mirror of
https://gitlab.com/nonguix/nonguix.git
synced 2024-12-23 15:24:52 +01:00
023508df48
substitutes. * README.org (** Substitutes for nonguix): Explain how to authorize and reconfigure when starting to use substitutes.nonguix.org. Signed-off-by: Jonathan Brielmaier <jonathan.brielmaier@web.de>
306 lines
12 KiB
Org Mode
306 lines
12 KiB
Org Mode
#+TITLE: Nonguix
|
|
|
|
Nonguix is a software repository for the
|
|
[[https://www.gnu.org/software/guix/][GNU Guix]] package manager,
|
|
which packages some software which cannot be included in the official
|
|
distribution for ethical or policy-related reasons.
|
|
|
|
Please do NOT promote this repository on any official Guix
|
|
communication channels, such as their mailing lists or IRC channel, even in
|
|
response to support requests! This is to show respect for the Guix project's
|
|
[[http://www.gnu.org/distros/free-system-distribution-guidelines.html][strict policy]]
|
|
against recommending nonfree software, and to avoid any unnecessary hostility.
|
|
|
|
Before using this channel, you should understand the implications of using
|
|
nonfree software. Read [[https://www.gnu.org/philosophy/free-sw.en.html][What is free software?]]
|
|
for more information.
|
|
|
|
(Check out the [[https://gitlab.com/guix-gaming-channels][Guix Gaming Channels]]
|
|
if you're interested in nonfree games too!)
|
|
|
|
* Warning
|
|
|
|
This channel does not endorse any non-free application.
|
|
We believe it is non-ethical, harmful to software development and
|
|
restricts the users freedom.
|
|
See the [[https://www.gnu.org/philosophy/free-sw.en.html][GNU philosophy]] for a more thorough discussion.
|
|
|
|
Those packages are provided as a last resort, should none of the official Guix
|
|
packages work for you.
|
|
|
|
You should understand the implication of using non-free software. Some of those
|
|
implications include:
|
|
|
|
- Endorsement of non-free products and the perpetration of a culture of
|
|
restriction on liberties.
|
|
|
|
- Non-free software cannot (or hardly) be audited: it can potentially spy on
|
|
you, destroy or steal your data.
|
|
|
|
As a minimal security measure, it's heavily recommended to run any non-free
|
|
software inside a container.
|
|
|
|
* Installation
|
|
|
|
Nonguix can be installed as a
|
|
[[https://www.gnu.org/software/guix/manual/en/html_node/Channels.html][Guix channel]].
|
|
To do so, add it to =~/.config/guix/channels.scm=:
|
|
|
|
#+BEGIN_SRC scheme
|
|
(cons* (channel
|
|
(name 'nonguix)
|
|
(url "https://gitlab.com/nonguix/nonguix")
|
|
;; Enable signature verification:
|
|
(introduction
|
|
(make-channel-introduction
|
|
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
|
|
(openpgp-fingerprint
|
|
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
|
|
%default-channels)
|
|
#+END_SRC
|
|
|
|
Then run =guix pull=.
|
|
|
|
* Using Nonfree Firmware and Drivers
|
|
|
|
To use Guix System with the standard Linux kernel and nonfree firmware, edit
|
|
the ~kernel~ and ~firmware~ fields of the ~operating-system~ definition in
|
|
=config.scm=:
|
|
|
|
#+BEGIN_SRC scheme
|
|
;; Import nonfree linux module.
|
|
(use-modules (nongnu packages linux)
|
|
(nongnu system linux-initrd))
|
|
|
|
(operating-system
|
|
(kernel linux)
|
|
(initrd microcode-initrd)
|
|
(firmware (list linux-firmware))
|
|
...
|
|
)
|
|
#+END_SRC
|
|
|
|
If you only need firmware for a specific piece of hardware, you may be able to
|
|
save disk space by using a smaller firmware package instead:
|
|
|
|
#+BEGIN_SRC scheme
|
|
(firmware (cons* iwlwifi-firmware
|
|
%base-firmware))
|
|
#+END_SRC
|
|
|
|
Then of course, run ~sudo guix system reconfigure /etc/config.scm~ to apply
|
|
your configuration.
|
|
|
|
** Installation image
|
|
|
|
For some hardware the official Guix installation image won't do
|
|
(e.g. unsupported wifi). You can generate an installation image running the
|
|
nonfree Linux kernel and nonfree firmware with the following command:
|
|
|
|
#+begin_src sh
|
|
guix system image --image-type=iso9660 /path/to/this/channel/nongnu/system/install.scm
|
|
#+end_src
|
|
|
|
Like the official Guix installation image, this will produce a read-only image
|
|
with any changes made stored in memory. As indicated below, you will need to
|
|
run ~guix pull~ to download the Nonguix package descriptions, so will need
|
|
enough memory to hold the cached channel code which can be several hundred
|
|
megabytes. As an alternative, you can create a writable image with the
|
|
following command:
|
|
|
|
#+begin_src sh
|
|
guix system image --image-size=7.2GiB /path/to/this/channel/nongnu/system/install.scm
|
|
#+end_src
|
|
|
|
The ~--image-size~ option allows you to specify the size of the image and, as
|
|
such, to allocate free space to it. The given value is purely indicative. It
|
|
obviously depends on your thumbdrive capacity.
|
|
|
|
Either type of image can be written to a USB thumbdrive with:
|
|
|
|
#+BEGIN_SRC sh
|
|
# NOTE: This example assumes your thumbdrive is recognized by Linux as /dev/sdb.
|
|
dd if=/path/to/disk-image of=/dev/sdb bs=4M status=progress oflag=sync
|
|
#+END_SRC
|
|
|
|
The installation media produced by the above method does not automatically
|
|
configure your channels specification. You need to add Nonguix "manually"
|
|
into ~/etc/guix/channels.scm~ and then run ~guix pull~ to make Guix aware of
|
|
Nonguix scheme libraries. Below is Guile scheme code to include Nonguix in the
|
|
channel specification.
|
|
|
|
#+BEGIN_SRC scheme
|
|
(use-modules (ice-9 pretty-print))
|
|
(with-output-to-file "/etc/guix/channels.scm"
|
|
(lambda _
|
|
(pretty-print
|
|
'(cons*
|
|
(channel (name 'nonguix)
|
|
(url "https://gitlab.com/nonguix/nonguix"))
|
|
%default-channels))))
|
|
#+END_SRC
|
|
|
|
** CPU Microcode
|
|
|
|
CPU microcode updates are nonfree blobs that apply directly to a processor to
|
|
patch its behavior, and are therefore not included in upstream GNU Guix.
|
|
However, running the latest microcode is important to avoid nasty CPU bugs and
|
|
hardware security vulnerabilities.
|
|
|
|
To enable early loading of CPU microcode, use the ~microcode-initrd~ function
|
|
to add the microcode to the Initial RAM Disk. Most users can simply import
|
|
~(nongnu system linux-initrd)~ and add ~(initrd microcode-initrd)~ to their
|
|
~operating-system~ definition, as illustrated above.
|
|
|
|
If you need to customize the ~initrd~ for some reason, you should first
|
|
understand the upstream documentation on
|
|
[[https://guix.gnu.org/manual/en/html_node/Initial-RAM-Disk.html][Initial RAM Disks]].
|
|
~microcode-initrd~ simply wraps another ~initrd~ function, which you can swap
|
|
out for your own. For example, this:
|
|
|
|
#+BEGIN_SRC scheme
|
|
(initrd microcode-initrd)
|
|
#+END_SRC
|
|
|
|
is exactly equivalent to:
|
|
|
|
#+BEGIN_SRC scheme
|
|
(initrd (lambda (file-systems . rest)
|
|
(apply microcode-initrd file-systems
|
|
#:initrd base-initrd
|
|
#:microcode-packages (list amd-microcode
|
|
intel-microcode)
|
|
rest)))
|
|
#+END_SRC
|
|
|
|
** Broadcom Wireless
|
|
|
|
Some Broadcom wireless hardware requires a proprietary kernel module in
|
|
addition to firmware. To use such hardware you will also need to add a service
|
|
to load that module on boot, blacklist conflicting kernel modules, and while not
|
|
required, it is recommended to stay with Linux LTS releases:
|
|
|
|
#+BEGIN_SRC scheme
|
|
(use-modules (nongnu packages linux))
|
|
|
|
(operating-system
|
|
(kernel linux-lts)
|
|
;; Blacklist conflicting kernel modules.
|
|
(kernel-arguments '("modprobe.blacklist=b43,b43legacy,ssb,bcm43xx,brcm80211,brcmfmac,brcmsmac,bcma"))
|
|
(kernel-loadable-modules (list broadcom-sta))
|
|
(firmware (cons* broadcom-bt-firmware
|
|
%base-firmware))
|
|
...)
|
|
#+END_SRC
|
|
|
|
** Substitutes for nonguix
|
|
|
|
A Nonguix substitute server is available at [[https://substitutes.nonguix.org]].
|
|
On Guix System, you can add and authorize this URL in the following way:
|
|
#+BEGIN_SRC scheme
|
|
(operating-system
|
|
(services (modify-services %desktop-services
|
|
(guix-service-type config => (guix-configuration
|
|
(inherit config)
|
|
(substitute-urls
|
|
(append (list "https://substitutes.nonguix.org")
|
|
%default-substitute-urls))
|
|
(authorized-keys
|
|
(append (list (local-file "./signing-key.pub"))
|
|
%default-authorized-guix-keys))))))
|
|
...)
