unpack 'patch-SHELL
             (lambda _
               (substitute* "configure"
                 (("/bin/sh")
                  (which "bash")))))
           (add-after 'configure 'patch-dlopen-paths
             (lambda _
               (let* ((library-path (search-path-as-string->list
                                     (getenv "LIBRARY_PATH")))
                      (find-so (lambda (soname)
                                 (search-path library-path soname))))
                 (substitute* "include/config.h"
                   (("(#define SONAME_.* )\"(.*)\"" _ defso soname)
                    (format #f "~a\"~a\"" defso (find-so soname)))))))
           (add-after 'patch-generated-file-shebangs 'patch-makedep
             (lambda* (#:key outputs #:allow-other-keys)
               (substitute* "tools/makedep.c"
                 (("output_filenames\\( unix_libs \\);" all)
                  (string-append all
                   "output ( \" -Wl,-rpath=%s \", arch_install_dirs[arch] );")))))
           (add-before 'build 'set-widl-time-override
             (lambda _
               (setenv "WIDL_TIME_OVERRIDE" "315532800"))))
       #:configure-flags
       #~(list "--without-freetype"
               "--without-x")))
    (home-page "https://www.winehq.org/ ")
    (synopsis "Implementation of the Windows API (32-bit only)")
    (description
     "Wine (originally an acronym for \"Wine Is Not an Emulator\") is a
compatibility layer capable of running Windows applications. Instead of
simulating internal Windows logic like a virtual machine or emulator, Wine
translates Windows API calls into POSIX calls on-the-fly, eliminating the
performance and memory penalties of other methods and allowing you to cleanly
integrate Windows applications into your desktop.")
    (supported-systems '("i686-linux" "x86_64-linux" "armhf-linux"))
    (license license:lgpl2.1+)))

(define-public wine
  (package
    (inherit wine-minimal)
    (name "wine")
    (native-inputs
     (modify-inputs (package-native-inputs wine-minimal)
       (prepend gettext-minimal perl pkg-config)))
    (inputs
     (list alsa-lib
           bash-minimal
           cups
           dbus
           eudev
           fontconfig
           freetype
           gnutls
           gst-plugins-base
           libgphoto2
           openldap
           samba
           sane-backends
           libpcap
           libusb
           libice
           libx11
           libxi
           libxext
           libxcursor
           libxkbcommon
           libxrender
           libxrandr
           libxinerama
           libxxf86vm
           libxcomposite
           mesa
           mit-krb5
           openal
           pulseaudio
           sdl2
           unixodbc
           v4l-utils
           vkd3d
           vulkan-loader
           wayland
           wayland-protocols))
    (arguments
     (substitute-keyword-arguments (package-arguments wine-minimal)
       ((#:phases phases)
        #~(modify-phases #$phases
           #$@(match (%current-system)
                ((or "i686-linux" "x86_64-linux")
                 `((add-after 'install 'wrap-executable
                     (lambda* (#:key inputs outputs #:allow-other-keys)
                       (let* ((out (assoc-ref outputs "out"))
                              (icd (string-append out "/share/vulkan/icd.d")))
                         (mkdir-p icd)
                         (copy-file (search-input-file
                                     inputs
                                     "/share/vulkan/icd.d/radeon_icd.i686.json")
                                    (string-append icd "/radeon_icd.i686.json"))
                         (copy-file (search-input-file
                                     inputs
                                     "/share/vulkan/icd.d/intel_icd.i686.json")
                                    (string-append icd "/intel_icd.i686.json"))
                         (wrap-program (string-append out "/bin/wine-preloader")
                           `("VK_ICD_FILENAMES" ":" =
                             (,(string-append icd
                                              "/radeon_icd.i686.json" ":"
                                              icd "/intel_icd.i686.json")))))))))
                (_
                 `()))))
       ((#:configure-flags _ '()) #~'())))))

(define-public wine64
  (package
    (inherit wine)
    (name "wine64")
    (inputs (modify-inputs (package-inputs wine)
              (prepend wine)))
    (arguments
     (substitute-keyword-arguments
         (strip-keyword-arguments '(#:system) (package-arguments wine))
       ((#:make-flags _)
        #~(list "SHELL=bash"
                (string-append "libdir=" #$output "/lib/wine64"))
        )
       ((#:phases phases)
        #~(modify-phases #$phases
            (add-after 'install 'copy-wine32-binaries
              (lambda* (#:key inputs outputs #:allow-other-keys)
                (let ((out (assoc-ref %outputs "out")))
                  (copy-file (search-input-file inputs "/bin/wine")
                             (string-append out "/bin/wine"))
                  (copy-file (search-input-file inputs "/bin/.wine-preloader-real")
                             (string-append out "/bin/wine-preloader")))))
            (add-after 'install 'copy-wine32-libraries
              (lambda* (#:key inputs outputs #:allow-other-keys)
                (let* ((out (assoc-ref %outputs "out")))
                  (copy-recursively (search-input-directory inputs "/lib/wine32")
                                    (string-append out "/lib/wine32")))))
            #$@(match (%current-system)
                 ((or "x86_64-linux")
                  `((delete 'wrap-executable)
                    (add-after 'copy-wine32-binaries 'wrap-executable
                      (lambda* (#:key inputs outputs #:allow-other-keys)
                        (let* ((out (assoc-ref outputs "out"))
                               (icd-files (map
                                           (lambda (basename)
                                             (search-input-file
                                              inputs
                                              (string-append "/share/vulkan/icd.d/"
                                                             basename)))
                                           '("radeon_icd.x86_64.json"
                                             "intel_icd.x86_64.json"
                                             "radeon_icd.i686.json"
                                             "intel_icd.i686.json"))))
                          (wrap-program (string-append out "/bin/wine-preloader")
                            `("VK_ICD_FILENAMES" ":" = ,icd-files))
                          (wrap-program (string-append out "/bin/wine64-preloader")
                            `("VK_ICD_FILENAMES" ":" = ,icd-files)))))))
                 (_
                  `()))
            (add-after 'compress-documentation 'copy-wine32-manpage
              (lambda* (#:key inputs outputs #:allow-other-keys)
                (let* ((out (assoc-ref %outputs "out")))
                  (copy-file (search-input-file inputs "/share/man/man1/wine.1.zst")
                             (string-append out "/share/man/man1/wine.1.zst")))))))
       ((#:configure-flags configure-flags '())
        #~(cons "--enable-win64" #$configure-flags))))
    (synopsis "Implementation of the Windows API (WoW64 version)")
    (supported-systems '("x86_64-linux" "aarch64-linux"))))

(define-public wine-staging-patchset-data
  (package
    (name "wine-staging-patchset-data")
    (version "10.0-rc5")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/wine-staging/wine-staging ")
             (commit (string-append "v" version))))
       (file-name (git-file-name name version))
       (sha256
        (base32 "1bphg408avr5kf1d4bkx90s4kfjiykm3ssph8lj2v1zibxhb53wy"))))
    (build-system trivial-build-system)
    (native-inputs
     (list coreutils))
    (arguments
     `(#:modules ((guix build utils))
       #:builder
       (begin
         (use-modules (guix build utils))
         (let* ((build-directory ,(string-append name "-" version))
                (source (assoc-ref %build-inputs "source"))
                (coreutils (assoc-ref %build-inputs "coreutils"))
                (out (assoc-ref %outputs "out"))
                (wine-staging (string-append out "/share/wine-staging")))
           (copy-recursively source build-directory)
           (with-directory-excursion build-directory
             (substitute* '("patches/gitapply.sh" "staging/patchinstall.py")
               (("/usr/bin/env")
                (string-append coreutils "/bin/env"))))
           (copy-recursively build-directory wine-staging)
           #t))))
    (home-page "https://github.com/wine-staging ")
    (synopsis "Patchset for Wine")
    (description
     "wine-staging-patchset-data contains the patchset to build Wine-Staging.")
    (license license:lgpl2.1+)))

