diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 580 |
1 files changed, 301 insertions, 279 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 22f581da18..0cba0ee1ec 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -613,7 +613,7 @@ step.) Do @emph{not} unpack the tarball on a working Guix system since that would overwrite its own essential files. -The @code{--warning=no-timestamp} option makes sure GNU@tie{}tar does +The @option{--warning=no-timestamp} option makes sure GNU@tie{}tar does not emit warnings about ``implausibly old time stamps'' (such warnings were triggered by GNU@tie{}tar 1.26 and older; recent versions are fine.) @@ -633,7 +633,7 @@ where @command{guix pull} will install updates (@pxref{Invoking guix pull}): ~root/.config/guix/current @end example -Source @file{etc/profile} to augment @code{PATH} and other relevant +Source @file{etc/profile} to augment @env{PATH} and other relevant environment variables: @example @@ -801,7 +801,7 @@ When @url{http://www.bzip.org, libbz2} is available, @command{guix-daemon} can use it to compress build logs. @end itemize -Unless @code{--disable-daemon} was passed to @command{configure}, the +Unless @option{--disable-daemon} was passed to @command{configure}, the following packages are also needed: @itemize @@ -814,7 +814,7 @@ C++11 standard. @cindex state directory When configuring Guix on a system that already has a Guix installation, be sure to specify the same state directory as the existing installation -using the @code{--localstatedir} option of the @command{configure} +using the @option{--localstatedir} option of the @command{configure} script (@pxref{Directory Variables, @code{localstatedir},, standards, GNU Coding Standards}). Usually, this @var{localstatedir} option is set to the value @file{/var}. The @command{configure} script protects @@ -1004,20 +1004,20 @@ a writable @file{/tmp} directory. @end itemize You can influence the directory where the daemon stores build trees -@i{via} the @code{TMPDIR} environment variable. However, the build tree +@i{via} the @env{TMPDIR} environment variable. However, the build tree within the chroot is always called @file{/tmp/guix-build-@var{name}.drv-0}, where @var{name} is the derivation name---e.g., @code{coreutils-8.24}. -This way, the value of @code{TMPDIR} does not leak inside build +This way, the value of @env{TMPDIR} does not leak inside build environments, which avoids discrepancies in cases where build processes capture the name of their build tree. @vindex http_proxy -The daemon also honors the @code{http_proxy} environment variable for +The daemon also honors the @env{http_proxy} environment variable for HTTP downloads it performs, be it for fixed-output derivations (@pxref{Derivations}) or for substitutes (@pxref{Substitutes}). If you are installing Guix as an unprivileged user, it is still possible -to run @command{guix-daemon} provided you pass @code{--disable-chroot}. +to run @command{guix-daemon} provided you pass @option{--disable-chroot}. However, build processes will not be isolated from one another, and not from the rest of the system. Thus, build processes may interfere with each other, and may access programs, libraries, and other files @@ -1338,7 +1338,7 @@ For details on how to set it up, @pxref{Setting Up the Daemon}. @cindex reproducible builds By default, @command{guix-daemon} launches build processes under different UIDs, taken from the build group specified with -@code{--build-users-group}. In addition, each build process is run in a +@option{--build-users-group}. In addition, each build process is run in a chroot environment that only contains the subset of the store that the build process depends on, as specified by its derivation (@pxref{Programming Interface, derivation}), plus a set of specific @@ -1350,7 +1350,7 @@ etc. This helps achieve reproducible builds (@pxref{Features}). When the daemon performs a build on behalf of the user, it creates a build directory under @file{/tmp} or under the directory specified by -its @code{TMPDIR} environment variable. This directory is shared with +its @env{TMPDIR} environment variable. This directory is shared with the container for the duration of the build, though within the container, the build tree is always called @file{/tmp/guix-build-@var{name}.drv-0}. @@ -1377,7 +1377,7 @@ Do not use substitutes for build products. That is, always build things locally instead of allowing downloads of pre-built binaries (@pxref{Substitutes}). -When the daemon runs with @code{--no-substitutes}, clients can still +When the daemon runs with @option{--no-substitutes}, clients can still explicitly enable substitution @i{via} the @code{set-build-options} remote procedure call (@pxref{The Store}). @@ -1410,10 +1410,10 @@ Use @var{n} CPU cores to build each derivation; @code{0} means as many as available. The default value is @code{0}, but it may be overridden by clients, such -as the @code{--cores} option of @command{guix build} (@pxref{Invoking +as the @option{--cores} option of @command{guix build} (@pxref{Invoking guix build}). -The effect is to define the @code{NIX_BUILD_CORES} environment variable +The effect is to define the @env{NIX_BUILD_CORES} environment variable in the build process, which can then use it to exploit internal parallelism---for instance, by running @code{make -j$NIX_BUILD_CORES}. @@ -1431,7 +1431,7 @@ When the build or substitution process remains silent for more than The default value is @code{0}, which disables the timeout. The value specified here can be overridden by clients (@pxref{Common -Build Options, @code{--max-silent-time}}). +Build Options, @option{--max-silent-time}}). @item --timeout=@var{seconds} Likewise, when the build or substitution process lasts for more than @@ -1440,7 +1440,7 @@ Likewise, when the build or substitution process lasts for more than The default value is @code{0}, which disables the timeout. The value specified here can be overridden by clients (@pxref{Common -Build Options, @code{--timeout}}). +Build Options, @option{--timeout}}). @item --rounds=@var{N} Build each derivation @var{n} times in a row, and raise an error if @@ -1456,7 +1456,7 @@ This makes it easy to look for differences between the two results. Produce debugging output. This is useful to debug daemon start-up issues, but then it may be -overridden by clients, for example the @code{--verbosity} option of +overridden by clients, for example the @option{--verbosity} option of @command{guix build} (@pxref{Invoking guix build}). @item --chroot-directory=@var{dir} @@ -1480,9 +1480,9 @@ account. Compress build logs according to @var{type}, one of @code{gzip}, @code{bzip2}, or @code{none}. -Unless @code{--lose-logs} is used, all the build logs are kept in the +Unless @option{--lose-logs} is used, all the build logs are kept in the @var{localstatedir}. To save space, the daemon automatically compresses -them with bzip2 by default. +them with Bzip2 by default. @item --disable-deduplication @cindex deduplication @@ -1501,38 +1501,41 @@ derivations. @cindex GC roots @cindex garbage collector roots -When set to ``yes'', the GC will keep the outputs of any live derivation -available in the store---the @code{.drv} files. The default is ``no'', -meaning that derivation outputs are kept only if they are reachable from a GC -root. @xref{Invoking guix gc}, for more on GC roots. +When set to @code{yes}, the GC will keep the outputs of any live +derivation available in the store---the @file{.drv} files. The default +is @code{no}, meaning that derivation outputs are kept only if they are +reachable from a GC root. @xref{Invoking guix gc}, for more on GC +roots. @item --gc-keep-derivations[=yes|no] Tell whether the garbage collector (GC) must keep derivations corresponding to live outputs. -When set to ``yes'', as is the case by default, the GC keeps -derivations---i.e., @code{.drv} files---as long as at least one of their +When set to @code{yes}, as is the case by default, the GC keeps +derivations---i.e., @file{.drv} files---as long as at least one of their outputs is live. This allows users to keep track of the origins of -items in their store. Setting it to ``no'' saves a bit of disk space. - -In this way, setting @code{--gc-keep-derivations} to ``yes'' causes liveness -to flow from outputs to derivations, and setting @code{--gc-keep-outputs} to -``yes'' causes liveness to flow from derivations to outputs. When both are -set to ``yes'', the effect is to keep all the build prerequisites (the -sources, compiler, libraries, and other build-time tools) of live objects in -the store, regardless of whether these prerequisites are reachable from a GC -root. This is convenient for developers since it saves rebuilds or downloads. +items in their store. Setting it to @code{no} saves a bit of disk +space. + +In this way, setting @option{--gc-keep-derivations} to @code{yes} causes +liveness to flow from outputs to derivations, and setting +@option{--gc-keep-outputs} to @code{yes} causes liveness to flow from +derivations to outputs. When both are set to @code{yes}, the effect is +to keep all the build prerequisites (the sources, compiler, libraries, +and other build-time tools) of live objects in the store, regardless of +whether these prerequisites are reachable from a GC root. This is +convenient for developers since it saves rebuilds or downloads. @item --impersonate-linux-2.6 On Linux-based systems, impersonate Linux 2.6. This means that the -kernel's @code{uname} system call will report 2.6 as the release number. +kernel's @command{uname} system call will report 2.6 as the release number. This might be helpful to build programs that (usually wrongfully) depend on the kernel version number. @item --lose-logs Do not keep build logs. By default they are kept under -@code{@var{localstatedir}/guix/log}. +@file{@var{localstatedir}/guix/log}. @item --system=@var{system} Assume @var{system} as the current system type. By default it is the @@ -1566,18 +1569,18 @@ Listen for TCP connections on the network interface corresponding to This option can be repeated multiple times, in which case @command{guix-daemon} accepts connections on all the specified endpoints. Users can tell client commands what endpoint to connect to -by setting the @code{GUIX_DAEMON_SOCKET} environment variable -(@pxref{The