Using GNU Guix on Parabola

From ParabolaWiki
Jump to: navigation, search

GNU Guix is a package manager.

1 Installing guix

You can install it from pacman or from the official guix binaries. To install from pacman:

# pacman -Sy guix

To use it on Parabola, make sure you install the guix package (with pacman -S guix) and run the following commands (more detail in the official documentation) as root:

# groupadd --system guixbuild
# for i in `seq -w 1 10`;
    useradd -g guixbuild -G guixbuild           \
            -d /var/empty -s `which nologin`    \
            -c "Guix build user $i" --system    \

Then, run:

# systemctl enable guix-daemon
# systemctl start guix-daemon

2 Configuring guix

2.1 Enabling binary packages

To enable binary pacakges on older Guix versions do:

guix archive --authorize < /usr/share/guix/

For guix 1.x you can enable binary packages with the following command instead:

guix archive --authorize < /usr/share/guix/

The official documentation has more information on it.

Make sure to read at least the official section about the (security) implications of enabling binary packages.

After that, you should be able to use Guix normally.

2.2 Not using /tmp

/tmp is by default configured to use at maximum 50% of the RAM, and guix uses /tmp it by default. Because of that, it might not be suitable for machines not having a lot of RAM.

To fix it, first create the respective temporary directory, as root, on your disk:

# mkdir -p /gnu/tmp
# chown root:guixbuild /gnu/tmp

Then override the systemd unit for guix-daemon:

# cp /lib/systemd/system/guix-daemon.service /etc/systemd/system/

Add the following line to it to change the temporary directory location:


Like this:

# This is a "service unit file" for the systemd init system to launch
# 'guix-daemon'.  Drop it in /etc/systemd/system or similar to have
# 'guix-daemon' automatically started.

Description=Build daemon for GNU Guix

ExecStart=/usr/bin/guix-daemon --build-users-group=guixbuild


Note that even if it doesn't use /tmp anymore (you can verify it by doing `ls /tmp/guix-*`) it will continue to show up in build logs, as explained in the official documentation. `ls /gnu/tmp/guix-*` will however contain temporary directory used by guix.

2.3 guix system vm not working

While trying to produce a vm image we have:

# guix system vm-image --image-size=4G ./system.scm
substitute: warning: failed to install locale: Invalid argument
The following derivation will be built:
warning: failed to install locale: Invalid argument
Formatting 'image.qcow2', fmt=qcow2 size=4294967296 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
Could not access KVM kernel module: Permission denied
failed to initialize KVM: Permission denied
In ice-9/boot-9.scm:
 157: 10 [catch #t #<catch-closure 8235900> ...]
In unknown file:
   ?: 9 [apply-smob/1 #<catch-closure 8235900>]
In ice-9/boot-9.scm:
  63: 8 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
 432: 7 [eval # #]
In ice-9/boot-9.scm:
2401: 6 [save-module-excursion #<procedure 8246c00 at ice-9/boot-9.scm:4045:3 ()>]
4050: 5 [#<procedure 8246c00 at ice-9/boot-9.scm:4045:3 ()>]
1724: 4 [%start-stack load-stack ...]
1729: 3 [#<procedure 824c498 ()>]
In unknown file:
   ?: 2 [primitive-load "/gnu/store/mbih78alifi0apx1rjx485g5lh3a6qzl-qemu-image-builder"]
In ./gnu/build/vm.scm:
 127: 1 [load-in-linux-vm "/gnu/store/y305rlz8ack36f8n3gdhvwcbh3lpf6mp-linux-vm-loader" ...]
In unknown file:
   ?: 0 [scm-error misc-error #f "~A ~S" ("qemu failed" "qemu-system-i386") #f]

ERROR: In procedure scm-error:
ERROR: qemu failed "qemu-system-i386"
environment variable `PATH' set to `/gnu/store/myn188rpkzgp6hcrrbds91frf67b1fk0-qemu-minimal-2.6.0/bin:/gnu/store/w7mbdlp22y18xk21l56lp5qfqxw1nqbb-coreutils-8.25/bin'
builder for `/gnu/store/07gbaa4h37f9cpn27w10nngq5b0x5c39-qemu-image.drv' failed with exit code 1
guix system: error: build failed: build of `/gnu/store/07gbaa4h37f9cpn27w10nngq5b0x5c39-qemu-image.drv' failed
guix system vm-image --image-size=4G ./system.scm  20.61s user 0.51s system 87% cpu 24.002 total

In all this huge log, the important part is: "Could not access KVM kernel module: Permission denied". It's just telling us that the guix-daemon cannot access /dev/kvm.

When we look at /dev/kvm permissions we have:

$ ls -l /dev/kvm 
crw-rw----+ 1 root kvm 10, 232 Aug  3 10:57 /dev/kvm

We also look at the permissions that one of the guixbuilder users have:

$ id guixbuilder01
uid=617(guixbuilder01) gid=1002(guixbuild) groups=1002(guixbuild)

This clearly cannot access /dev/kvm, we can fix it with:

# for i in `seq -w 1 10` ; do gpasswd -a guixbuilder$i kvm ; done

Which should output something like that:

Adding user guixbuilder01 to group kvm
Adding user guixbuilder02 to group kvm
Adding user guixbuilder03 to group kvm
Adding user guixbuilder04 to group kvm
Adding user guixbuilder05 to group kvm
Adding user guixbuilder06 to group kvm
Adding user guixbuilder07 to group kvm
Adding user guixbuilder08 to group kvm
Adding user guixbuilder09 to group kvm
Adding user guixbuilder10 to group kvm

3 See also