(define-public wine-staging
  (package
    (inherit wine)
    (name "wine-staging")
    (version "10.0-rc5")
    (source
     (let* ((wine-version "10.0-rc5")
            (subdirectory "10.0"))
       (origin
         (method url-fetch)
         (uri (string-append "https://dl.winehq.org/wine/source/ "
                             subdirectory "/"
                             "wine-" wine-version ".tar.xz"))
         (file-name (string-append name "-" wine-version ".tar.xz"))
         (sha256
          (base32 "1lkfjx6sfscq50hhxqq7g3r8wyv6ji1pykak3p1d9lh7bixlz2gc")))))
    (inputs (modify-inputs (package-inputs wine)
              (prepend autoconf
                       ffmpeg
                       gtk+
                       libva
                       mesa
                       python
                       util-linux
                       wine-staging-patchset-data)))
    (native-inputs
     (modify-inputs (package-native-inputs wine)
       (prepend python-3)))
    (arguments
     (substitute-keyword-arguments (package-arguments wine)
       ((#:phases phases)
        #~(modify-phases #$phases
            (delete 'patch-SHELL)
            (add-before 'configure 'apply-wine-staging-patches
              (lambda* (#:key inputs #:allow-other-keys)
                 (invoke "bash" "-c" "\"echo hello\"")
                ;(invoke (search-input-file
                ;         inputs
                ;         "/share/wine-staging/staging/patchinstall.py")
                ;        "DESTDIR=."
                 ;       "--all")
                ))
            (add-after 'apply-wine-staging-patches 'patch-SHELL
              (assoc-ref #$phases 'patch-SHELL))))))
    (synopsis "Implementation of the Windows API (staging branch, 32-bit only)")
    (description "Wine-Staging is the testing area of Wine. It
contains bug fixes and features, which have not been integrated into
the development branch yet. The idea of Wine-Staging is to provide
experimental features faster to end users and to give developers the
possibility to discuss and improve their patches before they are
integrated into the main branch.")
    (home-page "https://github.com/wine-staging ")
    (license
     (list license:lgpl2.1+ license:silofl1.1 license:gpl3+ license:asl2.0))))

(define-public wine64-staging
  (package
    (inherit wine-staging)
    (name "wine64-staging")
    (inputs (modify-inputs (package-inputs wine-staging)
              (prepend wine-staging)))
    (arguments
     (substitute-keyword-arguments (package-arguments wine64)
       ((#:phases phases)
        #~(modify-phases #$phases
            (delete 'patch-SHELL)
            (add-before 'configure 'apply-wine-staging-patches
              (lambda* (#:key inputs #:allow-other-keys)
                (invoke (search-input-file
                         inputs
                         "/share/wine-staging/staging/patchinstall.py")
                        "DESTDIR=."
                        "--all")))
            (add-after 'apply-wine-staging-patches 'patch-SHELL
              (assoc-ref #$phases 'patch-SHELL))))))
    (synopsis "Implementation of the Windows API (staging branch, WoW64
version)")
    (supported-systems '("x86_64-linux" "aarch64-linux"))))

The build process fails with the following error:

... (Many successful patch applications) ...
patching dlls/advapi32/tests/security.c
1 out of 4 hunks FAILED -- saving rejects to file dlls/advapi32/tests/security.c.rej
[PATCH] ERR: Textual patch did not apply, aborting.
/gnu/store/0fsw4g8zql5c6kvrk44f3w551xamca17-wine-staging-patchset-data-10.0-rc5/share/wine-staging/staging/../patches/server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch
Failed to apply patch server-Stored_ACLs/0004-server-Temporarily-store-the-full-security-descripto.patch

