Perhaps my favourite feature of Guix is
guix shell. It is one of those
tools that I don't know how to do without. Even if you are not ready to
use Guix as a package manager (or distro),
guix shell alone might be a
reason to have Guix installed.
If you are a software developer, system administrator, or anything in between, you have probably experienced a situation where you want to patch some piece of software that you did not write. Either to fix a bug, try an idea you had in the shower, or just have fun.
Then you discover that it needs a mountain of dependencies to build, and that the versions provided by your operating system are too old, or only available on a mixture of PyPI, CPAN, and random repositories. Even if your preferred package manager has all dependencies available, you may not want to install all that just to scratch that itch.
guix shell. If you are lucky, that project you want to hack on
is one of the 21000+ packages available in Guix. Then you can simply
clone the repository, navigate to the project in a terminal, and run:
guix shell --development the-package
That's it. Guix will download everything required to build that package
from source, run tests, etc; and make them available for that shell
session only. Then you can
pytest, or whatever you need to
try that patch.
CPATH, etc are all set up and ready to go.
Once you exit the shell, the environment is gone, like it never existed. If you want to hack on that project later, simply run the same command again. Now all the dependencies are cached on your system and so creating the environment takes milliseconds.
What if the package is not in Guix, but its dependencies are? You can create arbitrary environments with:
guix shell package1 package2 packageN
Or mix and match:
guix shell -D the-package package1 package2 -D package3
-D is shorthand for
But what if you don't trust the packages or build systems to not litter
$HOME, steal your passwords, or
wipe your data?
guix shell has you covered:
guix shell --container [...]
Now you are in an isolated environment that can only access the current
working directory, and with no network access (unless you pass
You can make select parts of your file system visible with
--share (read/write). This is useful if you just want to
try some program, or script, without needing to trust it completely.
There are more features lurking in
guix shell, but these are by far the
ones I use the most. I don't even have
python available on
PATH and just
create a shell every time I need it, tailored to the project I want to hack on.
This blog is proudly powered by a
guix shell -m manifest.scm -- haunt build step.