Skip to content
Snippets Groups Projects
guix.texi 1010 KiB
Newer Older
@c *********************************************************************
@node Utilities
@chapter Utilities
This section describes Guix command-line utilities.  Some of them are
primarily targeted at developers and users who write new package
definitions, while others are more generally useful.  They complement
the Scheme programming interface of Guix in a convenient way.
@menu
* Invoking guix build::         Building packages from the command line.
* Invoking guix edit::          Editing package definitions.
* Invoking guix download::      Downloading a file and printing its hash.
* Invoking guix hash::          Computing the cryptographic hash of a file.
* Invoking guix import::        Importing package definitions.
* Invoking guix refresh::       Updating package definitions.
* Invoking guix lint::          Finding errors in package definitions.
* Invoking guix size::          Profiling disk usage.
* Invoking guix graph::         Visualizing the graph of packages.
* Invoking guix publish::       Sharing substitutes.
* Invoking guix challenge::     Challenging substitute servers.
* Invoking guix copy::          Copying to and from a remote store.
* Invoking guix container::     Process isolation.
* Invoking guix weather::       Assessing substitute availability.
* Invoking guix processes::     Listing client processes.
@end menu
@node Invoking guix build
@section Invoking @command{guix build}
@cindex package building
@cindex @command{guix build}
The @command{guix build} command builds packages or derivations and
their dependencies, and prints the resulting store paths.  Note that it
does not modify the user's profile---this is the job of the
@command{guix package} command (@pxref{Invoking guix package}).  Thus,
it is mainly useful for distribution developers.
guix build @var{options} @var{package-or-derivation}@dots{}
@end example

As an example, the following command builds the latest versions of Emacs
and of Guile, displays their build logs, and finally displays the
resulting directories:
@example
@end example
Similarly, the following command builds all the available packages:
guix build --quiet --keep-going \
  `guix package -A | cut -f1,2 --output-delimiter=@@`
@var{package-or-derivation} may be either the name of a package found in
the software distribution such as @code{coreutils} or
@code{coreutils@@8.20}, or a derivation such as
@file{/gnu/store/@dots{}-coreutils-8.19.drv}.  In the former case, a
package with the corresponding name (and optionally version) is searched
for among the GNU distribution modules (@pxref{Package Modules}).
Alternatively, the @code{--expression} option may be used to specify a
Scheme expression that evaluates to a package; this is useful when
disambiguating among several same-named packages or package variants is
needed.
There may be zero or more @var{options}.  The available options are
described in the subsections below.
@menu
* Common Build Options::        Build options for most commands.
* Package Transformation Options::  Creating variants of packages.
* Additional Build Options::    Options specific to 'guix build'.
* Debugging Build Failures::    Real life packaging experience.
@end menu
@node Common Build Options
@subsection Common Build Options
A number of options that control the build process are common to
@command{guix build} and other commands that can spawn builds, such as
@command{guix package} or @command{guix archive}.  These are the
following:
@item --load-path=@var{directory}
@itemx -L @var{directory}
Add @var{directory} to the front of the package module search path
(@pxref{Package Modules}).
This allows users to define their own packages and make them visible to
the command-line tools.
@item --keep-failed
@itemx -K
Keep the build tree of failed builds.  Thus, if a build fails, its build
tree is kept under @file{/tmp}, in a directory whose name is shown at
the end of the build log.  This is useful when debugging build issues.
@xref{Debugging Build Failures}, for tips and tricks on how to debug
build issues.
This option implies @option{--no-offload}, and it has no effect when
connecting to a remote daemon with a @code{guix://} URI (@pxref{The
Store, the @code{GUIX_DAEMON_SOCKET} variable}).
@item --keep-going
@itemx -k
Keep going when some of the derivations fail to build; return only once
all the builds have either completed or failed.
The default behavior is to stop as soon as one of the specified
derivations has failed.
@item --dry-run
@itemx -n
Do not build the derivations.
@anchor{fallback-option}
@item --fallback
When substituting a pre-built binary fails, fall back to building
packages locally (@pxref{Substitution Failure}).
@item --substitute-urls=@var{urls}
@anchor{client-substitute-urls}
Consider @var{urls} the whitespace-separated list of substitute source
URLs, overriding the default list of URLs of @command{guix-daemon}
(@pxref{daemon-substitute-urls,, @command{guix-daemon} URLs}).
This means that substitutes may be downloaded from @var{urls}, provided
they are signed by a key authorized by the system administrator
(@pxref{Substitutes}).
When @var{urls} is the empty string, substitutes are effectively
disabled.
@item --no-substitutes
Do not use substitutes for build products.  That is, always build things
locally instead of allowing downloads of pre-built binaries
(@pxref{Substitutes}).
@item --no-grafts
Do not ``graft'' packages.  In practice, this means that package updates
available as grafts are not applied.  @xref{Security Updates}, for more
information on grafts.
@item --rounds=@var{n}
Build each derivation @var{n} times in a row, and raise an error if
consecutive build results are not bit-for-bit identical.
This is a useful way to detect non-deterministic builds processes.
Non-deterministic build processes are a problem because they make it
practically impossible for users to @emph{verify} whether third-party
binaries are genuine.  @xref{Invoking guix challenge}, for more.
Note that, currently, the differing build results are not kept around,
so you will have to manually investigate in case of an error---e.g., by
stashing one of the build results with @code{guix archive --export}
(@pxref{Invoking guix archive}), then rebuilding, and finally comparing
the two results.
@item --no-offload
Do not use offload builds to other machines (@pxref{Daemon Offload
Setup}).  That is, always build things locally instead of offloading
builds to remote machines.
@item --max-silent-time=@var{seconds}
When the build or substitution process remains silent for more than
@var{seconds}, terminate it and report a build failure.
By default, the daemon's setting is honored (@pxref{Invoking
guix-daemon, @code{--max-silent-time}}).
@item --timeout=@var{seconds}
Likewise, when the build or substitution process lasts for more than
@var{seconds}, terminate it and report a build failure.
By default, the daemon's setting is honored (@pxref{Invoking
guix-daemon, @code{--timeout}}).
@c Note: This option is actually not part of %standard-build-options but
@c most programs honor it.
@cindex verbosity, of the command-line tools
@cindex build logs, verbosity
@item -v @var{level}
@itemx --verbosity=@var{level}
Use the given verbosity @var{level}, an integer.  Choosing 0 means that no
output is produced, 1 is for quiet output, and 2 shows all the build log
output on standard error.
@item --cores=@var{n}
@itemx -c @var{n}
Allow the use of up to @var{n} CPU cores for the build.  The special
value @code{0} means to use as many CPU cores as available.
@item --max-jobs=@var{n}
@itemx -M @var{n}
Allow at most @var{n} build jobs in parallel.  @xref{Invoking
guix-daemon, @code{--max-jobs}}, for details about this option and the
equivalent @command{guix-daemon} option.
@item --debug=@var{level}
Produce debugging output coming from the build daemon.  @var{level} must be an
integer between 0 and 5; higher means more verbose output.  Setting a level of
4 or more may be helpful when debugging setup issues with the build daemon.
Behind the scenes, @command{guix build} is essentially an interface to
the @code{package-derivation} procedure of the @code{(guix packages)}
module, and to the @code{build-derivations} procedure of the @code{(guix
derivations)} module.
In addition to options explicitly passed on the command line,
@command{guix build} and other @command{guix} commands that support
building honor the @code{GUIX_BUILD_OPTIONS} environment variable.
@defvr {Environment Variable} GUIX_BUILD_OPTIONS
Users can define this variable to a list of command line options that
will automatically be used by @command{guix build} and other
@command{guix} commands that can perform builds, as in the example
below:
$ export GUIX_BUILD_OPTIONS="--no-substitutes -c 2 -L /foo/bar"
These options are parsed independently, and the result is appended to
the parsed command-line options.
@end defvr
@node Package Transformation Options
@subsection Package Transformation Options
@cindex package variants
Another set of command-line options supported by @command{guix build}
and also @command{guix package} are @dfn{package transformation
options}.  These are options that make it possible to define @dfn{package
variants}---for instance, packages built from different source code.
This is a convenient way to create customized packages on the fly
without having to type in the definitions of package variants
(@pxref{Defining Packages}).
@item --with-source=@var{source}
@itemx --with-source=@var{package}=@var{source}
@itemx --with-source=@var{package}@@@var{version}=@var{source}
Use @var{source} as the source of @var{package}, and @var{version} as
its version number.
@var{source} must be a file name or a URL, as for @command{guix
download} (@pxref{Invoking guix download}).
When @var{package} is omitted,
it is taken to be the package name specified on the
command line that matches the base of @var{source}---e.g.,
if @var{source} is @code{/src/guile-2.0.10.tar.gz}, the corresponding
package is @code{guile}.
Likewise, when @var{version} is omitted, the version string is inferred from
@var{source}; in the previous example, it is @code{2.0.10}.
This option allows users to try out versions of packages other than the
one provided by the distribution.  The example below downloads
@file{ed-1.7.tar.gz} from a GNU mirror and uses that as the source for
the @code{ed} package:
guix build ed --with-source=mirror://gnu/ed/ed-1.7.tar.gz
As a developer, @code{--with-source} makes it easy to test release
candidates:
guix build guile --with-source=../guile-2.0.9.219-e1bb7.tar.xz
@dots{} or to build from a checkout in a pristine environment:
$ git clone git://git.sv.gnu.org/guix.git
$ guix build guix --with-source=guix@@1.0=./guix
@item --with-input=@var{package}=@var{replacement}
Replace dependency on @var{package} by a dependency on
@var{replacement}.  @var{package} must be a package name, and
@var{replacement} must be a package specification such as @code{guile}
or @code{guile@@1.8}.
For instance, the following command builds Guix, but replaces its
dependency on the current stable version of Guile with a dependency on
the legacy version of Guile, @code{guile@@2.0}:
guix build --with-input=guile=guile@@2.0 guix
This is a recursive, deep replacement.  So in this example, both
@code{guix} and its dependency @code{guile-json} (which also depends on
@code{guile}) get rebuilt against @code{guile@@2.0}.
This is implemented using the @code{package-input-rewriting} Scheme
procedure (@pxref{Defining Packages, @code{package-input-rewriting}}).
@item --with-graft=@var{package}=@var{replacement}
This is similar to @code{--with-input} but with an important difference:
instead of rebuilding the whole dependency chain, @var{replacement} is
built and then @dfn{grafted} onto the binaries that were initially
referring to @var{package}.  @xref{Security Updates}, for more
information on grafts.

