guix
/
guix-artwork
mirror of git://git.savannah.gnu.org/guix/guix-artwork.git
2
0
Fork 0
Code Issues Releases Wiki Activity

website: Add draft 1.2.0 release announcement. 

* website/drafts/gnu-guix-1.2.0-released.md: New file.
This commit is contained in:
Ludovic Courtès 2020-11-09 22:23:41 +01:00
parent 4146d95ac0
commit 8973594e1f
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 185 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
website/drafts/gnu-guix-1.2.0-released.md Normal file
View File

@ -0,0 +1,185 @@
title: DRAFT GNU Guix 1.2.0 released
date: 2020-11-11 15:00:00
author: Ludovic Courtès
slug: gnu-guix-1.2.0-released
tags: Releases, Security
---
We are pleased to announce the release of GNU Guix version 1.2.0!
The release comes with [ISO-9660 installation
images](https://guix.gnu.org/manual/en/html_node/System-Installation.html),
a [virtual machine
image](https://guix.gnu.org/manual/en/html_node/Running-Guix-in-a-VM.html),
and with tarballs to install the package manager on top of your
GNU/Linux distro, either [from
source](https://guix.gnu.org/manual/en/html_node/Requirements.html) or
[from
binaries](https://guix.gnu.org/manual/en/html_node/Binary-Installation.html).
Guix users can update by running `guix pull`.
Its been 6 months since the last release, during which 200 people
contributed code and packages, and a number of people obviously
contributed to other important tasks—code review, system administration,
translations, web site updates, Outreachy mentoring, you name it!
Theres been more than 10,000 commits in that time frame and it is the
challenge of these release notes to summarize all that activity.
### Security
A significant highlight in this release is the ability to *authenticate
channels*, which probably makes Guix one of the safest ways to deliver
complete operating systems today. This was the missing link in our
“software supply chain” and were glad its now fixed. The end result
is that `guix pull` and related commands now cryptographically
authenticate channel code that they fetch; you cannot, for instance,
retrieve unauthorized commits to the official Guix repository. We
[detailed the design and
implementation](https://guix.gnu.org/en/blog/2020/securing-updates/)
back in July. The manual explains [what you need to know as a
user](https://guix.gnu.org/manual/devel/en/html_node/Channel-Authentication.html)
and [as a channel
author](https://guix.gnu.org/manual/devel/en/html_node/Specifying-Channel-Authorizations.html).
![Example commit graph.](https://guix.gnu.org/static/blog/img/commit-graph.svg)
Coupled to that, `guix pull` and `guix system reconfigure` now *detect
potential system downgrades or Guix downgrades* and raise an error.
This ensures you cannot be tricked into downgrading the software in your
system, which could potentially reintroduce exploitable vulnerabilities
in the software you run.
With these safeguards in place, we have added an [*unattended upgrade
service*](https://guix.gnu.org/manual/devel/en/html_node/Unattended-Upgrades.html)
that, in a nutshell, runs `guix pull && guix system reconfigure`
periodically. Unattended upgrades _and_ peace of mind.
Another important change from a security perspective that were proud of
is [*the reduction of binary seeds to
60 MiB*](https://guix.gnu.org/en/blog/2020/guix-further-reduces-bootstrap-seed-to-25/)
on x86_64 and i686, thanks to tireless work on
[GNU Mes](https://www.gnu.org/software/mes),
[Gash](https://savannah.nongnu.org/projects/gash), and related software.
On the same security theme, our build daemon and the [`origin`
programming
interface](https://guix.gnu.org/manual/devel/en/html_node/origin-Reference.html)
now accept *new cryptographic hash functions* (in particular SHA-3 and
BLAKE2s) for [“fixed-output
derivations”](https://guix.gnu.org/manual/en/html_node/Derivations.html)—so
far we were unconditionally using SHA256 hashes for source code.
### User experience
We want Guix to be accessible and useful to a broad audience and that
has again been a guiding principle for this release. The [graphical
system
installer](https://guix.gnu.org/en/videos/system-graphical-installer/)
and the [script to install Guix on another
distro](https://guix.gnu.org/manual/en/html_node/Binary-Installation.html)
have both received bug fixes and usability improvements. First-time
users will appreciate the fact that `guix help` now gives a clear
overview of the available commands, that `guix` commands are less
verbose by default (they no longer display a lengthy list of things that
theyll download), and that `guix pull` displays a progress bar as it
updates its Git checkout.
*Performance improved in several places*. Use of the new [“baseline
compiler” that landed in
Guile 3.0.4](https://wingolog.org/archives/2020/06/03/a-baseline-compiler-for-guile)
