Installing Chrome and other proprietary apps on Guix

Our topic is Channels in Guix so we can install Chrome and Firefox on top of Ubuntu. In accordance with FSF principles Guix doesn't ship anything proprietary; including codecs in browsers. Unfortunately, this means video conferencing and Google Apps don't work with the versions of Chrome and Firefox Guix ships. The Guix repositories also don't contain proprietary firmware (e.g. wifi drivers) or apps (e.g. Zoom). To add these apps we need to add an additional repository (channel). Guix Channels is a flexible method to enable multiple sources of packages, increasing the packages that are available. We can use a channel to create local variants of packages in the main Guix repository - ones with particular patches or build options we care about. Or, we can use a channel to provide additional packages that aren't in Guix.

The Guix repositories contain ungoogled-chromium and icecat. Removing the proprietary elements means neither will work with Google Apps or Google Meet which I need for work. Additionally, I use Zoom a lot as it's very bandwidth efficient. Most advice is to use Flatpak/Snap, but I'm going to show an alternative which is the Nonguix package archive.

This is part three of a series on Guix, if you want to read them in order see:

Guix Channels

Guix has the concept of Channels, where each channel is a collection of packages in a repository. This is the same concept that's seen in Linux distributions. A channel is a location (often a git repository) that contains Guix package definitions. We tell Guix about the location, and it will include the packages in its internal database of known packages.

Nonguix Channel

Nonguix is a collection of packages that cannot be included in Guix for a variety of reasons: mostly because the packages do not meet the Free Software definition.

Guix knows about channels through the ~/.config/guix.channels.scm file. To tell it about Nonguix as a channel we add the following:

(cons* (channel
        (name 'nonguix)
        (url "https://gitlab.com/nonguix/nonguix")
        ;; Enable signature verification:
        (introduction
         (make-channel-introduction
          "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
          (openpgp-fingerprint
           "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
       %default-channels)

Guix is written in GNU Guile which is an implementation of the Scheme language, it uses a set of domain specific functions. It's pretty easy to read, without understanding Scheme, almost pseudo-code like. Each statement is within brackets, so (name 'nonguix) is a statement. The main unfamiliar one is cons* which is adding everything onwards into the %default-channels list.

Now we've added the nonguix channel if we did a guix pull it would pull down all the package definitions and then we'd be able to build packages from source. However, for large packages like Firefox it's going to take a very long time. Luckily nonguix also has a substitution server. As a reminder a binary substitution is where we tell the package manager to download a binary build of the package, rather than building it ourselves using the package source definition.

To use it we need to download the OpenPGP key:

$ wget https://substitutes.nonguix.org/signing-key.pub -O substitutes.nonguix.org.pub
$ sudo guix archive --authorize < substitutes.nonguix.org.pub

The second command tells Guix to authorise substitutes.nonguix.org as a source of substitution binaries. Now update the definitions that Guix knows about:

$ guix pull

In the output it should tell us that it's getting information about the availability of substitutes from substitutes.nonguix.org. We can also use the guix describe command to check what channels are operating and which git commit was used:

$ guix describe
Generations 3    Oct 07 2022 12:00:02   (current)
  guix 8319be7
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 8319be779blahblahblah
  nonguix 174eded
    repository URL: https://gitlab.com/nonguix/nonguix
    branch: master
    commit: 174eded3dc6eeblahblah

We also need to tell the Guix daemon to use substitutions from Nonguix. For a test we can do it at the command line:

guix install firefox --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org'

This will install Firefox using the binary substitution that's been built by the Nonguix builder. To permanently tell Guix to do this we have to edit the Systemd guix-service definition. This is stored in /etc/systemd/guix-daemon.service

$ sudo systemctl stop guix-daemon.service

# edit the /etc/systemd/system/guix-daemon.service
$ sudo vim /etc/systemd/system/guix-daemon.service

# add the --substitute-urls option on the guix-daemon command line and list the URLs of interest
ExecStart=/var/guix/profiles/per-user/root/current-guix/bin/guix-daemon --build-users-group=guixbuild --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org'

# Reload and restart the service
$ sudo systemctl daemon-reload

$ sudo systemctl start guix-daemon.service

$ sudo systemctl status guix-daemon.service

All we're doing is adding an additional server to the --substitutes-urls list. If everything went well you can do:

$ guix pull
[lots of output]
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://substitutes.nonguix.org'... 100.0%
[lots of output]

Other Channels

This is a selection of channels to explore: some are for distributing packages that can't go into Guix and others are personal channels where people keep their own patched builds of packages.

Guix Gaming Channel

Selection of nonfree games.
Small Guix

Packages maintained by Giacomo Leidi.
Guix Crypto

Various packages for exploring crypto.
Guix 'R us

Packages maintained by the whereiseveryone community.
R0man's Guix channel

Packages maintained by r0man.
Channel-Q

Packages being worked on by SqrtMinusOne.
Allan Adairs Guix Channel

Some Go and Kubernetes packages.
Packages for Endgame

Various packages, some of which could be upstreamed.
PHP for Guix Channel

Nazar65's PHP channel

Guix Channel Research

To learn more about Guix channels these are the best resources I found.

Guix Manual - Channels Chapter

The Guix manual is the authoritative source on everything Guix. The Channels chapter is comprehensive.
Using Package Channels in GNU Guix

System Crafters (David Wilsons) post and video about using package channels. Everything I've covered and a whole lot more!
More Guix: Private Channels and Internal Packages

Peter Lo explains how to use channels for project specific or customised packages.
A Home Router with GNU GUIX

Timmy Douglas' first post about creating a channel for local development - for his router project. See his second post as well.
GNU Guix: Building packages with customer CFLAGS

Timmy Douglas' second post about creating custom packages in a local development channel. See the first post for setting this up.

Channels Summary

One final point is that rather than using an entire channel we can also try out a single package, see Ryan Prior's How to try out somebody's Guix package.

As we said at the start Channels in Guix let us share packages easily and increase the range of applications that we're using. In this case, by adding the NonGuix channel we can install various proprietary applications including Chrome, Firefox and Zoom. We haven't explored how to use a local channel for custom builds, or how to create a channel - see the resources listed above.

Did I miss any particularly interesting Guix channels? Or, have you found an interesting use-case for them? If so - comment away!

Posted in Tech Sunday 04 December 2022
Tagged with tech ubuntu guix

‹‹Guix common workflows and concepts Using manifests to maintain our Guix applications››

Futurile