For example, the command below grafts version 3.5.4 of GnuTLS onto Wget
and all its dependencies, replacing references to the version of GnuTLS
they currently refer to:
guix build --with-graft=gnutls=gnutls@@3.5.4 wget
This has the advantage of being much faster than rebuilding everything.
But there is a caveat: it works if and only if @var{package} and
@var{replacement} are strictly compatible---for example, if they provide
a library, the application binary interface (ABI) of those libraries
must be compatible.  If @var{replacement} is somehow incompatible with
@var{package}, then the resulting package may be unusable.  Use with
care!
@item --with-git-url=@var{package}=@var{url}
@cindex Git, using the latest commit
@cindex latest commit, building
Build @var{package} from the latest commit of the @code{master} branch of the
Git repository at @var{url}.  Git sub-modules of the repository are fetched,
recursively.
For example, the following command builds the NumPy Python library against the
latest commit of the master branch of Python itself:
guix build python-numpy \
  --with-git-url=python=https://github.com/python/cpython
This option can also be combined with @code{--with-branch} or
@code{--with-commit} (see below).

@cindex continuous integration
Obviously, since it uses the latest commit of the given branch, the result of
such a command varies over time.  Nevertheless it is a convenient way to
rebuild entire software stacks against the latest commit of one or more
packages.  This is particularly useful in the context of continuous
integration (CI).
Checkouts are kept in a cache under @file{~/.cache/guix/checkouts} to speed up
consecutive accesses to the same repository.  You may want to clean it up once
in a while to save disk space.
@item --with-branch=@var{package}=@var{branch}
Build @var{package} from the latest commit of @var{branch}.  If the
@code{source} field of @var{package} is an origin with the @code{git-fetch}
method (@pxref{origin Reference}) or a @code{git-checkout} object, the
repository URL is taken from that @code{source}.  Otherwise you have to use
@code{--with-git-url} to specify the URL of the Git repository.

