https://guix.gnu.org/feeds/blog/desktop-environments.atomGNU Guix — Blog — Desktop environmentsfeed author nameGNU Guixhttps://guix.gnu.org/static/base/img/icon.png2020-08-14T21:45:03Zhttps://guix.gnu.org/blog/2018/customize-guixsd-use-stock-ssh-agent-everywhere/Customize GuixSD: Use Stock SSH Agent Everywhere!Chris Marusich2018-05-26T17:00:00Z2018-05-26T17:00:00Z I frequently use SSH. Since I don't like typing my password all the
time, I use an SSH agent. Originally I used the GNOME Keyring as my
SSH agent, but recently I've switched to using the ssh-agent from
OpenSSH. I accomplished this by doing the following two things: Replace the default GNOME Keyring with a custom-built version that
disables the SSH agent feature. Start my desktop session with OpenSSH's ssh-agent so that it's
always available to any applications in my desktop session. Below, I'll show you in…<p>I frequently use SSH. Since I don't like typing my password all the
time, I use an SSH agent. Originally I used the GNOME Keyring as my
SSH agent, but recently I've switched to using the <code>ssh-agent</code> from
OpenSSH. I accomplished this by doing the following two things:</p><ul><li><p>Replace the default GNOME Keyring with a custom-built version that
disables the SSH agent feature.</p></li><li><p>Start my desktop session with OpenSSH's <code>ssh-agent</code> so that it's
always available to any applications in my desktop session.</p></li></ul><p>Below, I'll show you in detail how I did this. In addition to being
useful for anyone who wants to use OpenSSH's <code>ssh-agent</code> in GuixSD, I
hope this example will help to illustrate how GuixSD enables you to
customize your entire system to be just the way you want it!</p><h1>The Problem: GNOME Keyring Can't Handle My SSH Keys</h1><p>On GuixSD, I like to use the <a href="https://www.gnome.org">GNOME desktop
environment</a>. GNOME is just one of <a href="https://www.gnu.org/software/guix/manual/en/html_node/Desktop-Services.html">the
various desktop environments that GuixSD
supports</a>.
By default, the GNOME desktop environment on GuixSD comes with a lot
of goodies, including the <a href="https://wiki.gnome.org/Projects/GnomeKeyring">GNOME
Keyring</a>, which is
GNOME's integrated solution for securely storing secrets, passwords,
keys, and certificates.</p><p>The GNOME Keyring has many useful features. One of those is <a href="https://wiki.gnome.org/Projects/GnomeKeyring/Ssh">its SSH
Agent feature</a>.
This feature allows you to use the GNOME Keyring as an SSH agent.
This means that when you invoke a command like <code>ssh-add</code>, it will add
the private key identities to the GNOME Keyring. Usually this is
quite convenient, since it means that GNOME users basically get an SSH
agent for free!</p><p>Unfortunately, up until <a href="https://www.gnome.org/news/2018/03/gnome-3-28-released/">GNOME 3.28 (the current
release)</a>,
the GNOME Keyring's SSH agent implementation was not as complete as
the stock SSH agent from OpenSSH. As a result, <a href="https://bugzilla.gnome.org/show_bug.cgi?id=775981">earlier versions of
GNOME Keyring did not support many use
cases</a>. This was a
problem for me, since GNOME Keyring couldn't read my modern SSH keys.
To make matters worse, by design the SSH agent for GNOME Keyring and
OpenSSH both use the same environment variables (e.g.,
<code>SSH_AUTH_SOCK</code>). This makes it difficult to use OpenSSH's
<code>ssh-agent</code> everywhere within my GNOME desktop environment.</p><p>Happily, starting with GNOME 3.28, <a href="https://bugzilla.gnome.org/show_bug.cgi?id=775981">GNOME Keyring delegates all SSH
agent functionality to the stock SSH agent from
OpenSSH</a>. They
have removed their custom implementation entirely. This means that
today, I could solve my problem simply by using the most recent
version of GNOME Keyring. I'll probably do just that when the new
release gets included in Guix. However, when I first encountered this
problem, GNOME 3.28 hadn't been released yet, so the only option
available to me was to customize GNOME Keyring or remove it entirely.</p><p>In any case, I'm going to show you how I solved this problem by
modifying the default GNOME Keyring from the Guix package collection.
The same ideas can be used to customize any package, so hopefully it
will be a useful example. And what if you don't use GNOME, but you do
want to use OpenSSH's <code>ssh-agent</code>? In that case, you may still need
to customize your GuixSD system a little bit. Let me show you how!</p><h1>The Solution: <code>~/.xsession</code> and a Custom GNOME Keyring</h1><p>The goal is to make OpenSSH's <code>ssh-agent</code> available everywhere when we
log into our GNOME desktop session. First, we must arrange for
<code>ssh-agent</code> to be running whenever we're logged in.</p><p>There are many ways to accomplish this. For example, I've seen people
implement shell code in their shell's start-up files which basically
manages their own <code>ssh-agent</code> process. However, I prefer to just
start <code>ssh-agent</code> once and not clutter up my shell's start-up files
with unnecessary code. So that's what we're going to do!</p><h1>Launch OpenSSH's <code>ssh-agent</code> in Your <code>~/.xsession</code></h1><p>By default, GuixSD uses the <a href="https://sourceforge.net/projects/slim.berlios">SLiM desktop
manager</a>. When you log
in, SLiM presents you with a menu of so-called "desktop sessions",
which correspond to the desktop environments you've declared in your
<a href="https://www.gnu.org/software/guix/manual/en/html_node/operating_002dsystem-Reference.html">operating system
declaration</a>.
For example, if you've added the
<a href="https://www.gnu.org/software/guix/manual/en/html_node/Desktop-Services.html">gnome-desktop-service</a>
to your operating system declaration, then you'll see an option for
GNOME at the SLiM login screen.</p><p>You can further customize your desktop session with the <code>~/.xsession</code>
file. The contract for this file in GuixSD is the same as it is for
many GNU/Linux distributions: <a href="https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/xorg.scm?id=263c9941a1e523b360ca9f42d1ed6b11e6e6e285#n392">if it exists, then it will be
executed</a>.
The arguments passed to it will be the command line invocation that
would normally be executed to start the desktop session that you
selected from the SLiM login screen. Your <code>~/.xsession</code> is expected
to do whatever is necessary to customize and then start the specified
desktop environment. For example, when you select GNOME from the SLiM
login screen, your <code>~/.xsession</code> file will basically be executed like
this (for the exact execution mechanism, please refer to the source
code linked above):</p><pre><code class="language-shell">$ ~/.xsession gnome-session</code></pre><p>The upshot of all this is that the <code>~/.xsession</code> is an <em>ideal</em> place
to set up your SSH agent! If you start an SSH agent in your
<code>~/.xsession</code> file, you can have the SSH agent available everywhere,
automatically! Check it out: Put this into your <code>~/.xsession</code> file,
and make the file executable:</p><pre><code class="language-shell">#!/run/current-system/profile/bin/bash
exec ssh-agent "$@"</code></pre><p>When you invoke <code>ssh-agent</code> in this way, it executes the specified
program in an environment where commands like <code>ssh-add</code> just work. It
does this by setting environment variables such as <code>SSH_AUTH_SOCK</code>,
which programs like <code>ssh-add</code> find and use automatically. Because
GuixSD allows you to customize your desktop session like this, you can
use any SSH agent you want in any desktop environments that you want,
automatically!</p><p>Of course, if you're using GNOME Keyring version 3.27 or earlier (like
I was), then this isn't quite enough. In that case, the SSH agent
feature of GNOME Keyring will override the environment variables set
by OpenSSH's <code>ssh-agent</code>, so commands like <code>ssh-add</code> will wind up
communicating with the GNOME Keyring instead of the <code>ssh-agent</code> you
launched in your <code>~/.xsession</code>. This is bad because, as previously
mentioned, GNOME Keyring version 3.27 or earlier doesn't support as
many uses cases as OpenSSH's <code>ssh-agent</code>.</p><p>How can we work around this problem?</p><h1>Customize the GNOME Keyring</h1><p>One heavy-handed solution would be to remove GNOME Keyring entirely.
