[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Updating Packages

From: Chris Marusich
Subject: Re: Updating Packages
Date: Sun, 05 May 2019 12:12:39 -0700
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Hi Raghav,

"Raghav Gururajan" <address@hidden> writes:

> Hmm. Okay.
> Thank you.
> April 15, 2019 3:22 PM, "Pierre Neidhardt" <address@hidden> wrote:
>> Maybe not what you are asking but what about
>> guix system reconfigure ... && guix package -u
>> ?

First, just a reminder: on this email list, please avoid top-posting.
Most people bottom-post or reply in-line.  It's fine to cut out text
that is not relevant to your response.

Now, as to your question: Pierre has given the answer.  There is not
currently a way to upgrade the system and the user profiles in a single
transaction.  This might make one ask, "Why is that?"  I want to offer
an explanation why.

Guix System follows the functional software deployment model and is
designed to put the users (even unprivileged users) in control of their
own software, as well as their own Guix installation.  It is designed so
that a system administrator can upgrade the system software and services
without interfering with what the users have installed.  Likewise, users
can upgrade their own software without interfering with the system's
underlying software.

This is a good feature.  It separates concerns and gives more control to
users and administrators both.  Remember, an administrator has full
access to the system, so they can still forcibly upgrade user profiles
if they choose to do so.  In a traditional GNU/Linux distribution, you
generally need special privileges (e.g., sudo or root access) in order
to use the system's package manager to install/remove any software.  On
such systems, the package manager does not provide any way for any users
(privileged or not) to manage "their own" software; all software is
effectively "system" software, and it must be managed by a privileged
user.  On these systems, upgrading the system software upgrades software
for all users.  Guix provides more fine-grained control than this.

At first blush, it might seem like it isn't good that we can't upgrade
all the software in a single transaction, but from the perspective of
ensuring correct deployment of software, it actually isn't a problem.
If Bob upgrades his profile, it won't interfere with software that Alice
has installed, and it won't interfere with any system software, either.
Likewise, if the system is upgraded, it won't interfere with any
software that Alice or Bob have installed, since their profiles are
"self-contained" thanks to the functional model.

From a security perspective, it may be undesirable to allow old profiles
containing software with security vulnerabilities to exist, but that can
be fixed by upgrading the stale profiles.  The task of enforcing that
every profile is "up to date" is arguably outside the scope of Guix;
Guix just provides the mechanisms to make it possible for you to upgrade
all that software in a safe fashion.

I hope that helps explain why it makes sense that the task of "upgrading
a user's profile" and "upgrading the system's software" are independent
of each other in Guix System.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]