Hi Stefan,
Stefan Karrmann <s.karrm...@web.de> writes: > Dear Wolf, > > my system-config.scm is quite normal desktop. Because of my WLAN chip I use a > non-free linux kernel which is customized to my needs (e.g. only btrfs and no > ext*-fs). I change some privileged programs (e.g. exchange slock by > slock-caps, trivial suspend). See below. > > my reconfig is and takes today about 25 minutes: > > guix time-machine -C ~user/reg/c/config/systems/channels-lock.scm -- system > reconfigure -L ~user/reg/c ~user/reg/c/config/systems/config.scm "$@" |& tee > -a reconfig-$(date +%F.%T).log > > Without time-machine the output is the same. But yesterday, I saw some pulls > and applied commits. > > NB: I fix the channels to a commit by channels-lock.scm. It contains the > commits just after the last CVEs. > --- begin channels-lock.scm > (list (channel > (name 'nonguix) > (url "https://gitlab.com/nonguix/nonguix";) > (branch "master") > (commit > "fea3efac5021b5c2b5037e0281d95e8ac81b34eb") > (introduction > (make-channel-introduction > "897c1a470da759236cc11798f4e0a5f7d4d59fbc" > (openpgp-fingerprint > "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5")))) > (channel > (name 'guix) > (url "https://git.guix.gnu.org/guix.git";) > (branch "master") > (commit > "8ee445f39ad6fc706247060e7fd235c13351c7f1") > (introduction > (make-channel-introduction > "9edb3f66fd807b096b48283debdcddccfea34bad" > (openpgp-fingerprint > "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))) > --- end channels-lock.scm > > Besides this, I get *three* times {Updating channels + Computing Guix > derivation for 'x86_64-linux'} ! > > The output of reconfigure is: > > --- begin output with channels-lock.scm > Updating channel 'guix' from Git repository at > 'https://git.guix.gnu.org/guix.git'... > Updating channel 'nonguix' from Git repository at > 'https://gitlab.com/nonguix/nonguix'... > Computing Guix derivation for 'x86_64-linux'... > Updating channel 'guix' from Git repository at > 'https://git.guix.gnu.org/guix.git'... > Updating channel 'nonguix' from Git repository at > 'https://gitlab.com/nonguix/nonguix'... > Computing Guix derivation for 'x86_64-linux'... > substitute: looking for substitutes on 'https://substitutes.nonguix.org'... > 100.0% > substitute: looking for substitutes on 'https://bordeaux.guix.gnu.org'... > 100.0% > substitute: looking for substitutes on 'https://ci.guix.gnu.org'... > 100.0% > The following derivations will be built: > /gnu/store/4n8p23vp5q94gmcf42wajqj9xxkxh3hp-activate-service.scm.drv > /gnu/store/kpssw1srszhq1p4qcchcqq81rhc8jcqf-activate.scm.drv > /gnu/store/y5b31mf70r84drj6cn3h8l4z5c2m37ys-boot.drv > /gnu/store/dsifllskpmcimyaslwmp09rxnfl9an5n-system.drv > /gnu/store/3c5707shbz9n4g3mpfaz9w88fx8m6ldz-grub.cfg.drv > > building > /gnu/store/4n8p23vp5q94gmcf42wajqj9xxkxh3hp-activate-service.scm.drv... > building /gnu/store/kpssw1srszhq1p4qcchcqq81rhc8jcqf-activate.scm.drv... > building /gnu/store/y5b31mf70r84drj6cn3h8l4z5c2m37ys-boot.drv... > building /gnu/store/dsifllskpmcimyaslwmp09rxnfl9an5n-system.drv... > building /gnu/store/3c5707shbz9n4g3mpfaz9w88fx8m6ldz-grub.cfg.drv... > /gnu/store/y636b201mc0h5rsp8pi9h670njrmbrr1-system > /gnu/store/9l6wlm8z6j2m3fxxaplbczr9knd9h5j4-grub.cfg > > activating system... > Updating channel 'guix' from Git repository at > 'https://git.guix.gnu.org/guix.git'... > Updating channel 'nonguix' from Git repository at > 'https://gitlab.com/nonguix/nonguix'... > Computing Guix derivation for 'x86_64-linux'... > The following derivation will be built: > /gnu/store/1c1csvzk2pw612pp93g6k14105r6xq5l-switch-to-system.scm.drv > > building > /gnu/store/1c1csvzk2pw612pp93g6k14105r6xq5l-switch-to-system.scm.drv... > making '/var/guix/profiles/system-43-link' the current system... > populating /etc from /gnu/store/1km8pkvp5n8i67qx0vkmw4lqb7vrqjdj-etc... > setting up privileged programs in '/run/privileged/bin'... > warning: failed to privilege > "/gnu/store/aal4fxvkvpzc3p03fy3bbzl19zi550xs-slock-1.5/bin/slock": File exists > warning: failed to privilege > "/gnu/store/jxhjfzsnl8sgnzaizfd7ljhmampnvw6l-slock-caps-1.5/bin/slock": File > exists > The following derivation will be built: > /gnu/store/7c0k15mlwda70q81dbvyfm0bqlgpr7c0-install-bootloader.scm.drv > > building > /gnu/store/7c0k15mlwda70q81dbvyfm0bqlgpr7c0-install-bootloader.scm.drv... > guix system: bootloader successfully installed on '(/boot/efi)' > Updating channel 'guix' from Git repository at > 'https://git.guix.gnu.org/guix.git'... > Updating channel 'nonguix' from Git repository at > 'https://gitlab.com/nonguix/nonguix'... > Computing Guix derivation for 'x86_64-linux'... > [...shepard and kexec stuff] > --- end output with channels-lock.scm > > PS: my system-config.scm is > --- begin system-config.scm > (define-public h2ka-system > (operating-system > (kernel host-linux) > (initrd microcode-initrd) > (firmware (list linux-firmware)) > (locale "de_DE.utf8") > (timezone "Europe/Berlin") > (keyboard-layout (keyboard-layout "de" "deadgraveacute")) > (host-name "host") > > (users (cons* (user-account > (name "me") > (comment "me") > (group "users") > (home-directory "/home/me") > (supplementary-groups '("wheel" "netdev" > "audio" "video"))) > %base-user-accounts)) > > (packages > (append > (map > specification->package > '("cifs-utils" > "davfs2" > "i3-wm" > "i3status" > "suspend" > "dmenu" > "bash" > ;;"dwm" > "tinyalsa" > "alsa-plugins" > "alsa-utils" > "pulseaudio" > "lxde" > "lxpanel" > "st" > ;;"s6" > ;;"execline" > )) > %base-packages)) > > (privileged-programs > (cons* > (privileged-program > (program (file-append slock-caps "/bin/slock")) > (setuid? #t) > ) > (privileged-program > (program (file-append suspend "/bin/suspend")) > (group "wheel") > (setuid? #f) > (setgid? #t) > ) > (privileged-program > (program (file-append davfs2 "/sbin/mount.davfs")) > (setuid? #t)) > (privileged-program > (program (file-append cifs-utils "/sbin/mount.cifs")) > (setuid? #t)) > ((remove-privileged > `(,(file-append slock "/bin/slock"))) > %default-privileged-programs))) > (services > (cons* > (service mcron-service-type > (mcron-configuration > (jobs (list cpupower-powersave-job > lift-nofile-limit-job > renice-guix-daemon-job > guix-reconfigure-job > guix-release-throttle-job)))) > > (service xfce-desktop-service-type) > (service cups-service-type ;2025-07-27 > (cups-configuration > (web-interface? #t) > (extensions > (list foomatic-filters cups-filters hplip dbus foo2zjs > hplip-plugin)))) > > (service nix-service-type) ; 2025-05-08 > (service varnish-service-type) ; 2025-05-08 > (set-xorg-configuration > (xorg-configuration > (keyboard-layout keyboard-layout) > (extra-config (list touchpad-conf)))) > > (service > screen-locker-service-type > (screen-locker-configuration > (name "slock") > (program (file-append slock-caps "/bin/slock")))) > > ;; Dies ist die Standardliste von Diensten, zu der wir > ;; Einträge hinzufügen. > (modify-services > %desktop-services > (guix-service-type > config > => (guix-configuration > (inherit config) > ;; (privileged? #f) ; new 2025-04-25 > (channels my-channels) > (guix (guix-for-channels my-channels)) As you can see here, you're asking guix to put guix-for-channels in the target system profile with my-channels. You aren't sharing what my-channels is but presumably it is unpinned channels if you are getting newer guix at /run/current-system/profile/bin/guix every time you update. Even if they are pinned, you will get recomputation of guix as was mentioned by Tomas Wolf due to guix-for-channels not caching, like the time-machine does. Still, if you are using guix pull as your user, there is likely no reason to customize guix here and you can just leave this the default, being package guix from (gnu packages package-management). This guix is updated from time to time and as other packages it is pinned to a specific commit, and as such it won't be updated until you use newer commits for the evaluation of the config, ie. newer commits in the time-machine command. The system is still evaluated with the channels supplied from time-machine, this has only to do with the guix in the built profile, you won't be getting newer packages or anything like that. Rutherther > (substitute-urls > (cons* "https://substitutes.nonguix.org"; > %default-substitute-urls)) > (authorized-keys > (cons* > (plain-file "non-guix.pub" > "(public-key (ecc (curve