LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GNU Guix launches

GNU Guix launches

Posted Nov 27, 2012 15:17 UTC (Tue) by lambda (subscriber, #40735)
In reply to: GNU Guix launches by davidescott
Parent article: GNU Guix launches

Your objections seem to be based on not understanding the Nix package manager. If a user installs a package under Nix, it's installed in its own environment, and does not affect what packages other users see or behavior of other packages.

I guess that's what you call "containers (AKA VM-lite)", but it's not really the same thing; in fact, I would say both of those characterizations are wrong. A container isn't really "VM-lite", unless you want to call a modern operating system with separate users, memory protection, and preemptive multitasking "VM-lite" as well. A container is a way in which you can selectively isolate more resources, while sharing resources that still ought to be shared; it's the continuation of the idea of separate processes and memory protection, allowing you to apply isolation to more resources.

And Nix differs from a container, since in a container, you either give the user their own root with nothing shared, in which case, from a filesystem perspective, sure, it's VM-lite; everyone has to install all of their own copies of everything. Or you could share certain directories like /usr, but then you wind up with problems updating the base system breaking your packages installed in your container.

Nix works by building up a tree of package dependencies. Each package specifies the exact packages it depends on (the precise version and dependency tree, similar to the way Git refers commits by the SHA-1 of the current state and the SHA-1 of its ancestors), and packages are never replaced, new versions are installed in a new location. So a user can install local packages which depend on system packages, only using the extra space for what they specifically need; but if the base system updates, their packages will still depend on the old versions, causing them to stay around. Once the user updates their packages to newer version, depending on the new system libraries, the old versions will be GCed if no one depends on them.

(Log in to post comments)

GNU Guix launches

Posted Nov 27, 2012 16:29 UTC (Tue) by davidescott (guest, #58580) [Link]

> Your objections seem to be based on not understanding the Nix package manager.

The objection is NOT that nix will somehow screw up the system by having conflicting packages. I'm objecting to the concept of user-installable packages, under the assumption that the package manager handles conflicts perfectly.

There are various objections (5 have been listed) the one closest to what you describe is that someone installs X to build Y. Initially this is fine because Y is a non-critical internal only application and a stop-gap measure until the real solution can be released. Of course Y morphs into something more and becomes a critical permanent external application and needs to be brought into compliance (moved to a secure server, audited, etc), and the approved systems are not capable of running the required X.

See http://us.thedailywtf.com/Articles/Excellent-Design.aspx for an example of this.

GNU Guix launches

Posted Nov 27, 2012 17:17 UTC (Tue) by davidescott (guest, #58580) [Link]

After submitting I went back and rereading my comment and realized that you were responding to my response to phoddie's description of VMs as perverse sledgehammers.

You are correct that my previous comment is not correct with respect to how Nix operates. My point (poorly expressed) was that a package manager is either going to introduced a combinatorial explosion of potential conflicts or be VM-lite by supporting independent package installations.

I'm objecting to the suggestion that VMs are a perverse sledgehammer. I think they are a very good sledgehammer to quickly roll out lots of independently configured instances. If Nix+Containers can accomplish that while eliminating some duplication then VM-lite may be preferable to pure VM, but that has nothing to do with user-installed packages.

GNU Guix launches

Posted Nov 28, 2012 13:39 UTC (Wed) by pboddie (subscriber, #50784) [Link]

To be fair, I use virtualisation in the broadest sense myself, but when you have package management systems like opkg which appear to be able to operate for unprivileged users in their own chosen areas of the filesystem, having to use "virtualisation" even at the level of maintaining separate chroot environments has to be seen as a kludge and not the product of two virtuous technologies coming together to "solve" an apparently unsolvable problem. If anything, it just pushes the complexity avoided by the somewhat overly conservative design decisions of the package management systems concerned onto some other activity instead.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds