aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2013-11-18 22:07:29 +0100
committerLudovic Courtès <ludo@gnu.org>2013-11-18 22:07:29 +0100
commite900c5031f4ecf5ac3f131a908a2616871793f8c (patch)
tree04ceb7f248ffa5b7f225aabd6358076d0e0e530e /doc
parent8db351e338afa0b8278571105776a7e2391e49ef (diff)
downloadgnu-guix-e900c5031f4ecf5ac3f131a908a2616871793f8c.tar
gnu-guix-e900c5031f4ecf5ac3f131a908a2616871793f8c.tar.gz
doc: Mention Linux containers; emphasize reproducible builds.
* doc/guix.texi (Introduction): Use "containers" instead of "chroots". (Invoking guix-daemon): Add @cindex entries. Mention the Linux container features. (Features): Add sentence on build reproducibility.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi19
1 files changed, 16 insertions, 3 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index d0dc523a01..cfa5aac326 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -95,7 +95,7 @@ always produces the same result when passed a given set of inputs. It
cannot alter the system's environment in
any way; for instance, it cannot create, modify, or delete files outside
of its build and installation directories. This is achieved by running
-build processes in isolated environments (or @dfn{chroots}), where only their
+build processes in isolated environments (or @dfn{containers}), where only their
explicit inputs are visible.
@cindex store
@@ -224,6 +224,7 @@ The @code{guix-daemon} program may then be run as @code{root} with:
# guix-daemon --build-users-group=guix-builder
@end example
+@cindex chroot
@noindent
This way, the daemon starts build processes in a chroot, under one of
the @code{guix-builder} users. On GNU/Linux, by default, the chroot
@@ -271,6 +272,10 @@ is normally run as @code{root} like this:
@noindent
For details on how to set it up, @ref{Setting Up the Daemon}.
+@cindex chroot
+@cindex container, build environment
+@cindex build environment
+@cindex reproducible builds
By default, @command{guix-daemon} launches build processes under
different UIDs, taken from the build group specified with
@code{--build-users-group}. In addition, each build process is run in a
@@ -278,7 +283,10 @@ chroot environment that only contains the subset of the store that the
build process depends on, as specified by its derivation
(@pxref{Programming Interface, derivation}), plus a set of specific
system directories. By default, the latter contains @file{/dev} and
-@file{/dev/pts}.
+@file{/dev/pts}. Furthermore, on GNU/Linux, the build environment is a
+@dfn{container}: in addition to having its own file system tree, it has
+a separate mount name space, its own PID name space, network name space,
+etc. This helps achieve reproducible builds (@pxref{Features}).
The following command-line options are supported:
@@ -447,13 +455,18 @@ profiles, and remove those that are provably no longer referenced
generations of their profile so that the packages they refer to can be
collected.
+@cindex reproducibility
+@cindex reproducible builds
Finally, Guix takes a @dfn{purely functional} approach to package
management, as described in the introduction (@pxref{Introduction}).
Each @file{/nix/store} package directory name contains a hash of all the
inputs that were used to build that package---compiler, libraries, build
scripts, etc. This direct correspondence allows users to make sure a
given package installation matches the current state of their
-distribution, and helps maximize @dfn{reproducibility}.
+distribution. It also helps maximize @dfn{build reproducibility}:
+thanks to the isolated build environments that are used, a given build
+is likely to yield bit-identical files when performed on different
+machines (@pxref{Invoking guix-daemon, container}).
@cindex substitute
This foundation allows Guix to support @dfn{transparent binary/source