That would work, but then you would lose out on all the other great
features that it has to offer. Surely we can do better!</p><p>The GNOME Keyring documentation
<a href="https://wiki.gnome.org/Projects/GnomeKeyring/Ssh">explains</a> that one
way to disable the SSH agent feature is to include the
<code>--disable-ssh-agent</code> configure flag when building it. Thankfully,
Guix provides some ways to customize software in <em>exactly</em> this way!</p><p>Conceptually, we "just" have to do the following two things:</p><ul><li><p>Customize the existing <code>gnome-keyring</code> package.</p></li><li><p>Make the <code>gnome-desktop-service</code> use our custom <code>gnome-keyring</code>
package.</p></li></ul><h1>Create a Custom GNOME Keyring Package</h1><p>Let's begin by defining a custom <code>gnome-keyring</code> package, which we'll
call <code>gnome-keyring-sans-ssh-agent</code>. With Guix, we can do this in
less than ten lines of code:</p><pre><code class="language-scheme">(define-public gnome-keyring-sans-ssh-agent
(package
(inherit gnome-keyring)
(name "gnome-keyring-sans-ssh-agent")
(arguments
(substitute-keyword-arguments
(package-arguments gnome-keyring)
((#:configure-flags flags)
`(cons "--disable-ssh-agent" ,flags))))))</code></pre><p>Don't worry if some of that code is unclear at first. I'll clarify it
now!</p><p>In Guix, a <code><package></code> record like the one above is defined by a macro
called <code>define-record-type*</code> (<a href="https://git.savannah.gnu.org/cgit/guix.git/tree/guix/records.scm?id=263c9941a1e523b360ca9f42d1ed6b11e6e6e285#n178">defined in the file guix/records.scm in
the Guix
source</a>).
It's similar to an <a href="https://www.gnu.org/software/guile/manual/en/html_node/SRFI_002d9-Records.html#SRFI_002d9-Records">SRFI-9
record</a>.
The <code>inherit</code> feature of this macro is very useful: it creates a new
copy of an existing record, overriding specific fields in the new copy
as needed.</p><p>In the above, we define <code>gnome-keyring-sans-ssh-agent</code> to be a copy of
the <code>gnome-keyring</code> package, and we use <code>inherit</code> to change the <code>name</code>
and <code>arguments</code> fields in that new copy. We also use the
<code>substitute-keyword-arguments</code> macro (<a href="https://git.savannah.gnu.org/cgit/guix.git/tree/guix/utils.scm?id=263c9941a1e523b360ca9f42d1ed6b11e6e6e285#n345">defined in the file
guix/utils.scm in the Guix
source</a>)
to add <code>--disable-ssh-agent</code> to the list of <a href="https://www.gnu.org/software/guix/manual/en/html_node/Build-Systems.html">configure
flags</a>
defined in the <code>gnome-keyring</code> package. The effect of this is to
define a new GNOME Keyring package that is built exactly the same as
the original, but in which the SSH agent is disabled.</p><p>I'll admit this code may seem a little opaque at first, but all code
does when you first learn it. Once you get the hang of things, you
can customize packages any way you can imagine. If you want to learn
more, you should read the docstrings for the <code>define-record-type*</code> and
<code>substitute-keyword-arguments</code> macros in the Guix source code. It's
also very helpful to <code>grep</code> the source code to see examples of how
these macros are used in practice. For example:</p><pre><code class="language-shell">$ # Search the currently installed Guix for the current user.
$ grep -r substitute-keyword-arguments ~/.config/guix/latest
$ # Search the Guix Git repository, assuming you've checked it out here.