Store, @code{GUIX_DAEMON_SOCKET}}). +by setting the @env{GUIX_DAEMON_SOCKET} environment variable +(@pxref{The Store, @env{GUIX_DAEMON_SOCKET}}). @quotation Note The daemon protocol is @emph{unauthenticated and unencrypted}. Using -@code{--listen=@var{host}} is suitable on local networks, such as +@option{--listen=@var{host}} is suitable on local networks, such as clusters, where only trusted nodes may connect to the build daemon. In other cases where remote access to the daemon is needed, we recommend using Unix-domain sockets along with SSH. @end quotation -When @code{--listen} is omitted, @command{guix-daemon} listens for +When @option{--listen} is omitted, @command{guix-daemon} listens for connections on the Unix-domain socket located at @file{@var{localstatedir}/guix/daemon-socket/socket}. @end table @@ -1599,7 +1602,7 @@ get everything in place. Here are some of them. @vindex GUIX_LOCPATH Packages installed @i{via} Guix will not use the locale data of the host system. Instead, you must first install one of the locale packages -available with Guix and then define the @code{GUIX_LOCPATH} environment +available with Guix and then define the @env{GUIX_LOCPATH} environment variable: @example @@ -1612,19 +1615,19 @@ locales supported by the GNU@tie{}libc and weighs in at around 917@tie{}MiB. Alternatively, the @code{glibc-utf8-locales} is smaller but limited to a few UTF-8 locales. -The @code{GUIX_LOCPATH} variable plays a role similar to @code{LOCPATH} -(@pxref{Locale Names, @code{LOCPATH},, libc, The GNU C Library Reference +The @env{GUIX_LOCPATH} variable plays a role similar to @env{LOCPATH} +(@pxref{Locale Names, @env{LOCPATH},, libc, The GNU C Library Reference Manual}). There are two important differences though: @enumerate @item -@code{GUIX_LOCPATH} is honored only by the libc in Guix, and not by the libc -provided by foreign distros. Thus, using @code{GUIX_LOCPATH} allows you +@env{GUIX_LOCPATH} is honored only by the libc in Guix, and not by the libc +provided by foreign distros. Thus, using @env{GUIX_LOCPATH} allows you to make sure the programs of the foreign distro will not end up loading incompatible locale data. @item -libc suffixes each entry of @code{GUIX_LOCPATH} with @code{/X.Y}, where +libc suffixes each entry of @env{GUIX_LOCPATH} with @code{/X.Y}, where @code{X.Y} is the libc version---e.g., @code{2.22}. This means that, should your Guix profile contain a mixture of programs linked against different libc version, each libc version will only try to load locale @@ -1757,14 +1760,14 @@ information. When you install Emacs packages with Guix, the Elisp files are placed under the @file{share/emacs/site-lisp/} directory of the profile in which they are installed. The Elisp libraries are made available to -Emacs through the @code{EMACSLOADPATH} environment variable, which is +Emacs through the @env{EMACSLOADPATH} environment variable, which is set when installing Emacs itself. Additionally, autoload definitions are automatically evaluated at the initialization of Emacs, by the Guix-specific @code{guix-emacs-autoload-packages} procedure. If, for some reason, you want to avoid auto-loading the Emacs packages installed with Guix, you -can do so by running Emacs with the @code{--no-site-file} option +can do so by running Emacs with the @option{--no-site-file} option (@pxref{Init File,,, emacs, The GNU Emacs Manual}). @subsection The GCC toolchain @@ -2453,7 +2456,7 @@ your system includes the latest security updates (@pxref{Security Updates}). @quotation Note @cindex sudo vs. @command{guix pull} Note that @command{sudo guix} runs your user's @command{guix} command and -@emph{not} root's, because @command{sudo} leaves @code{PATH} unchanged. To +@emph{not} root's, because @command{sudo} leaves @env{PATH} unchanged. To explicitly run root's @command{guix}, type @command{sudo -i guix @dots{}}. The difference matters here, because @command{guix pull} updates @@ -2730,7 +2733,7 @@ passes it @i{via} the @option{--manifest} option For each user, a symlink to the user's default profile is automatically created in @file{$HOME/.guix-profile}. This symlink always points to the current generation of the user's default profile. Thus, users can add -@file{$HOME/.guix-profile/bin} to their @code{PATH} environment +@file{$HOME/.guix-profile/bin} to their @env{PATH} environment variable, and so on. @cindex search paths If you are not using Guix System, consider adding the @@ -2748,7 +2751,7 @@ a @dfn{garbage-collector root}, which @file{$HOME/.guix-profile} points to (@pxref{Invoking guix gc}). That directory is normally @code{@var{localstatedir}/guix/profiles/per-user/@var{user}}, where @var{localstatedir} is the value passed to @code{configure} as -@code{--localstatedir}, and @var{user} is the user name. The +@option{--localstatedir}, and @var{user} is the user name. The @file{per-user} directory is created when @command{guix-daemon} is started, and the @var{user} sub-directory is created by @command{guix package}. @@ -2790,7 +2793,7 @@ also been explicitly installed by the user. Besides, packages sometimes rely on the definition of environment variables for their search paths (see explanation of -@code{--search-paths} below). Any missing or possibly incorrect +@option{--search-paths} below). Any missing or possibly incorrect environment variable definitions are reported here. @item --install-from-expression=@var{exp} @@ -2835,9 +2838,9 @@ the package @code{greeter} after building @code{myhello}: @itemx -r @var{package} @dots{} Remove the specified @var{package}s. -As for @code{--install}, each @var{package} may specify a version number +As for @option{--install}, each @var{package} may specify a version number and/or output name in addition to the package name. For instance, -@code{-r glibc:debug} would remove the @code{debug} output of +@samp{-r glibc:debug} would remove the @code{debug} output of @code{glibc}. @item --upgrade[=@var{regexp} @dots{}] @@ -2845,7 +2848,7 @@ and/or output name in addition to the package name. For instance, @cindex upgrading packages Upgrade all the installed packages. If one or more @var{regexp}s are specified, upgrade only installed packages whose name matches a -@var{regexp}. Also see the @code{--do-not-upgrade} option below. +@var{regexp}. Also see the @option{--do-not-upgrade} option below. Note that this upgrades package to the latest version of packages found in the distribution currently installed. To update your distribution, @@ -2853,7 +2856,7 @@ you should regularly run @command{guix pull} (@pxref{Invoking guix pull}). @item --do-not-upgrade[=@var{regexp} @dots{}] -When used together with the @code{--upgrade} option, do @emph{not} +When used together with the @option{--upgrade} option, do @emph{not} upgrade any packages whose name matches a @var{regexp}. For example, to upgrade all packages in the current profile except those containing the substring ``emacs'': @@ -2871,7 +2874,7 @@ returned by the Scheme code in @var{file}. This option can be repeated several times, in which case the manifests are concatenated. This allows you to @emph{declare} the profile's contents rather than -constructing it through a sequence of @code{--install} and similar +constructing it through a sequence of @option{--install} and similar commands. The advantage is that @var{file} can be put under version control, copied to different machines to reproduce the same profile, and so on. @@ -2911,7 +2914,7 @@ objects, like this: Roll back to the previous @dfn{generation} of the profile---i.e., undo the last transaction. -When combined with options such as @code{--install}, roll back occurs +When combined with options such as @option{--install}, roll back occurs before any other actions. When rolling back from the first generation that actually contains @@ -2930,11 +2933,11 @@ Switch to a particular generation defined by @var{pattern}. @var{pattern} may be either a generation number or a number prefixed with ``+'' or ``-''. The latter means: move forward/backward by a specified number of generations. For example, if you want to return to -the latest generation after @code{--roll-back}, use -@code{--switch-generation=+1}. +the latest generation after @option{--roll-back}, use +@option{--switch-generation=+1}. -The difference between @code{--roll-back} and -@code{--switch-generation=-1} is that @code{--switch-generation} will +The difference between @option{--roll-back} and +@option{--switch-generation=-1} is that @option{--switch-generation} will not make a zeroth generation, so if a specified generation does not exist, the current generation will not be changed. @@ -2945,13 +2948,13 @@ needed in order to use the set of installed packages. These environment variables are used to specify @dfn{search paths} for files used by some of the installed packages. -For example, GCC needs the @code{CPATH} and @code{LIBRARY_PATH} +For example, GCC needs the @env{CPATH} and @env{LIBRARY_PATH} environment variables to be defined so it can look for headers and libraries in the user's profile (@pxref{Environment Variables,,, gcc, Using the GNU Compiler Collection (GCC)}). If GCC and, say, the C -library are installed in the profile, then @code{--search-paths} will -suggest setting these variables to @code{@var{profile}/include} and -@code{@var{profile}/lib}, respectively. +library are installed in the profile, then @option{--search-paths} will +suggest setting these variables to @file{@var{profile}/include} and +@file{@var{profile}/lib}, respectively. The typical use case is to define these environment variables in the shell: @@ -2974,7 +2977,7 @@ $ guix package -p bar -i guile-json $ guix package -p foo -p bar --search-paths @end example -The last command above reports about the @code{GUILE_LOAD_PATH} +The last command above reports about the @env{GUILE_LOAD_PATH} variable, even though, taken individually, neither @file{foo} nor @file{bar} would lead to that recommendation. @@ -3168,23 +3171,23 @@ generations. Valid patterns include: @itemize @item @emph{Integers and comma-separated integers}. Both patterns denote -generation numbers. For instance, @code{--list-generations=1} returns +generation numbers. For instance, @option{--list-generations=1} returns the first one. -And @code{--list-generations=1,8,2} outputs three generations in the +And @option{--list-generations=1,8,2} outputs three generations in the specified order. Neither spaces nor trailing commas are allowed. -@item @emph{Ranges}. @code{--list-generations=2..9} prints the +@item @emph{Ranges}. @option{--list-generations=2..9} prints the specified generations and everything in between. Note that the start of a range must be smaller than its end. It is also possible to omit the endpoint. For example, -@code{--list-generations=2..