However when I untar the same source from the store, and apply it. Directly it works. Furthermore it seems guix writes something like:

patching dlls/ntdll/loader.c
patching configure.ac
patching dlls/advapi32/lsa.c
patching dlls/advapi32/tests/lsa.c
patching dlls/comctl32/rebar.c

which does NOT happen when I patch manually, there is something going on, not sure what. When patching manually I only get:

/gnu/store/0fsw4g8zql5c6kvrk44f3w551xamca17-wine-staging-patchset-data-10.0-rc5/share/wine-staging/staging/../patches/gitapply.sh -d . < /gnu/store/0fsw4g8zql5c6kvrk44f3w551xamca17-wine-staging-patchset-data-10.0-rc5/share/wine-staging/staging/../patches/Staging/0001-ntdll-Print-a-warning-message-specifying-the-wine-st.patch

How I manually patch:

tar -xvf /gnu/store/x46d8vfy507g9i8hrnfc3lwl5vq79xi2-wine-staging-10.0-rc5.tar.xz # must have already been retrieved by guix
cd wine-10.0-rc5
/gnu/store/0fsw4g8zql5c6kvrk44f3w551xamca17-wine-staging-patchset-data-10.0-rc5/share/wine-staging/staging/patchinstall.py DESTDIR=. --all

As you can see I am using the exact same sources from guix store!

I'm trying to use kexec on Guix, which I think should be

kexec -l /run/current-system/kernel/bzImage  --append="$(cat /proc/cmdline)" --initrd=/run/current-system/initrd
kexec -e

However, that results in a blank screen. I can still reboot through alt-printscreen-b, so the (old or new) kernel is still running. The other alt-printscreen-reisub letters don't seem to do anything (not even fans spinning up). As for the XY-problem, I'd like to be able to skip grub. Mainly because the drive is encrypted, and I have to enter the LUKS password twice: for grub and for the kernel. So I hope to save some time by booting directly into Linux and having to decrypt the drive only once. Not sure whether this is actually a Guix problem, or something else.

I've installed Guix and installed the bundled SELinux policy manually . But according to Ricardo Wurmus , as of 30 June 2021: >There are really just two ways: either 1) disable SELinux (or set it to permissive mode) or 2) install/debug/reinstall the SELinux daemon policy that is included with Guix. > >The daemon policy is *not* installed with the binary installation method because it is known to be incomplete. You would need to get a copy of the Guix sources and configure it. The file you want is called “etc/guix-daemon.cil”. To debug it you would need to install it, set SELinux to permissive mode, run the daemon, and then check the audit log for errors. There is an open issue for SElinux guix-daemon.cil file , which suggests a patch that seems already incorporated in the file bundled with my installation. I installed setroubleshoot and kept restarting the guix-daemon.service while following the suggestions popping up in notifications. The daemon finally started after:

$ sudo chcon -R -t guix_daemon.guix_daemon_conf_t /var/guix/
$ sudo chcon -R -t guix_daemon.guix_profiles_t /var/guix/profiles/per-user/root/current-guix
$ sudo chcon -R -t guix_daemon.guix_profiles_t /var/guix/profiles/per-user/root/current-guix-1-link

But I still cannot proceed with installing glibc-locales :

$ guix install glibc-locales
hint: Consider installing the glibc-utf8-locales' or glibc-locales' package and defining `GUIX_LOCPATH', along these lines:

     guix install glibc-utf8-locales
     export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"

See the "Application Setup" section in the manual, for more info.

guix install: error: remounting /gnu/store writable: Permission denied

The SELinux diagnostics tool informs that "guix-daemon" is not allowed "remount" access to "filesystem" and suggests:

# ausearch -c 'guix-daemon' --raw | audit2allow -M my-guixdaemon
# semodule -X 300 -i my-guixdaemon.pp

But ausearch fails on this:

$ sudo ausearch -c '(x-daemon)' --raw | audit2allow -M my-xdaemon
compilation failed:
libsepol.hierarchy_add_type_callback: guix_daemon doesn't exist, guix_daemon.guix_daemon_conf_t is an orphan
libsepol.hierarchy_add_bounds: 1 errors found while adding hierarchies

How can I allow guix-daemon to remount the filesystem in SELinux?