$ grep -r substitute-keyword-arguments ~/guix</code></pre><h1>Use the Custom GNOME Keyring Package</h1><p>OK, we've created our own custom GNOME Keyring package. Great! Now,
how do we use it?</p><p>In GuixSD, the GNOME desktop environment is treated as a <a href="https://www.gnu.org/software/guix/manual/en/html_node/Services.html">system
service</a>. To
make GNOME use our custom GNOME Keyring package, we must somehow
customize the <code>gnome-desktop-service</code> (<a href="https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/desktop.scm?id=263c9941a1e523b360ca9f42d1ed6b11e6e6e285#n795">defined in the file
gnu/services/desktop.scm</a>)
to use our custom package. How do we customize a service? Generally,
the answer depends on the service. Thankfully, many of GuixSD's
services, including the <code>gnome-desktop-service</code>, follow a similar
pattern. In this case, we "just" need to pass a custom
<code><gnome-desktop-configuration></code> record to the <code>gnome-desktop-service</code>
procedure in our operating system declaration, like this:</p><pre><code class="language-scheme">(operating-system
...
(services (cons*
(gnome-desktop-service
#:config my-gnome-desktop-configuration)
%desktop-services)))</code></pre><p>Here, the <code>cons*</code> procedure just adds the GNOME desktop service to the
<code>%desktop-services</code> list, returning the new list. For details, please
refer to <a href="https://www.gnu.org/software/guile/manual/en/html_node/List-Constructors.html#index-cons_002a">the Guile
manual</a>.</p><p>Now the question is: what should <code>my-gnome-desktop-configuration</code> be?
Well, if we examine <a href="https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/desktop.scm?id=263c9941a1e523b360ca9f42d1ed6b11e6e6e285#n799">the definition of this record type in the Guix
source</a>,
we see the following:</p><pre><code class="language-scheme">(define-record-type* <gnome-desktop-configuration> gnome-desktop-configuration
make-gnome-desktop-configuration
gnome-desktop-configuration
(gnome-package gnome-package (default gnome)))</code></pre><p>The <code>gnome</code> package referenced here is a "meta" package: it exists
only to aggregate many GNOME packages together, including
<code>gnome-keyring</code>. To see <a href="https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/gnome.scm?id=263c9941a1e523b360ca9f42d1ed6b11e6e6e285#n5977">its
definition</a>,
we can simply invoke <code>guix edit gnome</code>, which <a href="https://www.gnu.org/software/guix/manual/en/html_node/Invoking-guix-edit.html#Invoking-guix-edit">opens the file where
the package is
defined</a>:</p><pre><code class="language-scheme">(define-public gnome
(package
(name "gnome")
(version (package-version gnome-shell))
(source #f)
(build-system trivial-build-system)
(arguments '(#:builder (mkdir %output)))
(propagated-inputs
;; TODO: Add more packages according to:
;; <https://packages.debian.org/jessie/gnome-core>.
`(("adwaita-icon-theme" ,adwaita-icon-theme)
("baobab" ,baobab)
("font-cantarell" ,font-cantarell)
[... many packages omitted for brevity ...]
("gnome-keyring" ,gnome-keyring)
[... many packages omitted for brevity ...]
(synopsis "The GNU desktop environment")
(home-page "https://www.gnome.org/")
(description
"GNOME is the graphical desktop for GNU. It includes a wide variety of
applications for browsing the web, editing text and images, creating
documents and diagrams, playing media, scanning, and much more.")
(license license:gpl2+)))</code></pre><p>Apart from being a little long, this is <a href="https://www.gnu.org/software/guix/manual/en/html_node/Defining-Packages.html#Defining-Packages">just a normal package
definition</a>.