}, returns all generations starting from the +@option{--list-generations=2..}, returns all generations starting from the second one. @item @emph{Durations}. You can also get the last @emph{N}@tie{}days, weeks, or months by passing an integer along with the first letter of the -duration. For example, @code{--list-generations=20d} lists generations +duration. For example, @option{--list-generations=20d} lists generations that are up to 20 days old. @end itemize @@ -3196,7 +3199,7 @@ one. This command accepts the same patterns as @option{--list-generations}. When @var{pattern} is specified, delete the matching generations. When @var{pattern} specifies a duration, generations @emph{older} than the -specified duration match. For instance, @code{--delete-generations=1m} +specified duration match. For instance, @option{--delete-generations=1m} deletes generations that are more than one month old. If the current generation matches, it is @emph{not} deleted. Also, the @@ -3213,7 +3216,7 @@ Options}). It also supports package transformation options, such as @option{--with-source} (@pxref{Package Transformation Options}). However, note that package transformations are lost when upgrading; to preserve transformations across upgrades, you should define your own -package variant in a Guile module and add it to @code{GUIX_PACKAGE_PATH} +package variant in a Guile module and add it to @env{GUIX_PACKAGE_PATH} (@pxref{Defining Packages}). @node Substitutes @@ -3329,10 +3332,10 @@ possible, for future builds. @cindex substitutes, how to disable The substitute mechanism can be disabled globally by running -@code{guix-daemon} with @code{--no-substitutes} (@pxref{Invoking +@code{guix-daemon} with @option{--no-substitutes} (@pxref{Invoking guix-daemon}). It can also be disabled temporarily by passing the -@code{--no-substitutes} option to @command{guix package}, @command{guix -build}, and other command-line tools. +@option{--no-substitutes} option to @command{guix package}, +@command{guix build}, and other command-line tools. @node Substitute Authentication @subsection Substitute Authentication @@ -3354,11 +3357,11 @@ with this option: @noindent @cindex reproducible builds -If the ACL contains only the key for @code{b.example.org}, and if -@code{a.example.org} happens to serve the @emph{exact same} substitutes, -then Guix will download substitutes from @code{a.example.org} because it +If the ACL contains only the key for @samp{b.example.org}, and if +@samp{a.example.org} happens to serve the @emph{exact same} substitutes, +then Guix will download substitutes from @samp{a.example.org} because it comes first in the list and can be considered a mirror of -@code{b.example.org}. In practice, independent build machines usually +@samp{b.example.org}. In practice, independent build machines usually produce the same binaries, thanks to bit-reproducible builds (see below). @@ -3374,10 +3377,10 @@ authenticating bindings between domain names and public keys.) @vindex http_proxy Substitutes are downloaded over HTTP or HTTPS. -The @code{http_proxy} environment +The @env{http_proxy} environment variable can be set in the environment of @command{guix-daemon} and is honored for downloads of substitutes. Note that the value of -@code{http_proxy} in the environment where @command{guix build}, +@env{http_proxy} in the environment where @command{guix build}, @command{guix package}, and other client commands are run has @emph{absolutely no effect}. @@ -3393,16 +3396,16 @@ etc. When substitutes are enabled and a substitute for a derivation is available, but the substitution attempt fails, Guix will attempt to build the derivation locally depending on whether or not -@code{--fallback} was given (@pxref{fallback-option,, common build -option @code{--fallback}}). Specifically, if @code{--fallback} was +@option{--fallback} was given (@pxref{fallback-option,, common build +option @option{--fallback}}). Specifically, if @option{--fallback} was omitted, then no local build will be performed, and the derivation is -considered to have failed. However, if @code{--fallback} was given, +considered to have failed. However, if @option{--fallback} was given, then Guix will attempt to build the derivation locally, and the success or failure of the derivation depends on the success or failure of the local build. Note that when substitutes are disabled or no substitute is available for the derivation in question, a local build will @emph{always} be performed, regardless of whether or not -@code{--fallback} was given. +@option{--fallback} was given. To get an idea of how many substitutes are available right now, you can try running the @command{guix weather} command (@pxref{Invoking guix @@ -3539,7 +3542,7 @@ software---e.g., the compiler tool chain. The @command{guix gc} command has three modes of operation: it can be used to garbage-collect any dead files (the default), to delete specific -files (the @code{--delete} option), to print garbage-collector +files (the @option{--delete} option), to print garbage-collector information, or for more advanced queries. The garbage collection options are as follows: @@ -3696,10 +3699,10 @@ Optimize the store by hard-linking identical files---this is @dfn{deduplication}. The daemon performs deduplication after each successful build or archive -import, unless it was started with @code{--disable-deduplication} -(@pxref{Invoking guix-daemon, @code{--disable-deduplication}}). Thus, +import, unless it was started with @option{--disable-deduplication} +(@pxref{Invoking guix-daemon, @option{--disable-deduplication}}). Thus, this option is primarily useful when the daemon was running with -@code{--disable-deduplication}. +@option{--disable-deduplication}. @end table @@ -3756,7 +3759,7 @@ export PATH="$HOME/.config/guix/current/bin:$PATH" export INFOPATH="$HOME/.config/guix/current/share/info:$INFOPATH" @end example -The @code{--list-generations} or @code{-l} option lists past generations +The @option{--list-generations} or @option{-l} option lists past generations produced by @command{guix pull}, along with details about their provenance: @example @@ -3868,8 +3871,8 @@ Switch to a particular generation defined by @var{pattern}. @var{pattern} may be either a generation number or a number prefixed with ``+'' or ``-''. The latter means: move forward/backward by a specified number of generations. For example, if you want to return to -the latest generation after @code{--roll-back}, use -@code{--switch-generation=+1}. +the latest generation after @option{--roll-back}, use +@option{--switch-generation=+1}. @item --delete-generations[=@var{pattern}] @itemx -d [@var{pattern}] @@ -3879,7 +3882,7 @@ one. This command accepts the same patterns as @option{--list-generations}. When @var{pattern} is specified, delete the matching generations. When @var{pattern} specifies a duration, generations @emph{older} than the -specified duration match. For instance, @code{--delete-generations=1m} +specified duration match. For instance, @option{--delete-generations=1m} deletes generations that are more than one month old. If the current generation matches, it is @emph{not} deleted. @@ -4531,9 +4534,9 @@ guix archive --export -r $(readlink -f ~/.guix-profile) | \ @noindent However, note that, in both examples, all of @code{emacs} and the profile as well as all of their dependencies are transferred (due to -@code{-r}), regardless of what is already available in the store on the -target machine. The @code{--missing} option can help figure out which -items are missing from the target store. The @command{guix copy} +@option{-r}), regardless of what is already available in the store on +the target machine. The @option{--missing} option can help figure out +which items are missing from the target store. The @command{guix copy} command simplifies and optimizes this whole process, so this is probably what you should use in this case (@pxref{Invoking guix copy}). @@ -4563,20 +4566,20 @@ Export the specified store files or packages (see below.) Write the resulting archive to the standard output. Dependencies are @emph{not} included in the output, unless -@code{--recursive} is passed. +@option{--recursive} is passed. @item -r @itemx --recursive -When combined with @code{--export}, this instructs @command{guix -archive} to include dependencies of the given items in the archive. -Thus, the resulting archive is self-contained: it contains the closure -of the exported store items. +When combined with @option{--export}, this instructs @command{guix archive} +to include dependencies of the given items in the archive. Thus, the +resulting archive is self-contained: it contains the closure of the +exported store items. @item --import Read an archive from the standard input, and import the files listed therein into the store. Abort if the archive has an invalid digital signature, or if it is signed by a public key not among the authorized -keys (see @code{--authorize} below.) +keys (see @option{--authorize} below.) @item --missing Read a list of store file names from the standard input, one per line, @@ -4586,9 +4589,9 @@ the store. @item --generate-key[=@var{parameters}] @cindex signing, archives Generate a new key pair for the daemon. This is a prerequisite before -archives can be exported with @code{--export}. Note that this operation -usually takes time, because it needs to gather enough entropy to -generate the key pair. +archives can be exported with @option{--export}. Note that this +operation usually takes time, because it needs to gather enough entropy +to generate the key pair. The generated key pair is typically stored under @file{/etc/guix}, in @file{signing-key.pub} (public key) and @file{signing-key.sec} (private @@ -4701,23 +4704,23 @@ guix environment guile @end example If the needed dependencies are not built yet, @command{guix environment} -automatically builds them. The environment of the new shell is an augmented -version of the environment that @command{guix environment} was run in. -It contains the necessary search paths for building the given package -added to the existing environment variables. To create a ``pure'' -environment, in which the original environment variables have been unset, -use the @code{--pure} option@footnote{Users sometimes wrongfully augment -environment variables such as @code{PATH} in their @file{~/.bashrc} -file. As a consequence, when @code{guix environment} launches it, Bash -may read @file{~/.bashrc}, thereby introducing ``impurities'' in these -environment variables. It is an error to define such environment -variables in @file{.bashrc}; instead, they should be defined in -@file{.bash_profile}, which is sourced only by log-in shells. -@xref{Bash Startup Files,,, bash, The GNU Bash Reference Manual}, for -details on Bash start-up files.