Ed25519) > (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))") > ;;(local-file "./signing-key.pub") > %default-authorized-guix-keys)))) > ))) > (bootloader (bootloader-configuration > (bootloader grub-efi-bootloader) > (targets (list "/boot/efi")) > (keyboard-layout keyboard-layout))) > (swap-devices (list (swap-space > (target (uuid > "7aae4d4e-bbd1-4af7-a8e7-cf7c3f65724f"))))) > > ;; Die Liste der Dateisysteme, die "eingehängt" werden. Die, zu den > ;; Dateisystemen einzigartigen, Identifikatoren ("UUIDs") können durch das > ;; Ausführen des Befehls "blkid" in einem Terminal erhalten werden. > (file-systems > (cons* > (file-system > (mount-point "/") > (device (uuid > "5edbc69f-592c-42e1-8a95-0d6b728225b3" > 'btrfs)) > (type "btrfs")) > > (file-system > (mount-point "/boot/efi") > (device (uuid "D6F3-2354" > 'fat32)) > (type "vfat")) > > %base-file-systems)))) > --- end system-config.scm > > PPS: my suspend is > --- begin suspend.scm > (define-module (config packages suspend)) > > (use-modules > (gnu packages bash) > (guix build-system trivial) > (guix gexp) > (guix licenses) > (guix modules) > (guix packages) > ) > > (define-public suspend > (package > (name "suspend") > (version "0.1") > (source #f) ; no external source > (inputs (list bash)) > (build-system trivial-build-system) > (arguments > (list > #:builder > (with-imported-modules > (source-module-closure > '((guix build utils))) > #~(begin > (use-modules (guix build utils)) > (let* ((out (getenv "out")) > (bin (string-append out "/bin")) > (script (string-append bin "/suspend")) > (she-bang (string-append > "#!" > #$(file-append bash "/bin/bash") > "\n"))) > (mkdir-p bin) > (call-with-output-file script > (lambda (port) > (display she-bang port) > (display "echo mem > /sys/power/state\n" port))) > (chmod script #o755)))))) > (synopsis "Suspend command") > (description "Provides a suspend command, which could be > privileged in a system configuration.") > (home-page "https://codeberg.de/stefanK/stix";) ; not yet there > (license public-domain))) > > suspend > --- end suspend.scm > > -- > Kind regars, > S. Karrmann > > >> Gesendet: Mittwoch, 6. August 2025 um 21:55 >> Von: "Tomas Volf" <~@wolfsden.cz> >> An: "Stefan Karrmann" <s.karrm...@web.de> >> CC: guix-devel@gnu.org >> Betreff: Re: Computing Guix derivation for 'x86_64-linux' takes ages... -> 3 >> proposals >> >> Stefan Karrmann <s.karrm...@web.de> writes: >> >> > Dear all, >> > >> > this question was asked several times. But >Computing Guix derivation for >> > 'x86_64-linux'< annoys really. >> > >> > Why do we need this so often? >> > >> > Of course, we need this, if we pull a new guix. If we do it, we know that >> > it takes its time. >> > >> > But why do we need it with >guix system reconfigure< etc.pp.? We have a >> > pulled >> > guix locally and ready. That's the one we want to use! Well, I see that >> > >guix >> > system reconfigure< pulls new commits. But why? I don't want them. I find it interesting that you seem to know you don't understand what's going on yet have so many assumptions about what is happening. Why not just ask why this is happening rather than jumping to incorrect conclusions that are based on wrong, unchecked, assumptions? >> >> Would you be able to share some more details about your configuration >> and setup in general? It is some time since I have last used `guix >> system reconfigure' -- I only use `guix deploy' these days -- but I have >> to say I do not recall reconfigure doing a pull. So this might be >> something specific to your setup? >> >> Can you get reproducer in a virtual machine and share the configuration >> and commands to run? >> >> > [..] >> > OPEN: How to handle local trees (i.e. -L directory)? Well, they add >> > new branches and leafs, maybe a new forest. They do not change the old >> > forest at all. >> >> I do not think this is accurate. You can use -L to deploy completely >> custom Guix -- that is how pre-inst-env works when using checkout of the >> Guix repository. So while I agree that *usually* -L just adds new >> stuff, it very much *can* change "the old forest". >> >> Tomas >> -- >> There are only two hard things in Computer Science: >> cache invalidation, naming things and off-by-one errors. >>