We can see that <code>gnome-keyring</code> is included in the list of
<code>propagated-inputs</code>. So, we need to create a replacement for the
<code>gnome</code> package that uses our <code>gnome-keyring-sans-ssh-agent</code> instead
of <code>gnome-keyring</code>. The following package definition accomplishes
that:</p><pre><code class="language-scheme">(define-public gnome-sans-ssh-agent
(package
(inherit gnome)
(name "gnome-sans-ssh-agent")
(propagated-inputs
(map (match-lambda
((name package)
(if (equal? name "gnome-keyring")
(list name gnome-keyring-sans-ssh-agent)
(list name package))))
(package-propagated-inputs gnome)))))</code></pre><p>As before, we use <code>inherit</code> to create a new copy of the <code>gnome</code>
package that overrides the original <code>name</code> and <code>propagated-inputs</code>
fields. Since Guix packages are just defined using good old scheme,
we can use existing language features like
<a href="https://www.gnu.org/software/guile/manual/en/html_node/List-Mapping.html#index-map"><code>map</code></a>
and
<a href="https://www.gnu.org/software/guile/manual/en/html_node/Pattern-Matching.html#Pattern-Matching"><code>match-lambda</code></a>
to manipulate the list of propagated inputs. The effect of the above
is to create a new package that is the same as the <code>gnome</code> package but
uses <code>gnome-keyring-sans-ssh-agent</code> instead of <code>gnome-keyring</code>.</p><p>Now that we have <code>gnome-sans-ssh-agent</code>, we can create a custom
<code><gnome-desktop-configuration></code> record and pass it to the
<code>gnome-desktop-service</code> procedure as follows:</p><pre><code class="language-scheme">(operating-system
...
(services (cons*
(gnome-desktop-service
#:config (gnome-desktop-configuration
(gnome-package gnome-sans-ssh-agent)))
%desktop-services)))</code></pre><h1>Wrapping It All Up</h1><p>Finally, you need to run the following commands as <code>root</code> to create
and boot into the new <a href="https://www.gnu.org/software/guix/manual/en/html_node/Invoking-guix-system.html">system
generation</a>
(replace <code>MY-CONFIG</code> with the path to the customized operating system
configuration file):</p><pre><code class="language-shell"># guix system reconfigure MY-CONFIG
# reboot</code></pre><p>After you log into GNOME, any time you need to use SSH, the stock SSH
agent from OpenSSH that you started in your <code>~/.xsession</code> file will be
used instead of the GNOME Keyring's SSH agent. It just works! Note
that it still works even if you select a non-GNOME desktop session
(like XFCE) at the SLiM login screen, since the <code>~/.xsession</code> is not
tied to any particular desktop session,</p><p>In the unfortunate event that something went wrong and things just
aren't working when you reboot, don't worry: with GuixSD, you can
safely roll back to the previous system generation via <a href="https://www.gnu.org/software/guix/manual/en/html_node/Using-the-Configuration-System.html#index-roll_002dback_002c-of-the-operating-system">the usual
mechanisms</a>.
For example, you can run this from the command line to roll back:</p><pre><code class="language-shell"># guix system roll-back
# reboot</code></pre><p>This is one of the great benefits that comes from the fact that <a href="https://www.gnu.org/software/guix/manual/en/html_node/Introduction.html#Introduction">Guix
follows the functional software deployment
model</a>.