}. +automatically builds them. The environment of the new shell is an +augmented version of the environment that @command{guix environment} was +run in. It contains the necessary search paths for building the given +package added to the existing environment variables. To create +a ``pure'' environment, in which the original environment variables have +been unset, use the @option{--pure} option@footnote{Users sometimes +wrongfully augment environment variables such as @env{PATH} in their +@file{~/.bashrc} file. As a consequence, when @command{guix +environment} launches it, Bash may read @file{~/.bashrc}, thereby +introducing ``impurities'' in these environment variables. It is an +error to define such environment variables in @file{.bashrc}; instead, +they should be defined in @file{.bash_profile}, which is sourced only by +log-in shells. @xref{Bash Startup Files,,, bash, The GNU Bash Reference +Manual}, for details on Bash start-up files.}. @vindex GUIX_ENVIRONMENT -@command{guix environment} defines the @code{GUIX_ENVIRONMENT} +@command{guix environment} defines the @env{GUIX_ENVIRONMENT} variable in the shell it spawns; its value is the file name of the profile of this environment. This allows users to, say, define a specific prompt for development environments in their @file{.bashrc} @@ -4766,8 +4769,8 @@ guix environment --ad-hoc python2-numpy python-2.7 -- python Furthermore, one might want the dependencies of a package and also some additional packages that are not build-time or runtime dependencies, but are useful when developing nonetheless. Because of this, the -@code{--ad-hoc} flag is positional. Packages appearing before -@code{--ad-hoc} are interpreted as packages whose dependencies will be +@option{--ad-hoc} flag is positional. Packages appearing before +@option{--ad-hoc} are interpreted as packages whose dependencies will be added to the environment. Packages appearing after are interpreted as packages that will be added to the environment directly. For example, the following command creates a Guix development environment that @@ -4777,6 +4780,7 @@ additionally includes Git and strace: guix environment --pure guix --ad-hoc git strace @end example +@cindex container Sometimes it is desirable to isolate the environment as much as possible, for maximal purity and reproducibility. In particular, when using Guix on a host distro that is not Guix System, it is desirable to @@ -4790,9 +4794,25 @@ guix environment --ad-hoc --container guile -- guile @end example @quotation Note -The @code{--container} option requires Linux-libre 3.19 or newer. +The @option{--container} option requires Linux-libre 3.19 or newer. @end quotation +@cindex certificates +Another typical use case for containers is to run security-sensitive +applications such as a web browser. To run Eolie, we must expose and +share some files and directories; we include @code{nss-certs} and expose +@file{/etc/ssl/certs/} for HTTPS authentication; finally we preserve the +the @env{DISPLAY} environment variable since containerized graphical +applications won't display without it. + +@example +guix environment --preserve='^DISPLAY$' --container --network \ + --expose=/etc/machine-id \ + --expose=/etc/ssl/certs/ \ + --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \ + --ad-hoc eolie nss-certs dbus -- eolie +@end example + The available options are summarized below. @table @code @@ -4884,10 +4904,10 @@ specific output---e.g., @code{glib:bin} asks for the @code{bin} output of @code{glib} (@pxref{Packages with Multiple Outputs}). This option may be composed with the default behavior of @command{guix -environment}. Packages appearing before @code{--ad-hoc} are interpreted -as packages whose dependencies will be added to the environment, the -default behavior. Packages appearing after are interpreted as packages -that will be added to the environment directly. +environment}. Packages appearing before @option{--ad-hoc} are +interpreted as packages whose dependencies will be added to the +environment, the default behavior. Packages appearing after are +interpreted as packages that will be added to the environment directly. @item --pure Unset existing environment variables when building the new environment, except @@ -4907,9 +4927,9 @@ guix environment --pure --preserve=^SLURM --ad-hoc openmpi @dots{} \ @end example This example runs @command{mpirun} in a context where the only environment -variables defined are @code{PATH}, environment variables whose name starts -with @code{SLURM}, as well as the usual ``precious'' variables (@code{HOME}, -@code{USER}, etc.) +variables defined are @env{PATH}, environment variables whose name starts +with @samp{SLURM}, as well as the usual ``precious'' variables (@env{HOME}, +@env{USER}, etc.) @item --search-paths Display the environment variable definitions that make up the @@ -4924,7 +4944,7 @@ Attempt to build for @var{system}---e.g., @code{i686-linux}. @cindex container Run @var{command} within an isolated container. The current working directory outside the container is mapped inside the container. -Additionally, unless overridden with @code{--user}, a dummy home +Additionally, unless overridden with @option{--user}, a dummy home directory is created that matches the current user's home directory, and @file{/etc/passwd} is configured accordingly. @@ -4940,19 +4960,18 @@ device. @item --link-profile @itemx -P -For containers, link the environment profile to -@file{~/.guix-profile} within the container. This is equivalent to -running the command @command{ln -s $GUIX_ENVIRONMENT ~/.guix-profile} -within the container. Linking will fail and abort the environment if -the directory already exists, which will certainly be the case if -@command{guix environment} was invoked in the user's home directory. - -Certain packages are configured to look in -@code{~/.guix-profile} for configuration files and data;@footnote{For -example, the @code{fontconfig} package inspects -@file{~/.guix-profile/share/fonts} for additional fonts.} -@code{--link-profile} allows these programs to behave as expected within -the environment. +For containers, link the environment profile to @file{~/.guix-profile} +within the container. This is equivalent to running the command +@samp{ln -s $GUIX_ENVIRONMENT ~/.guix-profile} within the container. +Linking will fail and abort the environment if the directory already +exists, which will certainly be the case if @command{guix environment} +was invoked in the user's home directory. + +Certain packages are configured to look in @file{~/.guix-profile} for +configuration files and data;@footnote{For example, the +@code{fontconfig} package inspects @file{~/.guix-profile/share/fonts} +for additional fonts.} @option{--link-profile} allows these programs to +behave as expected within the environment. @item --user=@var{user} @itemx -u @var{user} @@ -4963,8 +4982,8 @@ contain the name @var{user}, the home directory will be the UID and GID inside the container are 1000. @var{user} need not exist on the system. -Additionally, any shared or exposed path (see @code{--share} and -@code{--expose} respectively) whose target is within the current user's +Additionally, any shared or exposed path (see @option{--share} and +@option{--expose} respectively) whose target is within the current user's home directory will be remapped relative to @file{/home/USER}; this includes the automatic mapping of the current working directory. @@ -4983,15 +5002,15 @@ broader privacy/anonymity solution---not one in and of itself. @item --no-cwd For containers, the default behavior is to share the current working directory with the isolated container and immediately change to that -directory within the container. If this is undesirable, @code{--no-cwd} -will cause the current working directory to @emph{not} be automatically -shared and will change to the user's home directory within the container -instead. See also @code{--user}. +directory within the container. If this is undesirable, +@option{--no-cwd} will cause the current working directory to @emph{not} +be automatically shared and will change to the user's home directory +within the container instead. See also @option{--user}. @item --expose=@var{source}[=@var{target}] @itemx --share=@var{source}[=@var{target}] -For containers, @code{--expose} (resp. @code{--share}) exposes the file -system @var{source} from the host system as the read-only +For containers, @option{--expose} (resp. @option{--share}) exposes the +file system @var{source} from the host system as the read-only (resp. writable) file system @var{target} within the container. If @var{target} is not specified, @var{source} is used as the target mount point in the container. @@ -5069,7 +5088,7 @@ That way, users can happily type @file{/opt/gnu/bin/guile} and enjoy. @cindex relocatable binaries, with @command{guix pack} What if the recipient of your pack does not have root privileges on their machine, and thus cannot unpack it in the root file system? In -that case, you will want to use the @code{--relocatable} option (see +that case, you will want to use the @option{--relocatable} option (see below). This option produces @dfn{relocatable binaries}, meaning they they can be placed anywhere in the file system hierarchy: in the example above, users can unpack your tarball in their home directory and @@ -5238,7 +5257,7 @@ docker run @var{image-id} Consider the package @var{expr} evaluates to. This has the same purpose as the same-named option in @command{guix -build} (@pxref{Additional Build Options, @code{--expression} in +build} (@pxref{Additional Build Options, @option{--expression} in @command{guix build}}). @item --manifest=@var{file} @@ -5353,7 +5372,7 @@ The wrapper's purpose is to inspect the @code{-L} and @code{-l} switches passed to the linker, add corresponding @code{-rpath} arguments, and invoke the actual linker with this new set of arguments. You can instruct the wrapper to refuse to link against libraries not in the store by setting the -@code{GUIX_LD_WRAPPER_ALLOW_IMPURITIES} environment variable to @code{no}. +@env{GUIX_LD_WRAPPER_ALLOW_IMPURITIES} environment variable to @code{no}. @@ -5426,7 +5445,7 @@ names---e.g., @code{(my-packages emacs)}@footnote{Note that the file name and module name must match. For instance, the @code{(my-packages emacs)} module must be stored in a @file{my-packages/emacs.scm} file relative to the load path specified with @option{--load-path} or -@code{GUIX_PACKAGE_PATH}. @xref{Modules and the File System,,, +@env{GUIX_PACKAGE_PATH}. @xref{Modules and the File System,,, guile, GNU Guile Reference Manual}, for details.