The official Guix documentation describes [The Perfect Setup](https://guix.gnu.org/manual/en/html_node/The-Perfect-Setup.html) for hacking on Guix. I have followed this description and set up everything like described, but still Geiser does not work fully. I thought that this was supposed to give me completion capabilities and make it possible to go to the definition of things. I can go to definition of some things, but only very few. Most things is not possible. Completion seems to be only based on text in the current buffer. # My Emacs configurations

(use-package geiser
  :ensure t
  :custom
  (geiser-default-implementation 'guile)
  (geiser-active-implementations '(guile))
  (geiser-implementations-alist '(((regexp "\\.scm$") guile))))

(use-package geiser-guile
  :ensure t
  :config
  (add-to-list 'geiser-guile-load-path "/home/lars/code/forks/guix")
  (add-to-list 'geiser-guile-load-path "/home/lars/code/guix/modules")
  (add-to-list 'geiser-guile-load-path "/home/lars/code/guix"))

(with-eval-after-load "geiser-guile" 
  (add-to-list 'geiser-guile-load-path "/home/lars/code/forks/guix")
  (add-to-list 'geiser-guile-load-path "/home/lars/code/guix/modules")
  (add-to-list 'geiser-guile-load-path "/home/lars/code/guix"))

# REPL I invoke the Geiser REPL in Emacs with M-x geiser-guile or M-x geiser. The output in the Geiser REPL looks like this:

GNU Guile 3.0.9
Copyright (C) 1995-2023 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guile-user)>

Note that the prompt says guile-user, but I think it should say guix-user. However, if I start the Guix REPL by running guix repl in a terminal the output looks like this:

GNU Guile 3.0.9
Copyright (C) 1995-2023 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guix-user)>

Note that here it says guix-user. When trying to 'use' the guix module in Geiser REPL:

,use (guix)
;;; note: auto-compilation is enabled, set GUILE_AUTO_COMPILE=0
;;;       or pass the --no-auto-compile argument to disable.
;;; compiling /home/lars/code/forks/guix/guix.scm
;;; compiling /home/lars/code/forks/guix/guix/packages.scm
;;; compiling /home/lars/code/forks/guix/guix/utils.scm
;;; WARNING: compilation of /home/lars/code/forks/guix/guix/utils.scm failed:
;;; no code for module (guix config)
;;; WARNING: compilation of /home/lars/code/forks/guix/guix/packages.scm failed:
;;; no code for module (guix config)
;;; compiling /home/lars/code/forks/guix/guix/store.scm
;;; WARNING: compilation of /home/lars/code/forks/guix/guix/store.scm failed:
;;; no code for module (guix config)
;;; WARNING: compilation of /home/lars/code/forks/guix/guix.scm failed:
;;; no code for module (guix config)
;;; compiling /home/lars/code/forks/guix/guix/derivations.scm
;;; compiling /home/lars/code/forks/guix/guix/diagnostics.scm
;;; WARNING: compilation of /home/lars/code/forks/guix/guix/diagnostics.scm failed:
;;; Unbound variable: trivial-format-string?
;;; WARNING: compilation of /home/lars/code/forks/guix/guix/derivations.scm failed:
;;; no code for module (gcrypt hash)
While executing meta-command:
no code for module (gcrypt hash)
scheme@(guile-user)>

Doing the same in a Guix REPL works fine:

scheme@(guix-user)> ,use (guix)
scheme@(guix-user)>

# Go to definition Go to definition works in some places, for example in the line below:

(gnu home services)

This takes me correctly to the source of gnu home services. However, trying to go to the definition of packages does not work:

(packages (list
            htop
            git
            alacritty
            tmux))

Trying to go to the definition of any of the packages in the package list just does not work. # Completion I would expect to be able to get completions for modules and packages (among other things) by typing the start of the name of the packages, but nothing comes. Sometimes I get some random completion based on random text in the same buffer, but most of the time not even that.

