Re: Help understand some guix concepts

[Martin Castillo <castilma@uni-bremen.de>]

Hi,

I'll give it a shot.
On 01.01.2018 20:31, Amirouche Boubekki wrote:
> Héllo,
> 
> It's a long time I did not read the manual. So I read he manual this
> afternoon.
> 
> I have to say that I don't really understand some guix concepts and how
> they map to the rest of the world.
> 
> Can someone try to explain to me how the following concepts are related
> to each other:
> 
> Environments, profiles, gc roots, root filesystem, chroot, containers,
> docker and lxc
> 
> TIA


Environment: Every process has an environment. It consists of key-value
pairs, where both are c-strings. A process can change it's own
environment and passes it to it's children. This can is used to pass
options to programs without the need to pass them on the commandline.

Profiles: A bit ambigous, but I think you mean guix profiles. One
feature of guix is that it allows every user to install the package they
want. Every such set of installed programs is a (generation of a)
profile. Your current profile (or generation) is linked to by
~/.guix-profile. Profiles consist of generations. Every time you add or
remove a package, you create a new generation. (You can have several
packages. Check the -p flag of `guix package`. If you want to switch to
it, make ~/.guix-profile link to the new profile.)

gc roots: Everything you install/build with guix gets stored in the
store. When you delete e.g. old profile generations, some files in the
store aren't used anymore. To find out what files can be removed from
the store, the garbage collector looks for all files in the store, that
are being referred to directly or indirectly by any link in or under
/var/guix/gcroots. Those are the live files. The other ones can be
removed to make space.

root filesystem: this is the filesystem that is mounted under `/`. it
has nothing to do with gc roots.

chroot: This is a mechanism to isolate programs And prevent them from
accessing (even seeing) some/many files. It works by changing the path
resolution mechanism. you can create one with chroot(1). A chroot makes
a chosen path to look like `/`. If you have a shelle in a chroot under
/var, `ls /` shows you the contents of /var; and `ls /../` shows the
same as `ls /`. IIRC, guix uses chroots to create a better isolation for
build processes (for better reproducibility). chroot helps to prevent
builds to access inputs (e.g. a library), that weren't declared in the
(package) definition.

container: not sure if I can explain that correct. I won't attempt it to
avoid confusion.

docker: Before guix was a thing (;-)), people used docker to assemble a
set of programs and files ("docker images") that would work always the
same way, no matter where they get executed. I think docker is one form
of container. IIRC, docker has some drawbacks: statically linked
programs -> big images, after a library updates, you need to create a
new image. guix provides another way to get reproducibility. and it
allows you to create docker images from guix profiles for systems that
don't have guix installed.

lxc: no idea. LinuXContainer?



Martin
-- 
GPG: 7FDE 7190 2F73 2C50 236E  403D CC13 48F1 E644 08EC