summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/contributing.fr.texi505
-rw-r--r--doc/guix.fr.texi21884
-rw-r--r--doc/local.mk7
-rw-r--r--po/doc/contributing.fr.po1220
-rw-r--r--po/doc/guix.fr.po42145
-rw-r--r--po/doc/local.mk4
6 files changed, 65762 insertions, 3 deletions
diff --git a/doc/contributing.fr.texi b/doc/contributing.fr.texi
new file mode 100644
index 0000000000..0ded44c5fd
--- /dev/null
+++ b/doc/contributing.fr.texi
@@ -0,0 +1,505 @@
+@node Contribuer
+@chapter Contribuer
+
+Ce projet est un effort coopératif et nous avons besoin de votre aide pour
+le faire grandir ! Contactez-nous sur @email{guix-devel@@gnu.org} et
+@code{#guix} sur le réseau IRC Freenode. Nous accueillons les idées, les
+rapports de bogues, les correctifs et tout ce qui pourrait aider le
+projet. Nous apprécions particulièrement toute aide sur la création de
+paquets (@pxref{Consignes d'empaquetage}).
+
+@cindex code de conduite, des contributeurs
+@cindex convention de contribution
+Nous souhaitons fournir un environnement chaleureux, amical et sans
+harcèlement pour que tout le monde puisse contribuer au mieux de ses
+capacités. Pour cela notre projet a une « Convention de contribution »
+adaptée de @url{http://contributor-covenant.org/}. Vous pouvez trouver une
+version locale dans le fichier @file{CODE-OF-CONDUCT} dans l'arborescence
+des sources.
+
+Les contributeurs n'ont pas besoin d'utiliser leur nom légal dans leurs
+correctifs et leurs communications en ligne ; ils peuvent utiliser n'importe
+quel nom ou pseudonyme de leur choix.
+
+@menu
+* Construire depuis Git:: The latest and greatest.
+* Lancer Guix avant qu'il ne soit installé:: Astuces pour les hackers.
+* La configuration parfaite:: Les bons outils.
+* Style de code:: Hygiène du contributeur.
+* Envoyer des correctifs:: Partager votre travail.
+@end menu
+
+@node Construire depuis Git
+@section Construire depuis Git
+
+Si vous souhaitez travailler sur Guix lui-même, il est recommandé d'utiliser
+la dernière version du dépôt Git :
+
+@example
+git clone https://git.savannah.gnu.org/git/guix.git
+@end example
+
+Lors de la construction de Guix depuis un extrait, les paquets suivants sont
+requis en plus de ceux mentionnés dans les instructions d'installation
+(@pxref{Prérequis}).
+
+@itemize
+@item @url{http://gnu.org/software/autoconf/, GNU Autoconf};
+@item @url{http://gnu.org/software/automake/, GNU Automake};
+@item @url{http://gnu.org/software/gettext/, GNU Gettext};
+@item @url{http://gnu.org/software/texinfo/, GNU Texinfo};
+@item @url{http://www.graphviz.org/, Graphviz};
+@item @url{http://www.gnu.org/software/help2man/, GNU Help2man (facultatif)}.
+@end itemize
+
+La manière la plus simple de configurer un environnement de développement
+pour Guix est, bien sûr, d'utiliser Guix ! La commande suivante démarre un
+nouveau shell où toutes les dépendances et les variables d'environnements
+appropriées sont configurés pour travailler sur Guix :
+
+@example
+guix environment guix
+@end example
+
+@xref{Invoquer guix environment}, pour plus d'information sur cette
+commande. On peut ajouter des dépendances supplémentaires avec
+@option{--ad-hoc} :
+
+@example
+guix environment guix --ad-hoc help2man git strace
+@end example
+
+Lancez @command{./bootstrap} pour générer l'infrastructure du système de
+construction avec Autoconf et Automake. Si vous avez une erreur comme :
+
+@example
+configure.ac:46: error: possibly undefined macro: PKG_CHECK_MODULES
+@end example
+
+@noindent
+cela signifie probablement qu'Autoconf n'a pas pu trouver @file{pkg.m4} qui
+est fournit par pkg-config. Assurez-vous que @file{pkg.m4} est
+disponible. C'est aussi vrai pour l'ensemble de macros de @file{guile.m4}
+fournies par Guile. Par exemple, si vous avez installé Automake dans
+@file{/usr/local}, il ne cherchera pas les fichiers @file{.m4} dans
+@file{/usr/share}. Dans ce case vous devez invoquer la commande suivante :
+
+@example
+export ACLOCAL_PATH=/usr/share/aclocal
+@end example
+
+@xref{Macro Search Path,,, automake, The GNU Automake Manual}, pour plus
+d'information.
+
+Ensuite, lancez @command{./configure} comme d'habitude. Assurez-vous de
+passer @code{--localstatedir=@var{directory}} où @var{directory} est la
+valeur @code{localstatedir} utilisée par votre installation actuelle
+(@pxref{Le dépôt} pour plus d'informations à ce propos).
+
+Finalement, vous devez invoquer @code{make check} pour lancer les tests
+(@pxref{Lancer la suite de tests}). Si quelque chose échoue, jetez un œil
+aux instructions d'installation (@pxref{Installation}) ou envoyez un message
+à la list @email{guix-devel@@gnu.org}.
+
+
+@node Lancer Guix avant qu'il ne soit installé
+@section Lancer Guix avant qu'il ne soit installé
+
+Pour garder un environnement de travail sain, il est utile de tester les
+changement localement sans les installer pour de vrai. Pour pouvoir
+distinguer votre rôle « d'utilisateur final » de celui parfois haut en
+couleur de « développeur ».
+
+Pour cela, tous les outils en ligne de commande sont utilisables même sans
+avoir lancé @code{make install}. Vous devez pour cela préfixer chaque
+commande par @command{./pre-inst-env} (le script @file{pre-inst-env} se
+trouve dans le répertoire de plus haut niveau de l'arborescence des sources
+de Guix) comme cela@footnote{L'option @option{-E} de @command{sudo} garantie
+que @code{GUILE_LOAD_PATH} est bien paramétré pour @command{guix-daemon} et
+les outils qu'il utilise puissent trouver les modules Guile dont ils ont
+besoin.} :
+
+@example
+$ sudo -E ./pre-inst-env guix-daemon --build-users-group=guixbuild
+$ ./pre-inst-env guix build hello
+@end example
+
+@noindent
+De même, pour une session Guile qui utilise les modules Guix :
+
+@example
+$ ./pre-inst-env guile -c '(use-modules (guix utils)) (pk (%current-system))'
+
+;;; ("x86_64-linux")
+@end example
+
+@noindent
+@cindex REPL
+@cindex read-eval-print loop
+@dots{} et pour un REPL (@pxref{Using Guile Interactively,,, guile, Guile
+Reference Manual})
+
+@example
+$ ./pre-inst-env guile
+scheme@@(guile-user)> ,use(guix)
+scheme@@(guile-user)> ,use(gnu)
+scheme@@(guile-user)> (define snakes
+ (fold-packages
+ (lambda (package lst)
+ (if (string-prefix? "python"
+ (package-name package))
+ (cons package lst)
+ lst))
+ '()))
+scheme@@(guile-user)> (length snakes)
+$1 = 361
+@end example
+
+Le script @command{pre-inst-env} paramètre toutes les variables
+d'environnement nécessaires, dont @env{PATH} et @env{GUILE_LOAD_PATH}.
+
+Remarquez que @command{./pre-inst-env guix pull} ne met @emph{pas} à jour
+l'arborescence des sources locale ; il met seulement à jour le lien
+symbolique @file{~/.config/guix/latest} (@pxref{Invoquer guix pull}). Lancez
+@command{git pull} à la place si vous voulez mettre à jour votre
+arborescence des sources locale@footnote{Si vous voulez paramétrer
+@command{guix} pour qu'il utilise votre dépôt Git, vous pouvez faire pointer
+le lien symbolique @file{~/.config/guix/latest} vers le répertoire contenant
+ce dépôt. Si vous le seul utilisateur du système, vous pouvez aussi
+considérer faire pointer le lien symbolique @file{/root/.config/guix/latest}
+vers @file{~/.config/guix/latest} ; comme ça root aura toujours la même
+commande @command{guix} que votre utilisateur}.
+
+
+@node La configuration parfaite
+@section La configuration parfaite
+
+La configuration parfaite pour travailler sur Guix est simplement la
+configuration parfaite pour travailler en Guile (@pxref{Using Guile in
+Emacs,,, guile, Guile Reference Manual}). Tout d'abord, vous avez besoin de
+mieux qu'un éditeur de texte, vous avez besoin de
+@url{http://www.gnu.org/software/emacs, Emacs}, amélioré par le superbe
+@url{http://nongnu.org/geiser/, Geiser}.
+
+Geiser permet le développement interactif et incrémental depuis Emacs : la
+compilation du code et son évaluation depuis les buffers, l'accès à la
+documentation en ligne (docstrings), la complétion sensible au contexte,
+@kbd{M-.} pour sauter à la définition d'un objet, un REPL pour tester votre
+code, et bien plus (@pxref{Introduction,,, geiser, Geiser User
+Manual}). Pour travailler confortablement sur Guix, assurez-vous de modifier
+le chemin de chargement de Guile pour qu'il trouve les fichiers source de
+votre dépôt :
+
+@lisp
+;; @r{Si l'extrait est dans ~/src/guix.}
+(with-eval-after-load 'geiser-guile
+ (add-to-list 'geiser-guile-load-path "~/src/guix"))
+@end lisp
+
+To actually edit the code, Emacs already has a neat Scheme mode. But in
+addition to that, you must not miss
+@url{http://www.emacswiki.org/emacs/ParEdit, Paredit}. It provides
+facilities to directly operate on the syntax tree, such as raising an
+s-expression or wrapping it, swallowing or rejecting the following
+s-expression, etc.
+
+@cindex extraits de code
+@cindex modèles
+@cindex réduire la quantité de code commun
+Nous fournissons aussi des modèles pour les messages de commit git communs
+et les définitions de paquets dans le répertoire @file{etc/snippets}. Ces
+modèles s'utilisent avec @url{http://joaotavora.github.io/yasnippet/,
+YASnippet} pour développer des chaînes courtes de déclenchement en extraits
+de texte interactifs. Vous pouvez ajouter le répertoire des modèles dans la
+variables @var{yas-snippet-dirs} d'Emacs.
+
+@lisp
+;; @r{Si l'extrait est dans ~/src/guix.}
+(with-eval-after-load 'yasnippet
+ (add-to-list 'yas-snippet-dirs "~/src/guix/etc/snippets"))
+@end lisp
+
+Les extraits de messages de commit dépendent de @url{https://magit.vc/,
+Magit} pour afficher les fichiers sélectionnés. Lors de la modification d'un
+message de commit, tapez @code{add} suivi de @kbd{TAB} pour insérer un
+modèle de message de commit pour ajouter un paquet ; tapez @code{update}
+suivi de @kbd{TAB} pour insérer un modèle pour la mise à jour d'un paquet.
+
+L'extrait principal pour @code{scheme-mode} est lancé en tapant
+@code{package…} suivi par @kbd{TAB}. Cet extrait insère aussi la chaîne de
+déclenchement @code{origin…}, qui peut aussi être étendue. L'extrait
+@code{origin} lui-même peut aussi insérer des chaînes de déclenchement qui
+finissent sur @code{…}, qui peuvent aussi être étendues.
+
+
+@node Style de code
+@section Style de code
+
+En général notre code suit le Standard de Code GNU (@pxref{Top,,, standards,
+GNU Coding Standards}). Cependant, il ne parle pas beaucoup de Scheme, donc
+voici quelques règles supplémentaires.
+
+@menu
+* Paradigme de programmation:: Comment composer vos éléments.
+* Modules:: Où stocker votre code ?
+* Types de données et reconnaissance de motif:: Implémenter des
+ structures de données.
+* Formatage du code:: Conventions d'écriture.
+@end menu
+
+@node Paradigme de programmation
+@subsection Paradigme de programmation
+
+Le code Scheme dans Guix est écrit dans un style purement fonctionnel. Le
+code qui s'occupe des entrées-sorties est une exception ainsi que les
+procédures qui implémentent des concepts bas-niveau comme la procédure
+@code{memoize}.
+
+@node Modules
+@subsection Modules
+
+Les modules Guile qui sont sensés être utilisés du côté de la construction
+doivent se trouver dans l'espace de nom @code{(guix build @dots{})}. Ils ne
+doivent pas se référer à d'autres modules Guix ou GNU. Cependant il est
+correct pour un module « côté hôte » de dépendre d'un module coté
+construction.
+
+Les modules qui s'occupent du système GNU général devraient se trouver dans
+l'espace de nom @code{(gnu @dots{})} plutôt que @code{(guix @dots{})}.
+
+@node Types de données et reconnaissance de motif
+@subsection Types de données et reconnaissance de motif
+
+La tendance en Lisp classique est d'utiliser des listes pour tout
+représenter et de naviguer dedans « à la main ( avec @code{car}, @code{cdr},
+@code{cadr} et compagnie. Il y a plusieurs problèmes avec ce style,
+notamment le fait qu'il soit dur à lire, source d'erreur et un obstacle aux
+rapports d'erreur bien typés.
+
+Le code de Guix devrait définir des types de données appropriées (par
+exemple, avec @code{define-record-type*}) plutôt que d'abuser des listes. En
+plus, il devrait utiliser la recherche de motifs, via le module Guile
+@code{(ice-9 match)}, surtout pour rechercher dans des listes.
+
+@node Formatage du code
+@subsection Formatage du code
+
+@cindex formater le code
+@cindex style de code
+Lorsque nous écrivons du code Scheme, nous suivons la sagesse commune aux
+programmeurs Scheme. En général, nous suivons les
+@url{http://mumble.net/~campbell/scheme/style.txt, règles de style de
+Riastradh}. Ce document décrit aussi les conventions utilisées dans le code
+de Guile. Il est bien pensé et bien écrit, alors n'hésitez pas à le lire.
+
+Certaines formes spéciales introduites dans Guix comme la macro
+@code{substitute*} ont des règles d'indentation spécifiques. Elles sont
+définies dans le fichier @file{.dir-locals.el} qu'Emacs utilise
+automatiquement. Remarquez aussi qu'Emacs-Guix fournit le mode
+@code{guix-devel-mode} qui indente et colore le code Guix correctement
+(@pxref{Development,,, emacs-guix, The Emacs-Guix Reference Manual}).
+
+@cindex indentation, du code
+@cindex formatage, du code
+Si vous n'utilisez pas Emacs, assurez-vous que votre éditeur connaisse ces
+règles. Pour indenter automatiquement une définition de paquet, vous pouvez
+aussi lancer :
+
+@example
+./etc/indent-code.el gnu/packages/@var{file}.scm @var{package}
+@end example
+
+@noindent
+Cela indente automatiquement la définition de @var{package} dans
+@file{gnu/packages/@var{file}.scm} en lançant Emacs en mode commande. Pour
+indenter un fichier complet, n'indiquez pas de second argument :
+
+@example
+./etc/indent-code.el gnu/services/@var{file}.scm
+@end example
+
+Nous demandons que toutes les procédure de premier niveau contiennent une
+chaîne de documentation. Ce pré-requis peut être relâché pour les procédures
+privées simples dans l'espace de nom @code{(guix build @dots{})} cependant.
+
+Les procédures ne devraient pas avoir plus de quatre paramètres
+positionnés. Utilisez des paramètres par mot-clefs pour les procédures qui
+prennent plus de quatre paramètres.
+
+
+@node Envoyer des correctifs
+@section Envoyer des correctifs
+
+Le développement se fait avec le système de contrôle de version Git. Ainsi,
+l'accès au dépôt n'est pas strictement nécessaire. Nous accueillons les
+contributions sous forme de correctifs produits par @code{git format-patch}
+envoyés sur la liste de diffusion @email{guix-patches@@gnu.org}.
+
+Cette liste de diffusion est gérée par une instance Debbugs accessible à
+l'adresse @uref{https://bugs.gnu.org/guix-patches}, qui nous permet de
+suivre les soumissions. Chaque message envoyé à cette liste se voit
+attribuer un numéro de suivi ; les gens peuvent ensuite répondre à cette
+soumission en envoyant un courriel à @code{@var{NNN}@@debbugs.gnu.org}, où
+@var{NNN} est le numéro de suivi (@pxref{Envoyer une série de correctifs}).
+
+Veuillez écrire les messages de commit dans le format ChangeLog
+(@pxref{Change Logs,,, standards, GNU Coding Standards}) ; vous pouvez
+regarder l'historique des commits pour trouver des exemples.
+
+Avant de soumettre un correctif qui ajoute ou modifie la définition d'un
+paquet, veuillez vérifier cette check-list :
+
+@enumerate
+@item
+Si les auteurs du paquet logiciel fournissent une signature cryptographique
+pour l'archive, faîtes un effort pour vérifier l'authenticité de
+l'archive. Pour un fichier de signature GPG détaché, cela se fait avec la
+commande @code{gpg --verify}.
+
+@item
+Prenez un peu de temps pour fournir un synopsis et une description adéquats
+pour le paquet. Voir @xref{Synopsis et descriptions} pour quelques lignes
+directrices.
+
+@item
+Lancez @code{guix lint @var{paquet}}, où @var{paquet} est le nom du nouveau
+paquet ou du paquet modifié, et corrigez les erreurs qu'il rapporte
+(@pxref{Invoquer guix lint}).
+
+@item
+Assurez-vous que le paquet se construise sur votre plate-forme avec
+@code{guix build @var{paquet}}.
+
+@item
+@cindex construction groupée
+Assurez-vous que le paquet n'utilise pas de copie groupée d'un logiciel déjà
+disponible dans un paquet séparé.
+
+Parfois, les paquets incluent des copie du code source de leurs dépendances
+pour le confort de leurs utilisateurs. Cependant, en tant que distribution,
+nous voulons nous assurer que ces paquets utilisent bien les copient que
+nous avons déjà dans la distribution si elles existent. Cela améliore
+l'utilisation des ressources (la dépendance n'est construite et stockée
+qu'une seule fois) et permet à la distribution de faire des changements
+transversaux comme appliquer des correctifs de sécurité pour un paquet donné
+depuis un unique emplacement et qu'ils affectent tout le système, ce
+qu'empêchent les copies groupées.
+
+@item
+Regardez le profile rapporté par @command{guix size} (@pxref{Invoquer guix size}). Cela vous permettra de remarquer des références à d'autres paquets
+qui ont été retenus. Il peut aussi aider à déterminer s'il faut découper le
+paquet (@pxref{Des paquets avec plusieurs résultats}) et quelle dépendance
+facultative utiliser.
+
+@item
+Pour les changements important, vérifiez que les paquets qui en dépendent
+(s'ils existent) ne sont pas affectés par le changement ; @code{guix refresh
+--list-dependant @var{paquet}} vous aidera (@pxref{Invoquer guix refresh}).
+
+@c ===========================================================================
+@c
+@c This file was generated with po4a. Translate the source file.
+@c
+@c ===========================================================================
+@c See <https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html>.
+@cindex stratégie de branche
+@cindex stratégie de planification des reconstructions
+Suivant le nombre de paquets dépendants et donc le nombre de reconstruction
+induites, les commits vont vers des branches différentes, suivant ces
+principes :
+
+@table @asis
+@item 300 paquets dépendants ou moins
+branche @code{master} (changements non-disruptifs).
+
+@item entre 300 et 1 200 paquets dépendants
+branche @code{staging} (changemets non-disruptifs). Cette branche devrait
+être fusionnées dans @code{master} tous les 3 semaines. Les changements par
+thèmes (par exemple une mise à jour de la pile GNOME) peuvent aller dans une
+branche spécifique (disons, @code{gnome-updates}).
+
+@item plus de 1 200 paquets dépendants
+branche @code{core-updates} (peut inclure des changements majeurs et
+potentiellement disruptifs). Cette branche devrait être fusionnée dans
+@code{master} tous les 2,5 mois environ.
+@end table
+
+Toutes ces branches sont gérées par notre ferme de construction et
+fusionnées dans @code{master} une fois que tout a été construit
+correctement. Cela nous permet de corriger des problèmes avant qu'ils
+n'atteignent les utilisateurs et réduit la fenêtre pendant laquelle les
+binaires pré-construits ne sont pas disponibles.
+
+@item
+@cindex déterminisme, du processus de construction
+@cindex construction reproductibles, vérification
+Vérifiez si le processus de construction du paquet est déterministe. Cela
+signifie typiquement vérifier qu'une construction indépendante du paquet
+renvoie exactement le même résultat que vous avez obtenu, bit à bit.
+
+Une manière simple de le faire est de reconstruire le paquet plusieurs fois
+à la suite sur votre machine (@pxref{Invoquer guix build}) :
+
+@example
+guix build --rounds=2 mon-paquet
+@end example
+
+Cela est suffisant pour trouver une classe de non-déterminisme commune,
+comme l'horodatage ou des sorties générées aléatoirement dans le résultat de
+la construction.
+
+Une autre option consiste à utiliser @command{guix challenge}
+(@pxref{Invoquer guix challenge}). Vous pouvez lancer la commande une fois
+que les paquets ont été commités et construits par @code{hydra.gnu.org} pour
+vérifier s'il obtient le même résultat que vous. Mieux encore : trouvez une
+autre machine qui peut le construire et lancez @command{guix publish}. Puis
+la machine distante est sûrement différente de la vôtre, cela peut trouver
+des problèmes de non-déterminisme liés au matériel — par exemple utiliser
+une extension du jeu d'instruction — ou du noyau du système d'exploitation —
+par exemple se reposer sur @code{uname} ou les fichiers de @file{/proc}.
+
+@item
+Lorsque vous écrivez de la documentation, utilisez une formulation au genre
+neutre lorsque vous vous référez à des personnes, comme le
+@uref{https://fr.wikipedia.org/wiki/They_singulier, ``they''@comma{}
+``their''@comma{} ``them'' singulier} (en anglais).
+
+@item
+Vérifiez que votre correctif contienne seulement un ensemble de changements
+liés. Grouper des changements non liés ensemble rend la revue plus difficile
+et plus lente.
+
+Ajouter plusieurs paquet ou une mise à jour d'un paquet avec des corrections
+dans ce paquet sont des exemples de changements sans rapport.
+
+@item
+Suivez nos règles de formatage de code, éventuellement en lançant le script
+@command{et/indent-code.el} pour le faire automatiquement (@pxref{Formatage
+du code}).
+
+@end enumerate
+
+Lorsque vous envoyez un correctif à la liste de diffusion, utilisez
+@samp{[PATCH] @dots{}} comme sujet. Vous pouvez utiliser votre client de
+courriel ou la commande @command{git send-email} (@pxref{Envoyer une série
+de correctifs}). Nous préférons recevoir des correctifs en texte brut, soit
+en ligne, soit en pièce-jointe MIME. Nous vous conseillons de faire
+attention si votre client de courriel change par exemple les retours à la
+ligne ou l'indentation, ce qui peut casser les correctifs.
+
+Lorsqu'un bogue est résolu, veuillez fermer le fil en envoyant un courriel à
+@email{@var{NNN}-done@@debbugs.gnu.org}.
+
+@unnumberedsubsec Envoyer une série de correctifs
+@anchor{Envoyer une série de correctifs}
+@cindex série de correctifs
+@cindex @code{git send-email}
+@cindex @code{git-send-email}
+
+@c Debbugs bug: https://debbugs.gnu.org/db/15/15361.html
+Lorsque vous envoyez une série de correctifs (p.e. avec @code{git
+send-email}), envoyez d'abord une premier message à
+@email{guix-patches@@gnu.org} puis envoyez le reste des correctifs à
+@email{@var{NNN}@@debbugs.gnu.org} pour vous assurer qu'ils seront groupés
+ensemble. Voyez @uref{https://debbugs.gnu.org/Advanced.html, la
+documentation de Debbugs} pour plus d'informations.
diff --git a/doc/guix.fr.texi b/doc/guix.fr.texi
new file mode 100644
index 0000000000..5ad167a317
--- /dev/null
+++ b/doc/guix.fr.texi
@@ -0,0 +1,21884 @@
+\input texinfo
+@c ===========================================================================
+@c
+@c This file was generated with po4a. Translate the source file.
+@c
+@c ===========================================================================
+@c -*-texinfo-*-
+
+@c %**start of header
+@setfilename guix.fr.info
+@documentencoding UTF-8
+@documentlanguage fr
+@settitle Manuel de référence de GNU Guix
+@c %**end of header
+
+@include version-fr.texi
+
+@c Identifier of the OpenPGP key used to sign tarballs and such.
+@set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
+
+@copying
+Copyright @copyright{} 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic
+Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@* Copyright
+@copyright{} 2013 Nikita Karetnikov@* Copyright @copyright{} 2014, 2015,
+2016 Alex Kost@* Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
+Copyright @copyright{} 2014 Pierre-Antoine Rault@* Copyright @copyright{}
+2015 Taylan Ulrich Bayırlı/Kammer@* Copyright @copyright{} 2015, 2016, 2017
+Leo Famulari@* Copyright @copyright{} 2015, 2016, 2017, 2018 Ricardo
+Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{}
+2016, 2017, 2018 Chris Marusich@* Copyright @copyright{} 2016, 2017, 2018
+Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright
+@copyright{} 2016, 2017 Nils Gillmann@* Copyright @copyright{} 2016, 2017
+Jan Nieuwenhuizen@* Copyright @copyright{} 2016 Julien Lepiller@* Copyright
+@copyright{} 2016 Alex ter Weele@* Copyright @copyright{} 2017, 2018 Clément
+Lassieur@* Copyright @copyright{} 2017 Mathieu Othacehe@* Copyright
+@copyright{} 2017 Federico Beffa@* Copyright @copyright{} 2017 Carlo
+Zancanaro@* Copyright @copyright{} 2017 Thomas Danckaert@* Copyright
+@copyright{} 2017 humanitiesNerd@* Copyright @copyright{} 2017 Christopher
+Allan Webber@* Copyright @copyright{} 2017 Marius Bakke@* Copyright
+@copyright{} 2017 Hartmut Goebel@* Copyright @copyright{} 2017 Maxim
+Cournoyer@* Copyright @copyright{} 2017, 2018 Tobias Geerinckx-Rice@*
+Copyright @copyright{} 2017 George Clemmer@* Copyright @copyright{} 2017
+Andy Wingo@* Copyright @copyright{} 2017, 2018 Arun Isaac@* Copyright
+@copyright{} 2017 nee@* Copyright @copyright{} 2018 Rutger Helling@*
+Copyright @copyright{} 2018 Oleg Pykhalov@* Copyright @copyright{} 2018 Mike
+Gerwitz
+
+Vous avez la permission de copier, distribuer ou modifier ce document sous
+les termes de la Licence GNU Free Documentation, version 1.3 ou toute
+version ultérieure publiée par la Free Software Foundation ; sans section
+invariante, texte de couverture et sans texte de quatrième de
+couverture. Une copie de la licence est incluse dans la section intitulée
+« GNU Free Documentation License ».
+@end copying
+
+@dircategory Administration système
+@direntry
+* Guix: (guix). Gérer les logiciels installés et la
+ configuration du système.
+* guix package : (guix)Invoquer guix package. Intaller, supprimer et
+ mettre à jour des paquets.
+* guix gc : (guix)Invoquer guix gc. Récupérer de l'espace disque
+ inutilisé.
+* guix pull : (guix)Invoquer guix pull. Mettre à jour la liste des
+ paquets disponibles.
+* guix system : (guix)Invoquer guix system. Gérer la configuration du
+ système d'exploitation.
+@end direntry
+
+@dircategory Développement logiciel
+@direntry
+* guix environment : (guix)Invoquer guix environment. Construire des
+ environnements de
+ construction avec
+ Guix.
+* guix build : (guix)Invoquer guix build. Construire des paquets.
+* guix pack : (guix) Invoquer guix pack. Créer des lots binaires.
+@end direntry
+
+@titlepage
+@title Manuel de référence de GNU Guix
+@subtitle Utiliser le gestionnaire de paquet fonctionnel GNU Guix
+@author Les développeurs de GNU Guix
+
+@page
+@vskip 0pt plus 1filll
+Édition @value{EDITION} @* @value{UPDATED} @*
+
+@insertcopying
+@end titlepage
+
+@contents
+
+@c *********************************************************************
+@node Top
+@top GNU Guix
+
+Cette documentation décrit GNU Guix version @value{VERSION}, un outils de
+gestion de paquets fonctionnel écrit pour le système GNU.
+
+@menu
+* Introduction:: Qu'est-ce que Guix ?
+* Installation:: Installer Guix.
+* Gestion de paquets:: Installation des paquets, mises à jour, etc.
+* Interface de programmation:: Utiliser Guix en Scheme.
+* Utilitaires:: Commandes de gestion de paquets.
+* Distribution GNU:: Des logiciels pour un système GNU convivial.
+* Contribuer:: Nous avons besoin de votre aide !
+
+* Remerciements:: Merci !
+* La licence GNU Free Documentation:: La licence de ce manuel.
+* Index des concepts:: Les concepts.
+* Index de programmation:: Types de données, fonctions et variables.
+
+@detailmenu
+ --- Liste détaillée des nœuds ---
+
+
+
+Installation
+
+
+
+* Installation binaire:: Commencer à utiliser Guix en un rien de temps
+ !
+* Prérequis:: Logiciels requis pour construire et lancer
+ Guix.
+* Lancer la suite de tests:: Tester Guix.
+* Paramétrer le démon:: Préparer l'environnement du démon de
+ construction.
+* Invoquer guix-daemon:: Lancer le démon de construction.
+* Réglages applicatifs:: Réglages spécifiques pour les application.
+
+Paramétrer le démon
+
+
+
+* Réglages de l'environnement de construction:: Préparer l'environnement
+ de construction isolé.
+* Réglages du délestage du démon:: Envoyer des constructions à des
+ machines distantes.
+* Support de SELinux:: Utiliser une politique SELinux pour le démon.
+
+Gestion de paquets
+
+
+
+* Fonctionnalités:: Comment Guix va rendre votre vie plus heureuse.
+* Invoquer guix package:: Installation, suppression, etc. de paquets.
+* Substituts:: Télécharger des binaire déjà construits.
+* Des paquets avec plusieurs résultats:: Un seul paquet source, plusieurs
+ résultats.
+* Invoquer guix gc:: Lancer le ramasse-miettes.
+* Invoquer guix pull:: Récupérer la dernière version de Guix et de
+ la distribution.
+* Invoquer guix pack:: Créer des lots de logiciels.
+* Invoquer guix archive:: Exporter et importer des fichiers du dépôt.
+
+Substituts
+
+
+
+* Serveur de substituts officiel:: Une source particulière de substituts.
+* Autoriser un serveur de substituts:: Comment activer ou désactiver les
+ substituts.
+* Authentification des substituts:: Coment Guix vérifie les substituts.
+* Paramètres de serveur mandataire:: Comment récupérer des substituts à
+ travers un serveur mandataire.