For instance, the following command builds @code{guile-sqlite3} from the
latest commit of its @code{master} branch, and then builds @code{guix} (which
depends on it) and @code{cuirass} (which depends on @code{guix}) against this
specific @code{guile-sqlite3} build:

@example
guix build --with-branch=guile-sqlite3=master cuirass
@end example

@item --with-commit=@var{package}=@var{commit}
This is similar to @code{--with-branch}, except that it builds from
@var{commit} rather than the tip of a branch.  @var{commit} must be a valid
Git commit SHA1 identifier or a tag.
@node Additional Build Options
@subsection Additional Build Options
The command-line options presented below are specific to @command{guix
build}.
@table @code
@item --quiet
@itemx -q
Build quietly, without displaying the build log; this is equivalent to
@code{--verbosity=0}.  Upon completion, the build log is kept in @file{/var}
(or similar) and can always be retrieved using the @option{--log-file} option.
@item --file=@var{file}
@itemx -f @var{file}
Build the package, derivation, or other file-like object that the code within
@var{file} evaluates to (@pxref{G-Expressions, file-like objects}).
As an example, @var{file} might contain a package definition like this
(@pxref{Defining Packages}):
@include package-hello.scm
@item --expression=@var{expr}
@itemx -e @var{expr}
Build the package or derivation @var{expr} evaluates to.
For example, @var{expr} may be @code{(@@ (gnu packages guile)
guile-1.8)}, which unambiguously designates this specific variant of
version 1.8 of Guile.
Alternatively, @var{expr} may be a G-expression, in which case it is used
as a build program passed to @code{gexp->derivation}
(@pxref{G-Expressions}).
Lastly, @var{expr} may refer to a zero-argument monadic procedure
(@pxref{The Store Monad}).  The procedure must return a derivation as a
monadic value, which is then passed through @code{run-with-store}.
@item --source
@itemx -S
Build the source derivations of the packages, rather than the packages
themselves.
For instance, @code{guix build -S gcc} returns something like
@file{/gnu/store/@dots{}-gcc-4.7.2.tar.bz2}, which is the GCC
source tarball.
The returned source tarball is the result of applying any patches and
code snippets specified in the package @code{origin} (@pxref{Defining
Packages}).
Note that @command{guix build -S} compiles the sources only of the
specified packages.  They do not include the sources of statically
linked dependencies and by themselves are insufficient for reproducing
the packages.

