this post was submitted on 11 Feb 2024
13 points (93.3% liked)

Guix

274 readers
1 users here now

Guix is an advanced distribution of the GNU operating system developed by the GNU Project

founded 4 years ago
MODERATORS
[email protected]
13
48.4% of the projects on Guix are outdated (repology.org)
submitted 6 months ago by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 6 months ago (1 children)

Hm, I knew less about packaging than I thought. I kind of assumed it was mostly automatic updates after the initial package, and only fixing things on major changes.

Anyway, looking at the different tables, it doesn't seem to me that Guix is especially behind well known distros, and there's a low percentage of problematic issues: https://repology.org/repositories/statistics/pvulnerable

Perhaps it would be more telling to see how long packages are outdated on average? dunno..

[–] [email protected] 3 points 6 months ago (2 children)

In the case of Guix, it's just updating the version and the SHA-256 hash. But the bigger issue here is how hard GNU software is for contributions. I can't do patches, because I do not want to jeopardize my email across the internet.

[–] [email protected] 4 points 6 months ago

you could create another email account with a pseudonym

[–] [email protected] 3 points 6 months ago (1 children)

Hm, going slightly ot here. I wonder how long it will take before an 'package maintainer' AI is developed. Imho it won't take long before we see the first semi-automated packager/pkg manager. I think we have all the open source parts, but not the agent network that does the actual work, yet.

With a dedicated package agent, guix and any other smaller distro would be right behind the big ones.

[–] [email protected] 3 points 6 months ago

Thanks for this comment, because it looks like this is a good point of discussion. I may be wrong here, as I'm not well-versed in Guile Scheme. Honestly, you don't really need an "AI" for this. As a Nixpkgs contributor, I've come across a genius implementation by Ryan Mulligan. To explain this, I'll use the example code at A packaging tutorial for Guix.

You can see:

(define-public hello
  (package
    ...
    (version "2.10")
    (source (origin
      ...
      (sha256 (base32
        "0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i"))
      ...
    ))
    ...
))

Only the version and the base32 string have to be updated to get the next version.

If you check a Nix expression (aka the code snippet that defines a package), it is similar to the Guile code snippet but Haskell-ish. The version variable stores the tag - it's the same for both Guix and Nix. He's made a bot, which will check if the tag is outdated, or not - using Webhooks, I think. Maybe Savannah projects do not support them, but other forges like GitHub, GitLab and Forgejo do. If they're outdated, the bot will update both the SHA256 hash, as well as the version. And there you go, automatic package upgrade! Well, if the build fails, then welp, a human has to fix it. But the bot has managed most of the stuff auto-magically, so does resolving a few packages manually really matter?

Btw, here's the hard-working bot, r-ryantm.

[–] [email protected] 5 points 6 months ago (1 children)

You mean packages? And the link is just the graph, no other information or anything 🥲

[–] [email protected] 4 points 6 months ago* (last edited 6 months ago)

Oh yes, about that, you can view them here: GNU Guix repository information. For some reason, the maintainer graph is at zero, which is hilarious.