Hacking anything with GNU Guix

by Marius Bakke — Thu 15 September 2022

Perhaps my favourite feature of Guix is guix shell. It is one of those tools that I don't know how to do without. Even if you are not ready to use Guix as a package manager (or distro), guix shell alone might be a reason to have Guix installed.


If you are a software developer, system administrator, or anything in between, you have probably experienced a situation where you want to patch some piece of software that you did not write. Either to fix a bug, try an idea you had in the shower, or just have fun.

Then you discover that it needs a mountain of dependencies to build, and that the versions provided by your operating system are too old, or only available on a mixture of PyPI, CPAN, and random repositories. Even if your preferred package manager has all dependencies available, you may not want to install all that just to scratch that itch.

Enter guix shell. If you are lucky, that project you want to hack on is one of the 21000+ packages available in Guix. Then you can simply clone the repository, navigate to the project in a terminal, and run:

guix shell --development the-package

That's it. Guix will download everything required to build that package from source, run tests, etc; and make them available for that shell session only. Then you can make, pytest, or whatever you need to try that patch. PYTHONPATH, CPATH, etc are all set up and ready to go.

Once you exit the shell, the environment is gone, like it never existed. If you want to hack on that project later, simply run the same command again. Now all the dependencies are cached on your system and so creating the environment takes milliseconds.

What if the package is not in Guix, but its dependencies are? You can create arbitrary environments with:

guix shell package1 package2 packageN

Or mix and match:

guix shell -D the-package package1 package2 -D package3

(-D is shorthand for --development)

But what if you don't trust the packages or build systems to not litter your $HOME, steal your passwords, or wipe your data? guix shell has you covered:

guix shell --container [...]

Now you are in an isolated environment that can only access the current working directory, and with no network access (unless you pass --network). You can make select parts of your file system visible with --expose (read-only) and --share (read/write). This is useful if you just want to try some program, or script, without needing to trust it completely.

There are more features lurking in guix shell, but these are by far the ones I use the most. I don't even have python available on PATH and just create a shell every time I need it, tailored to the project I want to hack on.

This blog is proudly powered by a guix shell -m manifest.scm -- haunt build step.

Happy hacking!