+* Échec de substitution:: Qu'arrive-t-il quand la substitution échoue.
+* De la confiance en des binaires:: Comment pouvez-vous avoir confiance en
+ un paquet binaire ?
+
+Interface de programmation
+
+
+
+* Définition des paquets:: Définir de nouveaux paquets.
+* Systèmes de construction:: Spécifier comment construire les paquets.
+* Le dépôt:: Manipuler le dépôt de paquets.
+* Dérivations:: Interface de bas-niveau avec les dérivations
+ de paquets.
+* La monad du dépôt:: Interface purement fonctionnelle avec le
+ dépôt.
+* G-Expressions:: Manipuler les expressions de construction.
+
+Définition des paquets
+
+
+
+* Référence de paquet :: Le type de donnée des paquets.
+* Référence d'origine:: Le type de données d'origine.
+
+Utilitaires
+
+
+
+* Invoquer guix build:: Construire des paquets depuis la ligne de
+ commande.
+* Invoquer guix edit:: Modifier les définitions de paquets.
+* Invoquer guix download:: Télécharger un fichier et afficher son hash.
+* Invoquer guix hash:: Calculer le hash cryptographique d'un fichier.
+* Invoquer guix import:: Importer des définitions de paquets.
+* Invoquer guix refresh:: Mettre à jour les définitions de paquets.
+* Invoquer guix lint:: Trouver des erreurs dans les définitions de
+ paquets.
+* Invoquer guix size:: Profiler l'utilisation du disque.
+* Invoquer guix graph:: Visualiser le graphe des paquets.
+* Invoquer guix environment:: Mettre en place des environnements de
+ développement.
+* Invoquer guix publish:: Partager des substituts.
+* Invoquer guix challenge:: Défier les serveurs de substituts.
+* Invoquer guix copy:: Copier vers et depuis un dépôt distant.
+* Invoquer guix container:: Isolation de processus.
+* Invoquer guix weather:: Mesurer la disponibilité des substituts.
+
+Invoquer @command{guix build}
+
+
+
+* Options de construction communes:: Options de construction pour la
+ plupart des commandes.
+* Options de transformation de paquets:: Créer des variantes de paquets.
+* Options de construction supplémentaires:: Options spécifiques à «
+ guix build ».
+* Débogage des échecs de construction:: La vie d'un empaqueteur.
+
+Distribution GNU
+
+
+
+* Installation du système:: Installer le système d'exploitation complet.
+* Configuration système:: Configurer le système d'exploitation.
+* Documentation:: Visualiser les manuels d'utilisateur des
+ logiciels.
+* Installer les fichiers de débogage:: Nourrir le débogueur.
+* Mises à jour de sécurité:: Déployer des correctifs de sécurité
+ rapidement.
+* Modules de paquets:: Les paquets du point de vu du programmeur.
+* Consignes d'empaquetage:: Faire grandir la distribution.
+* Bootstrapping:: GNU/Linux depuis zéro.
+* Porter:: Cibler une autre plateforme ou un autre noyau.
+
+Installation du système
+
+
+
+* Limitations:: Ce à quoi vous attendre.
+* Considérations matérielles:: Matériel supporté.
+* Installation depuis une clef USB ou un DVD:: Préparer le média
+ d'installation.
+* Préparer l'installation:: Réseau, partitionnement, etc.
+* Effectuer l'installation:: Pour de vrai.
+* Installer GuixSD dans une VM:: Jouer avec GuixSD.
+* Construire l'image d'installation:: D'où vient tout cela.
+
+Configuration système
+
+
+
+* Utiliser le système de configuration:: Personnaliser votre système GNU.
+* Référence de système d'exploitation:: Détail sur la déclaration de
+ système d'exploitation.
+* Systèmes de fichiers:: Configurer les montages de systèmes de
+ fichiers.
+* Périphériques mappés:: Gestion des périphériques de bloc.
+* Comptes utilisateurs:: Spécifier des comptes utilisateurs.
+* Régionalisation:: Paramétrer la langue et les conventions
+ culturelles.
+* Services:: Spécifier les services du système.
+* Programmes setuid:: Programmes tournant avec les privilèges root.
+* Certificats X.509:: Authentifier les serveurs HTTPS.
+* Name Service Switch:: Configurer le « name service switch » de la
+ libc.
+* Disque de RAM initial:: Démarrage de Linux-Libre.
+* Configuration du chargeur d'amorçage:: Configurer le chargeur
+ d'amorçage.
+* Invoquer guix system:: Instantier une configuration du système.
+* Lancer GuixSD dans une VM:: Comment lancer GuixSD dans une machine
+ virtuelle.
+* Définir des services:: Ajouter de nouvelles définitions de services.
+
+Services
+
+
+
+* Services de base:: Services systèmes essentiels.
+* Scheduled Job Execution:: The mcron service.
+* Log Rotation:: The rottlog service.
+* Networking Services:: Network setup, SSH daemon, etc.
+* X Window:: Graphical display.
+* Printing Services:: Local and remote printer support.
+* Desktop Services:: D-Bus and desktop services.
+* Database Services:: SQL databases, key-value stores, etc.
+* Mail Services:: IMAP, POP3, SMTP, and all that.
+* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
+* Monitoring Services:: Monitoring services.
+* Kerberos Services:: Kerberos services.
+* Web Services:: Web servers.
+* Certificate Services:: TLS certificates via Let's Encrypt.
+* DNS Services:: DNS daemons.
+* VPN Services:: VPN daemons.
+* Network File System:: NFS related services.
+* Continuous Integration:: The Cuirass service.
+* Power management Services:: The TLP tool.
+* Audio Services:: The MPD.
+* Virtualization Services:: Virtualization services.
+* Version Control Services:: Providing remote access to Git repositories.
+* Game Services:: Game servers.
+* Miscellaneous Services:: Other services.
+
+Définir des services
+
+
+
+* Composition de services:: Le modèle de composition des services.
+* Types service et services:: Types et services.
+* Référence de service:: Référence de l'API.
+* Services Shepherd:: Un type de service particulier.
+
+Consignes d'empaquetage
+
+
+
+* Liberté logiciel:: Ce que la distribution peut contenir.
+* Conventions de nommage:: Qu'est-ce qu'un bon nom ?
+* Numéros de version:: Lorsque le nom n'est pas suffisant.
+* Synopsis et descriptions:: Aider les utilisateurs à trouver le bon
+ paquet.
+* Modules python:: Un peu de comédie anglaise.
+* Modules perl:: Petites perles.
+* Paquets java:: Pause café.
+* Polices de caractères:: Fond of fonts.
+
+Contribuer
+
+
+
+* Construire depuis Git:: The latest and greatest.
+* Lancer Guix avant qu'il ne soit installé:: Astuces pour les hackers.
+* La configuration parfaite:: Les bons outils.
+* Style de code:: Hygiène du contributeur.
+* Envoyer des correctifs:: Partager votre travail.
+
+Style de code
+
+
+
+* Paradigme de programmation:: Comment composer vos éléments.
+* Modules:: Où stocker votre code ?
+* Types de données et reconnaissance de motif:: Implémenter des
+ structures de données.
+* Formatage du code:: Conventions d'écriture.
+
+@end detailmenu
+@end menu
+
+@c *********************************************************************
+@node Introduction
+@chapter Introduction
+
+@cindex but
+GNU Guix@footnote{« Guix » se prononce comme « geeks » (en prononçant le
+« s »), ou « ɡiːks » dans l'alphabet phonétique international (API).} est un
+outil de gestion de paquets pour le système GNU. Guix facilite pour les
+utilisateurs non privilégiés l'installation, la mise à jour et la
+suppression de paquets, la restauration à un ensemble de paquets précédent,
+la construction de paquets depuis les sources et plus généralement aide à la
+création et à la maintenance d'environnements logiciels.
+
+@cindex interfaces utilisateurs
+Guix fournit une interface de gestion des paquets par la ligne de commande
+(@pxref{Invoquer guix package}), un ensemble d'utilitaires en ligne de
+commande (@pxref{Utilitaires}) ainsi que des interfaces de programmation
+Scheme (@pxref{Interface de programmation}).
+@cindex démon de construction
+Son @dfn{démon de construction} est responsable de la construction des
+paquets pour les utilisateurs (@pxref{Paramétrer le démon}) et du
+téléchargement des binaires pré-construits depuis les sources autorisées
+(@pxref{Substituts}).
+
+@cindex extensibilité de la distribution
+@cindex personnalisation, des paquets
+Guix contient de nombreuses définitions de paquet GNU et non-GNU qui
+respectent tous les @uref{https://www.gnu.org/philosophy/free-sw.fr.html,
+libertés de l'utilisateur}. Il est @emph{extensible} : les utilisateurs
+peuvent écrire leurs propres définitions de paquets (@pxref{Définition des paquets}) et les rendre disponibles dans des modules de paquets
+indépendants (@pxref{Modules de paquets}). Il est aussi
+@emph{personnalisable} : les utilisateurs peuvent @emph{dériver} des
+définitions de paquets spécialisées à partir de définitions existantes, même
+depuis la ligne de commande (@pxref{Options de transformation de paquets}).
+
+@cindex Distribution Système Guix
+@cindex GuixSD
+Vous pouvez installer GNU@tie{}Guix sur un système GNU/Linux existant pour
+compléter les outils disponibles sans interférence (@pxref{Installation}) ou
+vous pouvez l'utiliser à travers la @dfn{Distribution Système Guix} ou
+GuixSD (@pxref{Distribution GNU}) distincte. Avec GNU@tie{}GuixSD, vous
+@emph{déclarez} tous les aspects de la configuration du système
+d'exploitation et Guix s'occupe de créer la configuration d'une manière
+transactionnelle, reproductible et sans état (@pxref{Configuration
+système}).
+
+@cindex gestion de paquet fonctionnelle
+Sous le capot, Guix implémente la discipline de @dfn{gestion de paquet
+fonctionnel} inventé par Nix (@pxref{Remerciements}). Dans Guix le processus
+de construction et d'installation des paquets est vu comme une
+@emph{fonction} dans le sens mathématique du terme. Cette fonction a des
+entrées (comme des scripts de construction, un compilateur et des
+bibliothèques) et renvoie un paquet installé. En tant que fonction pure, son
+résultat ne dépend que de ses entrées. Par exemple, il ne peut pas faire
+référence à des logiciels ou des scripts qui n'ont pas été explicitement
+passés en entrée. Une fonction de construction produit toujours le même
+résultat quand on lui donne le même ensemble d'entrée. Elle ne peut pas
+modifier l'environnement du système en cours d'exécution d'aucune manière ;
+par exemple elle ne peut pas créer, modifier ou supprimer des fichiers en
+dehors de ses répertoires de construction et d'installation. Ce résultat
+s'obtient en lançant les processus de construction dans des environnements
+isolés (ou des @dfn{conteneurs}) où seules les entrées explicites sont
+visibles.
+
+@cindex dépôt
+Le résultat des fonctions de construction de paquets est mis en @dfn{cache}
+dans le système de fichier, dans répertoire spécial appelé le @dfn{dépôt}
+(@pxref{Le dépôt}). Chaque paquet est installé dans son répertoire propre
+dans le dépôt — par défaut dans @file{/gnu/store}. Le nom du répertoire
+contient un hash de toutes les entrées utilisées pour construire le paquet ;
+ainsi, changer une entrée donnera un nom de répertoire différent.
+
+Cette approche est le fondement des fonctionnalités les plus importante de
+Guix : le support des mises à jour des paquets et des retours en arrière
+transactionnels, l'installation différenciée par utilisateur et le ramassage
+de miettes pour les paquets (@pxref{Fonctionnalités}).
+
+
+@c *********************************************************************
+@node Installation
+@chapter Installation
+
+@cindex installer Guix
+GNU Guix est disponible au téléchargement depuis son site web sur
+@url{http://www.gnu.org/software/guix/}. Cette section décrit les pré-requis
+logiciels de Guix ainsi que la manière de l'installer et de se préparer à
+l'utiliser.
+
+Remarquez que cette section concerne l'installation du gestionnaire de
+paquet, ce qui se fait sur un système GNU/Linux en cours d'exécution. Si
+vous souhaitez plutôt installer le système d'exploitation GNU complet,
+@pxref{Installation du système}.
+
+@cindex distro extérieure
+Lorsqu'il est installé sur an système GNU/Linux existant — ci-après nommé
+@dfn{distro extérieure} — GNU@tie{}Guix complète les outils disponibles sans
+interférence. Ses données se trouvent exclusivement dans deux répertoires,
+typiquement @file{/gnu/store} et @file{/var/guix} ; les autres fichiers de
+votre système comme @file{/etc} sont laissés intacts.
+
+Une fois installé, Guix peut être mis à jour en lançant @command{guix pull}
+(@pxref{Invoquer guix pull}).
+
+@menu
+* Installation binaire:: Commencer à utiliser Guix en un rien de temps
+ !
+* Prérequis:: Logiciels requis pour construire et lancer
+ Guix.
+* Lancer la suite de tests:: Tester Guix.
+* Paramétrer le démon:: Préparer l'environnement du démon de
+ construction.
+* Invoquer guix-daemon:: Lancer le démon de construction.
+* Réglages applicatifs:: Réglages spécifiques pour les application.
+@end menu
+
+@node Installation binaire
+@section Installation binaire
+
+@cindex installing Guix from binaries
+This section describes how to install Guix on an arbitrary system from a
+self-contained tarball providing binaries for Guix and for all its
+dependencies. This is often quicker than installing from source, which is
+described in the next sections. The only requirement is to have
+GNU@tie{}tar and Xz.
+
+We provide a
+@uref{https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh,
+shell installer script}, which automates the download, installation, and
+initial configuration of Guix. It should be run as the root user.
+
+Installing goes along these lines:
+
+@enumerate
+@item
+@cindex downloading Guix binary
+Download the binary tarball from
+@indicateurl{ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz},
+where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine
+already running the kernel Linux, and so on.
+
+@c The following is somewhat duplicated in ``System Installation''.
+Make sure to download the associated @file{.sig} file and to verify the
+authenticity of the tarball against it, along these lines:
+
+@example
+$ wget ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz.sig
+$ gpg --verify guix-binary-@value{VERSION}.@var{system}.tar.xz.sig
+@end example
+
+If that command fails because you do not have the required public key, then
+run this command to import it:
+
+@example
+$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
+@end example
+
+@noindent
+@c end authentication part
+and rerun the @code{gpg --verify} command.
+
+@item
+Now, you need to become the @code{root} user. Depending on your
+distribution, you may have to run @code{su -} or @code{sudo -i}. As
+@code{root}, run:
+
+@example
+# cd /tmp
+# tar --warning=no-timestamp -xf \
+ guix-binary-@value{VERSION}.@var{system}.tar.xz
+# mv var/guix /var/ && mv gnu /
+@end example
+
+This creates @file{/gnu/store} (@pxref{Le dépôt}) and @file{/var/guix}.
+The latter contains a ready-to-use profile for @code{root} (see next step.)
+
+Do @emph{not} unpack the tarball on a working Guix system since that would
+overwrite its own essential files.
+
+The @code{--warning=no-timestamp} option makes sure GNU@tie{}tar does not
+emit warnings about ``implausibly old time stamps'' (such warnings were
+triggered by GNU@tie{}tar 1.26 and older; recent versions are fine.) They
+stem from the fact that all the files in the archive have their modification
+time set to zero (which means January 1st, 1970.) This is done on purpose
+to make sure the archive content is independent of its creation time, thus
+making it reproducible.
+
+@item
+Make @code{root}'s profile available under @file{~root/.guix-profile}:
+
+@example
+# ln -sf /var/guix/profiles/per-user/root/guix-profile \
+ ~root/.guix-profile
+@end example
+
+Source @file{etc/profile} to augment @code{PATH} and other relevant
+environment variables:
+
+@example
+# GUIX_PROFILE="`echo ~root`/.guix-profile" ; \
+ source $GUIX_PROFILE/etc/profile
+@end example
+
+@item
+Create the group and user accounts for build users as explained below
+(@pxref{Réglages de l'environnement de construction}).
+
+@item
+Run the daemon, and set it to automatically start on boot.
+
+If your host distro uses the systemd init system, this can be achieved with
+these commands:
+
+@c Versions of systemd that supported symlinked service files are not
+@c yet widely deployed, so we should suggest that users copy the service
+@c files into place.
+@c
+@c See this thread for more information:
+@c http://lists.gnu.org/archive/html/guix-devel/2017-01/msg01199.html
+
+@example
+# cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service \
+ /etc/systemd/system/
+# systemctl start guix-daemon && systemctl enable guix-daemon
+@end example
+
+If your host distro uses the Upstart init system:
+
+@example
+# initctl reload-configuration
+# cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf /etc/init/
+# start guix-daemon
+@end example
+
+Otherwise, you can still start the daemon manually with:
+
+@example
+# ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild
+@end example
+
+@item
+Make the @command{guix} command available to other users on the machine, for
+instance with:
+
+@example
+# mkdir -p /usr/local/bin
+# cd /usr/local/bin
+# ln -s /var/guix/profiles/per-user/root/guix-profile/bin/guix
+@end example
+
+It is also a good idea to make the Info version of this manual available
+there:
+
+@example
+# mkdir -p /usr/local/share/info
+# cd /usr/local/share/info
+# for i in /var/guix/profiles/per-user/root/guix-profile/share/info/* ;
+ do ln -s $i ; done
+@end example
+
+That way, assuming @file{/usr/local/share/info} is in the search path,
+running @command{info guix} will open this manual (@pxref{Other Info
+Directories,,, texinfo, GNU Texinfo}, for more details on changing the Info
+search path.)
+
+@item
+@cindex substitutes, authorization thereof
+Pour utiliser les substituts de @code{hydra.gnu.org} ou l'un de ses mirroirs
+(@pxref{Substituts}), autorisez-les :
+
+@example
+# guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub
+@end example
+
+@item
+Each user may need to perform a few additional steps to make their Guix
+environment ready for use, @pxref{Réglages applicatifs}.
+@end enumerate
+
+Voilà, the installation is complete!
+
+You can confirm that Guix is working by installing a sample package into the
+root profile:
+
+@example
+# guix package -i hello
+@end example
+
+The @code{guix} package must remain available in @code{root}'s profile, or
+it would become subject to garbage collection---in which case you would find
+yourself badly handicapped by the lack of the @command{guix} command. In
+other words, do not remove @code{guix} by running @code{guix package -r
+guix}.
+
+The binary installation tarball can be (re)produced and verified simply by
+running the following command in the Guix source tree:
+
+@example
+make guix-binary.@var{system}.tar.xz
+@end example
+
+@noindent
+... which, in turn, runs:
+
+@example
+guix pack -s @var{system} --localstatedir guix
+@end example
+
+@xref{Invoquer guix pack}, for more info on this handy tool.
+
+@node Prérequis
+@section Prérequis
+
+This section lists requirements when building Guix from source. The build
+procedure for Guix is the same as for other GNU software, and is not covered
+here. Please see the files @file{README} and @file{INSTALL} in the Guix
+source tree for additional details.
+
+GNU Guix depends on the following packages:
+
+@itemize
+@item @url{http://gnu.org/software/guile/, GNU Guile}, version 2.0.13 or
+later, including 2.2.x;
+@item @url{http://gnupg.org/, GNU libgcrypt};
+@item
+@uref{http://gnutls.org/, GnuTLS}, specifically its Guile bindings
+(@pxref{Guile Preparations, how to install the GnuTLS bindings for Guile,,
+gnutls-guile, GnuTLS-Guile});
+@item
+@c FIXME: Specify a version number once a release has been made.
+@uref{https://gitlab.com/guile-git/guile-git, Guile-Git}, from August 2017
+or later;
+@item @url{http://zlib.net, zlib};
+@item @url{http://www.gnu.org/software/make/, GNU Make}.
+@end itemize
+
+The following dependencies are optional:
+
+@itemize
+@item
+Installing @url{http://savannah.nongnu.org/projects/guile-json/, Guile-JSON}
+will allow you to use the @command{guix import pypi} command
+(@pxref{Invoquer guix import}). It is of interest primarily for developers
+and not for casual users.
+
+@item
+@c Note: We need at least 0.10.2 for 'channel-send-eof'.
+Support for build offloading (@pxref{Réglages du délestage du démon}) and
+@command{guix copy} (@pxref{Invoquer guix copy}) depends on
+@uref{https://github.com/artyom-poptsov/guile-ssh, Guile-SSH}, version
+0.10.2 or later.
+
+@item
+When @url{http://www.bzip.org, libbz2} is available, @command{guix-daemon}
+can use it to compress build logs.
+@end itemize
+
+Unless @code{--disable-daemon} was passed to @command{configure}, the
+following packages are also needed:
+
+@itemize
+@item @url{http://sqlite.org, SQLite 3};
+@item @url{http://gcc.gnu.org, GCC's g++}, with support for the
+C++11 standard.
+@end itemize
+
+@cindex state directory
+When configuring Guix on a system that already has a Guix installation, be
+sure to specify the same state directory as the existing installation using
+the @code{--localstatedir} option of the @command{configure} script
+(@pxref{Directory Variables, @code{localstatedir},, standards, GNU Coding
+Standards}). The @command{configure} script protects against unintended
+misconfiguration of @var{localstatedir} so you do not inadvertently corrupt
+your store (@pxref{Le dépôt}).
+
+@cindex Nix, compatibility
+When a working installation of @url{http://nixos.org/nix/, the Nix package
+manager} is available, you can instead configure Guix with
+@code{--disable-daemon}. In that case, Nix replaces the three dependencies
+above.
+
+Guix is compatible with Nix, so it is possible to share the same store
+between both. To do so, you must pass @command{configure} not only the same
+@code{--with-store-dir} value, but also the same @code{--localstatedir}
+value. The latter is essential because it specifies where the database that
+stores metadata about the store is located, among other things. The default
+values for Nix are @code{--with-store-dir=/nix/store} and
+@code{--localstatedir=/nix/var}. Note that @code{--disable-daemon} is not
+required if your goal is to share the store with Nix.
+
+@node Lancer la suite de tests
+@section Lancer la suite de tests
+
+@cindex test suite
+After a successful @command{configure} and @code{make} run, it is a good
+idea to run the test suite. It can help catch issues with the setup or
+environment, or bugs in Guix itself---and really, reporting test failures is
+a good way to help improve the software. To run the test suite, type:
+
+@example
+make check
+@end example
+
+Test cases can run in parallel: you can use the @code{-j} option of
+GNU@tie{}make to speed things up. The first run may take a few minutes on a
+recent machine; subsequent runs will be faster because the store that is
+created for test purposes will already have various things in cache.
+
+It is also possible to run a subset of the tests by defining the
+@code{TESTS} makefile variable as in this example:
+
+@example
+make check TESTS="tests/store.scm tests/cpio.scm"
+@end example
+
+By default, tests results are displayed at a file level. In order to see
+the details of every individual test cases, it is possible to define the
+@code{SCM_LOG_DRIVER_FLAGS} makefile variable as in this example:
+
+@example
+make check TESTS="tests/base64.scm" SCM_LOG_DRIVER_FLAGS="--brief=no"
+@end example
+
+Upon failure, please email @email{bug-guix@@gnu.org} and attach the
+@file{test-suite.log} file. Please specify the Guix version being used as
+well as version numbers of the dependencies (@pxref{Prérequis}) in your
+message.
+
+Guix also comes with a whole-system test suite that tests complete GuixSD
+operating system instances. It can only run on systems where Guix is
+already installed, using:
+
+@example
+make check-system
+@end example
+
+@noindent
+or, again, by defining @code{TESTS} to select a subset of tests to run:
+
+@example
+make check-system TESTS="basic mcron"
+@end example
+
+Ces tests systèmes sont définis dans les modules @code{(gnu tests
+@dots{})}. Ils fonctionnent en lançant les systèmes d'exploitation sous test
+avec une instrumentation légère dans une machine virtuelle (VM). Ils peuvent
+être intenses en terme de calculs ou plutôt rapides en fonction de la
+disponibilité des substituts de leurs dépendances
+(@pxref{Substituts}). Certains requièrent beaucoup d'espace disque pour
+contenir les images des VM.
+
+Again in case of test failures, please send @email{bug-guix@@gnu.org} all
+the details.
+
+@node Paramétrer le démon
+@section Paramétrer le démon
+
+@cindex daemon
+Operations such as building a package or running the garbage collector are
+all performed by a specialized process, the @dfn{build daemon}, on behalf of
+clients. Only the daemon may access the store and its associated database.
+Thus, any operation that manipulates the store goes through the daemon. For
+instance, command-line tools such as @command{guix package} and
+@command{guix build} communicate with the daemon (@i{via} remote procedure
+calls) to instruct it what to do.
+
+Les sections suivantes expliquent comment préparer l'environnement du démon
+de construction. Voir aussi @ref{Substituts} pour apprendre comment
+permettre le téléchargement de binaires pré-construits.
+
+@menu
+* Réglages de l'environnement de construction:: Préparer l'environnement
+ de construction isolé.
+* Réglages du délestage du démon:: Envoyer des constructions à des
+ machines distantes.
+* Support de SELinux:: Utiliser une politique SELinux pour le démon.
+@end menu
+
+@node Réglages de l'environnement de construction
+@subsection Réglages de l'environnement de construction
+
+@cindex build environment
+In a standard multi-user setup, Guix and its daemon---the
+@command{guix-daemon} program---are installed by the system administrator;
+@file{/gnu/store} is owned by @code{root} and @command{guix-daemon} runs as
+@code{root}. Unprivileged users may use Guix tools to build packages or
+otherwise access the store, and the daemon will do it on their behalf,
+ensuring that the store is kept in a consistent state, and allowing built
+packages to be shared among users.
+
+@cindex build users
+When @command{guix-daemon} runs as @code{root}, you may not want package
+build processes themselves to run as @code{root} too, for obvious security
+reasons. To avoid that, a special pool of @dfn{build users} should be
+created for use by build processes started by the daemon. These build users
+need not have a shell and a home directory: they will just be used when the
+daemon drops @code{root} privileges in build processes. Having several such
+users allows the daemon to launch distinct build processes under separate
+UIDs, which guarantees that they do not interfere with each other---an
+essential feature since builds are regarded as pure functions
+(@pxref{Introduction}).
+
+On a GNU/Linux system, a build user pool may be created like this (using
+Bash syntax and the @code{shadow} commands):
+
+@c See http://lists.gnu.org/archive/html/bug-guix/2013-01/msg00239.html
+@c for why `-G' is needed.
+@example
+# groupadd --system guixbuild
+# for i in `seq -w 1 10`;
+ do
+ useradd -g guixbuild -G guixbuild \
+ -d /var/empty -s `which nologin` \
+ -c "Guix build user $i" --system \
+ guixbuilder$i;
+ done
+@end example
+
+@noindent
+The number of build users determines how many build jobs may run in
+parallel, as specified by the @option{--max-jobs} option (@pxref{Invoquer guix-daemon, @option{--max-jobs}}). To use @command{guix system vm} and
+related commands, you may need to add the build users to the @code{kvm}
+group so they can access @file{/dev/kvm}, using @code{-G guixbuild,kvm}
+instead of @code{-G guixbuild} (@pxref{Invoquer guix system}).
+
+The @code{guix-daemon} program may then be run as @code{root} with the
+following command@footnote{If your machine uses the systemd init system,
+dropping the @file{@var{prefix}/lib/systemd/system/guix-daemon.service} file
+in @file{/etc/systemd/system} will ensure that @command{guix-daemon} is
+automatically started. Similarly, if your machine uses the Upstart init
+system, drop the @file{@var{prefix}/lib/upstart/system/guix-daemon.conf}
+file in @file{/etc/init}.}:
+
+@example
+# guix-daemon --build-users-group=guixbuild
+@end example
+
+@cindex chroot
+@noindent
+This way, the daemon starts build processes in a chroot, under one of the
+@code{guixbuilder} users. On GNU/Linux, by default, the chroot environment
+contains nothing but:
+
+@c Keep this list in sync with libstore/build.cc! -----------------------
+@itemize
+@item
+a minimal @code{/dev} directory, created mostly independently from the host
+@code{/dev}@footnote{``Mostly'', because while the set of files that appear
+in the chroot's @code{/dev} is fixed, most of these files can only be
+created if the host has them.};
+
+@item
+the @code{/proc} directory; it only shows the processes of the container
+since a separate PID name space is used;
+
+@item
+@file{/etc/passwd} with an entry for the current user and an entry for user
+@file{nobody};
+
+@item
+@file{/etc/group} with an entry for the user's group;
+
+@item
+@file{/etc/hosts} with an entry that maps @code{localhost} to
+@code{127.0.0.1};
+
+@item
+a writable @file{/tmp} directory.
+@end itemize
+
+You can influence the directory where the daemon stores build trees @i{via}
+the @code{TMPDIR} environment variable. However, the build tree within the
+chroot is always called @file{/tmp/guix-build-@var{name}.drv-0}, where
+@var{name} is the derivation name---e.g., @code{coreutils-8.24}. This way,
+the value of @code{TMPDIR} does not leak inside build environments, which
+avoids discrepancies in cases where build processes capture the name of
+their build tree.
+
+@vindex http_proxy
+Le démon tient aussi compte de la variable d'environnement @code{http_proxy}
+pour ses téléchargements HTTP, que ce soit pour les dérivations à sortie
+fixes (@pxref{Dérivations}) ou pour les substituts (@pxref{Substituts}).
+
+If you are installing Guix as an unprivileged user, it is still possible to
+run @command{guix-daemon} provided you pass @code{--disable-chroot}.
+However, build processes will not be isolated from one another, and not from
+the rest of the system. Thus, build processes may interfere with each
+other, and may access programs, libraries, and other files available on the
+system---making it much harder to view them as @emph{pure} functions.
+
+
+@node Réglages du délestage du démon
+@subsection Using the Offload Facility
+
+@cindex offloading
+@cindex build hook
+When desired, the build daemon can @dfn{offload} derivation builds to other
+machines running Guix, using the @code{offload} @dfn{build
+hook}@footnote{This feature is available only when
+@uref{https://github.com/artyom-poptsov/guile-ssh, Guile-SSH} is present.}.
+When that feature is enabled, a list of user-specified build machines is
+read from @file{/etc/guix/machines.scm}; every time a build is requested,
+for instance via @code{guix build}, the daemon attempts to offload it to one
+of the machines that satisfy the constraints of the derivation, in
+particular its system type---e.g., @file{x86_64-linux}. Missing
+prerequisites for the build are copied over SSH to the target machine, which
+then proceeds with the build; upon success the output(s) of the build are
+copied back to the initial machine.
+
+The @file{/etc/guix/machines.scm} file typically looks like this:
+
+@example
+(list (build-machine
+ (name "eightysix.example.org")
+ (system "x86_64-linux")
+ (host-key "ssh-ed25519 AAAAC3Nza@dots{}")
+ (user "bob")
+ (speed 2.)) ;incredibly fast!