@item --sources
Fetch and return the source of @var{package-or-derivation} and all their
dependencies, recursively.  This is a handy way to obtain a local copy
of all the source code needed to build @var{packages}, allowing you to
eventually build them even without network access.  It is an extension
of the @code{--source} option and can accept one of the following
optional argument values:
@item package
This value causes the @code{--sources} option to behave in the same way
as the @code{--source} option.
@item all
Build the source derivations of all packages, including any source that
might be listed as @code{inputs}.  This is the default value.
$ guix build --sources tzdata
The following derivations will be built:
   /gnu/store/@dots{}-tzdata2015b.tar.gz.drv
   /gnu/store/@dots{}-tzcode2015b.tar.gz.drv
@item transitive
Build the source derivations of all packages, as well of all transitive
inputs to the packages.  This can be used e.g.@: to
prefetch package source for later offline building.
$ guix build --sources=transitive tzdata
The following derivations will be built:
   /gnu/store/@dots{}-tzcode2015b.tar.gz.drv
   /gnu/store/@dots{}-findutils-4.4.2.tar.xz.drv
   /gnu/store/@dots{}-grep-2.21.tar.xz.drv
   /gnu/store/@dots{}-coreutils-8.23.tar.xz.drv
   /gnu/store/@dots{}-make-4.1.tar.xz.drv
   /gnu/store/@dots{}-bash-4.3.tar.xz.drv
@dots{}
@item --system=@var{system}
@itemx -s @var{system}
Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of
the system type of the build host.  The @command{guix build} command allows
you to repeat this option several times, in which case it builds for all the
specified systems; other commands ignore extraneous @option{-s} options.
@quotation Note
The @code{--system} flag is for @emph{native} compilation and must not
be confused with cross-compilation.  See @code{--target} below for
information on cross-compilation.
@end quotation
An example use of this is on Linux-based systems, which can emulate
different personalities.  For instance, passing
@code{--system=i686-linux} on an @code{x86_64-linux} system or
@code{--system=armhf-linux} on an @code{aarch64-linux} system allows you
to build packages in a complete 32-bit environment.
@quotation Note
Building for an @code{armhf-linux} system is unconditionally enabled on
@code{aarch64-linux} machines, although certain aarch64 chipsets do not
allow for this functionality, notably the ThunderX.
@end quotation
Similarly, when transparent emulation with QEMU and @code{binfmt_misc}
is enabled (@pxref{Virtualization Services,
@code{qemu-binfmt-service-type}}), you can build for any system for
which a QEMU @code{binfmt_misc} handler is installed.
Builds for a system other than that of the machine you are using can
also be offloaded to a remote machine of the right architecture.
@xref{Daemon Offload Setup}, for more information on offloading.
@item --target=@var{triplet}
@cindex cross-compilation
Cross-build for @var{triplet}, which must be a valid GNU triplet, such
as @code{"mips64el-linux-gnu"} (@pxref{Specifying Target Triplets, GNU
configuration triplets,, autoconf, Autoconf}).
@anchor{build-check}
@item --check
@cindex determinism, checking
@cindex reproducibility, checking
Rebuild @var{package-or-derivation}, which are already available in the
store, and raise an error if the build results are not bit-for-bit
identical.
This mechanism allows you to check whether previously installed
substitutes are genuine (@pxref{Substitutes}), or whether the build result
of a package is deterministic.  @xref{Invoking guix challenge}, for more
background information and tools.
When used in conjunction with @option{--keep-failed}, the differing
output is kept in the store, under @file{/gnu/store/@dots{}-check}.
This makes it easy to look for differences between the two results.
@item --repair
@cindex repairing store items
@cindex corruption, recovering from
Attempt to repair the specified store items, if they are corrupt, by
re-downloading or rebuilding them.
This operation is not atomic and thus restricted to @code{root}.
@item --derivations
@itemx -d
Return the derivation paths, not the output paths, of the given
packages.
@item --root=@var{file}
@itemx -r @var{file}
@cindex GC roots, adding
@cindex garbage collector roots, adding
Make @var{file} a symlink to the result, and register it as a garbage
collector root.
Consequently, the results of this @command{guix build} invocation are
protected from garbage collection until @var{file} is removed.  When
that option is omitted, build results are eligible for garbage
collection as soon as the build completes.  @xref{Invoking guix gc}, for
more on GC roots.
@item --log-file
@cindex build logs, access
Return the build log file names or URLs for the given
@var{package-or-derivation}, or raise an error if build logs are
missing.
This works regardless of how packages or derivations are specified.  For
instance, the following invocations are equivalent:
guix build --log-file `guix build -d guile`
guix build --log-file `guix build guile`
guix build --log-file guile
guix build --log-file -e '(@@ (gnu packages guile) guile-2.0)'
If a log is unavailable locally, and unless @code{--no-substitutes} is
passed, the command looks for a corresponding log on one of the
substitute servers (as specified with @code{--substitute-urls}.)
So for instance, imagine you want to see the build log of GDB on MIPS,
but you are actually on an @code{x86_64} machine:
$ guix build --log-file gdb -s mips64el-linux
https://@value{SUBSTITUTE-SERVER}/log/@dots{}-gdb-7.10
You can freely access a huge library of build logs!
@node Debugging Build Failures
@subsection Debugging Build Failures
@cindex build failures, debugging
When defining a new package (@pxref{Defining Packages}), you will
probably find yourself spending some time debugging and tweaking the
build until it succeeds.  To do that, you need to operate the build
commands yourself in an environment as close as possible to the one the
build daemon uses.
To that end, the first thing to do is to use the @option{--keep-failed}
or @option{-K} option of @command{guix build}, which will keep the
failed build tree in @file{/tmp} or whatever directory you specified as
@code{TMPDIR} (@pxref{Invoking guix build, @code{--keep-failed}}).
From there on, you can @command{cd} to the failed build tree and source
the @file{environment-variables} file, which contains all the
environment variable definitions that were in place when the build
failed.  So let's say you're debugging a build failure in package
@code{foo}; a typical session would look like this:
Cyril Roelandt's avatar
Cyril Roelandt committed