|
|
#+END_SRC
|
|
|
|
Notice that the URL of the server should be specified without a trailing
|
|
slash. The file ~signing-key.pub~ should be downloaded directly from
|
|
[[https://substitutes.nonguix.org/signing-key.pub]].
|
|
|
|
Alternatively, you can replace ~(local-file "./signing-key.pub")~ by:
|
|
#+BEGIN_SRC scheme
|
|
(plain-file "non-guix.pub"
|
|
"<contents of signing-key.pub>")
|
|
#+END_SRC
|
|
|
|
Guix System will only use the substitution server after it has been
|
|
reconfigured. The substitution server will therefore by default not
|
|
be used the first time you run ~guix system reconfigure~ after adding
|
|
the substitution server. It is therefore recommended to explicitly
|
|
specify the use of the substitution server the first time
|
|
you reconfigure your system:
|
|
#+BEGIN_SRC sh
|
|
sudo guix archive --authorize < signing-key.pub
|
|
sudo guix system reconfigure /etc/config.scm --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org'
|
|
#+END_SRC
|
|
|
|
Check out the [[https://guix.gnu.org/manual/en/html_node/Substitutes.html][chapter on substitutes]]
|
|
in the Guix manual for more details.
|
|
|
|
** Pinning package versions
|
|
|
|
When using substitutes is not an option, you may find
|
|
that ~guix system reconfigure~ recompiles the kernel frequently due to version
|
|
bumps in the kernel package. An inferior can be used to pin the kernel version
|
|
and avoid lengthy rebuilds.
|
|
|
|
You must pin both Guix and Nonguix, as the Nonguix kernel packages derive from
|
|
those in Guix (so changes in either could cause a rebuild). Your preferred kernel
|
|
version must be available in both pinned channels.
|
|
|
|
Consult the output of ~guix system describe~ to get the commits of Guix and
|
|
Nonguix for the current generation. Once you have determined the commits to use,
|
|
create an inferior in your system configuration file that pins the channels to
|
|
them. Then grab the appropriately-versioned Linux package from the inferior to
|
|
use as your kernel.
|
|
|
|
#+BEGIN_SRC scheme
|
|
(use-modules (srfi srfi-1) ; for `first'
|
|
(guix channels))
|
|
(operating-system
|
|
(kernel
|
|
(let*
|
|
((channels
|
|
(list (channel
|
|
(name 'nonguix)
|
|
(url "https://gitlab.com/nonguix/nonguix")
|
|
(commit "ff6ca98099c7c90e64256236a49ab21fa96fe11e"))
|
|
(channel
|
|
(name 'guix)
|
|
(url "https://git.savannah.gnu.org/git/guix.git")
|
|
(commit "3be96aa9d93ea760e2d965cb3ef03540f01a0a22"))))
|
|
(inferior
|
|
(inferior-for-channels channels)))
|
|
(first (lookup-inferior-packages inferior "linux" "5.4.21"))))
|
|
...)
|
|
#+END_SRC
|
|
|
|
* Contributing
|
|
|
|
Contributions are welcome! If there's a package you would like to add, just
|
|
fork the repository and create a Merge Request when your package is ready.
|
|
Keep in mind:
|
|
|
|
- Nonguix follows the same
|
|
[[https://www.gnu.org/software/guix/manual/en/html_node/Coding-Style.html][coding style]]
|
|
as GNU Guix. If you don't use Emacs, you should make use of the indent
|
|
script from the GNU Guix repository (=./etc/indent-code.el=).
|
|
- Commit messages should follow the same
|
|
[[https://www.gnu.org/prep/standards/html_node/Change-Logs.html][conventions]]
|
|
set by GNU Guix.
|
|
- Although licensing restrictions are relaxed, packages should still have
|
|
accurate license metadata.
|
|
- If a package could be added to upstream GNU Guix with a reasonable amount of
|
|
effort, then it probably doesn't belong in Nonguix. This isn't a dumping
|
|
ground for subpar packages, but sometimes we may accept free software
|
|
packages which are currently too cumbersome to properly build from source.
|
|
- If your package is a game, you should submit it to the
|
|
[[https://gitlab.com/guix-gaming-channels][Guix Gaming Channels]] instead.
|
|
|
|
If you have a history of making quality contributions to GNU Guix or Nonguix
|
|
and would like commit access, just ask! Nontrivial changes should still go
|
|
through a simple Merge Request and code review process, but Nonguix needs more
|
|
people involved to succeed as a community project.
|
|
|
|
* Community
|
|
|
|
If you want to discuss Nonguix-related topics, you can hang out and stay in
|
|
touch on the =#nonguix= IRC channel on [[https://libera.chat/][Libera Chat]].
|