+
+ (build-machine
+ (name "meeps.example.org")
+ (system "mips64el-linux")
+ (host-key "ssh-rsa AAAAB3Nza@dots{}")
+ (user "alice")
+ (private-key
+ (string-append (getenv "HOME")
+ "/.ssh/identity-for-guix"))))
+@end example
+
+@noindent
+In the example above we specify a list of two build machines, one for the
+@code{x86_64} architecture and one for the @code{mips64el} architecture.
+
+In fact, this file is---not surprisingly!---a Scheme file that is evaluated
+when the @code{offload} hook is started. Its return value must be a list of
+@code{build-machine} objects. While this example shows a fixed list of
+build machines, one could imagine, say, using DNS-SD to return a list of
+potential build machines discovered in the local network
+(@pxref{Introduction, Guile-Avahi,, guile-avahi, Using Avahi in Guile Scheme
+Programs}). The @code{build-machine} data type is detailed below.
+
+@deftp {Data Type} build-machine
+This data type represents build machines to which the daemon may offload
+builds. The important fields are:
+
+@table @code
+
+@item name
+The host name of the remote machine.
+
+@item system
+The system type of the remote machine---e.g., @code{"x86_64-linux"}.
+
+@item user
+The user account to use when connecting to the remote machine over SSH.
+Note that the SSH key pair must @emph{not} be passphrase-protected, to allow
+non-interactive logins.
+
+@item host-key
+This must be the machine's SSH @dfn{public host key} in OpenSSH format.
+This is used to authenticate the machine when we connect to it. It is a
+long string that looks like this:
+
+@example
+ssh-ed25519 AAAAC3NzaC@dots{}mde+UhL hint@@example.org
+@end example
+
+If the machine is running the OpenSSH daemon, @command{sshd}, the host key
+can be found in a file such as @file{/etc/ssh/ssh_host_ed25519_key.pub}.
+
+If the machine is running the SSH daemon of GNU@tie{}lsh, @command{lshd},
+the host key is in @file{/etc/lsh/host-key.pub} or a similar file. It can
+be converted to the OpenSSH format using @command{lsh-export-key}
+(@pxref{Converting keys,,, lsh, LSH Manual}):
+
+@example
+$ lsh-export-key --openssh < /etc/lsh/host-key.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAAEOp8FoQAAAQEAs1eB46LV@dots{}
+@end example
+
+@end table
+
+A number of optional fields may be specified:
+
+@table @asis
+
+@item @code{port} (default: @code{22})
+Port number of SSH server on the machine.
+
+@item @code{private-key} (default: @file{~root/.ssh/id_rsa})
+The SSH private key file to use when connecting to the machine, in OpenSSH
+format.
+
+Note that the default value is the private key @emph{of the root account}.
+Make sure it exists if you use the default.
+
+@item @code{compression} (default: @code{"zlib@@openssh.com,zlib"})
+@itemx @code{compression-level} (default: @code{3})
+The SSH-level compression methods and compression level requested.
+
+Note that offloading relies on SSH compression to reduce bandwidth usage
+when transferring files to and from build machines.
+
+@item @code{daemon-socket} (default: @code{"/var/guix/daemon-socket/socket"})
+File name of the Unix-domain socket @command{guix-daemon} is listening to on
+that machine.
+
+@item @code{parallel-builds} (default: @code{1})
+The number of builds that may run in parallel on the machine.
+
+@item @code{speed} (default: @code{1.0})
+A ``relative speed factor''. The offload scheduler will tend to prefer
+machines with a higher speed factor.
+
+@item @code{features} (default: @code{'()})
+A list of strings denoting specific features supported by the machine. An
+example is @code{"kvm"} for machines that have the KVM Linux modules and
+corresponding hardware support. Derivations can request features by name,
+and they will be scheduled on matching build machines.
+
+@end table
+@end deftp
+
+The @code{guile} command must be in the search path on the build machines.
+In addition, the Guix modules must be in @code{$GUILE_LOAD_PATH} on the
+build machine---you can check whether this is the case by running:
+
+@example
+ssh build-machine guile -c "'(use-modules (guix config))'"
+@end example
+
+There is one last thing to do once @file{machines.scm} is in place. As
+explained above, when offloading, files are transferred back and forth
+between the machine stores. For this to work, you first need to generate a
+key pair on each machine to allow the daemon to export signed archives of
+files from the store (@pxref{Invoquer guix archive}):
+
+@example
+# guix archive --generate-key
+@end example
+
+@noindent
+Each build machine must authorize the key of the master machine so that it
+accepts store items it receives from the master:
+
+@example
+# guix archive --authorize < master-public-key.txt
+@end example
+
+@noindent
+Likewise, the master machine must authorize the key of each build machine.
+
+All the fuss with keys is here to express pairwise mutual trust relations
+between the master and the build machines. Concretely, when the master
+receives files from a build machine (and @i{vice versa}), its build daemon
+can make sure they are genuine, have not been tampered with, and that they
+are signed by an authorized key.
+
+@cindex offload test
+To test whether your setup is operational, run this command on the master
+node:
+
+@example
+# guix offload test
+@end example
+
+This will attempt to connect to each of the build machines specified in
+@file{/etc/guix/machines.scm}, make sure Guile and the Guix modules are
+available on each machine, attempt to export to the machine and import from
+it, and report any error in the process.
+
+If you want to test a different machine file, just specify it on the command
+line:
+
+@example
+# guix offload test machines-qualif.scm
+@end example
+
+Last, you can test the subset of the machines whose name matches a regular
+expression like this:
+
+@example
+# guix offload test machines.scm '\.gnu\.org$'
+@end example
+
+@cindex offload status
+To display the current load of all build hosts, run this command on the main
+node:
+
+@example
+# guix offload status
+@end example
+
+
+@node Support de SELinux
+@subsection Support de SELinux
+
+@cindex SELinux, daemon policy
+@cindex mandatory access control, SELinux
+@cindex security, guix-daemon
+Guix includes an SELinux policy file at @file{etc/guix-daemon.cil} that can
+be installed on a system where SELinux is enabled, in order to label Guix
+files and to specify the expected behavior of the daemon. Since GuixSD does
+not provide an SELinux base policy, the daemon policy cannot be used on
+GuixSD.
+
+@subsubsection Installing the SELinux policy
+@cindex SELinux, policy installation
+To install the policy run this command as root:
+
+@example
+semodule -i etc/guix-daemon.cil
+@end example
+
+Then relabel the file system with @code{restorecon} or by a different
+mechanism provided by your system.
+
+Once the policy is installed, the file system has been relabeled, and the
+daemon has been restarted, it should be running in the @code{guix_daemon_t}
+context. You can confirm this with the following command:
+
+@example
+ps -Zax | grep guix-daemon
+@end example
+
+Monitor the SELinux log files as you run a command like @code{guix build
+hello} to convince yourself that SELinux permits all necessary operations.
+
+@subsubsection Limitations
+@cindex SELinux, limitations
+
+This policy is not perfect. Here is a list of limitations or quirks that
+should be considered when deploying the provided SELinux policy for the Guix
+daemon.
+
+@enumerate
+@item
+@code{guix_daemon_socket_t} isn’t actually used. None of the socket
+operations involve contexts that have anything to do with
+@code{guix_daemon_socket_t}. It doesn’t hurt to have this unused label, but
+it would be preferrable to define socket rules for only this label.
+
+@item
+@code{guix gc} cannot access arbitrary links to profiles. By design, the
+file label of the destination of a symlink is independent of the file label
+of the link itself. Although all profiles under $localstatedir are
+labelled, the links to these profiles inherit the label of the directory
+they are in. For links in the user’s home directory this will be
+@code{user_home_t}. But for links from the root user’s home directory, or
+@file{/tmp}, or the HTTP server’s working directory, etc, this won’t work.
+@code{guix gc} would be prevented from reading and following these links.
+
+@item
+The daemon’s feature to listen for TCP connections might no longer work.
+This might require extra rules, because SELinux treats network sockets
+differently from files.
+
+@item
+Currently all files with a name matching the regular expression
+@code{/gnu/store/.+-(guix-.+|profile)/bin/guix-daemon} are assigned the
+label @code{guix_daemon_exec_t}; this means that @emph{any} file with that
+name in any profile would be permitted to run in the @code{guix_daemon_t}
+domain. This is not ideal. An attacker could build a package that provides
+this executable and convince a user to install and run it, which lifts it
+into the @code{guix_daemon_t} domain. At that point SELinux could not
+prevent it from accessing files that are allowed for processes in that
+domain.
+
+We could generate a much more restrictive policy at installation time, so
+that only the @emph{exact} file name of the currently installed
+@code{guix-daemon} executable would be labelled with
+@code{guix_daemon_exec_t}, instead of using a broad regular expression. The
+downside is that root would have to install or upgrade the policy at
+installation time whenever the Guix package that provides the effectively
+running @code{guix-daemon} executable is upgraded.
+@end enumerate
+
+@node Invoquer guix-daemon
+@section Invoking @command{guix-daemon}
+
+The @command{guix-daemon} program implements all the functionality to access
+the store. This includes launching build processes, running the garbage
+collector, querying the availability of a build result, etc. It is normally
+run as @code{root} like this:
+
+@example
+# guix-daemon --build-users-group=guixbuild
+@end example
+
+@noindent
+Pour des détails sur son paramétrage, @pxref{Paramétrer le démon}.
+
+@cindex chroot
+@cindex container, build environment
+@cindex build environment
+@cindex reproducible builds
+Par défaut, @command{guix-daemon} lance les processus de construction sous
+différents UID récupérés depuis le groupe de construction spécifié avec
+@code{--build-users-group}. En plus, chaque processus de construction est
+lancé dans un environnement chroot qui ne contient que le sous-ensemble du
+dépôt dont le processus de construction dépend, tel que spécifié par sa
+dérivation (@pxref{Interface de programmation, dérivation}), plus un
+ensemble de répertoires systèmes spécifiques. Par défaut ce dernier contient
+@file{/dev} et @file{/dev/pts}. De plus, sous GNU/Linux, l'environnement de
+construction est un @dfn{conteneur} : en plus d'avoir sa propre arborescence
+du système de fichier, elle a un espace de montage séparé, son propre espace
+de PID, son espace de réseau, etc. Cela aide à obtenir des constructions
+reproductibles (@pxref{Fonctionnalités}).
+
+When the daemon performs a build on behalf of the user, it creates a build
+directory under @file{/tmp} or under the directory specified by its
+@code{TMPDIR} environment variable; this directory is shared with the
+container for the duration of the build. Be aware that using a directory
+other than @file{/tmp} can affect build results---for example, with a longer
+directory name, a build process that uses Unix-domain sockets might hit the
+name length limitation for @code{sun_path}, which it would otherwise not
+hit.
+
+The build directory is automatically deleted upon completion, unless the
+build failed and the client specified @option{--keep-failed}
+(@pxref{Invoquer guix build, @option{--keep-failed}}).
+
+The following command-line options are supported:
+
+@table @code
+@item --build-users-group=@var{group}
+Prend les utilisateurs de @var{group} pour lancer les processus de
+construction (@pxref{Paramétrer le démon, utilisateurs de construction}).
+
+@item --no-substitutes
+@cindex substitutes
+Ne pas utiliser de substitut pour les résultats de la
+construction. C'est-à-dire, toujours construire localement plutôt que de
+permettre le téléchargement de binaires pré-construits (@pxref{Substituts}).
+
+When the daemon runs with @code{--no-substitutes}, clients can still
+explicitly enable substitution @i{via} the @code{set-build-options} remote
+procedure call (@pxref{Le dépôt}).
+
+@item --substitute-urls=@var{urls}
+@anchor{daemon-substitute-urls}
+Consider @var{urls} the default whitespace-separated list of substitute
+source URLs. When this option is omitted,
+@indicateurl{https://mirror.hydra.gnu.org https://hydra.gnu.org} is used
+(@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu.org}).
+
+Cela signifie que les substituts sont téléchargés depuis les @var{urls},
+tant qu'ils sont signés par une signature de confiance (@pxref{Substituts}).
+
+@cindex build hook
+@item --no-build-hook
+Do not use the @dfn{build hook}.
+
+The build hook is a helper program that the daemon can start and to which it
+submits build requests. This mechanism is used to offload builds to other
+machines (@pxref{Réglages du délestage du démon}).
+
+@item --cache-failures
+Cache build failures. By default, only successful builds are cached.
+
+When this option is used, @command{guix gc --list-failures} can be used to
+query the set of store items marked as failed; @command{guix gc
+--clear-failures} removes store items from the set of cached failures.
+@xref{Invoquer guix gc}.
+
+@item --cores=@var{n}
+@itemx -c @var{n}
+Use @var{n} CPU cores to build each derivation; @code{0} means as many as
+available.
+
+The default value is @code{0}, but it may be overridden by clients, such as
+the @code{--cores} option of @command{guix build} (@pxref{Invoquer guix build}).
+
+The effect is to define the @code{NIX_BUILD_CORES} environment variable in
+the build process, which can then use it to exploit internal
+parallelism---for instance, by running @code{make -j$NIX_BUILD_CORES}.
+
+@item --max-jobs=@var{n}
+@itemx -M @var{n}
+Allow at most @var{n} build jobs in parallel. The default value is
+@code{1}. Setting it to @code{0} means that no builds will be performed
+locally; instead, the daemon will offload builds (@pxref{Réglages du délestage du démon}), or simply fail.
+
+@item --max-silent-time=@var{seconds}
+When the build or substitution process remains silent for more than
+@var{seconds}, terminate it and report a build failure.
+
+The default value is @code{0}, which disables the timeout.
+
+The value specified here can be overridden by clients (@pxref{Options de construction communes, @code{--max-silent-time}}).
+
+@item --timeout=@var{seconds}
+Likewise, when the build or substitution process lasts for more than
+@var{seconds}, terminate it and report a build failure.
+
+The default value is @code{0}, which disables the timeout.
+
+The value specified here can be overridden by clients (@pxref{Options de construction communes, @code{--timeout}}).
+
+@item --rounds=@var{N}
+Build each derivation @var{n} times in a row, and raise an error if
+consecutive build results are not bit-for-bit identical. Note that this
+setting can be overridden by clients such as @command{guix build}
+(@pxref{Invoquer guix build}).
+
+When used in conjunction with @option{--keep-failed}, the differing output
+is kept in the store, under @file{/gnu/store/@dots{}-check}. This makes it
+easy to look for differences between the two results.
+
+@item --debug
+Produce debugging output.
+
+This is useful to debug daemon start-up issues, but then it may be
+overridden by clients, for example the @code{--verbosity} option of
+@command{guix build} (@pxref{Invoquer guix build}).
+
+@item --chroot-directory=@var{dir}
+Add @var{dir} to the build chroot.
+
+Doing this may change the result of build processes---for instance if they
+use optional dependencies found in @var{dir} when it is available, and not
+otherwise. For that reason, it is not recommended to do so. Instead, make
+sure that each derivation declares all the inputs that it needs.
+
+@item --disable-chroot
+Disable chroot builds.
+
+Using this option is not recommended since, again, it would allow build
+processes to gain access to undeclared dependencies. It is necessary,
+though, when @command{guix-daemon} is running under an unprivileged user
+account.
+
+@item --log-compression=@var{type}
+Compress build logs according to @var{type}, one of @code{gzip},
+@code{bzip2}, or @code{none}.
+
+Unless @code{--lose-logs} is used, all the build logs are kept in the
+@var{localstatedir}. To save space, the daemon automatically compresses
+them with bzip2 by default.
+
+@item --disable-deduplication
+@cindex deduplication
+Disable automatic file ``deduplication'' in the store.
+
+By default, files added to the store are automatically ``deduplicated'': if
+a newly added file is identical to another one found in the store, the
+daemon makes the new file a hard link to the other file. This can
+noticeably reduce disk usage, at the expense of slightly increased
+input/output load at the end of a build process. This option disables this
+optimization.
+
+@item --gc-keep-outputs[=yes|no]
+Tell whether the garbage collector (GC) must keep outputs of live
+derivations.
+
+@cindex GC roots
+@cindex garbage collector roots
+When set to ``yes'', the GC will keep the outputs of any live derivation
+available in the store---the @code{.drv} files. The default is ``no'',
+meaning that derivation outputs are kept only if they are GC roots.
+@xref{Invoquer guix gc}, for more on GC roots.
+
+@item --gc-keep-derivations[=yes|no]
+Tell whether the garbage collector (GC) must keep derivations corresponding
+to live outputs.
+
+When set to ``yes'', as is the case by default, the GC keeps
+derivations---i.e., @code{.drv} files---as long as at least one of their
+outputs is live. This allows users to keep track of the origins of items in
+their store. Setting it to ``no'' saves a bit of disk space.
+
+Note that when both @code{--gc-keep-derivations} and
+@code{--gc-keep-outputs} are used, the effect is to keep all the build
+prerequisites (the sources, compiler, libraries, and other build-time tools)
+of live objects in the store, regardless of whether these prerequisites are
+live. This is convenient for developers since it saves rebuilds or
+downloads.
+
+@item --impersonate-linux-2.6
+On Linux-based systems, impersonate Linux 2.6. This means that the kernel's
+@code{uname} system call will report 2.6 as the release number.
+
+This might be helpful to build programs that (usually wrongfully) depend on
+the kernel version number.
+
+@item --lose-logs
+Do not keep build logs. By default they are kept under
+@code{@var{localstatedir}/guix/log}.
+
+@item --system=@var{system}
+Assume @var{system} as the current system type. By default it is the
+architecture/kernel pair found at configure time, such as
+@code{x86_64-linux}.
+
+@item --listen=@var{endpoint}
+Listen for connections on @var{endpoint}. @var{endpoint} is interpreted as
+the file name of a Unix-domain socket if it starts with @code{/} (slash
+sign). Otherwise, @var{endpoint} is interpreted as a host name or host name
+and port to listen to. Here are a few examples:
+
+@table @code
+@item --listen=/gnu/var/daemon
+Listen for connections on the @file{/gnu/var/daemon} Unix-domain socket,
+creating it if needed.
+
+@item --listen=localhost
+@cindex daemon, remote access
+@cindex remote access to the daemon
+@cindex daemon, cluster setup
+@cindex clusters, daemon setup
+Listen for TCP connections on the network interface corresponding to
+@code{localhost}, on port 44146.
+
+@item --listen=128.0.0.42:1234
+Listen for TCP connections on the network interface corresponding to
+@code{128.0.0.42}, on port 1234.
+@end table
+
+This option can be repeated multiple times, in which case
+@command{guix-daemon} accepts connections on all the specified endpoints.
+Users can tell client commands what endpoint to connect to by setting the
+@code{GUIX_DAEMON_SOCKET} environment variable (@pxref{Le dépôt,
+@code{GUIX_DAEMON_SOCKET}}).
+
+@quotation Note
+The daemon protocol is @emph{unauthenticated and unencrypted}. Using
+@code{--listen=@var{host}} is suitable on local networks, such as clusters,
+where only trusted nodes may connect to the build daemon. In other cases
+where remote access to the daemon is needed, we recommend using Unix-domain
+sockets along with SSH.
+@end quotation
+
+When @code{--listen} is omitted, @command{guix-daemon} listens for
+connections on the Unix-domain socket located at
+@file{@var{localstatedir}/guix/daemon-socket/socket}.
+@end table
+
+
+@node Réglages applicatifs
+@section Réglages applicatifs
+
+@cindex distro extérieure
+When using Guix on top of GNU/Linux distribution other than GuixSD---a
+so-called @dfn{foreign distro}---a few additional steps are needed to get
+everything in place. Here are some of them.
+
+@subsection Régionalisation
+
+@anchor{locales-and-locpath}
+@cindex locales, when not on GuixSD
+@vindex LOCPATH
+@vindex GUIX_LOCPATH
+Packages installed @i{via} Guix will not use the locale data of the host
+system. Instead, you must first install one of the locale packages
+available with Guix and then define the @code{GUIX_LOCPATH} environment
+variable:
+
+@example
+$ guix package -i glibc-locales
+$ export GUIX_LOCPATH=$HOME/.guix-profile/lib/locale
+@end example
+
+Note that the @code{glibc-locales} package contains data for all the locales
+supported by the GNU@tie{}libc and weighs in at around 110@tie{}MiB.
+Alternatively, the @code{glibc-utf8-locales} is smaller but limited to a few
+UTF-8 locales.
+
+The @code{GUIX_LOCPATH} variable plays a role similar to @code{LOCPATH}
+(@pxref{Locale Names, @code{LOCPATH},, libc, The GNU C Library Reference
+Manual}). There are two important differences though:
+
+@enumerate
+@item
+@code{GUIX_LOCPATH} is honored only by the libc in Guix, and not by the libc
+provided by foreign distros. Thus, using @code{GUIX_LOCPATH} allows you to
+make sure the programs of the foreign distro will not end up loading
+incompatible locale data.
+
+@item
+libc suffixes each entry of @code{GUIX_LOCPATH} with @code{/X.Y}, where
+@code{X.Y} is the libc version---e.g., @code{2.22}. This means that, should
+your Guix profile contain a mixture of programs linked against different
+libc version, each libc version will only try to load locale data in the
+right format.
+@end enumerate
+
+This is important because the locale data format used by different libc
+versions may be incompatible.
+
+@subsection Name Service Switch
+
+@cindex name service switch, glibc
+@cindex NSS (name service switch), glibc
+@cindex nscd (name service caching daemon)
+@cindex name service caching daemon (nscd)
+When using Guix on a foreign distro, we @emph{strongly recommend} that the
+system run the GNU C library's @dfn{name service cache daemon},
+@command{nscd}, which should be listening on the @file{/var/run/nscd/socket}
+socket. Failing to do that, applications installed with Guix may fail to
+look up host names or user accounts, or may even crash. The next paragraphs
+explain why.
+
+@cindex @file{nsswitch.conf}
+The GNU C library implements a @dfn{name service switch} (NSS), which is an
+extensible mechanism for ``name lookups'' in general: host name resolution,
+user accounts, and more (@pxref{Name Service Switch,,, libc, The GNU C
+Library Reference Manual}).
+
+@cindex Network information service (NIS)
+@cindex NIS (Network information service)
+Being extensible, the NSS supports @dfn{plugins}, which provide new name
+lookup implementations: for example, the @code{nss-mdns} plugin allow
+resolution of @code{.local} host names, the @code{nis} plugin allows user
+account lookup using the Network information service (NIS), and so on.
+These extra ``lookup services'' are configured system-wide in
+@file{/etc/nsswitch.conf}, and all the programs running on the system honor
+those settings (@pxref{NSS Configuration File,,, libc, The GNU C Reference
+Manual}).
+
+When they perform a name lookup---for instance by calling the
+@code{getaddrinfo} function in C---applications first try to connect to the
+nscd; on success, nscd performs name lookups on their behalf. If the nscd
+is not running, then they perform the name lookup by themselves, by loading
+the name lookup services into their own address space and running it. These
+name lookup services---the @file{libnss_*.so} files---are @code{dlopen}'d,
+but they may come from the host system's C library, rather than from the C
+library the application is linked against (the C library coming from Guix).
+
+And this is where the problem is: if your application is linked against
+Guix's C library (say, glibc 2.24) and tries to load NSS plugins from
+another C library (say, @code{libnss_mdns.so} for glibc 2.22), it will
+likely crash or have its name lookups fail unexpectedly.
+
+Running @command{nscd} on the system, among other advantages, eliminates
+this binary incompatibility problem because those @code{libnss_*.so} files
+are loaded in the @command{nscd} process, not in applications themselves.
+
+@subsection X11 Fonts
+
+@cindex fonts
+The majority of graphical applications use Fontconfig to locate and load
+fonts and perform X11-client-side rendering. The @code{fontconfig} package
+in Guix looks for fonts in @file{$HOME/.guix-profile} by default. Thus, to
+allow graphical applications installed with Guix to display fonts, you have
+to install fonts with Guix as well. Essential font packages include
+@code{gs-fonts}, @code{font-dejavu}, and @code{font-gnu-freefont-ttf}.
+
+To display text written in Chinese languages, Japanese, or Korean in
+graphical applications, consider installing
+@code{font-adobe-source-han-sans} or @code{font-wqy-zenhei}. The former has
+multiple outputs, one per language family (@pxref{Des paquets avec plusieurs résultats}). For instance, the following command installs fonts for Chinese
+languages:
+
+@example
+guix package -i font-adobe-source-han-sans:cn
+@end example
+
+@cindex @code{xterm}
+Older programs such as @command{xterm} do not use Fontconfig and instead
+rely on server-side font rendering. Such programs require to specify a full
+name of a font using XLFD (X Logical Font Description), like this:
+
+@example
+-*-dejavu sans-medium-r-normal-*-*-100-*-*-*-*-*-1
+@end example
+
+To be able to use such full names for the TrueType fonts installed in your
+Guix profile, you need to extend the font path of the X server:
+
+@c Note: 'xset' does not accept symlinks so the trick below arranges to
+@c get at the real directory. See <https://bugs.gnu.org/30655>.
+@example
+xset +fp $(dirname $(readlink -f ~/.guix-profile/share/fonts/truetype/fonts.dir))
+@end example
+
+@cindex @code{xlsfonts}
+After that, you can run @code{xlsfonts} (from @code{xlsfonts} package) to
+make sure your TrueType fonts are listed there.
+
+@cindex @code{fc-cache}
+@cindex font cache
+After installing fonts you may have to refresh the font cache to use them in
+applications. The same applies when applications installed via Guix do not
+seem to find fonts. To force rebuilding of the font cache run
+@code{fc-cache -f}. The @code{fc-cache} command is provided by the
+@code{fontconfig} package.
+
+@subsection Certificats X.509
+
+@cindex @code{nss-certs}
+The @code{nss-certs} package provides X.509 certificates, which allow
+programs to authenticate Web servers accessed over HTTPS.
+
+When using Guix on a foreign distro, you can install this package and define
+the relevant environment variables so that packages know where to look for
+certificates. @xref{Certificats X.509}, for detailed information.
+
+@subsection Emacs Packages
+
+@cindex @code{emacs}
+When you install Emacs packages with Guix, the elisp files may be placed
+either in @file{$HOME/.guix-profile/share/emacs/site-lisp/} or in
+sub-directories of
+@file{$HOME/.guix-profile/share/emacs/site-lisp/guix.d/}. The latter
+directory exists because potentially there may exist thousands of Emacs
+packages and storing all their files in a single directory may not be
+reliable (because of name conflicts). So we think using a separate
+directory for each package is a good idea. It is very similar to how the
+Emacs package system organizes the file structure (@pxref{Package Files,,,
+emacs, The GNU Emacs Manual}).
+
+By default, Emacs (installed with Guix) ``knows'' where these packages are
+placed, so you do not need to perform any configuration. If, for some
+reason, you want to avoid auto-loading Emacs packages installed with Guix,
+you can do so by running Emacs with @code{--no-site-file} option
+(@pxref{Init File,,, emacs, The GNU Emacs Manual}).
+
+@subsection The GCC toolchain
+
+@cindex GCC
+@cindex ld-wrapper
+
+Guix offers individual compiler packages such as @code{gcc} but if you are
+in need of a complete toolchain for compiling and linking source code what
+you really want is the @code{gcc-toolchain} package. This package provides
+a complete GCC toolchain for C/C++ development, including GCC itself, the
+GNU C Library (headers and binaries, plus debugging symbols in the
+@code{debug} output), Binutils, and a linker wrapper.
+
+@cindex attempt to use impure library, error message
+
+The wrapper's purpose is to inspect the @code{-L} and @code{-l} switches
+passed to the linker, add corresponding @code{-rpath} arguments, and invoke
+the actual linker with this new set of arguments. By default, the linker
+wrapper refuses to link to libraries outside the store to ensure
+``purity''. This can be annoying when using the toolchain to link with
+local libraries. To allow references to libraries outside the store you
+need to define the environment variable
+@code{GUIX_LD_WRAPPER_ALLOW_IMPURITIES}.
+
+@c TODO What else?
+
+@c *********************************************************************
+@node Gestion de paquets
+@chapter Gestion de paquets
+
+@cindex packages
+The purpose of GNU Guix is to allow users to easily install, upgrade, and
+remove software packages, without having to know about their build
+procedures or dependencies. Guix also goes beyond this obvious set of
+features.
+
+Ce chapitre décrit les principales fonctionnalités de Guix, ainsi que des
+outils de gestion des paquets qu'il fournit. En plus de l'interface en ligne
+de commande décrite en dessous de (@pxref{Invoquer guix package, @code{guix
+package}}), vous pouvez aussi utiliser l'interface Emacs-Guix (@pxref{Top,,,
+emacs-guix, Le manuel de référence de emacs-guix}), après avoir installé le
+paquet @code{emacs-guix} (lancez la commande @kbd{M-x guix-help} pour le
+démarrer) :
+
+@example
+guix package -i emacs-guix
+@end example
+
+@menu
+* Fonctionnalités:: Comment Guix va rendre votre vie plus heureuse.
+* Invoquer guix package:: Installation, suppression, etc. de paquets.
+* Substituts:: Télécharger des binaire déjà construits.
+* Des paquets avec plusieurs résultats:: Un seul paquet source, plusieurs
+ résultats.
+* Invoquer guix gc:: Lancer le ramasse-miettes.
+* Invoquer guix pull:: Récupérer la dernière version de Guix et de
+ la distribution.
+* Invoquer guix pack:: Créer des lots de logiciels.
+* Invoquer guix archive:: Exporter et importer des fichiers du dépôt.
+@end menu
+
+@node Fonctionnalités
+@section Fonctionnalités
+
+When using Guix, each package ends up in the @dfn{package store}, in its own
+directory---something that resembles @file{/gnu/store/xxx-package-1.2},
+where @code{xxx} is a base32 string.
+
+Instead of referring to these directories, users have their own
+@dfn{profile}, which points to the packages that they actually want to use.
+These profiles are stored within each user's home directory, at
+@code{$HOME/.guix-profile}.
+
+For example, @code{alice} installs GCC 4.7.2. As a result,
+@file{/home/alice/.guix-profile/bin/gcc} points to
+@file{/gnu/store/@dots{}-gcc-4.7.2/bin/gcc}. Now, on the same machine,
+@code{bob} had already installed GCC 4.8.0. The profile of @code{bob}
+simply continues to point to
+@file{/gnu/store/@dots{}-gcc-4.8.0/bin/gcc}---i.e., both versions of GCC
+coexist on the same system without any interference.
+
+The @command{guix package} command is the central tool to manage packages
+(@pxref{Invoquer guix package}). It operates on the per-user profiles, and
+can be used @emph{with normal user privileges}.
+
+@cindex transactions
+The command provides the obvious install, remove, and upgrade operations.
+Each invocation is actually a @emph{transaction}: either the specified
+operation succeeds, or nothing happens. Thus, if the @command{guix package}
+process is terminated during the transaction, or if a power outage occurs
+during the transaction, then the user's profile remains in its previous
+state, and remains usable.