@example
$ guix build foo -K
@dots{} @i{build fails}
$ cd /tmp/guix-build-foo.drv-0
$ source ./environment-variables
$ cd foo-1.2
Cyril Roelandt's avatar
Cyril Roelandt committed
@end example

Now, you can invoke commands as if you were the daemon (almost) and
troubleshoot your build process.
Sometimes it happens that, for example, a package's tests pass when you
run them manually but they fail when the daemon runs them.  This can
happen because the daemon runs builds in containers where, unlike in our
environment above, network access is missing, @file{/bin/sh} does not
exist, etc. (@pxref{Build Environment Setup}).
In such cases, you may need to run inspect the build process from within
a container similar to the one the build daemon creates:
$ guix build -K foo
@dots{}
$ cd /tmp/guix-build-foo.drv-0
$ guix environment --no-grafts -C foo --ad-hoc strace gdb
[env]# source ./environment-variables
[env]# cd foo-1.2
Here, @command{guix environment -C} creates a container and spawns a new
shell in it (@pxref{Invoking guix environment}).  The @command{--ad-hoc
strace gdb} part adds the @command{strace} and @command{gdb} commands to
the container, which would may find handy while debugging.  The
@option{--no-grafts} option makes sure we get the exact same
environment, with ungrafted packages (@pxref{Security Updates}, for more
info on grafts).
To get closer to a container like that used by the build daemon, we can
remove @file{/bin/sh}:
Ludovic Courtès's avatar
Ludovic Courtès committed

@example
Ludovic Courtès's avatar
Ludovic Courtès committed
@end example

(Don't worry, this is harmless: this is all happening in the throw-away
container created by @command{guix environment}.)
The @command{strace} command is probably not in the search path, but we
can run:
Ludovic Courtès's avatar
Ludovic Courtès committed

@example
[env]# $GUIX_ENVIRONMENT/bin/strace -f -o log make check
Ludovic Courtès's avatar
Ludovic Courtès committed
@end example

In this way, not only you will have reproduced the environment variables
the daemon uses, you will also be running the build process in a container
similar to the one the daemon uses.
@node Invoking guix edit
@section Invoking @command{guix edit}
@cindex @command{guix edit}
@cindex package definition, editing
So many packages, so many source files!  The @command{guix edit} command
facilitates the life of users and packagers by pointing their editor at
the source file containing the definition of the specified packages.
For instance:
@end example

@noindent
launches the program specified in the @code{VISUAL} or in the
@code{EDITOR} environment variable to view the recipe of GCC@tie{}4.9.3
and that of Vim.
If you are using a Guix Git checkout (@pxref{Building from Git}), or
have created your own packages on @code{GUIX_PACKAGE_PATH}
(@pxref{Package Modules}), you will be able to edit the package
recipes.  In other cases, you will be able to examine the read-only recipes
for packages currently in the store.
@node Invoking guix download
@section Invoking @command{guix download}
@cindex @command{guix download}
@cindex downloading package sources
When writing a package definition, developers typically need to download
a source tarball, compute its SHA256 hash, and write that
hash in the package definition (@pxref{Defining Packages}).  The
@command{guix download} tool helps with this task: it downloads a file
from the given URI, adds it to the store, and prints both its file name
in the store and its SHA256 hash.
The fact that the downloaded file is added to the store saves bandwidth:
when the developer eventually tries to build the newly defined package
with @command{guix build}, the source tarball will not have to be
downloaded again because it is already in the store.  It is also a
convenient way to temporarily stash files, which may be deleted
eventually (@pxref{Invoking guix gc}).
The @command{guix download} command supports the same URIs as used in
package definitions.  In particular, it supports @code{mirror://} URIs.
@code{https} URIs (HTTP over TLS) are supported @emph{provided} the
Guile bindings for GnuTLS are available in the user's environment; when
they are not available, an error is raised.  @xref{Guile Preparations,
how to install the GnuTLS bindings for Guile,, gnutls-guile,
GnuTLS-Guile}, for more information.
@command{guix download} verifies HTTPS server certificates by loading
the certificates of X.509 authorities from the directory pointed to by
the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
Certificates}), unless @option{--no-check-certificate} is used.
The following options are available:
@table @code
@item --format=@var{fmt}
@itemx -f @var{fmt}
Write the hash in the format specified by @var{fmt}.  For more
information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
@item --no-check-certificate
Do not validate the X.509 certificates of HTTPS servers.
When using this option, you have @emph{absolutely no guarantee} that you
are communicating with the authentic server responsible for the given
URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
@item --output=@var{file}
@itemx -o @var{file}
Save the downloaded file to @var{file} instead of adding it to the
store.
Ludovic Courtès's avatar
Ludovic Courtès committed
@end table