leads to reduced build times for Guix itself, which in turn means that
`guix pull` is much less resource-hungry. Performance got better in
[several](https://issues.guix.gnu.org/44053#9)
[other](https://issues.guix.gnu.org/41702#2)
[areas](https://issues.guix.gnu.org/43340), and more work is yet to
come.
Were giving users more flexibility on the command line, with the
addition of three [*package transformation
options*](https://guix.gnu.org/manual/en/html_node/Package-Transformation-Options.html):
`--with-debug-info` ([always debug in good
conditions](https://guix.gnu.org/manual/devel/en/html_node/Rebuilding-Debug-Info.html)!),
`--with-c-toolchain`, and `--without-tests`.
The *reference manual* has been expounded: theres a new [“Getting
Started”
section](https://guix.gnu.org/manual/devel/en/html_node/Getting-Started.html),
the [“Programming Interface”
section](https://guix.gnu.org/manual/devel/en/html_node/Programming-Interface.html)
contains more info for packagers. We added code examples in many
places; in the on-line copy of the manual, identifiers in those code
snippets are clickable, linking to the right place in the Guix or Guile
manuals.
Last but not least, *the manual is fully translated* to
[French](https://guix.gnu.org/manual/fr/html_node/),
[German](https://guix.gnu.org/manual/de/html_node/), and
[Spanish](https://guix.gnu.org/manual/es/html_node/), with partial
translations in [Russian](https://guix.gnu.org/manual/ru/html_node/) and
[Chinese](https://guix.gnu.org/manual/zh-cn/html_node/).
### More goodies
But theres more! Support for *whole-system cross-compilation*—as in
`guix system build --target=arm-linux-gnueabihf config.scm`—has been
improved. That, together with a lot of porting work both for packages
and for the Guix System machinery, brings [the `hurd-vm`
service](https://guix.gnu.org/manual/devel/en/html_node/Virtualization-Services.html#index-hurd_002dvm_002dservice_002dtype)—a
cross-compiled Guix GNU/Hurd system [running as a virtual machine under
GNU/Linux](https://guix.gnu.org/en/blog/2020/childhurds-and-substitutes/).
This in turn has let us start work on native GNU/Hurd support.
Related to this, the new `(gnu image)` module implements a flexible
interface to operating system images; from the command line, it is
accessible _via_ [`guix system disk-image
--image-type=TYPE`](https://guix.gnu.org/manual/devel/en/html_node/Invoking-guix-system.html).
Several _image types_ are supported: compressed ISO-9660, qcow2
containing ext4 partitions, ext2 with Hurd options, and so on. This is
currently implemented using
[`genimage`](https://github.com/pengutronix/genimage).
In addition to those already mentioned, a dozen of new system services
are available, including services for
[Ganeti](https://guix.gnu.org/blog/2020/running-a-ganeti-cluster-on-guix/),
[LXQt](https://guix.gnu.org/manual/devel/en/html_node/Desktop-Services.html#index-lxqt_002ddesktop_002dservice_002dtype),
[Gemini](https://guix.gnu.org/manual/devel/en/html_node/Web-Services.html#index-gmnisrv),
and [Guix Build
Coordinator](https://guix.gnu.org/manual/devel/en/html_node/Guix-Services.html).
XXX packages have been added, for a total of [more than 15K
packages](https://guix.gnu.org/en/packages); XXX were upgraded. The
distribution comes with GNU libc 2.31, GCC 10.2, GNOME 3.34,
Xfce 4.14.2, Linux-libre 5.9.3, and LibreOffice 6.4.6.2 to name a few.
Theres also a new [build system for packages built with
Maven](https://guix.gnu.org/manual/devel/en/html_node/Build-Systems.html#index-maven_002dbuild_002dsystem).
The [`NEWS` file](XXX) lists additional noteworthy changes and bug fixes
you may be interested in.
### Try it!
You can go ahead and [download this new
version](https://guix.gnu.org/en/download/)—weve been told [you may
soon be able to `apt install guix`](https://packages.debian.org/guix) if
youre on Debian or a derivative distro!—and [get in touch with
us](https://guix.gnu.org/en/contact/).
Enjoy!
#### About GNU Guix
[GNU Guix](https://guix.gnu.org) is a transactional package manager and
an advanced distribution of the GNU system that [respects user
freedom](https://www.gnu.org/distros/free-system-distribution-guidelines.html).
Guix can be used on top of any system running the Hurd or the Linux
kernel, or it can be used as a standalone operating system distribution
for i686, x86_64, ARMv7, and AArch64 machines.
In addition to standard package management features, Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles, and garbage collection. When used as a standalone
GNU/Linux distribution, Guix offers a declarative, stateless approach to
operating system configuration management. Guix is highly customizable
and hackable through [Guile](https://www.gnu.org/software/guile)
programming interfaces and extensions to the
[Scheme](http://schemers.org) language.