+
+In addition, any package transaction may be @emph{rolled back}. So, if, for
+example, an upgrade installs a new version of a package that turns out to
+have a serious bug, users may roll back to the previous instance of their
+profile, which was known to work well. Similarly, the global system
+configuration on GuixSD is subject to transactional upgrades and roll-back
+(@pxref{Utiliser le système de configuration}).
+
+All packages in the package store may be @emph{garbage-collected}. Guix can
+determine which packages are still referenced by user profiles, and remove
+those that are provably no longer referenced (@pxref{Invoquer guix gc}).
+Users may also explicitly remove old generations of their profile so that
+the packages they refer to can be collected.
+
+@cindex reproducibility
+@cindex reproducible builds
+Finally, Guix takes a @dfn{purely functional} approach to package
+management, as described in the introduction (@pxref{Introduction}). Each
+@file{/gnu/store} package directory name contains a hash of all the inputs
+that were used to build that package---compiler, libraries, build scripts,
+etc. This direct correspondence allows users to make sure a given package
+installation matches the current state of their distribution. It also helps
+maximize @dfn{build reproducibility}: thanks to the isolated build
+environments that are used, a given build is likely to yield bit-identical
+files when performed on different machines (@pxref{Invoquer guix-daemon,
+container}).
+
+@cindex substitutes
+Ce fondement permet à Guix de supporter le @dfn{déploiement transparent de
+binaire ou source}. Lorsqu'une binaire pré-construit pour une entrée de
+@file{/gnu/store} est disponible depuis une source externe (un
+@dfn{substitut}), Guix le télécharge simplement et le décompresse ; sinon,
+il construit le paquet depuis les sources localement
+(@pxref{Substituts}). Comme les résultats des constructions sont
+généralement reproductibles au bit près, si vous n'avez pas besoin de faire
+confiance aux serveurs qui fournissent les substituts : vous pouvez forcer
+une construction locale et @emph{défier} les fournisseurs (@pxref{Invoquer guix challenge}).
+
+Control over the build environment is a feature that is also useful for
+developers. The @command{guix environment} command allows developers of a
+package to quickly set up the right development environment for their
+package, without having to manually install the dependencies of the package
+into their profile (@pxref{Invoquer guix environment}).
+
+@node Invoquer guix package
+@section Invoking @command{guix package}
+
+@cindex installing packages
+@cindex removing packages
+@cindex package installation
+@cindex package removal
+La commande @command{guix package} est l'outil qui permet d'installer,
+mettre à jour et supprimer les paquets ainsi que de revenir à une
+configuration précédente. Elle n'opère que dans le profil de l'utilisateur
+et fonctionne avec les privilèges utilisateurs normaux
+(@pxref{Fonctionnalités}). Sa syntaxe est :
+
+@example
+guix package @var{options}
+@end example
+@cindex transactions
+Primarily, @var{options} specifies the operations to be performed during the
+transaction. Upon completion, a new profile is created, but previous
+@dfn{generations} of the profile remain available, should the user want to
+roll back.
+
+For example, to remove @code{lua} and install @code{guile} and
+@code{guile-cairo} in a single transaction:
+
+@example
+guix package -r lua -i guile guile-cairo
+@end example
+
+@command{guix package} also supports a @dfn{declarative approach} whereby
+the user specifies the exact set of packages to be available and passes it
+@i{via} the @option{--manifest} option (@pxref{profile-manifest,
+@option{--manifest}}).
+
+@cindex profile
+For each user, a symlink to the user's default profile is automatically
+created in @file{$HOME/.guix-profile}. This symlink always points to the
+current generation of the user's default profile. Thus, users can add
+@file{$HOME/.guix-profile/bin} to their @code{PATH} environment variable,
+and so on.
+@cindex search paths
+If you are not using the Guix System Distribution, consider adding the
+following lines to your @file{~/.bash_profile} (@pxref{Bash Startup Files,,,
+bash, The GNU Bash Reference Manual}) so that newly-spawned shells get all
+the right environment variable definitions:
+
+@example
+GUIX_PROFILE="$HOME/.guix-profile" ; \
+source "$HOME/.guix-profile/etc/profile"
+@end example
+
+In a multi-user setup, user profiles are stored in a place registered as a
+@dfn{garbage-collector root}, which @file{$HOME/.guix-profile} points to
+(@pxref{Invoquer guix gc}). That directory is normally
+@code{@var{localstatedir}/guix/profiles/per-user/@var{user}}, where
+@var{localstatedir} is the value passed to @code{configure} as
+@code{--localstatedir}, and @var{user} is the user name. The
+@file{per-user} directory is created when @command{guix-daemon} is started,
+and the @var{user} sub-directory is created by @command{guix package}.
+
+The @var{options} can be among the following:
+
+@table @code
+
+@item --install=@var{package} @dots{}
+@itemx -i @var{package} @dots{}
+Install the specified @var{package}s.
+
+Each @var{package} may specify either a simple package name, such as
+@code{guile}, or a package name followed by an at-sign and version number,
+such as @code{guile@@1.8.8} or simply @code{guile@@1.8} (in the latter case,
+the newest version prefixed by @code{1.8} is selected.)
+
+If no version number is specified, the newest available version will be
+selected. In addition, @var{package} may contain a colon, followed by the
+name of one of the outputs of the package, as in @code{gcc:doc} or
+@code{binutils@@2.22:lib} (@pxref{Des paquets avec plusieurs résultats}).
+Packages with a corresponding name (and optionally version) are searched for
+among the GNU distribution modules (@pxref{Modules de paquets}).
+
+@cindex propagated inputs
+Sometimes packages have @dfn{propagated inputs}: these are dependencies that
+automatically get installed along with the required package
+(@pxref{package-propagated-inputs, @code{propagated-inputs} in
+@code{package} objects}, for information about propagated inputs in package
+definitions).
+
+@anchor{package-cmd-propagated-inputs}
+An example is the GNU MPC library: its C header files refer to those of the
+GNU MPFR library, which in turn refer to those of the GMP library. Thus,
+when installing MPC, the MPFR and GMP libraries also get installed in the
+profile; removing MPC also removes MPFR and GMP---unless they had also been
+explicitly installed by the user.
+
+Besides, packages sometimes rely on the definition of environment variables
+for their search paths (see explanation of @code{--search-paths} below).
+Any missing or possibly incorrect environment variable definitions are
+reported here.
+
+@item --install-from-expression=@var{exp}
+@itemx -e @var{exp}
+Install the package @var{exp} evaluates to.
+
+@var{exp} must be a Scheme expression that evaluates to a @code{<package>}
+object. This option is notably useful to disambiguate between same-named
+variants of a package, with expressions such as @code{(@@ (gnu packages
+base) guile-final)}.
+
+Note that this option installs the first output of the specified package,
+which may be insufficient when needing a specific output of a
+multiple-output package.
+
+@item --install-from-file=@var{file}
+@itemx -f @var{file}
+Install the package that the code within @var{file} evaluates to.
+
+As an example, @var{file} might contain a definition like this
+(@pxref{Définition des paquets}):
+
+@example
+@verbatiminclude package-hello.scm
+@end example
+
+Developers may find it useful to include such a @file{guix.scm} file in the
+root of their project source tree that can be used to test development
+snapshots and create reproducible development environments (@pxref{Invoquer guix environment}).
+
+@item --remove=@var{package} @dots{}
+@itemx -r @var{package} @dots{}
+Remove the specified @var{package}s.
+
+As for @code{--install}, each @var{package} may specify a version number
+and/or output name in addition to the package name. For instance, @code{-r
+glibc:debug} would remove the @code{debug} output of @code{glibc}.
+
+@item --upgrade[=@var{regexp} @dots{}]
+@itemx -u [@var{regexp} @dots{}]
+@cindex upgrading packages
+Upgrade all the installed packages. If one or more @var{regexp}s are
+specified, upgrade only installed packages whose name matches a
+@var{regexp}. Also see the @code{--do-not-upgrade} option below.
+
+Note that this upgrades package to the latest version of packages found in
+the distribution currently installed. To update your distribution, you
+should regularly run @command{guix pull} (@pxref{Invoquer guix pull}).
+
+@item --do-not-upgrade[=@var{regexp} @dots{}]
+When used together with the @code{--upgrade} option, do @emph{not} upgrade
+any packages whose name matches a @var{regexp}. For example, to upgrade all
+packages in the current profile except those containing the substring
+``emacs'':
+
+@example
+$ guix package --upgrade . --do-not-upgrade emacs
+@end example
+
+@item @anchor{profile-manifest}--manifest=@var{file}
+@itemx -m @var{file}
+@cindex profile declaration
+@cindex profile manifest
+Create a new generation of the profile from the manifest object returned by
+the Scheme code in @var{file}.
+
+This allows you to @emph{declare} the profile's contents rather than
+constructing it through a sequence of @code{--install} and similar
+commands. The advantage is that @var{file} can be put under version
+control, copied to different machines to reproduce the same profile, and so
+on.
+
+@c FIXME: Add reference to (guix profile) documentation when available.
+@var{file} must return a @dfn{manifest} object, which is roughly a list of
+packages:
+
+@findex packages->manifest
+@example
+(use-package-modules guile emacs)
+
+(packages->manifest
+ (list emacs
+ guile-2.0
+ ;; Use a specific package output.
+ (list guile-2.0 "debug")))
+@end example
+
+@findex specifications->manifest
+In this example we have to know which modules define the @code{emacs} and
+@code{guile-2.0} variables to provide the right @code{use-package-modules}
+line, which can be cumbersome. We can instead provide regular package
+specifications and let @code{specifications->manifest} look up the
+corresponding package objects, like this:
+
+@example
+(specifications->manifest
+ '("emacs" "guile@@2.2" "guile@@2.2:debug"))
+@end example
+
+@item --roll-back
+@cindex rolling back
+@cindex undoing transactions
+@cindex transactions, undoing
+Roll back to the previous @dfn{generation} of the profile---i.e., undo the
+last transaction.
+
+When combined with options such as @code{--install}, roll back occurs before
+any other actions.
+
+When rolling back from the first generation that actually contains installed
+packages, the profile is made to point to the @dfn{zeroth generation}, which
+contains no files apart from its own metadata.
+
+After having rolled back, installing, removing, or upgrading packages
+overwrites previous future generations. Thus, the history of the
+generations in a profile is always linear.
+
+@item --switch-generation=@var{pattern}
+@itemx -S @var{pattern}
+@cindex generations
+Switch to a particular generation defined by @var{pattern}.
+
+@var{pattern} may be either a generation number or a number prefixed with
+``+'' or ``-''. The latter means: move forward/backward by a specified
+number of generations. For example, if you want to return to the latest
+generation after @code{--roll-back}, use @code{--switch-generation=+1}.
+
+The difference between @code{--roll-back} and @code{--switch-generation=-1}
+is that @code{--switch-generation} will not make a zeroth generation, so if
+a specified generation does not exist, the current generation will not be
+changed.
+
+@item --search-paths[=@var{kind}]
+@cindex search paths
+Report environment variable definitions, in Bash syntax, that may be needed
+in order to use the set of installed packages. These environment variables
+are used to specify @dfn{search paths} for files used by some of the
+installed packages.
+
+For example, GCC needs the @code{CPATH} and @code{LIBRARY_PATH} environment
+variables to be defined so it can look for headers and libraries in the
+user's profile (@pxref{Environment Variables,,, gcc, Using the GNU Compiler
+Collection (GCC)}). If GCC and, say, the C library are installed in the
+profile, then @code{--search-paths} will suggest setting these variables to
+@code{@var{profile}/include} and @code{@var{profile}/lib}, respectively.
+
+The typical use case is to define these environment variables in the shell:
+
+@example
+$ eval `guix package --search-paths`
+@end example
+
+@var{kind} may be one of @code{exact}, @code{prefix}, or @code{suffix},
+meaning that the returned environment variable definitions will either be
+exact settings, or prefixes or suffixes of the current value of these
+variables. When omitted, @var{kind} defaults to @code{exact}.
+
+This option can also be used to compute the @emph{combined} search paths of
+several profiles. Consider this example:
+
+@example
+$ guix package -p foo -i guile
+$ guix package -p bar -i guile-json
+$ guix package -p foo -p bar --search-paths
+@end example
+
+The last command above reports about the @code{GUILE_LOAD_PATH} variable,
+even though, taken individually, neither @file{foo} nor @file{bar} would
+lead to that recommendation.
+
+
+@item --profile=@var{profile}
+@itemx -p @var{profile}
+Use @var{profile} instead of the user's default profile.
+
+@cindex collisions, in a profile
+@cindex colliding packages in profiles
+@cindex profile collisions
+@item --allow-collisions
+Allow colliding packages in the new profile. Use at your own risk!
+
+By default, @command{guix package} reports as an error @dfn{collisions} in
+the profile. Collisions happen when two or more different versions or
+variants of a given package end up in the profile.
+
+@item --verbose
+Produce verbose output. In particular, emit the build log of the
+environment on the standard error port.
+
+@item --bootstrap
+Use the bootstrap Guile to build the profile. This option is only useful to
+distribution developers.
+
+@end table
+
+In addition to these actions, @command{guix package} supports the following
+options to query the current state of a profile, or the availability of
+packages:
+
+@table @option
+
+@item --search=@var{regexp}
+@itemx -s @var{regexp}
+@cindex searching for packages
+List the available packages whose name, synopsis, or description matches
+@var{regexp}, sorted by relevance. Print all the metadata of matching
+packages in @code{recutils} format (@pxref{Top, GNU recutils databases,,
+recutils, GNU recutils manual}).
+
+This allows specific fields to be extracted using the @command{recsel}
+command, for instance:
+
+@example
+$ guix package -s malloc | recsel -p name,version,relevance
+name: jemalloc
+version: 4.5.0
+relevance: 6
+
+name: glibc
+version: 2.25
+relevance: 1
+
+name: libgc
+version: 7.6.0
+relevance: 1
+@end example
+
+Similarly, to show the name of all the packages available under the terms of
+the GNU@tie{}LGPL version 3:
+
+@example
+$ guix package -s "" | recsel -p name -e 'license ~ "LGPL 3"'
+name: elfutils
+
+name: gmp
+@dots{}
+@end example
+
+It is also possible to refine search results using several @code{-s} flags.
+For example, the following command returns a list of board games:
+
+@example
+$ guix package -s '\<board\>' -s game | recsel -p name
+name: gnubg
+@dots{}
+@end example
+
+If we were to omit @code{-s game}, we would also get software packages that
+deal with printed circuit boards; removing the angle brackets around
+@code{board} would further add packages that have to do with keyboards.
+
+And now for a more elaborate example. The following command searches for
+cryptographic libraries, filters out Haskell, Perl, Python, and Ruby
+libraries, and prints the name and synopsis of the matching packages:
+
+@example
+$ guix package -s crypto -s library | \
+ recsel -e '! (name ~ "^(ghc|perl|python|ruby)")' -p name,synopsis
+@end example
+
+@noindent
+@xref{Selection Expressions,,, recutils, GNU recutils manual}, for more
+information on @dfn{selection expressions} for @code{recsel -e}.
+
+@item --show=@var{package}
+Show details about @var{package}, taken from the list of available packages,
+in @code{recutils} format (@pxref{Top, GNU recutils databases,, recutils,
+GNU recutils manual}).
+
+@example
+$ guix package --show=python | recsel -p name,version
+name: python
+version: 2.7.6
+
+name: python
+version: 3.3.5
+@end example
+
+You may also specify the full name of a package to only get details about a
+specific version of it:
+@example
+$ guix package --show=python@@3.4 | recsel -p name,version
+name: python
+version: 3.4.3
+@end example
+
+
+
+@item --list-installed[=@var{regexp}]
+@itemx -I [@var{regexp}]
+List the currently installed packages in the specified profile, with the
+most recently installed packages shown last. When @var{regexp} is
+specified, list only installed packages whose name matches @var{regexp}.
+
+For each installed package, print the following items, separated by tabs:
+the package name, its version string, the part of the package that is
+installed (for instance, @code{out} for the default output, @code{include}
+for its headers, etc.), and the path of this package in the store.
+
+@item --list-available[=@var{regexp}]
+@itemx -A [@var{regexp}]
+Liste les paquets actuellement disponibles dans la distribution pour ce
+système (@pxref{Distribution GNU}). Lorsque @var{regexp} est spécifié, liste
+uniquement les paquets dont le nom correspond à @var{regexp}.
+
+For each package, print the following items separated by tabs: its name, its
+version string, the parts of the package (@pxref{Des paquets avec plusieurs résultats}), and the source location of its definition.
+
+@item --list-generations[=@var{pattern}]
+@itemx -l [@var{pattern}]
+@cindex generations
+Return a list of generations along with their creation dates; for each
+generation, show the installed packages, with the most recently installed
+packages shown last. Note that the zeroth generation is never shown.
+
+For each installed package, print the following items, separated by tabs:
+the name of a package, its version string, the part of the package that is
+installed (@pxref{Des paquets avec plusieurs résultats}), and the location of this
+package in the store.
+
+When @var{pattern} is used, the command returns only matching generations.
+Valid patterns include:
+
+@itemize
+@item @emph{Integers and comma-separated integers}. Both patterns denote
+generation numbers. For instance, @code{--list-generations=1} returns the
+first one.
+
+And @code{--list-generations=1,8,2} outputs three generations in the
+specified order. Neither spaces nor trailing commas are allowed.
+
+@item @emph{Ranges}. @code{--list-generations=2..9} prints the
+specified generations and everything in between. Note that the start of a
+range must be smaller than its end.
+
+It is also possible to omit the endpoint. For example,
+@code{--list-generations=2..}, returns all generations starting from the
+second one.
+
+@item @emph{Durations}. You can also get the last @emph{N}@tie{}days, weeks,
+or months by passing an integer along with the first letter of the
+duration. For example, @code{--list-generations=20d} lists generations that
+are up to 20 days old.
+@end itemize
+
+@item --delete-generations[=@var{pattern}]
+@itemx -d [@var{pattern}]
+When @var{pattern} is omitted, delete all generations except the current
+one.
+
+This command accepts the same patterns as @option{--list-generations}. When
+@var{pattern} is specified, delete the matching generations. When
+@var{pattern} specifies a duration, generations @emph{older} than the
+specified duration match. For instance, @code{--delete-generations=1m}
+deletes generations that are more than one month old.
+
+If the current generation matches, it is @emph{not} deleted. Also, the
+zeroth generation is never deleted.
+
+Note that deleting generations prevents rolling back to them. Consequently,
+this command must be used with care.
+
+@end table
+
+Finally, since @command{guix package} may actually start build processes, it
+supports all the common build options (@pxref{Options de construction communes}). It
+also supports package transformation options, such as @option{--with-source}
+(@pxref{Options de transformation de paquets}). However, note that package
+transformations are lost when upgrading; to preserve transformations across
+upgrades, you should define your own package variant in a Guile module and
+add it to @code{GUIX_PACKAGE_PATH} (@pxref{Définition des paquets}).
+
+@node Substituts
+@section Substituts
+
+@cindex substitutes
+@cindex pre-built binaries
+Guix supports transparent source/binary deployment, which means that it can
+either build things locally, or download pre-built items from a server, or
+both. We call these pre-built items @dfn{substitutes}---they are
+substitutes for local build results. In many cases, downloading a
+substitute is much faster than building things locally.
+
+Substitutes can be anything resulting from a derivation build
+(@pxref{Dérivations}). Of course, in the common case, they are pre-built
+package binaries, but source tarballs, for instance, which also result from
+derivation builds, can be available as substitutes.
+
+@menu
+* Serveur de substituts officiel:: Une source particulière de substituts.
+* Autoriser un serveur de substituts:: Comment activer ou désactiver les
+ substituts.
+* Authentification des substituts:: Coment Guix vérifie les substituts.
+* Paramètres de serveur mandataire:: Comment récupérer des substituts à
+ travers un serveur mandataire.
+* Échec de substitution:: Qu'arrive-t-il quand la substitution échoue.
+* De la confiance en des binaires:: Comment pouvez-vous avoir confiance en
+ un paquet binaire ?
+@end menu
+
+@node Serveur de substituts officiel
+@subsection Serveur de substituts officiel
+
+@cindex hydra
+@cindex build farm
+The @code{mirror.hydra.gnu.org} server is a front-end to an official build
+farm that builds packages from Guix continuously for some architectures, and
+makes them available as substitutes. This is the default source of
+substitutes; it can be overridden by passing the @option{--substitute-urls}
+option either to @command{guix-daemon} (@pxref{daemon-substitute-urls,,
+@code{guix-daemon --substitute-urls}}) or to client tools such as
+@command{guix package} (@pxref{client-substitute-urls,, client
+@option{--substitute-urls} option}).
+
+Substitute URLs can be either HTTP or HTTPS. HTTPS is recommended because
+communications are encrypted; conversely, using HTTP makes all
+communications visible to an eavesdropper, who could use the information
+gathered to determine, for instance, whether your system has unpatched
+security vulnerabilities.
+
+Substitutes from the official build farm are enabled by default when using
+the Guix System Distribution (@pxref{Distribution GNU}). However, they are
+disabled by default when using Guix on a foreign distribution, unless you
+have explicitly enabled them via one of the recommended installation steps
+(@pxref{Installation}). The following paragraphs describe how to enable or
+disable substitutes for the official build farm; the same procedure can also
+be used to enable substitutes for any other substitute server.
+
+@node Autoriser un serveur de substituts
+@subsection Autoriser un serveur de substituts
+
+@cindex security
+@cindex substitutes, authorization thereof
+@cindex access control list (ACL), for substitutes
+@cindex ACL (access control list), for substitutes
+To allow Guix to download substitutes from @code{hydra.gnu.org} or a mirror
+thereof, you must add its public key to the access control list (ACL) of
+archive imports, using the @command{guix archive} command (@pxref{Invoquer guix archive}). Doing so implies that you trust @code{hydra.gnu.org} to not
+be compromised and to serve genuine substitutes.
+
+The public key for @code{hydra.gnu.org} is installed along with Guix, in
+@code{@var{prefix}/share/guix/hydra.gnu.org.pub}, where @var{prefix} is the
+installation prefix of Guix. If you installed Guix from source, make sure
+you checked the GPG signature of @file{guix-@value{VERSION}.tar.gz}, which
+contains this public key file. Then, you can run something like this:
+
+@example
+# guix archive --authorize < @var{prefix}/share/guix/hydra.gnu.org.pub
+@end example
+
+@quotation Note
+Similarly, the @file{berlin.guixsd.org.pub} file contains the public key for
+the project's new build farm, reachable at
+@indicateurl{https://berlin.guixsd.org}.
+
+As of this writing @code{berlin.guixsd.org} is being upgraded so it can
+better scale up, but you might want to give it a try. It is backed by 20
+x86_64/i686 build nodes and may be able to provide substitutes more quickly
+than @code{mirror.hydra.gnu.org}.
+@end quotation
+
+Once this is in place, the output of a command like @code{guix build} should
+change from something like:
+
+@example
+$ guix build emacs --dry-run
+The following derivations would be built:
+ /gnu/store/yr7bnx8xwcayd6j95r2clmkdl1qh688w-emacs-24.3.drv
+ /gnu/store/x8qsh1hlhgjx6cwsjyvybnfv2i37z23w-dbus-1.6.4.tar.gz.drv
+ /gnu/store/1ixwp12fl950d15h2cj11c73733jay0z-alsa-lib-1.0.27.1.tar.bz2.drv
+ /gnu/store/nlma1pw0p603fpfiqy7kn4zm105r5dmw-util-linux-2.21.drv
+@dots{}
+@end example
+
+@noindent
+to something like:
+
+@example
+$ guix build emacs --dry-run
+112.3 MB would be downloaded:
+ /gnu/store/pk3n22lbq6ydamyymqkkz7i69wiwjiwi-emacs-24.3
+ /gnu/store/2ygn4ncnhrpr61rssa6z0d9x22si0va3-libjpeg-8d
+ /gnu/store/71yz6lgx4dazma9dwn2mcjxaah9w77jq-cairo-1.12.16
+ /gnu/store/7zdhgp0n1518lvfn8mb96sxqfmvqrl7v-libxrender-0.9.7
+@dots{}
+@end example
+
+@noindent
+This indicates that substitutes from @code{hydra.gnu.org} are usable and
+will be downloaded, when possible, for future builds.
+
+@cindex substitutes, how to disable
+The substitute mechanism can be disabled globally by running
+@code{guix-daemon} with @code{--no-substitutes} (@pxref{Invoquer guix-daemon}). It can also be disabled temporarily by passing the
+@code{--no-substitutes} option to @command{guix package}, @command{guix
+build}, and other command-line tools.
+
+@node Authentification des substituts
+@subsection Authentification des substituts
+
+@cindex digital signatures
+Guix detects and raises an error when attempting to use a substitute that
+has been tampered with. Likewise, it ignores substitutes that are not
+signed, or that are not signed by one of the keys listed in the ACL.
+
+There is one exception though: if an unauthorized server provides
+substitutes that are @emph{bit-for-bit identical} to those provided by an
+authorized server, then the unauthorized server becomes eligible for
+downloads. For example, assume we have chosen two substitute servers with
+this option:
+
+@example
+--substitute-urls="https://a.example.org https://b.example.org"
+@end example
+
+@noindent
+@cindex reproducible builds
+If the ACL contains only the key for @code{b.example.org}, and if
+@code{a.example.org} happens to serve the @emph{exact same} substitutes,
+then Guix will download substitutes from @code{a.example.org} because it
+comes first in the list and can be considered a mirror of
+@code{b.example.org}. In practice, independent build machines usually
+produce the same binaries, thanks to bit-reproducible builds (see below).
+
+When using HTTPS, the server's X.509 certificate is @emph{not} validated (in
+other words, the server is not authenticated), contrary to what HTTPS
+clients such as Web browsers usually do. This is because Guix authenticates
+substitute information itself, as explained above, which is what we care
+about (whereas X.509 certificates are about authenticating bindings between
+domain names and public keys.)
+
+@node Paramètres de serveur mandataire
+@subsection Paramètres de serveur mandataire
+
+@vindex http_proxy
+Substitutes are downloaded over HTTP or HTTPS. The @code{http_proxy}
+environment variable can be set in the environment of @command{guix-daemon}
+and is honored for downloads of substitutes. Note that the value of
+@code{http_proxy} in the environment where @command{guix build},
+@command{guix package}, and other client commands are run has
+@emph{absolutely no effect}.
+
+@node Échec de substitution
+@subsection Échec de substitution
+
+Even when a substitute for a derivation is available, sometimes the
+substitution attempt will fail. This can happen for a variety of reasons:
+the substitute server might be offline, the substitute may recently have
+been deleted, the connection might have been interrupted, etc.
+
+When substitutes are enabled and a substitute for a derivation is available,
+but the substitution attempt fails, Guix will attempt to build the
+derivation locally depending on whether or not @code{--fallback} was given
+(@pxref{fallback-option,, common build option @code{--fallback}}).
+Specifically, if @code{--fallback} was omitted, then no local build will be
+performed, and the derivation is considered to have failed. However, if
+@code{--fallback} was given, then Guix will attempt to build the derivation
+locally, and the success or failure of the derivation depends on the success
+or failure of the local build. Note that when substitutes are disabled or
+no substitute is available for the derivation in question, a local build
+will @emph{always} be performed, regardless of whether or not
+@code{--fallback} was given.
+
+To get an idea of how many substitutes are available right now, you can try
+running the @command{guix weather} command (@pxref{Invoquer guix weather}).
+This command provides statistics on the substitutes provided by a server.
+
+@node De la confiance en des binaires
+@subsection De la confiance en des binaires
+
+@cindex trust, of pre-built binaries
+Today, each individual's control over their own computing is at the mercy of
+institutions, corporations, and groups with enough power and determination
+to subvert the computing infrastructure and exploit its weaknesses. While
+using @code{hydra.gnu.org} substitutes can be convenient, we encourage users
+to also build on their own, or even run their own build farm, such that
+@code{hydra.gnu.org} is less of an interesting target. One way to help is
+by publishing the software you build using @command{guix publish} so that
+others have one more choice of server to download substitutes from
+(@pxref{Invoquer guix publish}).
+
+Guix has the foundations to maximize build reproducibility
+(@pxref{Fonctionnalités}). In most cases, independent builds of a given package or
+derivation should yield bit-identical results. Thus, through a diverse set
+of independent package builds, we can strengthen the integrity of our
+systems. The @command{guix challenge} command aims to help users assess
+substitute servers, and to assist developers in finding out about
+non-deterministic package builds (@pxref{Invoquer guix challenge}).
+Similarly, the @option{--check} option of @command{guix build} allows users
+to check whether previously-installed substitutes are genuine by rebuilding
+them locally (@pxref{build-check, @command{guix build --check}}).
+
+In the future, we want Guix to have support to publish and retrieve binaries
+to/from other users, in a peer-to-peer fashion. If you would like to
+discuss this project, join us on @email{guix-devel@@gnu.org}.
+
+@node Des paquets avec plusieurs résultats
+@section Des paquets avec plusieurs résultats
+
+@cindex multiple-output packages
+@cindex package outputs
+@cindex outputs
+
+Often, packages defined in Guix have a single @dfn{output}---i.e., the
+source package leads to exactly one directory in the store. When running
+@command{guix package -i glibc}, one installs the default output of the GNU
+libc package; the default output is called @code{out}, but its name can be
+omitted as shown in this command. In this particular case, the default
+output of @code{glibc} contains all the C header files, shared libraries,
+static libraries, Info documentation, and other supporting files.
+
+Sometimes it is more appropriate to separate the various types of files
+produced from a single source package into separate outputs. For instance,
+the GLib C library (used by GTK+ and related packages) installs more than
+20 MiB of reference documentation as HTML pages. To save space for users
+who do not need it, the documentation goes to a separate output, called
+@code{doc}. To install the main GLib output, which contains everything but
+the documentation, one would run:
+
+@example
+guix package -i glib
+@end example
+
+@cindex documentation
+The command to install its documentation is:
+
+@example
+guix package -i glib:doc
+@end example
+
+Some packages install programs with different ``dependency footprints''.
+For instance, the WordNet package installs both command-line tools and
+graphical user interfaces (GUIs). The former depend solely on the C
+library, whereas the latter depend on Tcl/Tk and the underlying X
+libraries. In this case, we leave the command-line tools in the default
+output, whereas the GUIs are in a separate output. This allows users who do
+not need the GUIs to save space. The @command{guix size} command can help
+find out about such situations (@pxref{Invoquer guix size}). @command{guix
+graph} can also be helpful (@pxref{Invoquer guix graph}).
+
+There are several such multiple-output packages in the GNU distribution.
+Other conventional output names include @code{lib} for libraries and
+possibly header files, @code{bin} for stand-alone programs, and @code{debug}
+for debugging information (@pxref{Installer les fichiers de débogage}). The outputs
+of a packages are listed in the third column of the output of @command{guix
+package --list-available} (@pxref{Invoquer guix package}).
+
+
+@node Invoquer guix gc
+@section Invoking @command{guix gc}
+
+@cindex garbage collector
+@cindex disk space
+Packages that are installed, but not used, may be @dfn{garbage-collected}.