However, note that because the <code>~/.xsession</code> file (like many files in
your home directory) is not managed by Guix, you must manually undo
the changes that you made to it in order to roll back fully.</p><h1>Conclusion</h1><p>I hope this helps give you some ideas for how you can customize your
own GuixSD system to make it exactly what you want it to be. Not only
can you customize your desktop session via your <code>~/.xsession</code> file,
but Guix also provides tools for you to modify any of the default
packages or services to suit your specific needs.</p><p>Happy hacking!</p><h1>Notices</h1><p><a href="http://creativecommons.org/publicdomain/zero/1.0/"><img src="https://licensebuttons.net/p/zero/1.0/88x31.png" alt="CC0" title="CC0 1.0
Universal" /></a></p><p>To the extent possible under law, Chris Marusich has waived all
copyright and related or neighboring rights to this article,
"Customize GuixSD: Use Stock SSH Agent Everywhere!". This work is
published from: United States.</p><p>The views expressed in this article are those of Chris Marusich and do
not necessarily reflect the views of his past, present, or future
employers.</p><h4>About GNU Guix</h4><p><a href="https://www.gnu.org/software/guix">GNU Guix</a> is a transactional package
manager for the GNU system. The Guix System Distribution or GuixSD is
an advanced distribution of the GNU system that relies on GNU Guix and
<a href="https://www.gnu.org/distros/free-system-distribution-guidelines.html">respects the user's
freedom</a>.</p><p>In addition to standard package management features, Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles, and garbage collection. Guix uses low-level
mechanisms from the Nix package manager, except that packages are
defined as native <a href="https://www.gnu.org/software/guile">Guile</a> modules,
using extensions to the <a href="http://schemers.org">Scheme</a> language. GuixSD
offers a declarative approach to operating system configuration
management, and is highly customizable and hackable.</p><p>GuixSD can be used on an i686, x86_64 and armv7 machines. It is also
possible to use Guix on top of an already installed GNU/Linux system,
including on mips64el and aarch64.</p>https://guix.gnu.org/blog/2016/gnome-in-guixsd/GNOME in GuixSDLudovic Courtès2016-03-23T00:00:00+01002016-03-23T00:00:00+0100 It’s a feature that many users were waiting for: proper GNOME support in GuixSD. Good news: the forthcoming Guix and GuixSD release will give you exactly that! Don’t miss the obligatory screenshot ! You would think adding GNOME is routine distro work involving a lot of packaging and bits of plumbing that’s already been done a hundred times, which is probably true! Yet, adding GNOME support turned out to be interesting in many ways: it’s a good test for GuixSD’s declarative operating system configuration framework, it’s a way to…<div><p>It’s a feature that many users were waiting for: proper <a href="https://www.gnome.org/">GNOME</a> support in GuixSD. Good news: the forthcoming Guix and GuixSD release will give you exactly that! Don’t miss the obligatory <a href="https://www.gnu.org/software/guix/screenshots/0.9.1/gnome-totem-epiphany.png">screenshot</a>!<br /></p><p>You would think adding GNOME is routine distro work involving a lot of packaging and bits of plumbing that’s already been done a hundred times, which is probably true! Yet, adding GNOME support turned out to be interesting in many ways: it’s a good test for GuixSD’s declarative operating system configuration framework, it’s a way to formalize how this whole software stack fits together, and it’s been an insightful journey into GNU/Linux desktop plumbing!<br /></p><p>Of course, a lot of software needs to be packaged to begin with. This had been on-going for some time, culminating with the addition of a <a href="https://www.gnu.org/software/guix/packages/#gnome">gnome meta-package</a> thanks to the hard work of 宋文武 (Sou Bunnbu) and other hackers. On the way, we added <a href="https://lists.gnu.org/archive/html/guix-devel/2015-12/msg00173.html">an auto-updater for GNOME packages</a>, because all these package recipes need love.<br /></p><p>The more interesting parts were system integration. Modern GNOME/Freedesktop environments rely on a number of daemons, most of which talk over <a href="https://www.freedesktop.org/wiki/Software/dbus/">D-Bus</a>, and extending each other’s functionality: udev, udisks, upower, colord, geoclue, and polkit, to name a few. Being able to <em>compose</em> all these system services was one of the driving use cases behind <a href="/software/guix/news/service-composition-in-guixsd.html">the design of GuixSD’s new service composition framework</a>. With this design, we knew we were able to have fine control over the <a href="https://www.gnu.org/software/guix/manual/en/html_node/Service-Composition.html">service composition graph</a>. Challenge #1 overcome!