@node Invoking guix hash
@section Invoking @command{guix hash}

@cindex @command{guix hash}
The @command{guix hash} command computes the SHA256 hash of a file.
It is primarily a convenience tool for anyone contributing to the
distribution: it computes the cryptographic hash of a file, which can be
used in the definition of a package (@pxref{Defining Packages}).
The general syntax is:
Ludovic Courtès's avatar
Ludovic Courtès committed

@example
guix hash @var{option} @var{file}
Ludovic Courtès's avatar
Ludovic Courtès committed
@end example

When @var{file} is @code{-} (a hyphen), @command{guix hash} computes the
hash of data read from standard input.  @command{guix hash} has the
following options:
Cyril Roelandt's avatar
Cyril Roelandt committed
@table @code
@item --format=@var{fmt}
@itemx -f @var{fmt}
Write the hash in the format specified by @var{fmt}.
Supported formats: @code{nix-base32}, @code{base32}, @code{base16}
(@code{hex} and @code{hexadecimal} can be used as well).
If the @option{--format} option is not specified, @command{guix hash}
will output the hash in @code{nix-base32}.  This representation is used
in the definitions of packages.
@item --recursive
@itemx -r
Compute the hash on @var{file} recursively.
In this case, the hash is computed on an archive containing @var{file},
including its children if it is a directory.  Some of the metadata of
@var{file} is part of the archive; for instance, when @var{file} is a
regular file, the hash is different depending on whether @var{file} is
executable or not.  Metadata such as time stamps has no impact on the
hash (@pxref{Invoking guix archive}).
@c FIXME: Replace xref above with xref to an ``Archive'' section when
@c it exists.
@item --exclude-vcs
@itemx -x
When combined with @option{--recursive}, exclude version control system
directories (@file{.bzr}, @file{.git}, @file{.hg}, etc.)
@vindex git-fetch
As an example, here is how you would compute the hash of a Git checkout,
which is useful when using the @code{git-fetch} method (@pxref{origin
Reference}):
$ git clone http://example.org/foo.git
$ cd foo
$ guix hash -rx .
@node Invoking guix import
@section Invoking @command{guix import}
@cindex importing packages
@cindex package import
@cindex package conversion
@cindex Invoking @command{guix import}
The @command{guix import} command is useful for people who would like to
add a package to the distribution with as little work as
possible---a legitimate demand.  The command knows of a few
repositories from which it can ``import'' package metadata.  The result
is a package definition, or a template thereof, in the format we know
(@pxref{Defining Packages}).
Ludovic Courtès's avatar
Ludovic Courtès committed

@example
guix import @var{importer} @var{options}@dots{}
Ludovic Courtès's avatar
Ludovic Courtès committed
@end example

@var{importer} specifies the source from which to import package
metadata, and @var{options} specifies a package identifier and other
options specific to @var{importer}.

Some of the importers rely on the ability to run the @command{gpgv} command.
For these, GnuPG must be installed and in @code{$PATH}; run @code{guix install
gnupg} if needed.