+The @command{guix gc} command allows users to explicitly run the garbage
+collector to reclaim space from the @file{/gnu/store} directory. It is the
+@emph{only} way to remove files from @file{/gnu/store}---removing files or
+directories manually may break it beyond repair!
+
+@cindex GC roots
+@cindex garbage collector roots
+The garbage collector has a set of known @dfn{roots}: any file under
+@file{/gnu/store} reachable from a root is considered @dfn{live} and cannot
+be deleted; any other file is considered @dfn{dead} and may be deleted. The
+set of garbage collector roots (``GC roots'' for short) includes default
+user profiles; by default, the symlinks under @file{/var/guix/gcroots}
+represent these GC roots. New GC roots can be added with @command{guix
+build --root}, for example (@pxref{Invoquer guix build}).
+
+Prior to running @code{guix gc --collect-garbage} to make space, it is often
+useful to remove old generations from user profiles; that way, old package
+builds referenced by those generations can be reclaimed. This is achieved
+by running @code{guix package --delete-generations} (@pxref{Invoquer guix package}).
+
+Our recommendation is to run a garbage collection periodically, or when you
+are short on disk space. For instance, to guarantee that at least 5@tie{}GB
+are available on your disk, simply run:
+
+@example
+guix gc -F 5G
+@end example
+
+It is perfectly safe to run as a non-interactive periodic job
+(@pxref{Scheduled Job Execution}, for how to set up such a job on GuixSD).
+Running @command{guix gc} with no arguments will collect as much garbage as
+it can, but that is often inconvenient: you may find yourself having to
+rebuild or re-download software that is ``dead'' from the GC viewpoint but
+that is necessary to build other pieces of software---e.g., the compiler
+tool chain.
+
+The @command{guix gc} command has three modes of operation: it can be used
+to garbage-collect any dead files (the default), to delete specific files
+(the @code{--delete} option), to print garbage-collector information, or for
+more advanced queries. The garbage collection options are as follows:
+
+@table @code
+@item --collect-garbage[=@var{min}]
+@itemx -C [@var{min}]
+Collect garbage---i.e., unreachable @file{/gnu/store} files and
+sub-directories. This is the default operation when no option is specified.
+
+When @var{min} is given, stop once @var{min} bytes have been collected.
+@var{min} may be a number of bytes, or it may include a unit as a suffix,
+such as @code{MiB} for mebibytes and @code{GB} for gigabytes (@pxref{Block
+size, size specifications,, coreutils, GNU Coreutils}).
+
+When @var{min} is omitted, collect all the garbage.
+
+@item --free-space=@var{free}
+@itemx -F @var{free}
+Collect garbage until @var{free} space is available under @file{/gnu/store},
+if possible; @var{free} denotes storage space, such as @code{500MiB}, as
+described above.
+
+When @var{free} or more is already available in @file{/gnu/store}, do
+nothing and exit immediately.
+
+@item --delete
+@itemx -d
+Attempt to delete all the store files and directories specified as
+arguments. This fails if some of the files are not in the store, or if they
+are still live.
+
+@item --list-failures
+List store items corresponding to cached build failures.
+
+This prints nothing unless the daemon was started with
+@option{--cache-failures} (@pxref{Invoquer guix-daemon,
+@option{--cache-failures}}).
+
+@item --clear-failures
+Remove the specified store items from the failed-build cache.
+
+Again, this option only makes sense when the daemon is started with
+@option{--cache-failures}. Otherwise, it does nothing.
+
+@item --list-dead
+Show the list of dead files and directories still present in the
+store---i.e., files and directories no longer reachable from any root.
+
+@item --list-live
+Show the list of live store files and directories.
+
+@end table
+
+In addition, the references among existing store files can be queried:
+
+@table @code
+
+@item --references
+@itemx --referrers
+@cindex package dependencies
+List the references (respectively, the referrers) of store files given as
+arguments.
+
+@item --requisites
+@itemx -R
+@cindex closure
+List the requisites of the store files passed as arguments. Requisites
+include the store files themselves, their references, and the references of
+these, recursively. In other words, the returned list is the
+@dfn{transitive closure} of the store files.
+
+@xref{Invoquer guix size}, for a tool to profile the size of the closure of
+an element. @xref{Invoquer guix graph}, for a tool to visualize the graph
+of references.
+
+@item --derivers
+@cindex derivation
+Return the derivation(s) leading to the given store items
+(@pxref{Dérivations}).
+
+For example, this command:
+
+@example
+guix gc --derivers `guix package -I ^emacs$ | cut -f4`
+@end example
+
+@noindent
+returns the @file{.drv} file(s) leading to the @code{emacs} package
+installed in your profile.
+
+Note that there may be zero matching @file{.drv} files, for instance because
+these files have been garbage-collected. There can also be more than one
+matching @file{.drv} due to fixed-output derivations.
+@end table
+
+Lastly, the following options allow you to check the integrity of the store
+and to control disk usage.
+
+@table @option
+
+@item --verify[=@var{options}]
+@cindex integrity, of the store
+@cindex integrity checking
+Verify the integrity of the store.
+
+By default, make sure that all the store items marked as valid in the
+database of the daemon actually exist in @file{/gnu/store}.
+
+When provided, @var{options} must be a comma-separated list containing one
+or more of @code{contents} and @code{repair}.
+
+When passing @option{--verify=contents}, the daemon computes the content
+hash of each store item and compares it against its hash in the database.
+Hash mismatches are reported as data corruptions. Because it traverses
+@emph{all the files in the store}, this command can take a long time,
+especially on systems with a slow disk drive.
+
+@cindex repairing the store
+@cindex corruption, recovering from
+Utiliser @option{--verify=repair} ou @option{--verify=contents,repair} fait
+que le démon essaie de réparer les objets du dépôt corrompus en récupérant
+leurs substituts (@pxref{Substituts}). Comme la réparation n'est pas
+atomique et donc potentiellement dangereuse, elle n'est disponible que pour
+l'administrateur système. Une alternative plus légère lorsque vous
+connaissez exactement quelle entrée est corrompue consiste à lancer
+@command{guix build --repair} (@pxref{Invoquer guix build}).
+
+@item --optimize
+@cindex deduplication
+Optimize the store by hard-linking identical files---this is
+@dfn{deduplication}.
+
+The daemon performs deduplication after each successful build or archive
+import, unless it was started with @code{--disable-deduplication}
+(@pxref{Invoquer guix-daemon, @code{--disable-deduplication}}). Thus, this
+option is primarily useful when the daemon was running with
+@code{--disable-deduplication}.
+
+@end table
+
+@node Invoquer guix pull
+@section Invoking @command{guix pull}
+
+@cindex upgrading Guix
+@cindex updating Guix
+@cindex @command{guix pull}
+@cindex pull
+Packages are installed or upgraded to the latest version available in the
+distribution currently available on your local machine. To update that
+distribution, along with the Guix tools, you must run @command{guix pull}:
+the command downloads the latest Guix source code and package descriptions,
+and deploys it. Source code is downloaded from a @uref{https://git-scm.com,
+Git} repository.
+
+On completion, @command{guix package} will use packages and package versions
+from this just-retrieved copy of Guix. Not only that, but all the Guix
+commands and Scheme modules will also be taken from that latest version.
+New @command{guix} sub-commands added by the update also become available.
+
+Any user can update their Guix copy using @command{guix pull}, and the
+effect is limited to the user who run @command{guix pull}. For instance,
+when user @code{root} runs @command{guix pull}, this has no effect on the
+version of Guix that user @code{alice} sees, and vice versa@footnote{Under
+the hood, @command{guix pull} updates the @file{~/.config/guix/latest}
+symbolic link to point to the latest Guix, and the @command{guix} command
+loads code from there. Currently, the only way to roll back an invocation
+of @command{guix pull} is to manually update this symlink to point to the
+previous Guix.}.
+
+The @command{guix pull} command is usually invoked with no arguments, but it
+supports the following options:
+
+@table @code
+@item --verbose
+Produce verbose output, writing build logs to the standard error output.
+
+@item --url=@var{url}
+Download Guix from the Git repository at @var{url}.
+
+@vindex GUIX_PULL_URL
+By default, the source is taken from its canonical Git repository at
+@code{gnu.org}, for the stable branch of Guix. To use a different source,
+set the @code{GUIX_PULL_URL} environment variable.
+
+@item --commit=@var{commit}
+Deploy @var{commit}, a valid Git commit ID represented as a hexadecimal
+string.
+
+@item --branch=@var{branch}
+Deploy the tip of @var{branch}, the name of a Git branch available on the
+repository at @var{url}.
+
+@item --bootstrap
+Use the bootstrap Guile to build the latest Guix. This option is only
+useful to Guix developers.
+@end table
+
+In addition, @command{guix pull} supports all the common build options
+(@pxref{Options de construction communes}).
+
+@node Invoquer guix pack
+@section Invoking @command{guix pack}
+
+Occasionally you want to pass software to people who are not (yet!) lucky
+enough to be using Guix. You'd tell them to run @command{guix package -i
+@var{something}}, but that's not possible in this case. This is where
+@command{guix pack} comes in.
+
+@quotation Note
+If you are looking for ways to exchange binaries among machines that already
+run Guix, @pxref{Invoquer guix copy}, @ref{Invoquer guix publish}, and
+@ref{Invoquer guix archive}.
+@end quotation
+
+@cindex pack
+@cindex bundle
+@cindex application bundle
+@cindex software bundle
+The @command{guix pack} command creates a shrink-wrapped @dfn{pack} or
+@dfn{software bundle}: it creates a tarball or some other archive containing
+the binaries of the software you're interested in, and all its
+dependencies. The resulting archive can be used on any machine that does
+not have Guix, and people can run the exact same binaries as those you have
+with Guix. The pack itself is created in a bit-reproducible fashion, so
+anyone can verify that it really contains the build results that you pretend
+to be shipping.
+
+For example, to create a bundle containing Guile, Emacs, Geiser, and all
+their dependencies, you can run:
+
+@example
+$ guix pack guile emacs geiser
+@dots{}
+/gnu/store/@dots{}-pack.tar.gz
+@end example
+
+The result here is a tarball containing a @file{/gnu/store} directory with
+all the relevant packages. The resulting tarball contains a @dfn{profile}
+with the three packages of interest; the profile is the same as would be
+created by @command{guix package -i}. It is this mechanism that is used to
+create Guix's own standalone binary tarball (@pxref{Installation binaire}).
+
+Users of this pack would have to run
+@file{/gnu/store/@dots{}-profile/bin/guile} to run Guile, which you may find
+inconvenient. To work around it, you can create, say, a @file{/opt/gnu/bin}
+symlink to the profile:
+
+@example
+guix pack -S /opt/gnu/bin=bin guile emacs geiser
+@end example
+
+@noindent
+That way, users can happily type @file{/opt/gnu/bin/guile} and enjoy.
+
+Alternatively, you can produce a pack in the Docker image format using the
+following command:
+
+@example
+guix pack -f docker guile emacs geiser
+@end example
+
+@noindent
+The result is a tarball that can be passed to the @command{docker load}
+command. See the
+@uref{https://docs.docker.com/engine/reference/commandline/load/, Docker
+documentation} for more information.
+
+Several command-line options allow you to customize your pack:
+
+@table @code
+@item --format=@var{format}
+@itemx -f @var{format}
+Produce a pack in the given @var{format}.
+
+The available formats are:
+
+@table @code
+@item tarball
+This is the default format. It produces a tarball containing all the
+specified binaries and symlinks.
+
+@item docker
+This produces a tarball that follows the
+@uref{https://github.com/docker/docker/blob/master/image/spec/v1.2.md,
+Docker Image Specification}.
+@end table
+
+@item --expression=@var{expr}
+@itemx -e @var{expr}
+Consider the package @var{expr} evaluates to.
+
+This has the same purpose as the same-named option in @command{guix build}
+(@pxref{Options de construction supplémentaires, @code{--expression} in @command{guix
+build}}).
+
+@item --manifest=@var{file}
+@itemx -m @var{file}
+Use the packages contained in the manifest object returned by the Scheme
+code in @var{file}.
+
+This has a similar purpose as the same-named option in @command{guix
+package} (@pxref{profile-manifest, @option{--manifest}}) and uses the same
+manifest files. It allows you to define a collection of packages once and
+use it both for creating profiles and for creating archives for use on
+machines that do not have Guix installed. Note that you can specify
+@emph{either} a manifest file @emph{or} a list of packages, but not both.
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of the
+system type of the build host.
+
+@item --target=@var{triplet}
+@cindex cross-compilation
+Cross-build for @var{triplet}, which must be a valid GNU triplet, such as
+@code{"mips64el-linux-gnu"} (@pxref{Specifying target triplets, GNU
+configuration triplets,, autoconf, Autoconf}).
+
+@item --compression=@var{tool}
+@itemx -C @var{tool}
+Compress the resulting tarball using @var{tool}---one of @code{gzip},
+@code{bzip2}, @code{xz}, @code{lzip}, or @code{none} for no compression.
+
+@item --symlink=@var{spec}
+@itemx -S @var{spec}
+Add the symlinks specified by @var{spec} to the pack. This option can
+appear several times.
+
+@var{spec} has the form @code{@var{source}=@var{target}}, where @var{source}
+is the symlink that will be created and @var{target} is the symlink target.
+
+For instance, @code{-S /opt/gnu/bin=bin} creates a @file{/opt/gnu/bin}
+symlink pointing to the @file{bin} sub-directory of the profile.
+
+@item --localstatedir
+Include the ``local state directory'', @file{/var/guix}, in the resulting
+pack.
+
+@file{/var/guix} contains the store database (@pxref{Le dépôt}) as well as
+garbage-collector roots (@pxref{Invoquer guix gc}). Providing it in the
+pack means that the store is ``complete'' and manageable by Guix; not
+providing it pack means that the store is ``dead'': items cannot be added to
+it or removed from it after extraction of the pack.
+
+One use case for this is the Guix self-contained binary tarball
+(@pxref{Installation binaire}).
+
+@item --bootstrap
+Use the bootstrap binaries to build the pack. This option is only useful to
+Guix developers.
+@end table
+
+In addition, @command{guix pack} supports all the common build options
+(@pxref{Options de construction communes}) and all the package transformation options
+(@pxref{Options de transformation de paquets}).
+
+
+@node Invoquer guix archive
+@section Invoking @command{guix archive}
+
+@cindex @command{guix archive}
+@cindex archive
+The @command{guix archive} command allows users to @dfn{export} files from
+the store into a single archive, and to later @dfn{import} them on a machine
+that runs Guix. In particular, it allows store files to be transferred from
+one machine to the store on another machine.
+
+@quotation Note
+If you're looking for a way to produce archives in a format suitable for
+tools other than Guix, @pxref{Invoquer guix pack}.
+@end quotation
+
+@cindex exporting store items
+To export store files as an archive to standard output, run:
+
+@example
+guix archive --export @var{options} @var{specifications}...
+@end example
+
+@var{specifications} may be either store file names or package
+specifications, as for @command{guix package} (@pxref{Invoquer guix package}). For instance, the following command creates an archive
+containing the @code{gui} output of the @code{git} package and the main
+output of @code{emacs}:
+
+@example
+guix archive --export git:gui /gnu/store/...-emacs-24.3 > great.nar
+@end example
+
+If the specified packages are not built yet, @command{guix archive}
+automatically builds them. The build process may be controlled with the
+common build options (@pxref{Options de construction communes}).
+
+To transfer the @code{emacs} package to a machine connected over SSH, one
+would run:
+
+@example
+guix archive --export -r emacs | ssh the-machine guix archive --import
+@end example
+
+@noindent
+Similarly, a complete user profile may be transferred from one machine to
+another like this:
+
+@example
+guix archive --export -r $(readlink -f ~/.guix-profile) | \
+ ssh the-machine guix-archive --import
+@end example
+
+@noindent
+However, note that, in both examples, all of @code{emacs} and the profile as
+well as all of their dependencies are transferred (due to @code{-r}),
+regardless of what is already available in the store on the target machine.
+The @code{--missing} option can help figure out which items are missing from
+the target store. The @command{guix copy} command simplifies and optimizes
+this whole process, so this is probably what you should use in this case
+(@pxref{Invoquer guix copy}).
+
+@cindex nar, archive format
+@cindex normalized archive (nar)
+Archives are stored in the ``normalized archive'' or ``nar'' format, which
+is comparable in spirit to `tar', but with differences that make it more
+appropriate for our purposes. First, rather than recording all Unix
+metadata for each file, the nar format only mentions the file type (regular,
+directory, or symbolic link); Unix permissions and owner/group are
+dismissed. Second, the order in which directory entries are stored always
+follows the order of file names according to the C locale collation order.
+This makes archive production fully deterministic.
+
+@c FIXME: Add xref to daemon doc about signatures.
+When exporting, the daemon digitally signs the contents of the archive, and
+that digital signature is appended. When importing, the daemon verifies the
+signature and rejects the import in case of an invalid signature or if the
+signing key is not authorized.
+
+The main options are:
+
+@table @code
+@item --export
+Export the specified store files or packages (see below.) Write the
+resulting archive to the standard output.
+
+Dependencies are @emph{not} included in the output, unless
+@code{--recursive} is passed.
+
+@item -r
+@itemx --recursive
+When combined with @code{--export}, this instructs @command{guix archive} to
+include dependencies of the given items in the archive. Thus, the resulting
+archive is self-contained: it contains the closure of the exported store
+items.
+
+@item --import
+Read an archive from the standard input, and import the files listed therein
+into the store. Abort if the archive has an invalid digital signature, or
+if it is signed by a public key not among the authorized keys (see
+@code{--authorize} below.)
+
+@item --missing
+Read a list of store file names from the standard input, one per line, and
+write on the standard output the subset of these files missing from the
+store.
+
+@item --generate-key[=@var{parameters}]
+@cindex signing, archives
+Generate a new key pair for the daemon. This is a prerequisite before
+archives can be exported with @code{--export}. Note that this operation
+usually takes time, because it needs to gather enough entropy to generate
+the key pair.
+
+The generated key pair is typically stored under @file{/etc/guix}, in
+@file{signing-key.pub} (public key) and @file{signing-key.sec} (private key,
+which must be kept secret.) When @var{parameters} is omitted, an ECDSA key
+using the Ed25519 curve is generated, or, for Libgcrypt versions before
+1.6.0, it is a 4096-bit RSA key. Alternatively, @var{parameters} can
+specify @code{genkey} parameters suitable for Libgcrypt (@pxref{General
+public-key related Functions, @code{gcry_pk_genkey},, gcrypt, The Libgcrypt
+Reference Manual}).
+
+@item --authorize
+@cindex authorizing, archives
+Authorize imports signed by the public key passed on standard input. The
+public key must be in ``s-expression advanced format''---i.e., the same
+format as the @file{signing-key.pub} file.
+
+The list of authorized keys is kept in the human-editable file
+@file{/etc/guix/acl}. The file contains
+@url{http://people.csail.mit.edu/rivest/Sexp.txt, ``advanced-format
+s-expressions''} and is structured as an access-control list in the
+@url{http://theworld.com/~cme/spki.txt, Simple Public-Key Infrastructure
+(SPKI)}.
+
+@item --extract=@var{directory}
+@itemx -x @var{directory}
+Lit une archive à un seul élément telle que servie par un serveur de
+substituts (@pxref{Substituts}) et l'extrait dans @var{directory}. C'est une
+opération de bas niveau requise seulement dans de rares cas d'usage ; voir
+plus loin.
+
+For example, the following command extracts the substitute for Emacs served
+by @code{hydra.gnu.org} to @file{/tmp/emacs}:
+
+@example
+$ wget -O - \
+ https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
+ | bunzip2 | guix archive -x /tmp/emacs
+@end example
+
+Single-item archives are different from multiple-item archives produced by
+@command{guix archive --export}; they contain a single store item, and they
+do @emph{not} embed a signature. Thus this operation does @emph{no}
+signature verification and its output should be considered unsafe.
+
+The primary purpose of this operation is to facilitate inspection of archive
+contents coming from possibly untrusted substitute servers.
+
+@end table
+
+@c *********************************************************************
+@node Interface de programmation
+@chapter Interface de programmation
+
+GNU Guix provides several Scheme programming interfaces (APIs) to define,
+build, and query packages. The first interface allows users to write
+high-level package definitions. These definitions refer to familiar
+packaging concepts, such as the name and version of a package, its build
+system, and its dependencies. These definitions can then be turned into
+concrete build actions.
+
+Build actions are performed by the Guix daemon, on behalf of users. In a
+standard setup, the daemon has write access to the store---the
+@file{/gnu/store} directory---whereas users do not. The recommended setup
+also has the daemon perform builds in chroots, under a specific build users,
+to minimize interference with the rest of the system.
+
+@cindex derivation
+Lower-level APIs are available to interact with the daemon and the store.
+To instruct the daemon to perform a build action, users actually provide it
+with a @dfn{derivation}. A derivation is a low-level representation of the
+build actions to be taken, and the environment in which they should
+occur---derivations are to package definitions what assembly is to C
+programs. The term ``derivation'' comes from the fact that build results
+@emph{derive} from them.
+
+This chapter describes all these APIs in turn, starting from high-level
+package definitions.
+
+@menu
+* Définition des paquets:: Définir de nouveaux paquets.
+* Systèmes de construction:: Spécifier comment construire les paquets.
+* Le dépôt:: Manipuler le dépôt de paquets.
+* Dérivations:: Interface de bas-niveau avec les dérivations
+ de paquets.
+* La monad du dépôt:: Interface purement fonctionnelle avec le
+ dépôt.
+* G-Expressions:: Manipuler les expressions de construction.
+@end menu
+
+@node Définition des paquets
+@section Définition des paquets
+
+The high-level interface to package definitions is implemented in the
+@code{(guix packages)} and @code{(guix build-system)} modules. As an
+example, the package definition, or @dfn{recipe}, for the GNU Hello package
+looks like this:
+
+@example
+(define-module (gnu packages hello)
+ #:use-module (guix packages)
+ #:use-module (guix download)
+ #:use-module (guix build-system gnu)
+ #:use-module (guix licenses)
+ #:use-module (gnu packages gawk))
+
+(define-public hello
+ (package
+ (name "hello")
+ (version "2.10")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/hello/hello-" version
+ ".tar.gz"))
+ (sha256
+ (base32
+ "0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i"))))
+ (build-system gnu-build-system)
+ (arguments '(#:configure-flags '("--enable-silent-rules")))
+ (inputs `(("gawk" ,gawk)))
+ (synopsis "Hello, GNU world: An example GNU package")
+ (description "Guess what GNU Hello prints!")
+ (home-page "http://www.gnu.org/software/hello/")
+ (license gpl3+)))
+@end example
+
+@noindent
+Without being a Scheme expert, the reader may have guessed the meaning of
+the various fields here. This expression binds the variable @code{hello} to
+a @code{<package>} object, which is essentially a record (@pxref{SRFI-9,
+Scheme records,, guile, GNU Guile Reference Manual}). This package object
+can be inspected using procedures found in the @code{(guix packages)}
+module; for instance, @code{(package-name hello)}
+returns---surprise!---@code{"hello"}.
+
+With luck, you may be able to import part or all of the definition of the
+package you are interested in from another repository, using the @code{guix
+import} command (@pxref{Invoquer guix import}).
+
+In the example above, @var{hello} is defined in a module of its own,
+@code{(gnu packages hello)}. Technically, this is not strictly necessary,
+but it is convenient to do so: all the packages defined in modules under
+@code{(gnu packages @dots{})} are automatically known to the command-line
+tools (@pxref{Modules de paquets}).
+
+There are a few points worth noting in the above package definition:
+
+@itemize
+@item
+The @code{source} field of the package is an @code{<origin>} object
+(@pxref{Référence d'origine}, for the complete reference). Here, the
+@code{url-fetch} method from @code{(guix download)} is used, meaning that
+the source is a file to be downloaded over FTP or HTTP.
+
+The @code{mirror://gnu} prefix instructs @code{url-fetch} to use one of the
+GNU mirrors defined in @code{(guix download)}.
+
+The @code{sha256} field specifies the expected SHA256 hash of the file being
+downloaded. It is mandatory, and allows Guix to check the integrity of the
+file. The @code{(base32 @dots{})} form introduces the base32 representation
+of the hash. You can obtain this information with @code{guix download}
+(@pxref{Invoquer guix download}) and @code{guix hash} (@pxref{Invoquer guix hash}).
+
+@cindex patches
+When needed, the @code{origin} form can also have a @code{patches} field
+listing patches to be applied, and a @code{snippet} field giving a Scheme
+expression to modify the source code.
+
+@item
+@cindex GNU Build System
+The @code{build-system} field specifies the procedure to build the package
+(@pxref{Systèmes de construction}). Here, @var{gnu-build-system} represents the
+familiar GNU Build System, where packages may be configured, built, and
+installed with the usual @code{./configure && make && make check && make
+install} command sequence.
+
+@item
+The @code{arguments} field specifies options for the build system
+(@pxref{Systèmes de construction}). Here it is interpreted by @var{gnu-build-system}
+as a request run @file{configure} with the @code{--enable-silent-rules}
+flag.
+
+@cindex quote
+@cindex quoting
+@findex '
+@findex quote
+What about these quote (@code{'}) characters? They are Scheme syntax to
+introduce a literal list; @code{'} is synonymous with @code{quote}.
+@xref{Expression Syntax, quoting,, guile, GNU Guile Reference Manual}, for
+details. Here the value of the @code{arguments} field is a list of
+arguments passed to the build system down the road, as with @code{apply}
+(@pxref{Fly Evaluation, @code{apply},, guile, GNU Guile Reference Manual}).
+
+The hash-colon (@code{#:}) sequence defines a Scheme @dfn{keyword}
+(@pxref{Keywords,,, guile, GNU Guile Reference Manual}), and
+@code{#:configure-flags} is a keyword used to pass a keyword argument to the
+build system (@pxref{Coding With Keywords,,, guile, GNU Guile Reference
+Manual}).
+
+@item
+The @code{inputs} field specifies inputs to the build process---i.e.,
+build-time or run-time dependencies of the package. Here, we define an
+input called @code{"gawk"} whose value is that of the @var{gawk} variable;
+@var{gawk} is itself bound to a @code{<package>} object.
+
+@cindex backquote (quasiquote)
+@findex `
+@findex quasiquote
+@cindex comma (unquote)
+@findex ,
+@findex unquote
+@findex ,@@
+@findex unquote-splicing
+Again, @code{`} (a backquote, synonymous with @code{quasiquote}) allows us
+to introduce a literal list in the @code{inputs} field, while @code{,} (a
+comma, synonymous with @code{unquote}) allows us to insert a value in that
+list (@pxref{Expression Syntax, unquote,, guile, GNU Guile Reference
+Manual}).
+
+Note that GCC, Coreutils, Bash, and other essential tools do not need to be
+specified as inputs here. Instead, @var{gnu-build-system} takes care of
+ensuring that they are present (@pxref{Systèmes de construction}).
+
+However, any other dependencies need to be specified in the @code{inputs}
+field. Any dependency not specified here will simply be unavailable to the
+build process, possibly leading to a build failure.
+@end itemize
+
+@xref{Référence de paquet}, for a full description of possible fields.
+
+Once a package definition is in place, the package may actually be built
+using the @code{guix build} command-line tool (@pxref{Invoquer guix build}),
+troubleshooting any build failures you encounter (@pxref{Débogage des échecs de construction}). You can easily jump back to the package definition using the
+@command{guix edit} command (@pxref{Invoquer guix edit}). @xref{Consignes d'empaquetage}, for more information on how to test package definitions, and
+@ref{Invoquer guix lint}, for information on how to check a definition for
+style conformance.
+@vindex GUIX_PACKAGE_PATH
+Lastly, @pxref{Modules de paquets}, for information on how to extend the
+distribution by adding your own package definitions to
+@code{GUIX_PACKAGE_PATH}.
+
+Finally, updating the package definition to a new upstream version can be
+partly automated by the @command{guix refresh} command (@pxref{Invoquer guix refresh}).
+
+Behind the scenes, a derivation corresponding to the @code{<package>} object
+is first computed by the @code{package-derivation} procedure. That
+derivation is stored in a @code{.drv} file under @file{/gnu/store}. The
+build actions it prescribes may then be realized by using the
+@code{build-derivations} procedure (@pxref{Le dépôt}).
+
+@deffn {Scheme Procedure} package-derivation @var{store} @var{package} [@var{system}]
+Return the @code{<derivation>} object of @var{package} for @var{system}
+(@pxref{Dérivations}).
+
+@var{package} must be a valid @code{<package>} object, and @var{system} must
+be a string denoting the target system type---e.g., @code{"x86_64-linux"}
+for an x86_64 Linux-based GNU system. @var{store} must be a connection to
+the daemon, which operates on the store (@pxref{Le dépôt}).
+@end deffn
+
+@noindent
+@cindex cross-compilation
+Similarly, it is possible to compute a derivation that cross-builds a
+package for some other system:
+
+@deffn {Scheme Procedure} package-cross-derivation @var{store} @
+ @var{package} @var{target} [@var{system}] Return the @code{<derivation>}
+object of @var{package} cross-built from @var{system} to @var{target}.
+
+@var{target} must be a valid GNU triplet denoting the target hardware and
+operating system, such as @code{"mips64el-linux-gnu"} (@pxref{Configuration
+Names, GNU configuration triplets,, configure, GNU Configure and Build
+System}).
+@end deffn
+
+@cindex package transformations
+@cindex input rewriting
+@cindex dependency tree rewriting
+Packages can be manipulated in arbitrary ways. An example of a useful
+transformation is @dfn{input rewriting}, whereby the dependency tree of a
+package is rewritten by replacing specific inputs by others:
+
+@deffn {Scheme Procedure} package-input-rewriting @var{replacements} @
+ [@var{rewrite-name}] Return a procedure that, when passed a package,
+replaces its direct and indirect dependencies (but not its implicit inputs)
+according to @var{replacements}. @var{replacements} is a list of package
+pairs; the first element of each pair is the package to replace, and the
+second one is the replacement.
+
+Optionally, @var{rewrite-name} is a one-argument procedure that takes the
+name of a package and returns its new name after rewrite.
+@end deffn
+
+@noindent
+Consider this example:
+
+@example
+(define libressl-instead-of-openssl
+ ;; This is a procedure to replace OPENSSL by LIBRESSL,
+ ;; recursively.
+ (package-input-rewriting `((,openssl . ,libressl))))
+
+(define git-with-libressl
+ (libressl-instead-of-openssl git))
+@end example
+
+@noindent
+Here we first define a rewriting procedure that replaces @var{openssl} with
+@var{libressl}. Then we use it to define a @dfn{variant} of the @var{git}
+package that uses @var{libressl} instead of @var{openssl}. This is exactly
+what the @option{--with-input} command-line option does (@pxref{Options de transformation de paquets, @option{--with-input}}).
+
+A more generic procedure to rewrite a package dependency graph is
+@code{package-mapping}: it supports arbitrary changes to nodes in the graph.