How do I list all the packages installed through Guix? On Ubuntu this would be done through dpkg -l.

How do I install a font in Guix System? (Not installed in graphical environment)

By default, what will happen if I try to install a package with GUIX and it's not bit-for-bit reproducible? I'm very concerned about the state of package managers in 2024 (and the risks of supply chain attacks). While traditional package managers like [apt](https://security.stackexchange.com/questions/246425/does-apt-get-enforce-cryptographic-authentication-and-integrity-validation-by-de?rq=1) and [yum](https://security.stackexchange.com/questions/257577/does-yum-enforce-cryptographic-authentication-and-integrity-validation-by-defaul?rq=1) are maintained by a dedicated team of package managers who verify, test, and cryptographially sign all their releases, new package managers like [flatpak](https://security.stackexchange.com/questions/259088/does-flatpak-enforce-cryptographic-authentication-and-integrity-validation-by-de?rq=1) , [snap](https://security.stackexchange.com/questions/246478/does-snapd-enforce-cryptographic-authentication-and-integrity-validation-by-defa) , and docker allow random users to submit packages, and will [happily download](https://security.stackexchange.com/questions/238916/how-to-pin-public-root-key-when-downloading-an-image-with-docker-pull-docker-co) and run maliciously-modified software. Today I learned about GUIX, which emphasizes reproducible builds. But after spending an hour reading their docs, I could not determine how reproducible builds in GUIX works -- nor if it's **enforced** for all packages. Does a default install of GUIX require builds to be reproducible? How does it ensure authenticity of the software and resulting binary? What are the possible vulnerabilities to this system?

The GUIX Inferiors manual states that > Thus you can insert an inferior package pretty much anywhere you > would insert a regular package: in manifests, in the packages field of > your operating-system declaration, and so on. However, I cannot figure out how to use an Inferior when rewriting the input of a package. E.g. this manifest, based on the Defining Package Variants section of the manual , does not work for me:

(use-modules (guix inferior) (guix channels) (guix packages)
             (srfi srfi-1))
(use-package-modules docker)
(use-package-modules python-xyz)

(define mychannels
  (list (channel
         (name 'guix)
         (url "https://git.savannah.gnu.org/git/guix.git ")
         ;; Last commit that still has python-pyyaml 5.4.1.
         (commit
          "d3e1a94391a838332b0565d56762a58cf87ac6b1"))))

(define myinferior
  (inferior-for-channels mychannels))

(define pyyaml5
  (first (lookup-inferior-packages myinferior "python-pyyaml")))


(define pyyaml5-instead-of-pyyaml6
  ;; This is a procedure to replace pyyaml 6.0 by pyyaml 5.4.1.

  ;; The line below does not work, raises this error:
  ;; In procedure package-properties: Wrong type argument:
  ;; #
  (package-input-rewriting `((,python-pyyaml . , pyyaml5)))

  ;; The line below does work (and has a similar result).
  ;(package-input-rewriting `((,python-pyyaml . , python-pyyaml-for-awscli)))
  )

(define docker-compose-with-pyyaml5
  (pyyaml5-instead-of-pyyaml6 docker-compose))

(packages->manifest
 (list pyyaml5
       (specification->package "python")
       docker-compose-with-pyyaml5
       ))

docker-compose only works with python-pyyaml 5.4.1 and the version in the channel has been upgraded to 6.0. The rewriting that I'm therefore trying to do is to rewrite the input to docker-compose to use python-pyyaml 5.4.1 from an earlier version of the channel. However, my attempts fail with

