Guix can now produce relocatable application bundles. Unlike snap, flatpak, etc. the resulting bundles can be bit-reproducible and the user needs no additional software to run them since every distro can extract a tarball.
@dthompson It seems to provide no isolation but it's still a neat idea
@dthompson ...also please don't let users just randomly extract tarballs and not get updates because that would make it even worse than AppImage.
@espectalll note the caveat in the article: 'guix pack' is not a substitute for a package manager!
@espectalll 'guix pack' is to satisfy the (apparently necessary) use-case that sometimes people want to just share some binary hodgepodge thing and have it run on as many machines as possible.
@espectalll isolation is orthogonal to distributing binaries. does snappy or flatpak provide any isolation?
@dthompson Absolutely, they use containers for a reason
@espectalll I wrote a container implementation for guix that can do all sorts of isolation via namespaces.
@dthompson OK now you're convincing me to not use Flatpak... but still, how did you not know that?
@espectalll not know what? I think we're starting to get many subjects mixed together here.
@dthompson By "that" I mean that Snap and Flatpak use containers to provide isolation
@espectalll I just don't know all the features they have because I've never used them.
@dthompson Sure that, but it's quite a given if we're talking about containers, because it's inherent to the idea. Also I thought at first I thought you were the author of the article, but you're not so it's OK.
@espectalll it's not a given. "container" is actually a very vague term. Linux provides 6 namespaces for isolating processes from various global kernel resources and there's all sorts of permutations you can have.
@espectalll and that's not even getting into the subject of control groups.
@dthompson That's correct, but I don't see why would you try to use a container for executing applications otherwise.
@espectalll the article I linked describes why it's needed. it's for creating a new root file system. in guix, all the software lives in /gnu/store, so in order to provide a tarball that can be extracted to any directory and run, you need to first create a user namespace so you can chroot as an unprivileged user.
@espectalll this can be taken further by introducing further isolation, but the isolation required will vary depending on the software being run, so what guix has now is a good MVP, I think.
@dthompson I've never considered a chroot as a "container" tbh
@espectalll I hope you are starting to see why "container" can be a problematic word. everyone has a different definition. and in this case we're not talking about only a chroot, but a user namespace as well, and namespaces form the core of what people refer to as a container.
@dthompson Finally a project that doesn't jump onto the container hypetrain
A Mastodon instance for cats, the people who love them, and kindness in general. We strive to be a radically inclusive safe space. By creating an account, you agree to follow our CoC below.