Currently, the available ``importers'' are:
@table @code
@item gnu
Import metadata for the given GNU package.  This provides a template
for the latest version of that GNU package, including the hash of its
source tarball, and its canonical synopsis and description.
Additional information such as the package dependencies and its
license needs to be figured out manually.
For example, the following command returns a package definition for
GNU@tie{}Hello:
@example
guix import gnu hello
@end example
Specific command-line options are:
@table @code
@item --key-download=@var{policy}
As for @code{guix refresh}, specify the policy to handle missing OpenPGP
keys when verifying the package signature.  @xref{Invoking guix
refresh, @code{--key-download}}.
@end table
@item pypi
@cindex pypi
Import metadata from the @uref{https://pypi.python.org/, Python Package
Index}.  Information is taken from the JSON-formatted description
available at @code{pypi.python.org} and usually includes all the relevant
information, including package dependencies.  For maximum efficiency, it
is recommended to install the @command{unzip} utility, so that the
importer can unzip Python wheels and gather data from them.
The command below imports metadata for the @code{itsdangerous} Python
package:
@table @code
@item --recursive
@itemx -r
Traverse the dependency graph of the given upstream package recursively
and generate package expressions for all those packages that are not yet
in Guix.
Ludovic Courtès's avatar
Ludovic Courtès committed
@end table

@item gem
@cindex gem
Import metadata from @uref{https://rubygems.org/, RubyGems}.  Information
is taken from the JSON-formatted description available at
@code{rubygems.org} and includes most relevant information, including
runtime dependencies.  There are some caveats, however.  The metadata
doesn't distinguish between synopses and descriptions, so the same string
is used for both fields.  Additionally, the details of non-Ruby
dependencies required to build native extensions is unavailable and left
as an exercise to the packager.
The command below imports metadata for the @code{rails} Ruby package:
@end example
Ludovic Courtès's avatar
Ludovic Courtès committed

@table @code
@item --recursive
@itemx -r
Traverse the dependency graph of the given upstream package recursively
and generate package expressions for all those packages that are not yet
in Guix.
@end table
@item cpan
@cindex CPAN
Import metadata from @uref{https://www.metacpan.org/, MetaCPAN}.
Information is taken from the JSON-formatted metadata provided through
@uref{https://fastapi.metacpan.org/, MetaCPAN's API} and includes most
relevant information, such as module dependencies.  License information
should be checked closely.  If Perl is available in the store, then the
@code{corelist} utility will be used to filter core modules out of the
list of dependencies.
The command command below imports metadata for the @code{Acme::Boolean}
Perl module:
guix import cpan Acme::Boolean
@item cran
@cindex CRAN
@cindex Bioconductor
Import metadata from @uref{https://cran.r-project.org/, CRAN}, the
Marius Bakke's avatar
Marius Bakke committed
central repository for the @uref{https://r-project.org, GNU@tie{}R
statistical and graphical environment}.
Information is extracted from the @code{DESCRIPTION} file of the package.
The command command below imports metadata for the @code{Cairo}
R package:
When @code{--recursive} is added, the importer will traverse the
dependency graph of the given upstream package recursively and generate
package expressions for all those packages that are not yet in Guix.
When @code{--archive=bioconductor} is added, metadata is imported from
@uref{https://www.bioconductor.org/, Bioconductor}, a repository of R
packages for for the analysis and comprehension of high-throughput
genomic data in bioinformatics.
Information is extracted from the @code{DESCRIPTION} file contained in the
package archive.
The command below imports metadata for the @code{GenomicRanges}
R package:
Ludovic Courtès's avatar
Ludovic Courtès committed
@example
guix import cran --archive=bioconductor GenomicRanges
Ludovic Courtès's avatar
Ludovic Courtès committed
@end example
Finally, you can also import R packages that have not yet been published on
CRAN or Bioconductor as long as they are in a git repository.  Use
@code{--archive=git} followed by the URL of the git repository:

@example
guix import cran --archive=git https://github.com/immunogenomics/harmony
@end example

@item texlive
@cindex TeX Live
@cindex CTAN
Marius Bakke's avatar
Marius Bakke committed
Import metadata from @uref{https://www.ctan.org/, CTAN}, the
comprehensive TeX archive network for TeX packages that are part of the
@uref{https://www.tug.org/texlive/, TeX Live distribution}.
Information about the package is obtained through the XML API provided
by CTAN, while the source code is downloaded from the SVN repository of
the Tex Live project.  This is done because the CTAN does not keep
versioned archives.