+
+@deffn {Scheme Procedure} package-mapping @var{proc} [@var{cut?}]
+Return a procedure that, given a package, applies @var{proc} to all the
+packages depended on and returns the resulting package. The procedure stops
+recursion when @var{cut?} returns true for a given package.
+@end deffn
+
+@menu
+* Référence de paquet :: Le type de donnée des paquets.
+* Référence d'origine:: Le type de données d'origine.
+@end menu
+
+
+@node Référence de paquet
+@subsection @code{package} Reference
+
+This section summarizes all the options available in @code{package}
+declarations (@pxref{Définition des paquets}).
+
+@deftp {Data Type} package
+This is the data type representing a package recipe.
+
+@table @asis
+@item @code{name}
+The name of the package, as a string.
+
+@item @code{version}
+The version of the package, as a string.
+
+@item @code{source}
+An object telling how the source code for the package should be acquired.
+Most of the time, this is an @code{origin} object, which denotes a file
+fetched from the Internet (@pxref{Référence d'origine}). It can also be any
+other ``file-like'' object such as a @code{local-file}, which denotes a file
+from the local file system (@pxref{G-Expressions, @code{local-file}}).
+
+@item @code{build-system}
+The build system that should be used to build the package (@pxref{Systèmes de construction}).
+
+@item @code{arguments} (default: @code{'()})
+The arguments that should be passed to the build system. This is a list,
+typically containing sequential keyword-value pairs.
+
+@item @code{inputs} (default: @code{'()})
+@itemx @code{native-inputs} (default: @code{'()})
+@itemx @code{propagated-inputs} (default: @code{'()})
+@cindex inputs, of packages
+These fields list dependencies of the package. Each one is a list of
+tuples, where each tuple has a label for the input (a string) as its first
+element, a package, origin, or derivation as its second element, and
+optionally the name of the output thereof that should be used, which
+defaults to @code{"out"} (@pxref{Des paquets avec plusieurs résultats}, for more
+on package outputs). For example, the list below specifies three inputs:
+
+@example
+`(("libffi" ,libffi)
+ ("libunistring" ,libunistring)
+ ("glib:bin" ,glib "bin")) ;the "bin" output of Glib
+@end example
+
+@cindex cross compilation, package dependencies
+The distinction between @code{native-inputs} and @code{inputs} is necessary
+when considering cross-compilation. When cross-compiling, dependencies
+listed in @code{inputs} are built for the @emph{target} architecture;
+conversely, dependencies listed in @code{native-inputs} are built for the
+architecture of the @emph{build} machine.
+
+@code{native-inputs} is typically used to list tools needed at build time,
+but not at run time, such as Autoconf, Automake, pkg-config, Gettext, or
+Bison. @command{guix lint} can report likely mistakes in this area
+(@pxref{Invoquer guix lint}).
+
+@anchor{package-propagated-inputs}
+Lastly, @code{propagated-inputs} is similar to @code{inputs}, but the
+specified packages will be automatically installed alongside the package
+they belong to (@pxref{package-cmd-propagated-inputs, @command{guix
+package}}, for information on how @command{guix package} deals with
+propagated inputs.)
+
+For example this is necessary when a C/C++ library needs headers of another
+library to compile, or when a pkg-config file refers to another one @i{via}
+its @code{Requires} field.
+
+Another example where @code{propagated-inputs} is useful is for languages
+that lack a facility to record the run-time search path akin to the
+@code{RUNPATH} of ELF files; this includes Guile, Python, Perl, and more.
+To ensure that libraries written in those languages can find library code
+they depend on at run time, run-time dependencies must be listed in
+@code{propagated-inputs} rather than @code{inputs}.
+
+@item @code{self-native-input?} (default: @code{#f})
+This is a Boolean field telling whether the package should use itself as a
+native input when cross-compiling.
+
+@item @code{outputs} (default: @code{'("out")})
+The list of output names of the package. @xref{Des paquets avec plusieurs résultats}, for typical uses of additional outputs.
+
+@item @code{native-search-paths} (default: @code{'()})
+@itemx @code{search-paths} (default: @code{'()})
+A list of @code{search-path-specification} objects describing search-path
+environment variables honored by the package.
+
+@item @code{replacement} (default: @code{#f})
+This must be either @code{#f} or a package object that will be used as a
+@dfn{replacement} for this package. @xref{Mises à jour de sécurité, grafts}, for
+details.
+
+@item @code{synopsis}
+A one-line description of the package.
+
+@item @code{description}
+A more elaborate description of the package.
+
+@item @code{license}
+@cindex license, of packages
+The license of the package; a value from @code{(guix licenses)}, or a list
+of such values.
+
+@item @code{home-page}
+The URL to the home-page of the package, as a string.
+
+@item @code{supported-systems} (default: @var{%supported-systems})
+The list of systems supported by the package, as strings of the form
+@code{architecture-kernel}, for example @code{"x86_64-linux"}.
+
+@item @code{maintainers} (default: @code{'()})
+The list of maintainers of the package, as @code{maintainer} objects.
+
+@item @code{location} (default: source location of the @code{package} form)
+The source location of the package. It is useful to override this when
+inheriting from another package, in which case this field is not
+automatically corrected.
+@end table
+@end deftp
+
+
+@node Référence d'origine
+@subsection @code{origin} Reference
+
+This section summarizes all the options available in @code{origin}
+declarations (@pxref{Définition des paquets}).
+
+@deftp {Data Type} origin
+This is the data type representing a source code origin.
+
+@table @asis
+@item @code{uri}
+An object containing the URI of the source. The object type depends on the
+@code{method} (see below). For example, when using the @var{url-fetch}
+method of @code{(guix download)}, the valid @code{uri} values are: a URL
+represented as a string, or a list thereof.
+
+@item @code{method}
+A procedure that handles the URI.
+
+Examples include:
+
+@table @asis
+@item @var{url-fetch} from @code{(guix download)}
+download a file from the HTTP, HTTPS, or FTP URL specified in the @code{uri}
+field;
+
+@vindex git-fetch
+@item @var{git-fetch} from @code{(guix git-download)}
+clone the Git version control repository, and check out the revision
+specified in the @code{uri} field as a @code{git-reference} object; a
+@code{git-reference} looks like this:
+
+@example
+(git-reference
+ (url "git://git.debian.org/git/pkg-shadow/shadow")
+ (commit "v4.1.5.1"))
+@end example
+@end table
+
+@item @code{sha256}
+A bytevector containing the SHA-256 hash of the source. Typically the
+@code{base32} form is used here to generate the bytevector from a base-32
+string.
+
+You can obtain this information using @code{guix download} (@pxref{Invoquer guix download}) or @code{guix hash} (@pxref{Invoquer guix hash}).
+
+@item @code{file-name} (default: @code{#f})
+The file name under which the source code should be saved. When this is
+@code{#f}, a sensible default value will be used in most cases. In case the
+source is fetched from a URL, the file name from the URL will be used. For
+version control checkouts, it is recommended to provide the file name
+explicitly because the default is not very descriptive.
+
+@item @code{patches} (default: @code{'()})
+A list of file names, origins, or file-like objects (@pxref{G-Expressions,
+file-like objects}) pointing to patches to be applied to the source.
+
+This list of patches must be unconditional. In particular, it cannot depend
+on the value of @code{%current-system} or @code{%current-target-system}.
+
+@item @code{snippet} (default: @code{#f})
+A G-expression (@pxref{G-Expressions}) or S-expression that will be run in
+the source directory. This is a convenient way to modify the source,
+sometimes more convenient than a patch.
+
+@item @code{patch-flags} (default: @code{'("-p1")})
+A list of command-line flags that should be passed to the @code{patch}
+command.
+
+@item @code{patch-inputs} (default: @code{#f})
+Input packages or derivations to the patching process. When this is
+@code{#f}, the usual set of inputs necessary for patching are provided, such
+as GNU@tie{}Patch.
+
+@item @code{modules} (default: @code{'()})
+A list of Guile modules that should be loaded during the patching process
+and while running the code in the @code{snippet} field.
+
+@item @code{patch-guile} (default: @code{#f})
+The Guile package that should be used in the patching process. When this is
+@code{#f}, a sensible default is used.
+@end table
+@end deftp
+
+
+@node Systèmes de construction
+@section Systèmes de construction
+
+@cindex build system
+Each package definition specifies a @dfn{build system} and arguments for
+that build system (@pxref{Définition des paquets}). This @code{build-system}
+field represents the build procedure of the package, as well as implicit
+dependencies of that build procedure.
+
+Build systems are @code{<build-system>} objects. The interface to create
+and manipulate them is provided by the @code{(guix build-system)} module,
+and actual build systems are exported by specific modules.
+
+@cindex bag (low-level package representation)
+Under the hood, build systems first compile package objects to @dfn{bags}.
+A @dfn{bag} is like a package, but with less ornamentation---in other words,
+a bag is a lower-level representation of a package, which includes all the
+inputs of that package, including some that were implicitly added by the
+build system. This intermediate representation is then compiled to a
+derivation (@pxref{Dérivations}).
+
+Build systems accept an optional list of @dfn{arguments}. In package
+definitions, these are passed @i{via} the @code{arguments} field
+(@pxref{Définition des paquets}). They are typically keyword arguments
+(@pxref{Optional Arguments, keyword arguments in Guile,, guile, GNU Guile
+Reference Manual}). The value of these arguments is usually evaluated in
+the @dfn{build stratum}---i.e., by a Guile process launched by the daemon
+(@pxref{Dérivations}).
+
+The main build system is @var{gnu-build-system}, which implements the
+standard build procedure for GNU and many other packages. It is provided by
+the @code{(guix build-system gnu)} module.
+
+@defvr {Scheme Variable} gnu-build-system
+@var{gnu-build-system} represents the GNU Build System, and variants thereof
+(@pxref{Configuration, configuration and makefile conventions,, standards,
+GNU Coding Standards}).
+
+@cindex build phases
+In a nutshell, packages using it are configured, built, and installed with
+the usual @code{./configure && make && make check && make install} command
+sequence. In practice, a few additional steps are often needed. All these
+steps are split up in separate @dfn{phases}, notably@footnote{Please see the
+@code{(guix build gnu-build-system)} modules for more details about the
+build phases.}:
+
+@table @code
+@item unpack
+Unpack the source tarball, and change the current directory to the extracted
+source tree. If the source is actually a directory, copy it to the build
+tree, and enter that directory.
+
+@item patch-source-shebangs
+Patch shebangs encountered in source files so they refer to the right store
+file names. For instance, this changes @code{#!/bin/sh} to
+@code{#!/gnu/store/@dots{}-bash-4.3/bin/sh}.
+
+@item configure
+Run the @file{configure} script with a number of default options, such as
+@code{--prefix=/gnu/store/@dots{}}, as well as the options specified by the
+@code{#:configure-flags} argument.
+
+@item build
+Run @code{make} with the list of flags specified with @code{#:make-flags}.
+If the @code{#:parallel-build?} argument is true (the default), build with
+@code{make -j}.
+
+@item check
+Run @code{make check}, or some other target specified with
+@code{#:test-target}, unless @code{#:tests? #f} is passed. If the
+@code{#:parallel-tests?} argument is true (the default), run @code{make
+check -j}.
+
+@item install
+Run @code{make install} with the flags listed in @code{#:make-flags}.
+
+@item patch-shebangs
+Patch shebangs on the installed executable files.
+
+@item strip
+Strip debugging symbols from ELF files (unless @code{#:strip-binaries?} is
+false), copying them to the @code{debug} output when available
+(@pxref{Installer les fichiers de débogage}).
+@end table
+
+@vindex %standard-phases
+The build-side module @code{(guix build gnu-build-system)} defines
+@var{%standard-phases} as the default list of build phases.
+@var{%standard-phases} is a list of symbol/procedure pairs, where the
+procedure implements the actual phase.
+
+The list of phases used for a particular package can be changed with the
+@code{#:phases} parameter. For instance, passing:
+
+@example
+#:phases (modify-phases %standard-phases (delete 'configure))
+@end example
+
+means that all the phases described above will be used, except the
+@code{configure} phase.
+
+In addition, this build system ensures that the ``standard'' environment for
+GNU packages is available. This includes tools such as GCC, libc,
+Coreutils, Bash, Make, Diffutils, grep, and sed (see the @code{(guix
+build-system gnu)} module for a complete list). We call these the
+@dfn{implicit inputs} of a package, because package definitions do not have
+to mention them.
+@end defvr
+
+Other @code{<build-system>} objects are defined to support other conventions
+and tools used by free software packages. They inherit most of
+@var{gnu-build-system}, and differ mainly in the set of inputs implicitly
+added to the build process, and in the list of phases executed. Some of
+these build systems are listed below.
+
+@defvr {Scheme Variable} ant-build-system
+This variable is exported by @code{(guix build-system ant)}. It implements
+the build procedure for Java packages that can be built with
+@url{http://ant.apache.org/, Ant build tool}.
+
+It adds both @code{ant} and the @dfn{Java Development Kit} (JDK) as provided
+by the @code{icedtea} package to the set of inputs. Different packages can
+be specified with the @code{#:ant} and @code{#:jdk} parameters,
+respectively.
+
+When the original package does not provide a suitable Ant build file, the
+parameter @code{#:jar-name} can be used to generate a minimal Ant build file
+@file{build.xml} with tasks to build the specified jar archive. In this
+case the parameter @code{#:source-dir} can be used to specify the source
+sub-directory, defaulting to ``src''.
+
+The @code{#:main-class} parameter can be used with the minimal ant buildfile
+to specify the main class of the resulting jar. This makes the jar file
+executable. The @code{#:test-include} parameter can be used to specify the
+list of junit tests to run. It defaults to @code{(list "**/*Test.java")}.
+The @code{#:test-exclude} can be used to disable some tests. It defaults to
+@code{(list "**/Abstract*.java")}, because abstract classes cannot be run as
+tests.
+
+The parameter @code{#:build-target} can be used to specify the Ant task that
+should be run during the @code{build} phase. By default the ``jar'' task
+will be run.
+
+@end defvr
+
+@defvr {Scheme Variable} asdf-build-system/source
+@defvrx {Scheme Variable} asdf-build-system/sbcl
+@defvrx {Scheme Variable} asdf-build-system/ecl
+
+These variables, exported by @code{(guix build-system asdf)}, implement
+build procedures for Common Lisp packages using
+@url{https://common-lisp.net/project/asdf/, ``ASDF''}. ASDF is a system
+definition facility for Common Lisp programs and libraries.
+
+The @code{asdf-build-system/source} system installs the packages in source
+form, and can be loaded using any common lisp implementation, via ASDF. The
+others, such as @code{asdf-build-system/sbcl}, install binary systems in the
+format which a particular implementation understands. These build systems
+can also be used to produce executable programs, or lisp images which
+contain a set of packages pre-loaded.
+
+The build system uses naming conventions. For binary packages, the package
+name should be prefixed with the lisp implementation, such as @code{sbcl-}
+for @code{asdf-build-system/sbcl}.
+
+Additionally, the corresponding source package should be labeled using the
+same convention as python packages (see @ref{Modules python}), using the
+@code{cl-} prefix.
+
+For binary packages, each system should be defined as a Guix package. If
+one package @code{origin} contains several systems, package variants can be
+created in order to build all the systems. Source packages, which use
+@code{asdf-build-system/source}, may contain several systems.
+
+In order to create executable programs and images, the build-side procedures
+@code{build-program} and @code{build-image} can be used. They should be
+called in a build phase after the @code{create-symlinks} phase, so that the
+system which was just built can be used within the resulting image.
+@code{build-program} requires a list of Common Lisp expressions to be passed
+as the @code{#:entry-program} argument.
+
+If the system is not defined within its own @code{.asd} file of the same
+name, then the @code{#:asd-file} parameter should be used to specify which
+file the system is defined in. Furthermore, if the package defines a system
+for its tests in a separate file, it will be loaded before the tests are run
+if it is specified by the @code{#:test-asd-file} parameter. If it is not
+set, the files @code{<system>-tests.asd}, @code{<system>-test.asd},
+@code{tests.asd}, and @code{test.asd} will be tried if they exist.
+
+If for some reason the package must be named in a different way than the
+naming conventions suggest, the @code{#:asd-system-name} parameter can be
+used to specify the name of the system.
+
+@end defvr
+
+@defvr {Scheme Variable} cargo-build-system
+@cindex Rust programming language
+@cindex Cargo (Rust build system)
+This variable is exported by @code{(guix build-system cargo)}. It supports
+builds of packages using Cargo, the build tool of the
+@uref{https://www.rust-lang.org, Rust programming language}.
+
+In its @code{configure} phase, this build system replaces dependencies
+specified in the @file{Carto.toml} file with inputs to the Guix package.
+The @code{install} phase installs the binaries, and it also installs the
+source code and @file{Cargo.toml} file.
+@end defvr
+
+@defvr {Scheme Variable} cmake-build-system
+This variable is exported by @code{(guix build-system cmake)}. It
+implements the build procedure for packages using the
+@url{http://www.cmake.org, CMake build tool}.
+
+It automatically adds the @code{cmake} package to the set of inputs. Which
+package is used can be specified with the @code{#:cmake} parameter.
+
+The @code{#:configure-flags} parameter is taken as a list of flags passed to
+the @command{cmake} command. The @code{#:build-type} parameter specifies in
+abstract terms the flags passed to the compiler; it defaults to
+@code{"RelWithDebInfo"} (short for ``release mode with debugging
+information''), which roughly means that code is compiled with @code{-O2
+-g}, as is the case for Autoconf-based packages by default.
+@end defvr
+
+@defvr {Scheme Variable} go-build-system
+This variable is exported by @code{(guix build-system go)}. It implements a
+build procedure for Go packages using the standard
+@url{https://golang.org/cmd/go/#hdr-Compile_packages_and_dependencies, Go
+build mechanisms}.
+
+The user is expected to provide a value for the key @code{#:import-path}
+and, in some cases, @code{#:unpack-path}. The
+@url{https://golang.org/doc/code.html#ImportPaths, import path} corresponds
+to the file system path expected by the package's build scripts and any
+referring packages, and provides a unique way to refer to a Go package. It
+is typically based on a combination of the package source code's remote URI
+and file system hierarchy structure. In some cases, you will need to unpack
+the package's source code to a different directory structure than the one
+indicated by the import path, and @code{#:unpack-path} should be used in
+such cases.
+
+Packages that provide Go libraries should be installed along with their
+source code. The key @code{#:install-source?}, which defaults to @code{#t},
+controls whether or not the source code is installed. It can be set to
+@code{#f} for packages that only provide executable files.
+@end defvr
+
+@defvr {Scheme Variable} glib-or-gtk-build-system
+This variable is exported by @code{(guix build-system glib-or-gtk)}. It is
+intended for use with packages making use of GLib or GTK+.
+
+This build system adds the following two phases to the ones defined by
+@var{gnu-build-system}:
+
+@table @code
+@item glib-or-gtk-wrap
+The phase @code{glib-or-gtk-wrap} ensures that programs in @file{bin/} are
+able to find GLib ``schemas'' and
+@uref{https://developer.gnome.org/gtk3/stable/gtk-running.html, GTK+
+modules}. This is achieved by wrapping the programs in launch scripts that
+appropriately set the @code{XDG_DATA_DIRS} and @code{GTK_PATH} environment
+variables.
+
+It is possible to exclude specific package outputs from that wrapping
+process by listing their names in the
+@code{#:glib-or-gtk-wrap-excluded-outputs} parameter. This is useful when
+an output is known not to contain any GLib or GTK+ binaries, and where
+wrapping would gratuitously add a dependency of that output on GLib and
+GTK+.
+
+@item glib-or-gtk-compile-schemas
+The phase @code{glib-or-gtk-compile-schemas} makes sure that all
+@uref{https://developer.gnome.org/gio/stable/glib-compile-schemas.html,
+GSettings schemas} of GLib are compiled. Compilation is performed by the
+@command{glib-compile-schemas} program. It is provided by the package
+@code{glib:bin} which is automatically imported by the build system. The
+@code{glib} package providing @command{glib-compile-schemas} can be
+specified with the @code{#:glib} parameter.
+@end table
+
+Both phases are executed after the @code{install} phase.
+@end defvr
+
+@defvr {Scheme Variable} minify-build-system
+This variable is exported by @code{(guix build-system minify)}. It
+implements a minification procedure for simple JavaScript packages.
+
+It adds @code{uglify-js} to the set of inputs and uses it to compress all
+JavaScript files in the @file{src} directory. A different minifier package
+can be specified with the @code{#:uglify-js} parameter, but it is expected
+that the package writes the minified code to the standard output.
+
+When the input JavaScript files are not all located in the @file{src}
+directory, the parameter @code{#:javascript-files} can be used to specify a
+list of file names to feed to the minifier.
+@end defvr
+
+@defvr {Scheme Variable} ocaml-build-system
+This variable is exported by @code{(guix build-system ocaml)}. It
+implements a build procedure for @uref{https://ocaml.org, OCaml} packages,
+which consists of choosing the correct set of commands to run for each
+package. OCaml packages can expect many different commands to be run. This
+build system will try some of them.
+
+When the package has a @file{setup.ml} file present at the top-level, it
+will run @code{ocaml setup.ml -configure}, @code{ocaml setup.ml -build} and
+@code{ocaml setup.ml -install}. The build system will assume that this file
+was generated by @uref{http://oasis.forge.ocamlcore.org/, OASIS} and will
+take care of setting the prefix and enabling tests if they are not
+disabled. You can pass configure and build flags with the
+@code{#:configure-flags} and @code{#:build-flags}. The @code{#:test-flags}
+key can be passed to change the set of flags used to enable tests. The
+@code{#:use-make?} key can be used to bypass this system in the build and
+install phases.
+
+When the package has a @file{configure} file, it is assumed that it is a
+hand-made configure script that requires a different argument format than in
+the @code{gnu-build-system}. You can add more flags with the
+@code{#:configure-flags} key.
+
+When the package has a @file{Makefile} file (or @code{#:use-make?} is
+@code{#t}), it will be used and more flags can be passed to the build and
+install phases with the @code{#:make-flags} key.
+
+Finally, some packages do not have these files and use a somewhat standard
+location for its build system. In that case, the build system will run
+@code{ocaml pkg/pkg.ml} or @code{ocaml pkg/build.ml} and take care of
+providing the path to the required findlib module. Additional flags can be
+passed via the @code{#:build-flags} key. Install is taken care of by
+@command{opam-installer}. In this case, the @code{opam} package must be
+added to the @code{native-inputs} field of the package definition.
+
+Note that most OCaml packages assume they will be installed in the same
+directory as OCaml, which is not what we want in guix. In particular, they
+will install @file{.so} files in their module's directory, which is usually
+fine because it is in the OCaml compiler directory. In guix though, these
+libraries cannot be found and we use @code{CAML_LD_LIBRARY_PATH}. This
+variable points to @file{lib/ocaml/site-lib/stubslibs} and this is where
+@file{.so} libraries should be installed.
+@end defvr
+
+@defvr {Scheme Variable} python-build-system
+This variable is exported by @code{(guix build-system python)}. It
+implements the more or less standard build procedure used by Python
+packages, which consists in running @code{python setup.py build} and then
+@code{python setup.py install --prefix=/gnu/store/@dots{}}.
+
+For packages that install stand-alone Python programs under @code{bin/}, it
+takes care of wrapping these programs so that their @code{PYTHONPATH}
+environment variable points to all the Python libraries they depend on.
+
+Which Python package is used to perform the build can be specified with the
+@code{#:python} parameter. This is a useful way to force a package to be
+built for a specific version of the Python interpreter, which might be
+necessary if the package is only compatible with a single interpreter
+version.
+
+By default guix calls @code{setup.py} under control of @code{setuptools},
+much like @command{pip} does. Some packages are not compatible with
+setuptools (and pip), thus you can disable this by setting the
+@code{#:use-setuptools} parameter to @code{#f}.
+@end defvr
+
+@defvr {Scheme Variable} perl-build-system
+This variable is exported by @code{(guix build-system perl)}. It implements
+the standard build procedure for Perl packages, which either consists in
+running @code{perl Build.PL --prefix=/gnu/store/@dots{}}, followed by
+@code{Build} and @code{Build install}; or in running @code{perl Makefile.PL
+PREFIX=/gnu/store/@dots{}}, followed by @code{make} and @code{make install},
+depending on which of @code{Build.PL} or @code{Makefile.PL} is present in
+the package distribution. Preference is given to the former if both
+@code{Build.PL} and @code{Makefile.PL} exist in the package distribution.
+This preference can be reversed by specifying @code{#t} for the
+@code{#:make-maker?} parameter.
+
+The initial @code{perl Makefile.PL} or @code{perl Build.PL} invocation
+passes flags specified by the @code{#:make-maker-flags} or
+@code{#:module-build-flags} parameter, respectively.
+
+Which Perl package is used can be specified with @code{#:perl}.
+@end defvr
+
+@defvr {Scheme Variable} r-build-system
+This variable is exported by @code{(guix build-system r)}. It implements
+the build procedure used by @uref{http://r-project.org, R} packages, which
+essentially is little more than running @code{R CMD INSTALL
+--library=/gnu/store/@dots{}} in an environment where @code{R_LIBS_SITE}
+contains the paths to all R package inputs. Tests are run after
+installation using the R function @code{tools::testInstalledPackage}.
+@end defvr
+
+@defvr {Scheme Variable} texlive-build-system
+This variable is exported by @code{(guix build-system texlive)}. It is used
+to build TeX packages in batch mode with a specified engine. The build
+system sets the @code{TEXINPUTS} variable to find all TeX source files in
+the inputs.
+
+By default it runs @code{luatex} on all files ending on @code{ins}. A
+different engine and format can be specified with the @code{#:tex-format}
+argument. Different build targets can be specified with the
+@code{#:build-targets} argument, which expects a list of file names. The
+build system adds only @code{texlive-bin} and @code{texlive-latex-base}
+(both from @code{(gnu packages tex}) to the inputs. Both can be overridden
+with the arguments @code{#:texlive-bin} and @code{#:texlive-latex-base},
+respectively.
+
+The @code{#:tex-directory} parameter tells the build system where to install
+the built files under the texmf tree.
+@end defvr
+
+@defvr {Scheme Variable} ruby-build-system
+This variable is exported by @code{(guix build-system ruby)}. It implements
+the RubyGems build procedure used by Ruby packages, which involves running
+@code{gem build} followed by @code{gem install}.
+
+The @code{source} field of a package that uses this build system typically
+references a gem archive, since this is the format that Ruby developers use
+when releasing their software. The build system unpacks the gem archive,
+potentially patches the source, runs the test suite, repackages the gem, and
+installs it. Additionally, directories and tarballs may be referenced to
+allow building unreleased gems from Git or a traditional source release
+tarball.
+
+Which Ruby package is used can be specified with the @code{#:ruby}
+parameter. A list of additional flags to be passed to the @command{gem}
+command can be specified with the @code{#:gem-flags} parameter.
+@end defvr
+
+@defvr {Scheme Variable} waf-build-system
+This variable is exported by @code{(guix build-system waf)}. It implements
+a build procedure around the @code{waf} script. The common
+phases---@code{configure}, @code{build}, and @code{install}---are
+implemented by passing their names as arguments to the @code{waf} script.
+
+The @code{waf} script is executed by the Python interpreter. Which Python
+package is used to run the script can be specified with the @code{#:python}
+parameter.
+@end defvr
+
+@defvr {Scheme Variable} scons-build-system
+This variable is exported by @code{(guix build-system scons)}. It
+implements the build procedure used by the SCons software construction
+tool. This build system runs @code{scons} to build the package, @code{scons
+test} to run tests, and then @code{scons install} to install the package.
+
+Additional flags to be passed to @code{scons} can be specified with the
+@code{#:scons-flags} parameter. The version of Python used to run SCons can
+be specified by selecting the appropriate SCons package with the
+@code{#:scons} parameter.
+@end defvr
+
+@defvr {Scheme Variable} haskell-build-system
+This variable is exported by @code{(guix build-system haskell)}. It
+implements the Cabal build procedure used by Haskell packages, which
+involves running @code{runhaskell Setup.hs configure
+--prefix=/gnu/store/@dots{}} and @code{runhaskell Setup.hs build}. Instead
+of installing the package by running @code{runhaskell Setup.hs install}, to
+avoid trying to register libraries in the read-only compiler store
+directory, the build system uses @code{runhaskell Setup.hs copy}, followed
+by @code{runhaskell Setup.hs register}. In addition, the build system
+generates the package documentation by running @code{runhaskell Setup.hs
+haddock}, unless @code{#:haddock? #f} is passed. Optional Haddock
+parameters can be passed with the help of the @code{#:haddock-flags}
+parameter. If the file @code{Setup.hs} is not found, the build system looks
+for @code{Setup.lhs} instead.
+
+Which Haskell compiler is used can be specified with the @code{#:haskell}
+parameter which defaults to @code{ghc}.
+@end defvr
+
+@defvr {Scheme Variable} dub-build-system
+This variable is exported by @code{(guix build-system dub)}. It implements
+the Dub build procedure used by D packages, which involves running @code{dub
+build} and @code{dub run}. Installation is done by copying the files
+manually.
+
+Which D compiler is used can be specified with the @code{#:ldc} parameter
+which defaults to @code{ldc}.
+@end defvr
+
+@defvr {Scheme Variable} emacs-build-system
+This variable is exported by @code{(guix build-system emacs)}. It
+implements an installation procedure similar to the packaging system of
+Emacs itself (@pxref{Packages,,, emacs, The GNU Emacs Manual}).
+
+It first creates the @code{@var{package}-autoloads.el} file, then it byte
+compiles all Emacs Lisp files. Differently from the Emacs packaging system,
+the Info documentation files are moved to the standard documentation
+directory and the @file{dir} file is deleted. Each package is installed in
+its own directory under @file{share/emacs/site-lisp/guix.d}.
+@end defvr
+
+@defvr {Scheme Variable} font-build-system
+This variable is exported by @code{(guix build-system font)}. It implements
+an installation procedure for font packages where upstream provides
+pre-compiled TrueType, OpenType, etc. font files that merely need to be
+copied into place. It copies font files to standard locations in the output
+directory.
+@end defvr
+
+@defvr {Scheme Variable} meson-build-system
+This variable is exported by @code{(guix build-system meson)}. It
+implements the build procedure for packages that use
+@url{http://mesonbuild.com, Meson} as their build system.
+
+It adds both Meson and @uref{https://ninja-build.org/, Ninja} to the set of
+inputs, and they can be changed with the parameters @code{#:meson} and
+@code{#:ninja} if needed. The default Meson is @code{meson-for-build},
+which is special because it doesn't clear the @code{RUNPATH} of binaries and
+libraries when they are installed.
+
+This build system is an extension of @var{gnu-build-system}, but with the
+following phases changed to some specific for Meson:
+
+@table @code
+
+@item configure
+The phase runs @code{meson} with the flags specified in
+@code{#:configure-flags}. The flag @code{--build-type} is always set to
+@code{plain} unless something else is specified in @code{#:build-type}.