<br /></p><p>Since GuixSD uses the <a href="https://www.gnu.org/software/shepherd/">GNU Shepherd</a> and not systemd as its init system, we needed a way to provide the <a href="https://freedesktop.org/wiki/Software/systemd/logind/">“logind”</a> functionality that systemd implements, and which allows GNOME to know about <a href="https://www.freedesktop.org/wiki/Software/systemd/multiseat/">users, sessions, and seats</a>.<br /></p><p>So Andy Wingo courageously started by <a href="https://lists.gnu.org/archive/html/guix-devel/2015-04/msg00352.html">extracting</a> logind from systemd, leading to <a href="https://github.com/wingo/elogind">“elogind”</a>. At this point, we had this daemon that could keep track of logged-in users and active sessions, and which GNOME could talk to over D-Bus… provided all the relevant <a href="http://www.linux-pam.org/">PAM services</a> would use the pam_elogind module so that elogind knows when a user logs in and out, as Andy <a href="https://lists.gnu.org/archive/html/guix-devel/2015-08/msg00439.html">nicely explained it</a>.<br /></p><p>This pam_elogind thing is a typical example of a cross-cutting concern: <em>if</em> you use elogind, <em>then</em> you want all the relevant login-related PAM services (mingetty, the X login manager, commands such as su, the SSH daemon, etc.) to use pam_elogind. To achieve that, we <a href="http://git.savannah.gnu.org/cgit/guix.git/commit/?id=12c00bca92e3eef2b86565924bbefc39397b5497">updated</a> our PAM service such that it could be <a href="https://lists.gnu.org/archive/html/guix-devel/2016-02/msg00163.html">extended</a> with such <a href="http://git.savannah.gnu.org/cgit/guix.git/commit/?id=e7ad0d586251383a4c8b00222e8dec61d491f03b">cross-cutting modules</a>. At last, we had proper logind support! <br /></p><p>At this point, the brave could start using GNOME on GuixSD but would soon realize that, for example, the “power off” button wouldn’t have the desired effect, or that changing a laptop’s backlight wouldn’t work because <a href="https://www.freedesktop.org/wiki/Software/polkit/">polkit</a>, the daemon that allows unprivileged users to perform privileged operations like that one, was <a href="https://lists.gnu.org/archive/html/guix-devel/2016-02/msg01000.html">missing essential policy files</a>.<br /></p><p>You would think you can finally change the brightness of your screen, but no! Turns out that polkit would <a href="https://lists.gnu.org/archive/html/guix-devel/2016-02/msg01170.html">refuse to run gnome-setting-daemon’s backlight helper program</a> because <a href="https://lists.gnu.org/archive/html/guix-devel/2016-03/msg00247.html">elogind happened to fail to map PIDs to sessions</a>. Whatever.<br /></p><p>Of course there were still a bunch of embarrassing glitches such as <a href="http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22666">GNOME suspending right after it wakes up from suspend</a>, failure to start in QEMU, or <a href="https://lists.gnu.org/archive/html/guix-devel/2016-03/msg00690.html">the lack of GNOME’s favorite font</a>. Well, it seems that all these are gone now!<br /></p><p>GuixSD users can now enable GNOME by adding <a href="https://lists.gnu.org/archive/html/guix-devel/2016-03/msg00639.html">one line</a> in their <a href="https://www.gnu.org/software/guix/manual/en/html_node/Using-the-Configuration-System.html">operating system configuration</a>. Overall, this has been a nice experience involving a variety of areas.<br /></p><h4>About GNU Guix</h4><p><a href="http://www.gnu.org/software/guix">GNU Guix</a> is a functional package manager for the GNU system. The Guix System Distribution or GuixSD is an advanced distribution of the GNU system that relies on GNU Guix and <a href="http://www.gnu.org/distros/free-system-distribution-guidelines.html">respects the user's freedom</a>.<br /></p><p>In addition to standard package management features, Guix supports transactional upgrades and roll-backs, unprivileged package management, per-user profiles, and garbage collection. Guix uses low-level mechanisms from the Nix package manager, except that packages are defined as native <a href="http://www.gnu.org/software/guile">Guile</a> modules, using extensions to the <a href="http://schemers.org">Scheme</a> language. GuixSD offers a declarative approach to operating system configuration management, and is highly customizable and hackable.<br /></p><p>GuixSD can be used on an i686 or x86_64 machine. It is also possible to use Guix on top of an already installed GNU/Linux system, including on mips64el and armv7.<br /></p></div>