The release of the new version of the package manager and the Linux GNU distribution Guix 1.3 in which several important changes were added, such as, for example, the support for new architectures and the update of the system packages in the distribution, as well as improvements and changes to some of the commands in the package manager, as well as the solution to a vulnerability.
For those who do not know GNU Guix package manager should know that this is based on the operation of the Nix project and in addition to the typical package management functions, supports features such as performing transactional updates, the ability to roll back updates, working without gaining privileges superuser, support for profiles linked to individual users, the ability to simultaneously install multiple versions of a program, garbage collectors (identification and removal of unused versions of packages).
As for the distribution, it includes only free components and comes with the GNU Linux-Libre kernel stripping non-free binary firmware items. For mounting, GCC 9.3 is used, the GNU Shepherd service manager developed as an alternative to SysV-init with dependency support that is used as an initialization system.
What's new in Guix 1.3?
In this new version that is presented It is highlighted that the vulnerability CVE-2021-27851 was fixed in guix-daemon, which allowed a local user to elevate privileges on the system. The problem is related to the fact that during the execution of the command »guix build', Since the build directory remained writable for everyone and the user could create a hard link to a file owned by the root user and located outside the directory.
On the other hand we can find that initial support for the POWER9 architecture was implemented, as well as the updated versions of the package of the system of which it is mentioned that in this new version about 3100 are integrated and of the new packages added are about 2009.
As well initrd is mentioned as having bcachefs support enabled by default and that the CUPS print server has the »brlaser» service enabled by default to support Brother printers, in addition to new system services were added.
On the part of the package manager, it is highlighted that the ability to use the declarative implementation mode is provided, in which instead of a series of commands »guix install" Y "guix remove«, A command« guix package --manifest=manifest.scm»With the definition in the manifest of all applications to be installed.
Of the other changes that stand out from this new version:
- Added a new command "guix import go" for recursive import of packages in Go language, taking dependencies into account.
- The command"
guix import opam»Provides support for Coq packages. Guix import crate provides semantic versions in recursive loading mode. The command »guix import nix«. - Optimized installation of precompiled (replacement) binary packages and acceleration of the "guix system init" command.
- The "–discover" option has been added to
guix-daemonto detect servers on the local network that are giving collected binary packets (substitutes) using the mDNS / DNS-SD protocols. To send announcements from servers, the "–advertise" option has been added to the »commandguix publish«. - The ability to use the Zstd algorithm for packet compression has been implemented.
- In "–verbosity = 1" mode, the output of downloaded URLs is stopped.
- Instead of the subcommands »
disk-image" Y"vm-image«, The general command is proposed»guix system image«. - Support for the SPICE protocol was added in the distribution image for virtual machines.
- An automatic installation mode has been added to the installation script.
- Service was added
lvm-device-mappingto support Linux Logical Volumne Manager (LVM). - Added "guix -t rock64-raw system image" mode to generate layout images for Rock64 boards.
Download Guix 1.3
Finally for those who are interested in testing the package manager or distribution, you can check the details installation and / or find the images for download, In the following link.