+
+@item build
+The phase runs @code{ninja} to build the package in parallel by default, but
+this can be changed with @code{#:parallel-build?}.
+
+@item check
+The phase runs @code{ninja} with the target specified in
+@code{#:test-target}, which is @code{"test"} by default.
+
+@item install
+The phase runs @code{ninja install} and can not be changed.
+@end table
+
+Apart from that, the build system also adds the following phases:
+
+@table @code
+
+@item fix-runpath
+This phase ensures that all binaries can find the libraries they need. It
+searches for required libraries in subdirectories of the package being
+built, and adds those to @code{RUNPATH} where needed. It also removes
+references to libraries left over from the build phase by
+@code{meson-for-build}, such as test dependencies, that aren't actually
+required for the program to run.
+
+@item glib-or-gtk-wrap
+This phase is the phase provided by @code{glib-or-gtk-build-system}, and it
+is not enabled by default. It can be enabled with @code{#:glib-or-gtk?}.
+
+@item glib-or-gtk-compile-schemas
+This phase is the phase provided by @code{glib-or-gtk-build-system}, and it
+is not enabled by default. It can be enabled with @code{#:glib-or-gtk?}.
+@end table
+@end defvr
+
+Lastly, for packages that do not need anything as sophisticated, a
+``trivial'' build system is provided. It is trivial in the sense that it
+provides basically no support: it does not pull any implicit inputs, and
+does not have a notion of build phases.
+
+@defvr {Scheme Variable} trivial-build-system
+This variable is exported by @code{(guix build-system trivial)}.
+
+This build system requires a @code{#:builder} argument. This argument must
+be a Scheme expression that builds the package output(s)---as with
+@code{build-expression->derivation} (@pxref{Dérivations,
+@code{build-expression->derivation}}).
+@end defvr
+
+@node Le dépôt
+@section Le dépôt
+
+@cindex dépôt
+@cindex store items
+@cindex store paths
+
+Conceptually, the @dfn{store} is the place where derivations that have been
+built successfully are stored---by default, @file{/gnu/store}.
+Sub-directories in the store are referred to as @dfn{store items} or
+sometimes @dfn{store paths}. The store has an associated database that
+contains information such as the store paths referred to by each store path,
+and the list of @emph{valid} store items---results of successful builds.
+This database resides in @file{@var{localstatedir}/guix/db}, where
+@var{localstatedir} is the state directory specified @i{via}
+@option{--localstatedir} at configure time, usually @file{/var}.
+
+The store is @emph{always} accessed by the daemon on behalf of its clients
+(@pxref{Invoquer guix-daemon}). To manipulate the store, clients connect to
+the daemon over a Unix-domain socket, send requests to it, and read the
+result---these are remote procedure calls, or RPCs.
+
+@quotation Note
+Users must @emph{never} modify files under @file{/gnu/store} directly. This
+would lead to inconsistencies and break the immutability assumptions of
+Guix's functional model (@pxref{Introduction}).
+
+@xref{Invoquer guix gc, @command{guix gc --verify}}, for information on how
+to check the integrity of the store and attempt recovery from accidental
+modifications.
+@end quotation
+
+The @code{(guix store)} module provides procedures to connect to the daemon,
+and to perform RPCs. These are described below. By default,
+@code{open-connection}, and thus all the @command{guix} commands, connect to
+the local daemon or to the URI specified by the @code{GUIX_DAEMON_SOCKET}
+environment variable.
+
+@defvr {Environment Variable} GUIX_DAEMON_SOCKET
+When set, the value of this variable should be a file name or a URI
+designating the daemon endpoint. When it is a file name, it denotes a
+Unix-domain socket to connect to. In addition to file names, the supported
+URI schemes are:
+
+@table @code
+@item file
+@itemx unix
+These are for Unix-domain sockets.
+@code{file:///var/guix/daemon-socket/socket} is equivalent to
+@file{/var/guix/daemon-socket/socket}.
+
+@item guix
+@cindex daemon, remote access
+@cindex remote access to the daemon
+@cindex daemon, cluster setup
+@cindex clusters, daemon setup
+These URIs denote connections over TCP/IP, without encryption nor
+authentication of the remote host. The URI must specify the host name and
+optionally a port number (by default port 44146 is used):
+
+@example
+guix://master.guix.example.org:1234
+@end example
+
+This setup is suitable on local networks, such as clusters, where only
+trusted nodes may connect to the build daemon at
+@code{master.guix.example.org}.
+
+The @code{--listen} option of @command{guix-daemon} can be used to instruct
+it to listen for TCP connections (@pxref{Invoquer guix-daemon,
+@code{--listen}}).
+
+@item ssh
+@cindex SSH access to build daemons
+These URIs allow you to connect to a remote daemon over SSH@footnote{This
+feature requires Guile-SSH (@pxref{Prérequis}).}. A typical URL might
+look like this:
+
+@example
+ssh://charlie@@guix.example.org:22
+@end example
+
+As for @command{guix copy}, the usual OpenSSH client configuration files are
+honored (@pxref{Invoquer guix copy}).
+@end table
+
+Additional URI schemes may be supported in the future.
+
+@c XXX: Remove this note when the protocol incurs fewer round trips
+@c and when (guix derivations) no longer relies on file system access.
+@quotation Note
+The ability to connect to remote build daemons is considered experimental as
+of @value{VERSION}. Please get in touch with us to share any problems or
+suggestions you may have (@pxref{Contribuer}).
+@end quotation
+@end defvr
+
+@deffn {Scheme Procedure} open-connection [@var{uri}] [#:reserve-space? #t]
+Connect to the daemon over the Unix-domain socket at @var{uri} (a string).
+When @var{reserve-space?} is true, instruct it to reserve a little bit of
+extra space on the file system so that the garbage collector can still
+operate should the disk become full. Return a server object.
+
+@var{file} defaults to @var{%default-socket-path}, which is the normal
+location given the options that were passed to @command{configure}.
+@end deffn
+
+@deffn {Scheme Procedure} close-connection @var{server}
+Close the connection to @var{server}.
+@end deffn
+
+@defvr {Scheme Variable} current-build-output-port
+This variable is bound to a SRFI-39 parameter, which refers to the port
+where build and error logs sent by the daemon should be written.
+@end defvr
+
+Procedures that make RPCs all take a server object as their first argument.
+
+@deffn {Scheme Procedure} valid-path? @var{server} @var{path}
+@cindex invalid store items
+Return @code{#t} when @var{path} designates a valid store item and @code{#f}
+otherwise (an invalid item may exist on disk but still be invalid, for
+instance because it is the result of an aborted or failed build.)
+
+A @code{&nix-protocol-error} condition is raised if @var{path} is not
+prefixed by the store directory (@file{/gnu/store}).
+@end deffn
+
+@deffn {Scheme Procedure} add-text-to-store @var{server} @var{name} @var{text} [@var{references}]
+Add @var{text} under file @var{name} in the store, and return its store
+path. @var{references} is the list of store paths referred to by the
+resulting store path.
+@end deffn
+
+@deffn {Scheme Procedure} build-derivations @var{server} @var{derivations}
+Build @var{derivations} (a list of @code{<derivation>} objects or derivation
+paths), and return when the worker is done building them. Return @code{#t}
+on success.
+@end deffn
+
+Note that the @code{(guix monads)} module provides a monad as well as
+monadic versions of the above procedures, with the goal of making it more
+convenient to work with code that accesses the store (@pxref{La monad du dépôt}).
+
+@c FIXME
+@i{This section is currently incomplete.}
+
+@node Dérivations
+@section Dérivations
+
+@cindex derivations
+Low-level build actions and the environment in which they are performed are
+represented by @dfn{derivations}. A derivation contains the following
+pieces of information:
+
+@itemize
+@item
+The outputs of the derivation---derivations produce at least one file or
+directory in the store, but may produce more.
+
+@item
+The inputs of the derivations, which may be other derivations or plain files
+in the store (patches, build scripts, etc.)
+
+@item
+The system type targeted by the derivation---e.g., @code{x86_64-linux}.
+
+@item
+The file name of a build script in the store, along with the arguments to be
+passed.
+
+@item
+A list of environment variables to be defined.
+
+@end itemize
+
+@cindex derivation path
+Derivations allow clients of the daemon to communicate build actions to the
+store. They exist in two forms: as an in-memory representation, both on the
+client- and daemon-side, and as files in the store whose name end in
+@code{.drv}---these files are referred to as @dfn{derivation paths}.
+Derivations paths can be passed to the @code{build-derivations} procedure to
+perform the build actions they prescribe (@pxref{Le dépôt}).
+
+@cindex fixed-output derivations
+Operations such as file downloads and version-control checkouts for which
+the expected content hash is known in advance are modeled as
+@dfn{fixed-output derivations}. Unlike regular derivations, the outputs of
+a fixed-output derivation are independent of its inputs---e.g., a source
+code download produces the same result regardless of the download method and
+tools being used.
+
+The @code{(guix derivations)} module provides a representation of
+derivations as Scheme objects, along with procedures to create and otherwise
+manipulate derivations. The lowest-level primitive to create a derivation
+is the @code{derivation} procedure:
+
+@deffn {Scheme Procedure} derivation @var{store} @var{name} @var{builder} @
+ @var{args} [#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @ [#:recursive?
+#f] [#:inputs '()] [#:env-vars '()] @ [#:system (%current-system)]
+[#:references-graphs #f] @ [#:allowed-references #f]
+[#:disallowed-references #f] @ [#:leaked-env-vars #f] [#:local-build? #f] @
+[#:substitutable? #t] Construit une dérivation avec les arguments donnés et
+renvie l'objet @code{<derivation>} obtenu.
+
+When @var{hash} and @var{hash-algo} are given, a @dfn{fixed-output
+derivation} is created---i.e., one whose result is known in advance, such as
+a file download. If, in addition, @var{recursive?} is true, then that fixed
+output may be an executable file or a directory and @var{hash} must be the
+hash of an archive containing this output.
+
+When @var{references-graphs} is true, it must be a list of file name/store
+path pairs. In that case, the reference graph of each store path is
+exported in the build environment in the corresponding file, in a simple
+text format.
+
+When @var{allowed-references} is true, it must be a list of store items or
+outputs that the derivation's output may refer to. Likewise,
+@var{disallowed-references}, if true, must be a list of things the outputs
+may @emph{not} refer to.
+
+When @var{leaked-env-vars} is true, it must be a list of strings denoting
+environment variables that are allowed to ``leak'' from the daemon's
+environment to the build environment. This is only applicable to
+fixed-output derivations---i.e., when @var{hash} is true. The main use is
+to allow variables such as @code{http_proxy} to be passed to derivations
+that download files.
+
+When @var{local-build?} is true, declare that the derivation is not a good
+candidate for offloading and should rather be built locally (@pxref{Réglages du délestage du démon}). This is the case for small derivations where the costs of
+data transfers would outweigh the benefits.
+
+Lorsque que @var{substitutable?} est faux, déclare que les substituts de la
+sortie de la dérivation ne devraient pas être utilisés
+(@pxref{Substituts}). Cela est utile par exemple pour construire des paquets
+qui utilisent des détails du jeu d'instruction du CPU hôte.
+@end deffn
+
+@noindent
+Here's an example with a shell script as its builder, assuming @var{store}
+is an open connection to the daemon, and @var{bash} points to a Bash
+executable in the store:
+
+@lisp
+(use-modules (guix utils)
+ (guix store)
+ (guix derivations))
+
+(let ((builder ; add the Bash script to the store
+ (add-text-to-store store "my-builder.sh"
+ "echo hello world > $out\n" '())))
+ (derivation store "foo"
+ bash `("-e" ,builder)
+ #:inputs `((,bash) (,builder))
+ #:env-vars '(("HOME" . "/homeless"))))
+@result{} #<derivation /gnu/store/@dots{}-foo.drv => /gnu/store/@dots{}-foo>
+@end lisp
+
+As can be guessed, this primitive is cumbersome to use directly. A better
+approach is to write build scripts in Scheme, of course! The best course of
+action for that is to write the build code as a ``G-expression'', and to
+pass it to @code{gexp->derivation}. For more information,
+@pxref{G-Expressions}.
+
+Once upon a time, @code{gexp->derivation} did not exist and constructing
+derivations with build code written in Scheme was achieved with
+@code{build-expression->derivation}, documented below. This procedure is
+now deprecated in favor of the much nicer @code{gexp->derivation}.
+
+@deffn {Scheme Procedure} build-expression->derivation @var{store} @
+ @var{name} @var{exp} @ [#:system (%current-system)] [#:inputs '()] @
+[#:outputs '("out")] [#:hash #f] [#:hash-algo #f] @ [#:recursive? #f]
+[#:env-vars '()] [#:modules '()] @ [#:references-graphs #f]
+[#:allowed-references #f] @ [#:disallowed-references #f] @ [#:local-build?
+#f] [#:substitutable? #t] [#:guile-for-build #f] Return a derivation that
+executes Scheme expression @var{exp} as a builder for derivation
+@var{name}. @var{inputs} must be a list of @code{(name drv-path sub-drv)}
+tuples; when @var{sub-drv} is omitted, @code{"out"} is assumed.
+@var{modules} is a list of names of Guile modules from the current search
+path to be copied in the store, compiled, and made available in the load
+path during the execution of @var{exp}---e.g., @code{((guix build utils)
+(guix build gnu-build-system))}.
+
+@var{exp} is evaluated in an environment where @code{%outputs} is bound to a
+list of output/path pairs, and where @code{%build-inputs} is bound to a list
+of string/output-path pairs made from @var{inputs}. Optionally,
+@var{env-vars} is a list of string pairs specifying the name and value of
+environment variables visible to the builder. The builder terminates by
+passing the result of @var{exp} to @code{exit}; thus, when @var{exp} returns
+@code{#f}, the build is considered to have failed.
+
+@var{exp} is built using @var{guile-for-build} (a derivation). When
+@var{guile-for-build} is omitted or is @code{#f}, the value of the
+@code{%guile-for-build} fluid is used instead.
+
+See the @code{derivation} procedure for the meaning of
+@var{references-graphs}, @var{allowed-references},
+@var{disallowed-references}, @var{local-build?}, and @var{substitutable?}.
+@end deffn
+
+@noindent
+Here's an example of a single-output derivation that creates a directory
+containing one file:
+
+@lisp
+(let ((builder '(let ((out (assoc-ref %outputs "out")))
+ (mkdir out) ; create /gnu/store/@dots{}-goo
+ (call-with-output-file (string-append out "/test")
+ (lambda (p)
+ (display '(hello guix) p))))))
+ (build-expression->derivation store "goo" builder))
+
+@result{} #<derivation /gnu/store/@dots{}-goo.drv => @dots{}>
+@end lisp
+
+
+@node La monad du dépôt
+@section La monad du dépôt
+
+@cindex monad
+
+The procedures that operate on the store described in the previous sections
+all take an open connection to the build daemon as their first argument.
+Although the underlying model is functional, they either have side effects
+or depend on the current state of the store.
+
+The former is inconvenient: the connection to the build daemon has to be
+carried around in all those functions, making it impossible to compose
+functions that do not take that parameter with functions that do. The
+latter can be problematic: since store operations have side effects and/or
+depend on external state, they have to be properly sequenced.
+
+@cindex monadic values
+@cindex monadic functions
+This is where the @code{(guix monads)} module comes in. This module
+provides a framework for working with @dfn{monads}, and a particularly
+useful monad for our uses, the @dfn{store monad}. Monads are a construct
+that allows two things: associating ``context'' with values (in our case,
+the context is the store), and building sequences of computations (here
+computations include accesses to the store). Values in a monad---values
+that carry this additional context---are called @dfn{monadic values};
+procedures that return such values are called @dfn{monadic procedures}.
+
+Consider this ``normal'' procedure:
+
+@example
+(define (sh-symlink store)
+ ;; Return a derivation that symlinks the 'bash' executable.
+ (let* ((drv (package-derivation store bash))
+ (out (derivation->output-path drv))
+ (sh (string-append out "/bin/bash")))
+ (build-expression->derivation store "sh"
+ `(symlink ,sh %output))))
+@end example
+
+Using @code{(guix monads)} and @code{(guix gexp)}, it may be rewritten as a
+monadic function:
+
+@example
+(define (sh-symlink)
+ ;; Same, but return a monadic value.
+ (mlet %store-monad ((drv (package->derivation bash)))
+ (gexp->derivation "sh"
+ #~(symlink (string-append #$drv "/bin/bash")
+ #$output))))
+@end example
+
+There are several things to note in the second version: the @code{store}
+parameter is now implicit and is ``threaded'' in the calls to the
+@code{package->derivation} and @code{gexp->derivation} monadic procedures,
+and the monadic value returned by @code{package->derivation} is @dfn{bound}
+using @code{mlet} instead of plain @code{let}.
+
+As it turns out, the call to @code{package->derivation} can even be omitted
+since it will take place implicitly, as we will see later
+(@pxref{G-Expressions}):
+
+@example
+(define (sh-symlink)
+ (gexp->derivation "sh"
+ #~(symlink (string-append #$bash "/bin/bash")
+ #$output)))
+@end example
+
+@c See
+@c <https://syntaxexclamation.wordpress.com/2014/06/26/escaping-continuations/>
+@c for the funny quote.
+Calling the monadic @code{sh-symlink} has no effect. As someone once said,
+``you exit a monad like you exit a building on fire: by running''. So, to
+exit the monad and get the desired effect, one must use
+@code{run-with-store}:
+
+@example
+(run-with-store (open-connection) (sh-symlink))
+@result{} /gnu/store/...-sh-symlink
+@end example
+
+Note that the @code{(guix monad-repl)} module extends the Guile REPL with
+new ``meta-commands'' to make it easier to deal with monadic procedures:
+@code{run-in-store}, and @code{enter-store-monad}. The former is used to
+``run'' a single monadic value through the store:
+
+@example
+scheme@@(guile-user)> ,run-in-store (package->derivation hello)
+$1 = #<derivation /gnu/store/@dots{}-hello-2.9.drv => @dots{}>
+@end example
+
+The latter enters a recursive REPL, where all the return values are
+automatically run through the store:
+
+@example
+scheme@@(guile-user)> ,enter-store-monad
+store-monad@@(guile-user) [1]> (package->derivation hello)
+$2 = #<derivation /gnu/store/@dots{}-hello-2.9.drv => @dots{}>
+store-monad@@(guile-user) [1]> (text-file "foo" "Hello!")
+$3 = "/gnu/store/@dots{}-foo"
+store-monad@@(guile-user) [1]> ,q
+scheme@@(guile-user)>
+@end example
+
+@noindent
+Note that non-monadic values cannot be returned in the @code{store-monad}
+REPL.
+
+The main syntactic forms to deal with monads in general are provided by the
+@code{(guix monads)} module and are described below.
+
+@deffn {Scheme Syntax} with-monad @var{monad} @var{body} ...
+Evaluate any @code{>>=} or @code{return} forms in @var{body} as being in
+@var{monad}.
+@end deffn
+
+@deffn {Scheme Syntax} return @var{val}
+Return a monadic value that encapsulates @var{val}.
+@end deffn
+
+@deffn {Scheme Syntax} >>= @var{mval} @var{mproc} ...
+@dfn{Bind} monadic value @var{mval}, passing its ``contents'' to monadic
+procedures @var{mproc}@dots{}@footnote{This operation is commonly referred
+to as ``bind'', but that name denotes an unrelated procedure in Guile. Thus
+we use this somewhat cryptic symbol inherited from the Haskell language.}.
+There can be one @var{mproc} or several of them, as in this example:
+
+@example
+(run-with-state
+ (with-monad %state-monad
+ (>>= (return 1)
+ (lambda (x) (return (+ 1 x)))
+ (lambda (x) (return (* 2 x)))))
+ 'some-state)
+
+@result{} 4
+@result{} some-state
+@end example
+@end deffn
+
+@deffn {Scheme Syntax} mlet @var{monad} ((@var{var} @var{mval}) ...) @
+ @var{body} ...
+@deffnx {Scheme Syntax} mlet* @var{monad} ((@var{var} @var{mval}) ...) @
+ @var{body} ... Bind the variables @var{var} to the monadic values
+@var{mval} in @var{body}, which is a sequence of expressions. As with the
+bind operator, this can be thought of as ``unpacking'' the raw, non-monadic
+value ``contained'' in @var{mval} and making @var{var} refer to that raw,
+non-monadic value within the scope of the @var{body}. The form (@var{var}
+-> @var{val}) binds @var{var} to the ``normal'' value @var{val}, as per
+@code{let}. The binding operations occur in sequence from left to right.
+The last expression of @var{body} must be a monadic expression, and its
+result will become the result of the @code{mlet} or @code{mlet*} when run in
+the @var{monad}.
+
+@code{mlet*} is to @code{mlet} what @code{let*} is to @code{let}
+(@pxref{Local Bindings,,, guile, GNU Guile Reference Manual}).
+@end deffn
+
+@deffn {Scheme System} mbegin @var{monad} @var{mexp} ...
+Bind @var{mexp} and the following monadic expressions in sequence, returning
+the result of the last expression. Every expression in the sequence must be
+a monadic expression.
+
+This is akin to @code{mlet}, except that the return values of the monadic
+expressions are ignored. In that sense, it is analogous to @code{begin},
+but applied to monadic expressions.
+@end deffn
+
+@deffn {Scheme System} mwhen @var{condition} @var{mexp0} @var{mexp*} ...
+When @var{condition} is true, evaluate the sequence of monadic expressions
+@var{mexp0}..@var{mexp*} as in an @code{mbegin}. When @var{condition} is
+false, return @code{*unspecified*} in the current monad. Every expression
+in the sequence must be a monadic expression.
+@end deffn
+
+@deffn {Scheme System} munless @var{condition} @var{mexp0} @var{mexp*} ...
+When @var{condition} is false, evaluate the sequence of monadic expressions
+@var{mexp0}..@var{mexp*} as in an @code{mbegin}. When @var{condition} is
+true, return @code{*unspecified*} in the current monad. Every expression in
+the sequence must be a monadic expression.
+@end deffn
+
+@cindex state monad
+The @code{(guix monads)} module provides the @dfn{state monad}, which allows
+an additional value---the state---to be @emph{threaded} through monadic
+procedure calls.
+
+@defvr {Scheme Variable} %state-monad
+The state monad. Procedures in the state monad can access and change the
+state that is threaded.
+
+Consider the example below. The @code{square} procedure returns a value in
+the state monad. It returns the square of its argument, but also increments
+the current state value:
+
+@example
+(define (square x)
+ (mlet %state-monad ((count (current-state)))
+ (mbegin %state-monad
+ (set-current-state (+ 1 count))
+ (return (* x x)))))
+
+(run-with-state (sequence %state-monad (map square (iota 3))) 0)
+@result{} (0 1 4)
+@result{} 3
+@end example
+
+When ``run'' through @var{%state-monad}, we obtain that additional state
+value, which is the number of @code{square} calls.
+@end defvr
+
+@deffn {Monadic Procedure} current-state
+Return the current state as a monadic value.
+@end deffn
+
+@deffn {Monadic Procedure} set-current-state @var{value}
+Set the current state to @var{value} and return the previous state as a
+monadic value.
+@end deffn
+
+@deffn {Monadic Procedure} state-push @var{value}
+Push @var{value} to the current state, which is assumed to be a list, and
+return the previous state as a monadic value.
+@end deffn
+
+@deffn {Monadic Procedure} state-pop
+Pop a value from the current state and return it as a monadic value. The
+state is assumed to be a list.
+@end deffn
+
+@deffn {Scheme Procedure} run-with-state @var{mval} [@var{state}]
+Run monadic value @var{mval} starting with @var{state} as the initial
+state. Return two values: the resulting value, and the resulting state.
+@end deffn
+
+The main interface to the store monad, provided by the @code{(guix store)}
+module, is as follows.
+
+@defvr {Scheme Variable} %store-monad
+The store monad---an alias for @var{%state-monad}.
+
+Values in the store monad encapsulate accesses to the store. When its
+effect is needed, a value of the store monad must be ``evaluated'' by
+passing it to the @code{run-with-store} procedure (see below.)
+@end defvr
+
+@deffn {Scheme Procedure} run-with-store @var{store} @var{mval} [#:guile-for-build] [#:system (%current-system)]
+Run @var{mval}, a monadic value in the store monad, in @var{store}, an open
+store connection.
+@end deffn
+
+@deffn {Monadic Procedure} text-file @var{name} @var{text} [@var{references}]
+Return as a monadic value the absolute file name in the store of the file
+containing @var{text}, a string. @var{references} is a list of store items
+that the resulting text file refers to; it defaults to the empty list.
+@end deffn
+
+@deffn {Monadic Procedure} interned-file @var{file} [@var{name}] @
+ [#:recursive? #t] [#:select? (const #t)] Return the name of @var{file} once
+interned in the store. Use @var{name} as its store name, or the basename of
+@var{file} if @var{name} is omitted.
+
+When @var{recursive?} is true, the contents of @var{file} are added
+recursively; if @var{file} designates a flat file and @var{recursive?} is
+true, its contents are added, and its permission bits are kept.
+
+When @var{recursive?} is true, call @code{(@var{select?} @var{file}
+@var{stat})} for each directory entry, where @var{file} is the entry's
+absolute file name and @var{stat} is the result of @code{lstat}; exclude
+entries for which @var{select?} does not return true.
+
+The example below adds a file to the store, under two different names:
+
+@example
+(run-with-store (open-connection)
+ (mlet %store-monad ((a (interned-file "README"))
+ (b (interned-file "README" "LEGU-MIN")))
+ (return (list a b))))
+
+@result{} ("/gnu/store/rwm@dots{}-README" "/gnu/store/44i@dots{}-LEGU-MIN")
+@end example
+
+@end deffn
+
+The @code{(guix packages)} module exports the following package-related
+monadic procedures:
+
+@deffn {Monadic Procedure} package-file @var{package} [@var{file}] @
+ [#:system (%current-system)] [#:target #f] @ [#:output "out"] Return as a
+monadic value in the absolute file name of @var{file} within the
+@var{output} directory of @var{package}. When @var{file} is omitted, return
+the name of the @var{output} directory of @var{package}. When @var{target}
+is true, use it as a cross-compilation target triplet.
+@end deffn
+
+@deffn {Monadic Procedure} package->derivation @var{package} [@var{system}]
+@deffnx {Monadic Procedure} package->cross-derivation @var{package} @
+ @var{target} [@var{system}] Monadic version of @code{package-derivation} and
+@code{package-cross-derivation} (@pxref{Définition des paquets}).
+@end deffn
+
+
+@node G-Expressions
+@section G-Expressions
+
+@cindex G-expression
+@cindex build code quoting
+So we have ``derivations'', which represent a sequence of build actions to
+be performed to produce an item in the store (@pxref{Dérivations}). These
+build actions are performed when asking the daemon to actually build the
+derivations; they are run by the daemon in a container (@pxref{Invoquer guix-daemon}).
+
+@cindex strata of code
+It should come as no surprise that we like to write these build actions in
+Scheme. When we do that, we end up with two @dfn{strata} of Scheme
+code@footnote{The term @dfn{stratum} in this context was coined by Manuel
+Serrano et al.@: in the context of their work on Hop. Oleg Kiselyov, who
+has written insightful
+@url{http://okmij.org/ftp/meta-programming/#meta-scheme, essays and code on
+this topic}, refers to this kind of code generation as @dfn{staging}.}: the
+``host code''---code that defines packages, talks to the daemon, etc.---and
+the ``build code''---code that actually performs build actions, such as
+making directories, invoking @command{make}, etc.
+
+To describe a derivation and its build actions, one typically needs to embed
+build code inside host code. It boils down to manipulating build code as
+data, and the homoiconicity of Scheme---code has a direct representation as
+data---comes in handy for that. But we need more than the normal
+@code{quasiquote} mechanism in Scheme to construct build expressions.
+
+The @code{(guix gexp)} module implements @dfn{G-expressions}, a form of
+S-expressions adapted to build expressions. G-expressions, or @dfn{gexps},
+consist essentially of three syntactic forms: @code{gexp}, @code{ungexp},
+and @code{ungexp-splicing} (or simply: @code{#~}, @code{#$}, and
+@code{#$@@}), which are comparable to @code{quasiquote}, @code{unquote}, and
+@code{unquote-splicing}, respectively (@pxref{Expression Syntax,
+@code{quasiquote},, guile, GNU Guile Reference Manual}). However, there are
+major differences:
+
+@itemize
+@item
+Gexps are meant to be written to a file and run or manipulated by other
+processes.
+
+@item
+When a high-level object such as a package or derivation is unquoted inside
+a gexp, the result is as if its output file name had been introduced.
+
+@item
+Gexps carry information about the packages or derivations they refer to, and
+these dependencies are automatically added as inputs to the build processes
+that use them.
+@end itemize
+
+@cindex lowering, of high-level objects in gexps
+This mechanism is not limited to package and derivation objects:
+@dfn{compilers} able to ``lower'' other high-level objects to derivations or
+files in the store can be defined, such that these objects can also be
+inserted into gexps. For example, a useful type of high-level objects that
+can be inserted in a gexp is ``file-like objects'', which make it easy to
+add files to the store and to refer to them in derivations and such (see
+@code{local-file} and @code{plain-file} below.)
+
+To illustrate the idea, here is an example of a gexp:
+
+@example
+(define build-exp
+ #~(begin
+ (mkdir #$output)
+ (chdir #$output)
+ (symlink (string-append #$coreutils "/bin/ls")
+ "list-files")))
+@end example
+
+This gexp can be passed to @code{gexp->derivation}; we obtain a derivation
+that builds a directory containing exactly one symlink to
+@file{/gnu/store/@dots{}-coreutils-8.22/bin/ls}:
+
+@example
+(gexp->derivation "the-thing" build-exp)
+@end example
+
+As one would expect, the @code{"/gnu/store/@dots{}-coreutils-8.22"} string
+is substituted to the reference to the @var{coreutils} package in the actual
+build code, and @var{coreutils} is automatically made an input to the
+derivation. Likewise, @code{#$output} (equivalent to @code{(ungexp
+output)}) is replaced by a string containing the directory name of the
+output of the derivation.
+
+@cindex cross compilation
+In a cross-compilation context, it is useful to distinguish between
+references to the @emph{native} build of a package---that can run on the
+host---versus references to cross builds of a package. To that end, the
+@code{#+} plays the same role as @code{#$}, but is a reference to a native
+package build:
+
+@example
+(gexp->derivation "vi"
+ #~(begin
+ (mkdir #$output)
+ (system* (string-append #+coreutils "/bin/ln")
+ "-s"
+ (string-append #$emacs "/bin/emacs")
+ (string-append #$output "/bin/vi")))
+ #:target "mips64el-linux-gnu")
+@end example
+
+@noindent
+In the example above, the native build of @var{coreutils} is used, so that
+@command{ln} can actually run on the host; but then the cross-compiled build
+of @var{emacs} is referenced.