}. There are two ways to make these package definitions visible to the user interfaces: @@ -5434,7 +5453,7 @@ these package definitions visible to the user interfaces: @item By adding the directory containing your package modules to the search path with the @code{-L} flag of @command{guix package} and other commands -(@pxref{Common Build Options}), or by setting the @code{GUIX_PACKAGE_PATH} +(@pxref{Common Build Options}), or by setting the @env{GUIX_PACKAGE_PATH} environment variable described below. @item @@ -5444,7 +5463,7 @@ modules. @xref{Channels}, for more information on how to define and use channels. @end enumerate -@code{GUIX_PACKAGE_PATH} works similarly to other search path variables: +@env{GUIX_PACKAGE_PATH} works similarly to other search path variables: @defvr {Environment Variable} GUIX_PACKAGE_PATH This is a colon-separated list of directories to search for additional @@ -5550,7 +5569,7 @@ make && make check && make install} command sequence. The @code{arguments} field specifies options for the build system (@pxref{Build Systems}). Here it is interpreted by @var{gnu-build-system} as a request run @file{configure} with the -@code{--enable-silent-rules} flag. +@option{--enable-silent-rules} flag. @cindex quote @cindex quoting @@ -5622,7 +5641,7 @@ can be partly automated by the @command{guix refresh} command Behind the scenes, a derivation corresponding to the @code{<package>} object is first computed by the @code{package-derivation} procedure. -That derivation is stored in a @code{.drv} file under @file{/gnu/store}. +That derivation is stored in a @file{.drv} file under @file{/gnu/store}. The build actions it prescribes may then be realized by using the @code{build-derivations} procedure (@pxref{The Store}). @@ -6018,7 +6037,7 @@ store file names. For instance, this changes @code{#!/bin/sh} to @item configure Run the @file{configure} script with a number of default options, such -as @code{--prefix=/gnu/store/@dots{}}, as well as the options specified +as @option{--prefix=/gnu/store/@dots{}}, as well as the options specified by the @code{#:configure-flags} argument. @item build @@ -6159,7 +6178,7 @@ phase, so that the system which was just built can be used within the resulting image. @code{build-program} requires a list of Common Lisp expressions to be passed as the @code{#:entry-program} argument. -If the system is not defined within its own @code{.asd} file of the same +If the system is not defined within its own @file{.asd} file of the same name, then the @code{#:asd-file} parameter should be used to specify which file the system is defined in. Furthermore, if the package defines a system for its tests in a separate file, it will be loaded @@ -6399,7 +6418,7 @@ The phase @code{glib-or-gtk-wrap} ensures that programs in @file{bin/} are able to find GLib ``schemas'' and @uref{https://developer.gnome.org/gtk3/stable/gtk-running.html, GTK+ modules}. This is achieved by wrapping the programs in launch scripts -that appropriately set the @code{XDG_DATA_DIRS} and @code{GTK_PATH} +that appropriately set the @env{XDG_DATA_DIRS} and @env{GTK_PATH} environment variables. It is possible to exclude specific package outputs from that wrapping @@ -6430,19 +6449,20 @@ compile} (@pxref{Compilation,,, guile, GNU Guile Reference Manual}) and installs the @file{.scm} and @file{.go} files in the right place. It also installs documentation. -This build system supports cross-compilation by using the @code{--target} -option of @command{guild compile}. +This build system supports cross-compilation by using the +@option{--target} option of @samp{guild compile}. Packages built with @code{guile-build-system} must provide a Guile package in their @code{native-inputs} field. @end defvr @defvr {Scheme Variable} julia-build-system -This variable is exported by @code{(guix build-system julia)}. It implements -the build procedure used by @uref{https://julialang.org/, julia} packages, -which essentially is similar to running @command{julia -e 'using Pkg; -Pkg.add(package)'} in an environment where @code{JULIA_LOAD_PATH} contains the -paths to all Julia package inputs. Tests are run not run. +This variable is exported by @code{(guix build-system julia)}. It +implements the build procedure used by @uref{https://julialang.org/, +julia} packages, which essentially is similar to running @samp{julia -e +'using Pkg; Pkg.add(package)'} in an environment where +@env{JULIA_LOAD_PATH} contains the paths to all Julia package inputs. +Tests are run not run. Julia packages require the source @code{file-name} to be the real name of the package, correctly capitalized. @@ -6513,7 +6533,7 @@ Note that most OCaml packages assume they will be installed in the same directory as OCaml, which is not what we want in guix. In particular, they will install @file{.so} files in their module's directory, which is usually fine because it is in the OCaml compiler directory. In guix though, these -libraries cannot be found and we use @code{CAML_LD_LIBRARY_PATH}. This +libraries cannot be found and we use @env{CAML_LD_LIBRARY_PATH}. This variable points to @file{lib/ocaml/site-lib/stubslibs} and this is where @file{.so} libraries should be installed. @end defvr @@ -6525,7 +6545,7 @@ packages, which consists in running @code{python setup.py build} and then @code{python setup.py install --prefix=/gnu/store/@dots{}}. For packages that install stand-alone Python programs under @code{bin/}, -it takes care of wrapping these programs so that their @code{PYTHONPATH} +it takes care of wrapping these programs so that their @env{PYTHONPATH} environment variable points to all the Python libraries they depend on. Which Python package is used to perform the build can be specified with @@ -6599,10 +6619,10 @@ This phase is added after the @code{install} phase. @defvr {Scheme Variable} r-build-system This variable is exported by @code{(guix build-system r)}. It implements the build procedure used by @uref{https://r-project.org, R} -packages, which essentially is little more than running @code{R CMD +packages, which essentially is little more than running @samp{R CMD INSTALL --library=/gnu/store/@dots{}} in an environment where -@code{R_LIBS_SITE} contains the paths to all R package inputs. Tests -are run after installation using the R function +@env{R_LIBS_SITE} contains the paths to all R package inputs. Tests are +run after installation using the R function @code{tools::testInstalledPackage}. @end defvr @@ -6627,7 +6647,7 @@ with @code{#:zef} or removed by passing @code{#f} to the @defvr {Scheme Variable} texlive-build-system This variable is exported by @code{(guix build-system texlive)}. It is used to build TeX packages in batch mode with a specified engine. The -build system sets the @code{TEXINPUTS} variable to find all TeX source +build system sets the @env{TEXINPUTS} variable to find all TeX source files in the inputs. By default it runs @code{luatex} on all files ending on @code{ins}. A @@ -6755,7 +6775,7 @@ following phases changed to some specific for Meson: @item configure The phase runs @code{meson} with the flags specified in -@code{#:configure-flags}. The flag @code{--build-type} is always set to +@code{#:configure-flags}. The flag @option{--build-type} is always set to @code{plain} unless something else is specified in @code{#:build-type}. @item build @@ -6880,7 +6900,7 @@ The @code{(guix store)} module provides procedures to connect to the daemon, and to perform RPCs. These are described below. By default, @code{open-connection}, and thus all the @command{guix} commands, connect to the local daemon or to the URI specified by the -@code{GUIX_DAEMON_SOCKET} environment variable. +@env{GUIX_DAEMON_SOCKET} environment variable. @defvr {Environment Variable} GUIX_DAEMON_SOCKET When set, the value of this variable should be a file name or a URI @@ -6912,15 +6932,15 @@ This setup is suitable on local networks, such as clusters, where only trusted nodes may connect to the build daemon at @code{master.guix.example.org}. -The @code{--listen} option of @command{guix-daemon} can be used to +The @option{--listen} option of @command{guix-daemon} can be used to instruct it to listen for TCP connections (@pxref{Invoking guix-daemon, -@code{--listen}}). +@option{--listen}}). @item ssh @cindex SSH access to build daemons These URIs allow you to connect to a remote daemon over SSH. This feature requires Guile-SSH (@pxref{Requirements}) and a working -@code{guile} binary in @code{PATH} on the destination machine. It +@command{guile} binary in @env{PATH} on the destination machine. It supports public key and GSSAPI authentication. A typical URL might look like this: @@ -7033,7 +7053,7 @@ A list of environment variables to be defined. Derivations allow clients of the daemon to communicate build actions to the store. They exist in two forms: as an in-memory representation, both on the client- and daemon-side, and as files in the store whose -name end in @code{.drv}---these files are referred to as @dfn{derivation +name end in @file{.drv}---these files are referred to as @dfn{derivation paths}. Derivations paths can be passed to the @code{build-derivations} procedure to perform the build actions they prescribe (@pxref{The Store}). @@ -8239,7 +8259,7 @@ the software distribution such as @code{coreutils} or package with the corresponding name (and optionally version) is searched for among the GNU distribution modules (@pxref{Package Modules}). -Alternatively, the @code{--expression} option may be used to specify a +Alternatively, the @option{--expression} option may be used to specify a Scheme expression that evaluates to a package; this is useful when disambiguating among several same-named packages or package variants is needed. @@ -8282,7 +8302,7 @@ build issues. This option implies @option{--no-offload}, and it has no effect when connecting to a remote daemon with a @code{guix://} URI (@pxref{The -Store, the @code{GUIX_DAEMON_SOCKET} variable}). +Store, the @env{GUIX_DAEMON_SOCKET} variable}). @item --keep-going @itemx -k @@ -8349,14 +8369,14 @@ When the build or substitution process remains silent for more than @var{seconds}, terminate it and report a build failure. By default, the daemon's setting is honored (@pxref{Invoking -guix-daemon, @code{--max-silent-time}}). +guix-daemon, @option{--max-silent-time}}). @item --timeout=@var{seconds} Likewise, when the build or substitution process lasts for more than @var{seconds}, terminate it and report a build failure. By default, the daemon's setting is honored (@pxref{Invoking -guix-daemon, @code{--timeout}}). +guix-daemon, @option{--timeout}}). @c Note: This option is actually not part of %standard-build-options but @c most programs honor it. @@ -8376,7 +8396,7 @@ value @code{0} means to use as many CPU cores as available. @item --max-jobs=@var{n} @itemx -M @var{n} Allow at most @var{n} build jobs in parallel. @xref{Invoking -guix-daemon, @code{--max-jobs}}, for details about this option and the +guix-daemon, @option{--max-jobs}}, for details about this option and the equivalent @command{guix-daemon} option. @item --debug=@var{level} @@ -8393,7 +8413,7 @@ derivations)} module. In addition to options explicitly passed on the command line, @command{guix build} and other @command{guix} commands that support -building honor the @code{GUIX_BUILD_OPTIONS} environment variable. +building honor the @env{GUIX_BUILD_OPTIONS} environment variable. @defvr {Environment Variable} GUIX_BUILD_OPTIONS Users can define this variable to a list of command line options that @@ -8450,7 +8470,7 @@ the @code{ed} package: guix build ed --with-source=mirror://gnu/ed/ed-1.7.tar.gz @end example -As a developer, @code{--with-source} makes it easy to test release +As a developer, @option{--with-source} makes it easy to test release candidates: @example @@ -8486,7 +8506,7 @@ This is implemented using the @code{package-input-rewriting} Scheme procedure (@pxref{Defining Packages, @code{package-input-rewriting}}). @item --with-graft=@var{package}=@var{replacement} -This is similar to @code{--with-input} but with an important difference: +This is similar to @option{--with-input} but with an important difference: instead of rebuilding the whole dependency chain, @var{replacement} is built and then @dfn{grafted} onto the binaries that were initially referring to @var{package}. @xref{Security Updates}, for more @@ -8523,8 +8543,8 @@ guix build python-numpy \ --with-git-url=python=https://github.com/python/cpython @end example -This option can also be combined with @code{--with-branch} or -@code{--with-commit} (see below). +This option can also be combined with @option{--with-branch} or +@option{--with-commit} (see below). @cindex continuous integration Obviously, since it uses the latest commit of the given branch, the result of @@ -8542,7 +8562,7 @@ Build @var{package} from the latest commit of @var{branch}. If the @code{source} field of @var{package} is an origin with the @code{git-fetch} method (@pxref{origin Reference}) or a @code{git-checkout} object, the repository URL is taken from that @code{source}. Otherwise you have to use -@code{--with-git-url} to specify the URL of the Git repository. +@option{--with-git-url} to specify the URL of the Git repository. For instance, the following command builds @code{guile-sqlite3} from the latest commit of its @code{master} branch, and then builds @code{guix} (which @@ -8554,7 +8574,7 @@ guix build --with-branch=guile-sqlite3=master cuirass @end example @item --with-commit=@var{package}=@var{commit} -This is similar to @code{--with-branch}, except that it builds from +This is similar to @option{--with-branch}, except that it builds from @var{commit} rather than the tip of a branch. @var{commit} must be a valid Git commit SHA1 identifier or a tag. @end table @@ -8570,7 +8590,7 @@ build}. @item --quiet @itemx -q Build quietly, without displaying the build log; this is equivalent to -@code{--verbosity=0}. Upon completion, the build log is kept in @file{/var} +@option{--verbosity=0}. Upon completion, the build log is kept in @file{/var} (or similar) and can always be retrieved using the @option{--log-file} option. @item --file=@var{file} @@ -8638,13 +8658,13 @@ Fetch and return the source of @var{package-or-derivation} and all their dependencies, recursively. This is a handy way to obtain a local copy of all the source code needed to build @var{packages}, allowing you to eventually build them even without network access. It is an extension -of the @code{--source} option and can accept one of the following +of the @option{--source} option and can accept one of the following optional argument values: @table @code @item package -This value causes the @code{--sources} option to behave in the same way -as the @code{--source} option. +This value causes the @option{--sources} option to behave in the same way +as the @option{--source} option. @item all Build the source derivations of all packages, including any source that @@ -8684,16 +8704,16 @@ you to repeat this option several times, in which case it builds for all the specified systems; other commands ignore extraneous @option{-s} options. @quotation Note -The @code{--system} flag is for @emph{native} compilation and must not -be confused with cross-compilation. See @code{--target} below for +The @option{--system} flag is for @emph{native} compilation and must not +be confused with cross-compilation. See @option{--target} below for information on cross-compilation. @end quotation An example use of this is on Linux-based systems, which can emulate different personalities. For instance, passing -@code{--system=i686-linux} on an @code{x86_64-linux} system or -@code{--system=armhf-linux} on an @code{aarch64-linux} system allows you -to build packages in a complete 32-bit environment. +@option{--system=i686-linux} on an @code{x86_64-linux} system or +@option{--system=armhf-linux} on an @code{aarch64-linux} system allows +you to build packages in a complete 32-bit environment. @quotation Note Building for an @code{armhf-linux} system is unconditionally enabled on @@ -8775,9 +8795,9 @@ guix build --log-file guile guix build --log-file -e '(@@ (gnu packages guile) guile-2.0)' @end example -If a log is unavailable locally, and unless @code{--no-substitutes} is +If a log is unavailable locally, and unless @option{--no-substitutes} is passed, the command looks for a corresponding log on one of the -substitute servers (as specified with @code{--substitute-urls}.) +substitute servers (as specified with @option{--substitute-urls}.) So for instance, imagine you want to see the build log of GDB on MIPS, but you are actually on an @code{x86_64} machine: @@ -8803,7 +8823,7 @@ build daemon uses. To that end, the first thing to do is to use the @option{--keep-failed} or @option{-K} option of @command{guix build}, which will keep the failed build tree in @file{/tmp} or whatever directory you specified as -@code{TMPDIR} (@pxref{Invoking guix build, @code{--keep-failed}}). +@env{TMPDIR} (@pxref{Invoking guix build, @option{--keep-failed}}). From there on, you can @command{cd} to the failed build tree and source the @file{environment-variables} file, which contains all the @@ -8885,18 +8905,18 @@ guix edit gcc@@4.9 vim @end example @noindent -launches the program specified in the @code{VISUAL} or in the -@code{EDITOR} environment variable to view the recipe of GCC@tie{}4.9.3 +launches the program specified in the @env{VISUAL} or in the +@env{EDITOR} environment variable to view the recipe of GCC@tie{}4.9.3 and that of Vim. If you are using a Guix Git checkout (@pxref{Building from Git}), or -have created your own packages on @code{GUIX_PACKAGE_PATH} +have created your own packages on @env{GUIX_PACKAGE_PATH} (@pxref{Package Modules}), you will be able to edit the package recipes. In other cases, you will be able to examine the read-only recipes for packages currently in the store. -Instead of @code{GUIX_PACKAGE_PATH}, the command-line option -@code{--load-path=@var{directory}} (or in short @code{-L +Instead of @env{GUIX_PACKAGE_PATH}, the command-line option +@option{--load-path=@var{directory}} (or in short @option{-L @var{directory}}) allows you to add @var{directory} to the front of the package module search path and so make your own packages visible. @@ -8929,7 +8949,7 @@ GnuTLS-Guile}, for more information. @command{guix download} verifies HTTPS server certificates by loading the certificates of X.509 authorities from the directory pointed to by -the @code{SSL_CERT_DIR} environment variable (@pxref{X.509 +the @env{SSL_CERT_DIR} environment variable (@pxref{X.509 Certificates}), unless @option{--no-check-certificate} is used. The following options are available: @@ -9065,9 +9085,9 @@ Specific command-line options are: @table @code @item --key-download=@var{policy} -As for @code{guix refresh}, specify the policy to handle missing OpenPGP -keys when verifying the package signature. @xref{Invoking guix -refresh, @code{--key-download}}. +As for @command{guix refresh}, specify the policy to handle missing +OpenPGP keys when verifying the package signature. @xref{Invoking guix +refresh, @option{--key-download}}. @end table @item pypi @@ -9129,8 +9149,8 @@ should be checked closely. If Perl is available in the store, then the @code{corelist} utility will be used to filter core modules out of the list of dependencies. -The command command below imports metadata for the @code{Acme::Boolean} -Perl module: +The command command