Backtrace:
In guix/packages.scm:
  1269:17 19 (supported-package? # …)
In guix/memoization.scm:
    101:0 18 (_ # # …)
In guix/packages.scm:
  1247:37 17 (_)
  1507:16 16 (package->bag _ _ _ #:graft? _)
  1608:48 15 (thunk)
  1403:25 14 (inputs _)
In srfi/srfi-1.scm:
   586:29 13 (map1 (("python-cached-property" #) …))
   586:29 12 (map1 (("python-distro" #) …))
   586:29 11 (map1 (("python-docker" #) …))
   586:29 10 (map1 (("python-dockerpty" #) …))
   586:29  9 (map1 (("python-docopt" #) …))
   586:29  8 (map1 (("python-dotenv" #) …))
   586:29  7 (map1 (("python-jsonschema" #) …))
   586:17  6 (map1 (("python-pyyaml" #) …))
In guix/packages.scm:
  1360:20  5 (rewrite ("python-pyyaml" #))
In guix/memoization.scm:
    101:0  4 (_ # # …)
In guix/packages.scm:
  1377:22  3 (_)
  1435:37  2 (loop #)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure package-properties: Wrong type argument: #

How can I do this rewriting of input with an inferior? Apparently there now is a python-pyyaml 5.4.1 in the channel, called python-pyyaml-for-awscli. Rewriting the input of docker-compose with that package does work as expected, so as far as I can see I'm using the correct syntax when rewriting input. (I'm not sure what the backtick, the dot, and the commas do, maybe there is a mistake there.) (As for the XY-problem, I can now run docker-compose using python-pyaml-for-awscli, however I'm still interested in how to use the Inferior, because next there might not be such a package available.)

I have an rpm package prebuilt by a third party and have to install it into my Guix server machine. So how can I install an rpm package into a Guix machine? Thanks.

After installing font-terminus on my Guix System the font appears in the output of fc-list ... /home/rovanion/.guix-profile/share/fonts/terminus/ter-x12n.pcf.gz: Terminus:style=Regular ... /run/current-system/profile/share/fonts/terminus/ter-x14n.pcf.gz: Terminus:style=Regular ... but is not selectable in xfontsel nor can urxvt find it when specified as URxvt*font: -*-terminus-medium-r-*-*-13-*-*-*-*-*-*-* I have tried installing all three outputs, font-terminus, font-terminus:pcf-8bit and font-terminus:otb but to no avail. Using xset q I can see that the Font Path does not seem to include anything about terminus. Is there some magic that's missing from Guix or some understanding that's missing from my side?

I'm interested in setting up an environment of apps, libraries and utilities for use - independently and in conjunction - by a non-root user on a GNU/Linux system. Can I use GUIX's "home" mechanism for doing that, even though the OS distribution is not GUIX? Similarly to how Nix' home-manager is used?

Say I want to find out which package provides binary $x on my Guix system. On a Debian based system I would use the command apt-file search $x and on a RedHat system I would use yum whatprovides $x; what would be the equivalent command on Guix System?

[guix shell](https://guix.gnu.org/manual/devel/en/html_node/Invoking-guix-shell.html) allows users to create a shell and control what resources are available. How can I use the guix.scm file to specify an environment variable in this shell environment? In this specific example, I'm just looking for a TEST environment variable with the value 2. ChatGPT gave me two suggestions below which did not work, nor are these options defined in the [package reference](https://guix.gnu.org/manual/en/html_node/package-Reference.html) . Both give me the same error: *extraneous field initializers*. I also saw [this thread](https://lists.gnu.org/archive/html/help-guix/2022-05/msg00025.html) about the inability to define environment variables in a manifest file and one user said that it should be possible to do with guix.scm files (or, the type of files passed to guix shell with --file argument), but I'm not sure if that's correct. I tried the guile [setenv](https://www.gnu.org/software/guile/manual/html_node/Runtime-Environment.html#index-setenv) Scheme procedure but I get the error: *invalid field specifier*. Here's an example guix.scm with the three options I tried at the bottom:

(use-modules
	(guix)
	(guix build-system gnu)
	((guix licenses) #:prefix license:)
	(gnu packages bison)
	(gnu packages compression)
	(gnu packages flex)
	(gnu packages m4)
	(gnu packages tls)
)

(package
	(name "coreboot")
	(version "dan")
	(source (local-file "." #:recursive? #t))
	(build-system gnu-build-system)
	(native-inputs
		(list
			bison
			flex
			m4
			openssl
			zlib
		)
	)
	(synopsis "coreboot")
	(description "coreboot")
	(home-page "https://www.coreboot.org/ ")
	(license license:expat)
	(shell '(#:variables (,"TEST=2"))) ; Does not work
	(environment-variables '("TEST" "2")) ; Does not work
	(setenv "TEST" "2") ; Does not work
)

I am a first time guix user and need assistance doing this basic thing. I did guix pull and guix install openssh but the sshd command is not there. After typing guix pull and guix install openssh, I have now the openssh package but the sshd command is not there. After reading this excerpt it seems I need to edit a configuration, however this enviroment was just the qemu image of guix. And /etc/config.scm is an empty file. So there is nothing to edit. How can I run the sshd service, after booting in guix?

_Flatpak_ and _snapd_ packages are available on other distributions because their respective package managers being built for installation on multiple distros . Is this also true for the Guix package manager? I remember hearing that Guix packages were (or will be) installable on Debian, but I can't find a reference. http://flatpak.org/index.html#about http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/

I am currently trying to get the session lock running on my DELL XPS 15. Everytime I suspend the system it fails and there is an error message telling me that all session lock tools failed. When booting it already reports a problem with setuid command (which I don't entirely understand what it means). I tried configuring my system according to the [guix documentation](https://guix.gnu.org/en/cookbook/en/guix-cookbook.html#Xorg) here but even after installing slock the executable is not in /bin/sloc but in /run/setuid-programs/ so I changed the configuration file like so: (service screen-locker-service-type (screen-locker-configuration (name "slock") (program (file-append slock "/run/setuid-programs/slock")))) If anyone has got this running even with another set of screenlockers I would be happy to adopt. At the moment I am just confused because I am unfamiliar with setuid and the underlying processes happening there in the OS.

I've made my Guix system entirely declarative, always adding packages through guix package -m mymanifest.scm. Sometimes this fails because of conflicting dependencies. E.g. right now I have gcc-toolchain in my manifest, amongst dozens of other packages, and this message shows up:

guix package: error: profile contains conflicting entries for gcc-toolchain
guix package: error:   first entry: gcc-toolchain@12.3.0 /gnu/store/rfm800pq3q2midj29a4xlikdzjp1ps2l-gcc-toolchain-12.3.0
guix package: error:   second entry: gcc-toolchain@11.3.0 /gnu/store/ks87cpc36kh8hqwr569pks4yrzfl7mnv-gcc-toolchain-11.3.0
hint: You cannot have two different versions or variants of `gcc-toolchain' in the same profile.

I suppose gcc-toolchain that is included in the manifest is 12.3.0, and some other package has gcc-toolchain@11.3.0 as an (indirect) dependency. But I don't know which package that is. In this particular case, the problem was easily resolved, because I also included gcc in the manifest, and that resulted in the warning that package 'gcc' has been superseded by 'gcc-toolchain', and removing gcc seems to have fixed the issue. However, I'd like a more general applicable method to find the 'offending' package. That is, given a manifest file, say mymanifest.scm, how can I figure out through which dependency chain a given package, say gcc-toolchain@11.3.0, ends up in the profile? I usually do a binary search, by simply commenting out (or back in) half of the packages and see when the problem disappears (or reappears), but this is a manual and tedious process. The ugly naive way I can automate this myself would be to loop through all the packages, call guix graph on each package, and then grep for the problematic dependency. Better would be to figure out what guix graph is doing, and do that for a whole manifest. Or perhaps convert a manifest into a package (empty, except for dependencies), and then call guix graph on that. But there is probably a better way.