GNU Guix, a functional package management software for the GNU operating system, is celebrating its eighth birthday and version 1.2 was released seven months after the last release. The most important innovation is likely to be the ability to cryptographically authenticate channels, which should make Guix one of the most secure methods of providing operating systems.

Cryptography and multilingualism In addition to changes to the provision and some new interfaces, the current release also includes an extended reference manual, which, in addition to English, is now fully translated into French, German and Spanish. Translations into eleven other languages ​​are ongoing, and translations into Russian and Chinese are apparently the most advanced.

With channel authentication according to the blog entry, the open source GNU project behind the package management closes the apparently largest gap in the “software supply chain”: guix pull and related commands can now only retrieve authorized commits in the official Guix repository. The code of each authorized channel is encrypted when it is accessed. With the new command guix git authenticate the authentication mechanism can be used for any Git repository.

More security issues and new package options The build daemon and the origin – Programming interfaces have recently started accepting additional cryptographic hash functions, in particular SHA-3 and BLAKE2s. Previously, Guix had relied exclusively on SHA 86 hashes for source code. The new version of Guix also tries to track down system downgrades in order to prevent security gaps by rolling back to older operating system versions. As of Guix 1.2, automatic updates (Unattended Upgrade Service) run with the command guix pull && guix system reconfigure , users no longer have to trigger individually and manually.

Three new options for packet transformation are introduced in the command line: – -with-debug-info , – with-c-toolchain and [code] – without-tests . The profile records transformations and they can be replayed with guix upgrade . These changes affect the entire dependency tree including the “implicit” inputs that could not previously be transformed. The module (guix transformations) provides an interface for the transformation options in the command line. On the user side, there is now an overview of the available commands in the Guix help, the Guix pull has received a progress bar and a new, leaner “baseline compiler” means that the pull process should require fewer resources.

Background to GNU Guix and installation methods GNU Guix is ​​a functional package manager and one in the Development of advanced distribution of the GNU system. In addition to the standard functions of a classic package management, Guix also supports upgrades, rollbacks, package management without granting privileges, per-user profiles and offers a garbage collector. Guix can be run on any system running the Linux kernel, but it can also be used as an independent operating system on devices with suitable processor cores (such as i 686, x 86 _ 64, ARM7 and AArch 64). As a stand-alone GNU / Linux distribution, Guix offers a declarative, stateless approach to managing the operating system configuration. Guile programming interfaces and extensions make Guix particularly adaptable.

More information about the current release can be found in the blog entry on GNU Guix. The current version of the package manager Guix can be downloaded from the download area of ​​the GNU project. More information about the distribution is available on the project website.

(sih)

686