below imports metadata for the Acme::Boolean Perl +module: @example guix import cpan Acme::Boolean @@ -9143,29 +9163,27 @@ Import metadata from @uref{https://cran.r-project.org/, CRAN}, the central repository for the @uref{https://r-project.org, GNU@tie{}R statistical and graphical environment}. -Information is extracted from the @code{DESCRIPTION} file of the package. +Information is extracted from the @file{DESCRIPTION} file of the package. -The command command below imports metadata for the @code{Cairo} -R package: +The command command below imports metadata for the Cairo R package: @example guix import cran Cairo @end example -When @code{--recursive} is added, the importer will traverse the +When @option{--recursive} is added, the importer will traverse the dependency graph of the given upstream package recursively and generate package expressions for all those packages that are not yet in Guix. -When @code{--archive=bioconductor} is added, metadata is imported from +When @option{--archive=bioconductor} is added, metadata is imported from @uref{https://www.bioconductor.org/, Bioconductor}, a repository of R packages for for the analysis and comprehension of high-throughput genomic data in bioinformatics. -Information is extracted from the @code{DESCRIPTION} file contained in the +Information is extracted from the @file{DESCRIPTION} file contained in the package archive. -The command below imports metadata for the @code{GenomicRanges} -R package: +The command below imports metadata for the GenomicRanges R package: @example guix import cran --archive=bioconductor GenomicRanges @@ -9173,7 +9191,7 @@ guix import cran --archive=bioconductor GenomicRanges Finally, you can also import R packages that have not yet been published on CRAN or Bioconductor as long as they are in a git repository. Use -@code{--archive=git} followed by the URL of the git repository: +@option{--archive=git} followed by the URL of the git repository: @example guix import cran --archive=git https://github.com/immunogenomics/harmony @@ -9198,10 +9216,10 @@ TeX package: guix import texlive fontspec @end example -When @code{--archive=DIRECTORY} is added, the source code is downloaded -not from the @file{latex} sub-directory of the @file{texmf-dist/source} -tree in the TeX Live SVN repository, but from the specified sibling -directory under the same root. +When @option{--archive=@var{directory}} is added, the source code is +downloaded not from the @file{latex} sub-directory of the +@file{texmf-dist/source} tree in the TeX Live SVN repository, but from +the specified sibling @var{directory} under the same root. The command below imports metadata for the @code{ifxetex} package from CTAN while fetching the sources from the directory @@ -9323,7 +9341,7 @@ in Guix. @end table The command below imports metadata for the latest version of the -@code{HTTP} Haskell package without including test dependencies and +HTTP Haskell package without including test dependencies and specifying the value of the flag @samp{network-uri} as @code{false}: @example @@ -9363,7 +9381,7 @@ and generate package expressions for all those packages that are not yet in Guix. @end table -The command below imports metadata for the @code{HTTP} Haskell package +The command below imports metadata for the HTTP Haskell package included in the LTS Stackage release version 7.18: @example @@ -9507,7 +9525,7 @@ to that effect: (properties '((upstream-name . "NetworkManager"))))) @end lisp -When passed @code{--update}, it modifies distribution source files to +When passed @option{--update}, it modifies distribution source files to update the version numbers and source tarball hashes of those package recipes (@pxref{Defining Packages}). This is achieved by downloading each package's latest source tarball and its associated OpenPGP @@ -9631,7 +9649,7 @@ $ ./pre-inst-env guix refresh -u emacs idutils gcc@@4.8 @noindent The command above specifically updates the @code{emacs} and -@code{idutils} packages. The @code{--select} option would have no +@code{idutils} packages. The @option{--select} option would have no effect in this case. When considering whether to upgrade a package, it is sometimes @@ -9659,7 +9677,7 @@ dependents of a package. @end table -Be aware that the @code{--list-dependent} option only +Be aware that the @option{--list-dependent} option only @emph{approximates} the rebuilds that would be required as a result of an upgrade. More rebuilds might be required under some circumstances. @@ -9762,7 +9780,7 @@ GitHub will eventually refuse to answer any further API requests. By default 60 API requests per hour are allowed, and a full refresh on all GitHub packages in Guix requires more than this. Authentication with GitHub through the use of an API token alleviates these limits. To use -an API token, set the environment variable @code{GUIX_GITHUB_TOKEN} to a +an API token, set the environment variable @env{GUIX_GITHUB_TOKEN} to a token procured from @uref{https://github.com/settings/tokens} or otherwise. @@ -9776,7 +9794,7 @@ The @command{guix lint} command is meant to help package developers avoid common errors and use a consistent style. It runs a number of checks on a given set of packages in order to find common mistakes in their definitions. Available @dfn{checkers} include (see -@code{--list-checkers} for a complete list): +@option{--list-checkers} for a complete list): @table @code @item synopsis @@ -9904,7 +9922,7 @@ and exit. @item --checkers @itemx -c Only enable the checkers specified in a comma-separated list using the -names returned by @code{--list-checkers}. +names returned by @option{--list-checkers}. @item --load-path=@var{directory} @itemx -L @var{directory} @@ -10287,7 +10305,7 @@ For security, each substitute is signed, allowing recipients to check their authenticity and integrity (@pxref{Substitutes}). Because @command{guix publish} uses the signing key of the system, which is only readable by the system administrator, it must be started as root; the -@code{--user} option makes it drop root privileges early on. +@option{--user} option makes it drop root privileges early on. The signing key pair must be generated before @command{guix publish} is launched, using @command{guix archive --generate-key} (@pxref{Invoking @@ -10347,9 +10365,9 @@ When @command{guix-daemon} is configured to save compressed build logs, as is the case by default (@pxref{Invoking guix-daemon}), @code{/log} URLs return the compressed log as-is, with an appropriate @code{Content-Type} and/or @code{Content-Encoding} header. We recommend -running @command{guix-daemon} with @code{--log-compression=gzip} since +running @command{guix-daemon} with @option{--log-compression=gzip} since Web browsers can automatically decompress it, which is not the case with -bzip2 compression. +Bzip2 compression. The following options are available: @@ -10671,7 +10689,7 @@ of Diffoscope. Do not show further details about the differences. @end table -Thus, unless @code{--diff=none} is passed, @command{guix challenge} +Thus, unless @option{--diff=none} is passed, @command{guix challenge} downloads the store items from the given substitute servers so that it can compare them. @@ -11078,7 +11096,7 @@ configuration options. @vindex %base-packages The @code{packages} field lists packages that will be globally visible -on the system, for all user accounts---i.e., in every user's @code{PATH} +on the system, for all user accounts---i.e., in every user's @env{PATH} environment variable---in addition to the per-user profiles (@pxref{Invoking guix package}). The @code{%base-packages} variable provides all the tools one would expect for basic user and administrator @@ -12103,8 +12121,8 @@ The compiled locale definitions are available at @file{/run/current-system/locale/X.Y}, where @code{X.Y} is the libc version, which is the default location where the GNU@tie{}libc provided by Guix looks for locale data. This can be overridden using the -@code{LOCPATH} environment variable (@pxref{locales-and-locpath, -@code{LOCPATH} and locale packages}). +@env{LOCPATH} environment variable (@pxref{locales-and-locpath, +@env{LOCPATH} and locale packages}). The @code{locale-definition} form is provided by the @code{(gnu system locale)} module. Details are given below. @@ -12162,7 +12180,7 @@ read locale data produced with libc 2.22; worse, that program data@footnote{Versions 2.23 and later of GNU@tie{}libc will simply skip the incompatible locale data, which is already an improvement.}. Similarly, a program linked against libc 2.22 can read most, but not -all, of the locale data from libc 2.21 (specifically, @code{LC_COLLATE} +all, of the locale data from libc 2.21 (specifically, @env{LC_COLLATE} data is incompatible); thus calls to @code{setlocale} may fail, but programs will not abort. @@ -12172,8 +12190,8 @@ be using a libc version different from the one the system administrator used to build the system-wide locale data. Fortunately, unprivileged users can also install their own locale data -and define @var{GUIX_LOCPATH} accordingly (@pxref{locales-and-locpath, -@code{GUIX_LOCPATH} and locale packages}). +and define @env{GUIX_LOCPATH} accordingly (@pxref{locales-and-locpath, +@env{GUIX_LOCPATH} and locale packages}). Still, it is best if the system-wide locale data at @file{/run/current-system/locale} is built for all the libc versions @@ -12460,7 +12478,7 @@ A string containing a comma-separated list of one or more baud rates, in descending order. @item @code{term} (default: @code{#f}) -A string containing the value used for the @code{TERM} environment +A string containing the value used for the @env{TERM} environment variable. @item @code{eight-bits?} (default: @code{#f}) @@ -13051,7 +13069,7 @@ An empty list disables compression altogether. @item @code{nar-path} (default: @code{"nar"}) The URL path at which ``nars'' can be fetched. @xref{Invoking guix -publish, @code{--nar-path}}, for details. +publish, @option{--nar-path}}, for details. @item @code{cache} (default: @code{#f}) When it is @code{#f}, disable caching and instead generate archives on @@ -14293,7 +14311,7 @@ List of strings describing which environment variables may be exported. Each string gets on its own line. See the @code{AcceptEnv} option in @code{man sshd_config}. -This example allows ssh-clients to export the @code{COLORTERM} variable. +This example allows ssh-clients to export the @env{COLORTERM} variable. It is set by terminal emulators, which support colors. You can use it in your shell's resource file to enable colors for the prompt and commands if this variable is set. @@ -15200,8 +15218,8 @@ Defaults to @samp{strict}. @deftypevr {@code{files-configuration} parameter} file-name server-keychain Specifies the location of TLS certificates and private keys. CUPS will -look for public and private keys in this directory: a @code{.crt} files -for PEM-encoded certificates and corresponding @code{.key} files for +look for public and private keys in this directory: @file{.crt} files +for PEM-encoded certificates and corresponding @file{.key} files for PEM-encoded private keys. Defaults to @samp{"/etc/cups/ssl"}. @@ -16385,8 +16403,8 @@ via @code{pulseaudio-configuration}, see below. @quotation Warning This service overrides per-user configuration files. If you want PulseAudio to honor configuraton files in @file{~/.config/pulse} you -have to unset the environment variables @code{PULSE_CONFIG} and -@code{PULSE_CLIENTCONFIG} in your @file{~/.bash_profile}. +have to unset the environment variables @env{PULSE_CONFIG} and +@env{PULSE_CLIENTCONFIG} in your @file{~/.bash_profile}. @end quotation @quotation Warning @@ -22693,7 +22711,7 @@ To add build jobs, you have to set the @code{specifications} field of the configuration. Here is an example of a service that polls the Guix repository and builds the packages from a manifest. Some of the packages are defined in the @code{"custom-packages"} input, which is the equivalent of -@code{GUIX_PACKAGE_PATH}. +@env{GUIX_PACKAGE_PATH}. @lisp (define %cuirass-specs @@ -24198,7 +24216,7 @@ object} as returned by @code{lookup-qemu-platforms} (see below). @item @code{guix-support?} (default: @code{#f}) When it is true, QEMU and all its dependencies are added to the build environment of @command{guix-daemon} (@pxref{Invoking guix-daemon, -@code{--chroot-directory} option}). This allows the @code{binfmt_misc} +@option{--chroot-directory} option}). This allows the @code{binfmt_misc} handlers to be used within the build environment, which in turn means that you can transparently build programs for another architecture. @@ -25510,7 +25528,7 @@ for anyone at login: Some @code{volume} elements must be added to automatically mount volumes at login. Here's an example allowing the user @code{alice} to mount her -encrypted @code{HOME} directory and allowing the user @code{bob} to mount +encrypted @env{HOME} directory and allowing the user @code{bob} to mount the partition where he stores his data: @lisp @@ -26161,10 +26179,10 @@ Unprivileged users, including users of Guix on a foreign distro, can also install their own certificate package in their profile. A number of environment variables need to be defined so that applications and libraries know where to find them. Namely, the -OpenSSL library honors the @code{SSL_CERT_DIR} and @code{SSL_CERT_FILE} +OpenSSL library honors the @env{SSL_CERT_DIR} and @env{SSL_CERT_FILE} variables. Some applications add their own environment variables; for instance, the Git version control system honors the certificate bundle -pointed to by the @code{GIT_SSL_CAINFO} environment variable. Thus, you +pointed to by the @env{GIT_SSL_CAINFO} environment variable. Thus, you would typically run something like: @example @@ -26174,7 +26192,7 @@ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt" export GIT_SSL_CAINFO="$SSL_CERT_FILE" @end example -As another example, R requires the @code{CURL_CA_BUNDLE} environment +As another example, R requires the @env{CURL_CA_BUNDLE} environment variable to point to a certificate bundle, so you would have to run something like this: @@ -26439,7 +26457,7 @@ here is how to use it and customize it further. [#:helper-packages '()] [#:qemu-networking? #f] [#:volatile-root? #f] Return a derivation that builds a raw initrd. @var{file-systems} is a list of file systems to be mounted by the initrd, possibly in addition to -the root file system specified on the kernel command line via @code{--root}. +the root file system specified on the kernel command line via @option{--root}. @var{linux-modules} is a list of kernel modules to be loaded at boot time. @var{mapped-devices} is a list of device mappings to realize before @var{file-systems} are mounted (@pxref{Mapped Devices}). @@ -26468,7 +26486,7 @@ to it are lost. Return as a file-like object a generic initrd, with kernel modules taken from @var{linux}. @var{file-systems} is a list of file-systems to be mounted by the initrd, possibly in addition to the root file system specified -on the kernel command line via @code{--root}. @var{mapped-devices} is a list of device +on the kernel command line via @option{--root}. @var{mapped-devices} is a list of device mappings to realize before @var{file-systems} are mounted. When true, @var{keyboard-layout} is a @code{<keyboard-layout>} record denoting @@ -26898,8 +26916,8 @@ Delete system generations, making them candidates for garbage collection (@pxref{Invoking guix gc}, for information on how to run the ``garbage collector''). -This works in the same way as @command{guix package --delete-generations} -(@pxref{Invoking guix package, @code{--delete-generations}}). With no +This works in the same way as @samp{guix package --delete-generations} +(@pxref{Invoking guix package, @option{--delete-generations}}). With no arguments, all system generations but the current one are deleted: @example @@ -26968,7 +26986,7 @@ $ /gnu/store/@dots{}-run-vm.sh -m 1024 -smp 2 -net user,model=virtio-net-pci The VM shares its store with the host system. Additional file systems can be shared between the host and the VM using -the @code{--share} and @code{--expose} command-line options: the former +the @option{--share} and @option{--expose} command-line options: the former specifies a directory to be shared with write access, while the latter provides read-only access to the shared directory. @@ -26985,10 +27003,10 @@ On GNU/Linux, the default is to boot directly to the kernel; this has the advantage of requiring only a very tiny root disk image since the store of the host can then be mounted. -The @code{--full-boot} option forces a complete boot sequence, starting +The @option{--full-boot} option forces a complete boot sequence, starting with the bootloader. This requires more disk space since a root image containing at least the kernel, initrd, and bootloader data files must -be created. The @code{--image-size} option can be used to specify the +be created. The @option{--image-size} option can be used to specify the size of the image. @cindex System images, creation in various formats @@ -27048,6 +27066,10 @@ example, if you intend to build software using Guix inside of the Docker container, you may need to pass the @option{--privileged} option to @code{docker create}. +Last, the @option{--network} option applies to @command{guix system +docker-image}: it produces an image where network is supposedly shared +with the host, and thus without services like nscd or NetworkManager. + @item container Return a script to run the operating system declared in @var{file} within a container. Containers are a set of lightweight isolation @@ -27127,7 +27149,7 @@ When this option is omitted, @command{guix system} uses @code{ext4}. @cindex ISO-9660 format @cindex CD image format @cindex DVD image format -@code{--file-system-type=iso9660} produces an ISO-9660 image, suitable +@option{--file-system-type=iso9660} produces an ISO-9660 image, suitable for burning on CDs and DVDs. @item --image-size=@var{size} @@ -28311,7 +28333,7 @@ GDB}): @end example From there on, GDB will pick up debugging information from the -@code{.debug} files under @file{~/.guix-profile/lib/debug}. +@file{.debug} files under @file{~/.guix-profile/lib/debug}. In addition, you will most likely want GDB to be able to show the source code being debugged. To do that, you will have to unpack the source @@ -28593,7 +28615,7 @@ tarball to be unpacked. Once @code{guile-bootstrap-2.0.drv} is built, we have a functioning Guile that can be used to run subsequent build programs. Its first task is to download tarballs containing the other pre-built binaries---this -is what the @code{.tar.xz.drv} derivations do. Guix modules such as +is what the @file{.tar.xz.drv} derivations do. Guix modules such as @code{ftp-client.scm} are used for this purpose. The @code{module-import.drv} derivations import those modules in a directory in the store, using the original layout. The @@ -28645,15 +28667,15 @@ for all the following packages. From there Findutils and Diffutils get built. Then come the first-stage Binutils and GCC, built as pseudo cross -tools---i.e., with @code{--target} equal to @code{--host}. They are +tools---i.e., with @option{--target} equal to @option{--host}. They are used to build libc. Thanks to this cross-build trick, this libc is guaranteed not to hold any reference to the initial tool chain. -From there the final Binutils and GCC (not shown above) are built. -GCC uses @code{ld} -from the final Binutils, and links programs against the just-built libc. -This tool chain is used to build the other packages used by Guix and by -the GNU Build System: Guile, Bash, Coreutils, etc. +From there the final Binutils and GCC (not shown above) are built. GCC +uses @command{ld} from the final Binutils, and links programs against +the just-built libc. This tool chain is used to build the other +packages used by Guix and by the GNU Build System: Guile, Bash, +Coreutils, etc. And voilĂ ! At this point we have the complete set of build tools that the GNU Build System expects. These are in the @code{%final-inputs} @@ -28761,7 +28783,7 @@ as well. In practice, there may be some complications. First, it may be that the extended GNU triplet that specifies an ABI (like the @code{eabi} suffix above) is not recognized by all the GNU tools. Typically, glibc -recognizes some of these, whereas GCC uses an extra @code{--with-abi} +recognizes some of these, whereas GCC uses an extra @option{--with-abi} configure flag (see @code{gcc.scm} for examples of how to handle this). Second, some of the required packages could fail to build for that platform. Lastly, the generated binaries could be broken for some |