+
+@cindex imported modules, for gexps
+@findex with-imported-modules
+Another gexp feature is @dfn{imported modules}: sometimes you want to be
+able to use certain Guile modules from the ``host environment'' in the gexp,
+so those modules should be imported in the ``build environment''. The
+@code{with-imported-modules} form allows you to express that:
+
+@example
+(let ((build (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p (string-append #$output "/bin"))))))
+ (gexp->derivation "empty-dir"
+ #~(begin
+ #$build
+ (display "success!\n")
+ #t)))
+@end example
+
+@noindent
+In this example, the @code{(guix build utils)} module is automatically
+pulled into the isolated build environment of our gexp, such that
+@code{(use-modules (guix build utils))} works as expected.
+
+@cindex module closure
+@findex source-module-closure
+Usually you want the @emph{closure} of the module to be imported---i.e., the
+module itself and all the modules it depends on---rather than just the
+module; failing to do that, attempts to use the module will fail because of
+missing dependent modules. The @code{source-module-closure} procedure
+computes the closure of a module by looking at its source file headers,
+which comes in handy in this case:
+
+@example
+(use-modules (guix modules)) ;for 'source-module-closure'
+
+(with-imported-modules (source-module-closure
+ '((guix build utils)
+ (gnu build vm)))
+ (gexp->derivation "something-with-vms"
+ #~(begin
+ (use-modules (guix build utils)
+ (gnu build vm))
+ @dots{})))
+@end example
+
+The syntactic form to construct gexps is summarized below.
+
+@deffn {Scheme Syntax} #~@var{exp}
+@deffnx {Scheme Syntax} (gexp @var{exp})
+Return a G-expression containing @var{exp}. @var{exp} may contain one or
+more of the following forms:
+
+@table @code
+@item #$@var{obj}
+@itemx (ungexp @var{obj})
+Introduce a reference to @var{obj}. @var{obj} may have one of the supported
+types, for example a package or a derivation, in which case the
+@code{ungexp} form is replaced by its output file name---e.g.,
+@code{"/gnu/store/@dots{}-coreutils-8.22}.
+
+If @var{obj} is a list, it is traversed and references to supported objects
+are substituted similarly.
+
+If @var{obj} is another gexp, its contents are inserted and its dependencies
+are added to those of the containing gexp.
+
+If @var{obj} is another kind of object, it is inserted as is.
+
+@item #$@var{obj}:@var{output}
+@itemx (ungexp @var{obj} @var{output})
+This is like the form above, but referring explicitly to the @var{output} of
+@var{obj}---this is useful when @var{obj} produces multiple outputs
+(@pxref{Des paquets avec plusieurs résultats}).
+
+@item #+@var{obj}
+@itemx #+@var{obj}:output
+@itemx (ungexp-native @var{obj})
+@itemx (ungexp-native @var{obj} @var{output})
+Same as @code{ungexp}, but produces a reference to the @emph{native} build
+of @var{obj} when used in a cross compilation context.
+
+@item #$output[:@var{output}]
+@itemx (ungexp output [@var{output}])
+Insert a reference to derivation output @var{output}, or to the main output
+when @var{output} is omitted.
+
+This only makes sense for gexps passed to @code{gexp->derivation}.
+
+@item #$@@@var{lst}
+@itemx (ungexp-splicing @var{lst})
+Like the above, but splices the contents of @var{lst} inside the containing
+list.
+
+@item #+@@@var{lst}
+@itemx (ungexp-native-splicing @var{lst})
+Like the above, but refers to native builds of the objects listed in
+@var{lst}.
+
+@end table
+
+G-expressions created by @code{gexp} or @code{#~} are run-time objects of
+the @code{gexp?} type (see below.)
+@end deffn
+
+@deffn {Scheme Syntax} with-imported-modules @var{modules} @var{body}@dots{}
+Mark the gexps defined in @var{body}@dots{} as requiring @var{modules} in
+their execution environment.
+
+Each item in @var{modules} can be the name of a module, such as @code{(guix
+build utils)}, or it can be a module name, followed by an arrow, followed by
+a file-like object:
+
+@example
+`((guix build utils)
+ (guix gcrypt)
+ ((guix config) => ,(scheme-file "config.scm"
+ #~(define-module @dots{}))))
+@end example
+
+@noindent
+In the example above, the first two modules are taken from the search path,
+and the last one is created from the given file-like object.
+
+This form has @emph{lexical} scope: it has an effect on the gexps directly
+defined in @var{body}@dots{}, but not on those defined, say, in procedures
+called from @var{body}@dots{}.
+@end deffn
+
+@deffn {Scheme Procedure} gexp? @var{obj}
+Return @code{#t} if @var{obj} is a G-expression.
+@end deffn
+
+G-expressions are meant to be written to disk, either as code building some
+derivation, or as plain files in the store. The monadic procedures below
+allow you to do that (@pxref{La monad du dépôt}, for more information about
+monads.)
+
+@deffn {Monadic Procedure} gexp->derivation @var{name} @var{exp} @
+ [#:system (%current-system)] [#:target #f] [#:graft? #t] @ [#:hash #f]
+[#:hash-algo #f] @ [#:recursive? #f] [#:env-vars '()] [#:modules '()] @
+[#:module-path @var{%load-path}] @ [#:references-graphs #f]
+[#:allowed-references #f] @ [#:disallowed-references #f] @
+[#:leaked-env-vars #f] @ [#:script-name (string-append @var{name}
+"-builder")] @ [#:deprecation-warnings #f] @ [#:local-build? #f]
+[#:substitutable? #t] [#:guile-for-build #f] Return a derivation @var{name}
+that runs @var{exp} (a gexp) with @var{guile-for-build} (a derivation) on
+@var{system}; @var{exp} is stored in a file called @var{script-name}. When
+@var{target} is true, it is used as the cross-compilation target triplet for
+packages referred to by @var{exp}.
+
+@var{modules} is deprecated in favor of @code{with-imported-modules}. Its
+meaning is to make @var{modules} available in the evaluation context of
+@var{exp}; @var{modules} is a list of names of Guile modules searched in
+@var{module-path} to be copied in the store, compiled, and made available in
+the load path during the execution of @var{exp}---e.g., @code{((guix build
+utils) (guix build gnu-build-system))}.
+
+@var{graft?} determines whether packages referred to by @var{exp} should be
+grafted when applicable.
+
+When @var{references-graphs} is true, it must be a list of tuples of one of
+the following forms:
+
+@example
+(@var{file-name} @var{package})
+(@var{file-name} @var{package} @var{output})
+(@var{file-name} @var{derivation})
+(@var{file-name} @var{derivation} @var{output})
+(@var{file-name} @var{store-item})
+@end example
+
+The right-hand-side of each element of @var{references-graphs} is
+automatically made an input of the build process of @var{exp}. In the build
+environment, each @var{file-name} contains the reference graph of the
+corresponding item, in a simple text format.
+
+@var{allowed-references} must be either @code{#f} or a list of output names
+and packages. In the latter case, the list denotes store items that the
+result is allowed to refer to. Any reference to another store item will
+lead to a build error. Similarly for @var{disallowed-references}, which can
+list items that must not be referenced by the outputs.
+
+@var{deprecation-warnings} determines whether to show deprecation warnings
+while compiling modules. It can be @code{#f}, @code{#t}, or
+@code{'detailed}.
+
+The other arguments are as for @code{derivation} (@pxref{Dérivations}).
+@end deffn
+
+@cindex file-like objects
+The @code{local-file}, @code{plain-file}, @code{computed-file},
+@code{program-file}, and @code{scheme-file} procedures below return
+@dfn{file-like objects}. That is, when unquoted in a G-expression, these
+objects lead to a file in the store. Consider this G-expression:
+
+@example
+#~(system* #$(file-append glibc "/sbin/nscd") "-f"
+ #$(local-file "/tmp/my-nscd.conf"))
+@end example
+
+The effect here is to ``intern'' @file{/tmp/my-nscd.conf} by copying it to
+the store. Once expanded, for instance @i{via} @code{gexp->derivation}, the
+G-expression refers to that copy under @file{/gnu/store}; thus, modifying or
+removing the file in @file{/tmp} does not have any effect on what the
+G-expression does. @code{plain-file} can be used similarly; it differs in
+that the file content is directly passed as a string.
+
+@deffn {Scheme Procedure} local-file @var{file} [@var{name}] @
+ [#:recursive? #f] [#:select? (const #t)] Return an object representing local
+file @var{file} to add to the store; this object can be used in a gexp. If
+@var{file} is a relative file name, it is looked up relative to the source
+file where this form appears. @var{file} will be added to the store under
+@var{name}--by default the base name of @var{file}.
+
+When @var{recursive?} is true, the contents of @var{file} are added
+recursively; if @var{file} designates a flat file and @var{recursive?} is
+true, its contents are added, and its permission bits are kept.
+
+When @var{recursive?} is true, call @code{(@var{select?} @var{file}
+@var{stat})} for each directory entry, where @var{file} is the entry's
+absolute file name and @var{stat} is the result of @code{lstat}; exclude
+entries for which @var{select?} does not return true.
+
+This is the declarative counterpart of the @code{interned-file} monadic
+procedure (@pxref{La monad du dépôt, @code{interned-file}}).
+@end deffn
+
+@deffn {Scheme Procedure} plain-file @var{name} @var{content}
+Return an object representing a text file called @var{name} with the given
+@var{content} (a string) to be added to the store.
+
+This is the declarative counterpart of @code{text-file}.
+@end deffn
+
+@deffn {Scheme Procedure} computed-file @var{name} @var{gexp} @
+ [#:options '(#:local-build? #t)] Return an object representing the store
+item @var{name}, a file or directory computed by @var{gexp}. @var{options}
+is a list of additional arguments to pass to @code{gexp->derivation}.
+
+This is the declarative counterpart of @code{gexp->derivation}.
+@end deffn
+
+@deffn {Monadic Procedure} gexp->script @var{name} @var{exp} @
+ [#:guile (default-guile)] [#:module-path %load-path] Return an executable
+script @var{name} that runs @var{exp} using @var{guile}, with @var{exp}'s
+imported modules in its search path. Look up @var{exp}'s modules in
+@var{module-path}.
+
+The example below builds a script that simply invokes the @command{ls}
+command:
+
+@example
+(use-modules (guix gexp) (gnu packages base))
+
+(gexp->script "list-files"
+ #~(execl #$(file-append coreutils "/bin/ls")
+ "ls"))
+@end example
+
+When ``running'' it through the store (@pxref{La monad du dépôt,
+@code{run-with-store}}), we obtain a derivation that produces an executable
+file @file{/gnu/store/@dots{}-list-files} along these lines:
+
+@example
+#!/gnu/store/@dots{}-guile-2.0.11/bin/guile -ds
+!#
+(execl "/gnu/store/@dots{}-coreutils-8.22"/bin/ls" "ls")
+@end example
+@end deffn
+
+@deffn {Scheme Procedure} program-file @var{name} @var{exp} @
+ [#:guile #f] [#:module-path %load-path] Return an object representing the
+executable store item @var{name} that runs @var{gexp}. @var{guile} is the
+Guile package used to execute that script. Imported modules of @var{gexp}
+are looked up in @var{module-path}.
+
+This is the declarative counterpart of @code{gexp->script}.
+@end deffn
+
+@deffn {Monadic Procedure} gexp->file @var{name} @var{exp} @
+ [#:set-load-path? #t] [#:module-path %load-path] @ [#:splice? #f] @ [#:guile
+(default-guile)] Return a derivation that builds a file @var{name}
+containing @var{exp}. When @var{splice?} is true, @var{exp} is considered
+to be a list of expressions that will be spliced in the resulting file.
+
+When @var{set-load-path?} is true, emit code in the resulting file to set
+@code{%load-path} and @code{%load-compiled-path} to honor @var{exp}'s
+imported modules. Look up @var{exp}'s modules in @var{module-path}.
+
+The resulting file holds references to all the dependencies of @var{exp} or
+a subset thereof.
+@end deffn
+
+@deffn {Scheme Procedure} scheme-file @var{name} @var{exp} [#:splice? #f]
+Return an object representing the Scheme file @var{name} that contains
+@var{exp}.
+
+This is the declarative counterpart of @code{gexp->file}.
+@end deffn
+
+@deffn {Monadic Procedure} text-file* @var{name} @var{text} @dots{}
+Return as a monadic value a derivation that builds a text file containing
+all of @var{text}. @var{text} may list, in addition to strings, objects of
+any type that can be used in a gexp: packages, derivations, local file
+objects, etc. The resulting store file holds references to all these.
+
+This variant should be preferred over @code{text-file} anytime the file to
+create will reference items from the store. This is typically the case when
+building a configuration file that embeds store file names, like this:
+
+@example
+(define (profile.sh)
+ ;; Return the name of a shell script in the store that
+ ;; initializes the 'PATH' environment variable.
+ (text-file* "profile.sh"
+ "export PATH=" coreutils "/bin:"
+ grep "/bin:" sed "/bin\n"))
+@end example
+
+In this example, the resulting @file{/gnu/store/@dots{}-profile.sh} file
+will reference @var{coreutils}, @var{grep}, and @var{sed}, thereby
+preventing them from being garbage-collected during its lifetime.
+@end deffn
+
+@deffn {Scheme Procedure} mixed-text-file @var{name} @var{text} @dots{}
+Return an object representing store file @var{name} containing @var{text}.
+@var{text} is a sequence of strings and file-like objects, as in:
+
+@example
+(mixed-text-file "profile"
+ "export PATH=" coreutils "/bin:" grep "/bin")
+@end example
+
+This is the declarative counterpart of @code{text-file*}.
+@end deffn
+
+@deffn {Scheme Procedure} file-union @var{name} @var{files}
+Return a @code{<computed-file>} that builds a directory containing all of
+@var{files}. Each item in @var{files} must be a two-element list where the
+first element is the file name to use in the new directory, and the second
+element is a gexp denoting the target file. Here's an example:
+
+@example
+(file-union "etc"
+ `(("hosts" ,(plain-file "hosts"
+ "127.0.0.1 localhost"))
+ ("bashrc" ,(plain-file "bashrc"
+ "alias ls='ls --color'"))))
+@end example
+
+This yields an @code{etc} directory containing these two files.
+@end deffn
+
+@deffn {Scheme Procedure} directory-union @var{name} @var{things}
+Return a directory that is the union of @var{things}, where @var{things} is
+a list of file-like objects denoting directories. For example:
+
+@example
+(directory-union "guile+emacs" (list guile emacs))
+@end example
+
+yields a directory that is the union of the @code{guile} and @code{emacs}
+packages.
+@end deffn
+
+@deffn {Scheme Procedure} file-append @var{obj} @var{suffix} @dots{}
+Return a file-like object that expands to the concatenation of @var{obj} and
+@var{suffix}, where @var{obj} is a lowerable object and each @var{suffix} is
+a string.
+
+As an example, consider this gexp:
+
+@example
+(gexp->script "run-uname"
+ #~(system* #$(file-append coreutils
+ "/bin/uname")))
+@end example
+
+The same effect could be achieved with:
+
+@example
+(gexp->script "run-uname"
+ #~(system* (string-append #$coreutils
+ "/bin/uname")))
+@end example
+
+There is one difference though: in the @code{file-append} case, the
+resulting script contains the absolute file name as a string, whereas in the
+second case, the resulting script contains a @code{(string-append @dots{})}
+expression to construct the file name @emph{at run time}.
+@end deffn
+
+
+Of course, in addition to gexps embedded in ``host'' code, there are also
+modules containing build tools. To make it clear that they are meant to be
+used in the build stratum, these modules are kept in the @code{(guix build
+@dots{})} name space.
+
+@cindex lowering, of high-level objects in gexps
+Internally, high-level objects are @dfn{lowered}, using their compiler, to
+either derivations or store items. For instance, lowering a package yields
+a derivation, and lowering a @code{plain-file} yields a store item. This is
+achieved using the @code{lower-object} monadic procedure.
+
+@deffn {Monadic Procedure} lower-object @var{obj} [@var{system}] @
+ [#:target #f] Return as a value in @var{%store-monad} the derivation or
+store item corresponding to @var{obj} for @var{system}, cross-compiling for
+@var{target} if @var{target} is true. @var{obj} must be an object that has
+an associated gexp compiler, such as a @code{<package>}.
+@end deffn
+
+
+@c *********************************************************************
+@node Utilitaires
+@chapter Utilitaires
+
+This section describes Guix command-line utilities. Some of them are
+primarily targeted at developers and users who write new package
+definitions, while others are more generally useful. They complement the
+Scheme programming interface of Guix in a convenient way.
+
+@menu
+* Invoquer guix build:: Construire des paquets depuis la ligne de
+ commande.
+* Invoquer guix edit:: Modifier les définitions de paquets.
+* Invoquer guix download:: Télécharger un fichier et afficher son hash.
+* Invoquer guix hash:: Calculer le hash cryptographique d'un fichier.
+* Invoquer guix import:: Importer des définitions de paquets.
+* Invoquer guix refresh:: Mettre à jour les définitions de paquets.
+* Invoquer guix lint:: Trouver des erreurs dans les définitions de
+ paquets.
+* Invoquer guix size:: Profiler l'utilisation du disque.
+* Invoquer guix graph:: Visualiser le graphe des paquets.
+* Invoquer guix environment:: Mettre en place des environnements de
+ développement.
+* Invoquer guix publish:: Partager des substituts.
+* Invoquer guix challenge:: Défier les serveurs de substituts.
+* Invoquer guix copy:: Copier vers et depuis un dépôt distant.
+* Invoquer guix container:: Isolation de processus.
+* Invoquer guix weather:: Mesurer la disponibilité des substituts.
+@end menu
+
+@node Invoquer guix build
+@section Invoquer @command{guix build}
+
+@cindex package building
+@cindex @command{guix build}
+The @command{guix build} command builds packages or derivations and their
+dependencies, and prints the resulting store paths. Note that it does not
+modify the user's profile---this is the job of the @command{guix package}
+command (@pxref{Invoquer guix package}). Thus, it is mainly useful for
+distribution developers.
+
+The general syntax is:
+
+@example
+guix build @var{options} @var{package-or-derivation}@dots{}
+@end example
+
+As an example, the following command builds the latest versions of Emacs and
+of Guile, displays their build logs, and finally displays the resulting
+directories:
+
+@example
+guix build emacs guile
+@end example
+
+Similarly, the following command builds all the available packages:
+
+@example
+guix build --quiet --keep-going \
+ `guix package -A | cut -f1,2 --output-delimiter=@@`
+@end example
+
+@var{package-or-derivation} may be either the name of a package found in the
+software distribution such as @code{coreutils} or @code{coreutils@@8.20}, or
+a derivation such as @file{/gnu/store/@dots{}-coreutils-8.19.drv}. In the
+former case, a package with the corresponding name (and optionally version)
+is searched for among the GNU distribution modules (@pxref{Modules de paquets}).
+
+Alternatively, the @code{--expression} option may be used to specify a
+Scheme expression that evaluates to a package; this is useful when
+disambiguating among several same-named packages or package variants is
+needed.
+
+There may be zero or more @var{options}. The available options are
+described in the subsections below.
+
+@menu
+* Options de construction communes:: Options de construction pour la
+ plupart des commandes.
+* Options de transformation de paquets:: Créer des variantes de paquets.
+* Options de construction supplémentaires:: Options spécifiques à «
+ guix build ».
+* Débogage des échecs de construction:: La vie d'un empaqueteur.
+@end menu
+
+@node Options de construction communes
+@subsection Options de construction communes
+
+A number of options that control the build process are common to
+@command{guix build} and other commands that can spawn builds, such as
+@command{guix package} or @command{guix archive}. These are the following:
+
+@table @code
+
+@item --load-path=@var{directory}
+@itemx -L @var{directory}
+Add @var{directory} to the front of the package module search path
+(@pxref{Modules de paquets}).
+
+This allows users to define their own packages and make them visible to the
+command-line tools.
+
+@item --keep-failed
+@itemx -K
+Keep the build tree of failed builds. Thus, if a build fails, its build
+tree is kept under @file{/tmp}, in a directory whose name is shown at the
+end of the build log. This is useful when debugging build issues.
+@xref{Débogage des échecs de construction}, for tips and tricks on how to debug build
+issues.
+
+@item --keep-going
+@itemx -k
+Keep going when some of the derivations fail to build; return only once all
+the builds have either completed or failed.
+
+The default behavior is to stop as soon as one of the specified derivations
+has failed.
+
+@item --dry-run
+@itemx -n
+Do not build the derivations.
+
+@anchor{fallback-option}
+@item --fallback
+When substituting a pre-built binary fails, fall back to building packages
+locally (@pxref{Échec de substitution}).
+
+@item --substitute-urls=@var{urls}
+@anchor{client-substitute-urls}
+Consider @var{urls} the whitespace-separated list of substitute source URLs,
+overriding the default list of URLs of @command{guix-daemon}
+(@pxref{daemon-substitute-urls,, @command{guix-daemon} URLs}).
+
+Cela signifie que les substituts peuvent être téléchargés depuis @var{urls},
+tant qu'ils sont signés par une clef autorisée par l'administrateur système
+(@pxref{Substituts}).
+
+When @var{urls} is the empty string, substitutes are effectively disabled.
+
+@item --no-substitutes
+Ne pas utiliser de substitut pour les résultats de la
+construction. C'est-à-dire, toujours construire localement plutôt que de
+permettre le téléchargement de binaires pré-construits (@pxref{Substituts}).
+
+@item --no-grafts
+Do not ``graft'' packages. In practice, this means that package updates
+available as grafts are not applied. @xref{Mises à jour de sécurité}, for more
+information on grafts.
+
+@item --rounds=@var{n}
+Build each derivation @var{n} times in a row, and raise an error if
+consecutive build results are not bit-for-bit identical.
+
+This is a useful way to detect non-deterministic builds processes.
+Non-deterministic build processes are a problem because they make it
+practically impossible for users to @emph{verify} whether third-party
+binaries are genuine. @xref{Invoquer guix challenge}, for more.
+
+Note that, currently, the differing build results are not kept around, so
+you will have to manually investigate in case of an error---e.g., by
+stashing one of the build results with @code{guix archive --export}
+(@pxref{Invoquer guix archive}), then rebuilding, and finally comparing the
+two results.
+
+@item --no-build-hook
+Do not attempt to offload builds @i{via} the ``build hook'' of the daemon
+(@pxref{Réglages du délestage du démon}). That is, always build things locally
+instead of offloading builds to remote machines.
+
+@item --max-silent-time=@var{seconds}
+When the build or substitution process remains silent for more than
+@var{seconds}, terminate it and report a build failure.
+
+By default, the daemon's setting is honored (@pxref{Invoquer guix-daemon,
+@code{--max-silent-time}}).
+
+@item --timeout=@var{seconds}
+Likewise, when the build or substitution process lasts for more than
+@var{seconds}, terminate it and report a build failure.
+
+By default, the daemon's setting is honored (@pxref{Invoquer guix-daemon,
+@code{--timeout}}).
+
+@item --verbosity=@var{level}
+Use the given verbosity level. @var{level} must be an integer between 0 and
+5; higher means more verbose output. Setting a level of 4 or more may be
+helpful when debugging setup issues with the build daemon.
+
+@item --cores=@var{n}
+@itemx -c @var{n}
+Allow the use of up to @var{n} CPU cores for the build. The special value
+@code{0} means to use as many CPU cores as available.
+
+@item --max-jobs=@var{n}
+@itemx -M @var{n}
+Allow at most @var{n} build jobs in parallel. @xref{Invoquer guix-daemon,
+@code{--max-jobs}}, for details about this option and the equivalent
+@command{guix-daemon} option.
+
+@end table
+
+Behind the scenes, @command{guix build} is essentially an interface to the
+@code{package-derivation} procedure of the @code{(guix packages)} module,
+and to the @code{build-derivations} procedure of the @code{(guix
+derivations)} module.
+
+In addition to options explicitly passed on the command line, @command{guix
+build} and other @command{guix} commands that support building honor the
+@code{GUIX_BUILD_OPTIONS} environment variable.
+
+@defvr {Environment Variable} GUIX_BUILD_OPTIONS
+Users can define this variable to a list of command line options that will
+automatically be used by @command{guix build} and other @command{guix}
+commands that can perform builds, as in the example below:
+
+@example
+$ export GUIX_BUILD_OPTIONS="--no-substitutes -c 2 -L /foo/bar"
+@end example
+
+These options are parsed independently, and the result is appended to the
+parsed command-line options.
+@end defvr
+
+
+@node Options de transformation de paquets
+@subsection Options de transformation de paquets
+
+@cindex package variants
+Another set of command-line options supported by @command{guix build} and
+also @command{guix package} are @dfn{package transformation options}. These
+are options that make it possible to define @dfn{package variants}---for
+instance, packages built from different source code. This is a convenient
+way to create customized packages on the fly without having to type in the
+definitions of package variants (@pxref{Définition des paquets}).
+
+@table @code
+
+@item --with-source=@var{source}
+@itemx --with-source=@var{package}=@var{source}
+@itemx --with-source=@var{package}@@@var{version}=@var{source}
+Use @var{source} as the source of @var{package}, and @var{version} as its
+version number. @var{source} must be a file name or a URL, as for
+@command{guix download} (@pxref{Invoquer guix download}).
+
+When @var{package} is omitted, it is taken to be the package name specified
+on the command line that matches the base of @var{source}---e.g., if
+@var{source} is @code{/src/guile-2.0.10.tar.gz}, the corresponding package
+is @code{guile}.
+
+Likewise, when @var{version} is omitted, the version string is inferred from
+@var{source}; in the previous example, it is @code{2.0.10}.
+
+This option allows users to try out versions of packages other than the one
+provided by the distribution. The example below downloads
+@file{ed-1.7.tar.gz} from a GNU mirror and uses that as the source for the
+@code{ed} package:
+
+@example
+guix build ed --with-source=mirror://gnu/ed/ed-1.7.tar.gz
+@end example
+
+As a developer, @code{--with-source} makes it easy to test release
+candidates:
+
+@example
+guix build guile --with-source=../guile-2.0.9.219-e1bb7.tar.xz
+@end example
+
+@dots{} or to build from a checkout in a pristine environment:
+
+@example
+$ git clone git://git.sv.gnu.org/guix.git
+$ guix build guix --with-source=guix@@1.0=./guix
+@end example
+
+@item --with-input=@var{package}=@var{replacement}
+Replace dependency on @var{package} by a dependency on @var{replacement}.
+@var{package} must be a package name, and @var{replacement} must be a
+package specification such as @code{guile} or @code{guile@@1.8}.
+
+For instance, the following command builds Guix, but replaces its dependency
+on the current stable version of Guile with a dependency on the legacy
+version of Guile, @code{guile@@2.0}:
+
+@example
+guix build --with-input=guile=guile@@2.0 guix
+@end example
+
+This is a recursive, deep replacement. So in this example, both @code{guix}
+and its dependency @code{guile-json} (which also depends on @code{guile})
+get rebuilt against @code{guile@@2.0}.
+
+This is implemented using the @code{package-input-rewriting} Scheme
+procedure (@pxref{Définition des paquets, @code{package-input-rewriting}}).
+
+@item --with-graft=@var{package}=@var{replacement}
+This is similar to @code{--with-input} but with an important difference:
+instead of rebuilding the whole dependency chain, @var{replacement} is built
+and then @dfn{grafted} onto the binaries that were initially referring to
+@var{package}. @xref{Mises à jour de sécurité}, for more information on grafts.
+
+For example, the command below grafts version 3.5.4 of GnuTLS onto Wget and
+all its dependencies, replacing references to the version of GnuTLS they
+currently refer to:
+
+@example
+guix build --with-graft=gnutls=gnutls@@3.5.4 wget
+@end example
+
+This has the advantage of being much faster than rebuilding everything. But
+there is a caveat: it works if and only if @var{package} and
+@var{replacement} are strictly compatible---for example, if they provide a
+library, the application binary interface (ABI) of those libraries must be
+compatible. If @var{replacement} is somehow incompatible with
+@var{package}, then the resulting package may be unusable. Use with care!
+
+@end table
+
+@node Options de construction supplémentaires
+@subsection Options de construction supplémentaires
+
+The command-line options presented below are specific to @command{guix
+build}.
+
+@table @code
+
+@item --quiet
+@itemx -q
+Build quietly, without displaying the build log. Upon completion, the build
+log is kept in @file{/var} (or similar) and can always be retrieved using
+the @option{--log-file} option.
+
+@item --file=@var{file}
+@itemx -f @var{file}
+
+Build the package or derivation that the code within @var{file} evaluates
+to.
+
+As an example, @var{file} might contain a package definition like this
+(@pxref{Définition des paquets}):
+
+@example
+@verbatiminclude package-hello.scm
+@end example
+
+@item --expression=@var{expr}
+@itemx -e @var{expr}
+Build the package or derivation @var{expr} evaluates to.
+
+For example, @var{expr} may be @code{(@@ (gnu packages guile) guile-1.8)},
+which unambiguously designates this specific variant of version 1.8 of
+Guile.
+
+Alternatively, @var{expr} may be a G-expression, in which case it is used as
+a build program passed to @code{gexp->derivation} (@pxref{G-Expressions}).
+
+Lastly, @var{expr} may refer to a zero-argument monadic procedure
+(@pxref{La monad du dépôt}). The procedure must return a derivation as a
+monadic value, which is then passed through @code{run-with-store}.
+
+@item --source
+@itemx -S
+Build the source derivations of the packages, rather than the packages
+themselves.
+
+For instance, @code{guix build -S gcc} returns something like
+@file{/gnu/store/@dots{}-gcc-4.7.2.tar.bz2}, which is the GCC source
+tarball.
+
+The returned source tarball is the result of applying any patches and code
+snippets specified in the package @code{origin} (@pxref{Définition des paquets}).
+
+@item --sources
+Fetch and return the source of @var{package-or-derivation} and all their
+dependencies, recursively. This is a handy way to obtain a local copy of
+all the source code needed to build @var{packages}, allowing you to
+eventually build them even without network access. It is an extension of
+the @code{--source} option and can accept one of the following optional
+argument values:
+
+@table @code
+@item package
+This value causes the @code{--sources} option to behave in the same way as
+the @code{--source} option.
+
+@item all
+Build the source derivations of all packages, including any source that
+might be listed as @code{inputs}. This is the default value.
+
+@example
+$ guix build --sources tzdata
+The following derivations will be built:
+ /gnu/store/@dots{}-tzdata2015b.tar.gz.drv
+ /gnu/store/@dots{}-tzcode2015b.tar.gz.drv
+@end example
+
+@item transitive
+Build the source derivations of all packages, as well of all transitive
+inputs to the packages. This can be used e.g. to prefetch package source
+for later offline building.
+
+@example
+$ guix build --sources=transitive tzdata
+The following derivations will be built:
+ /gnu/store/@dots{}-tzcode2015b.tar.gz.drv
+ /gnu/store/@dots{}-findutils-4.4.2.tar.xz.drv
+ /gnu/store/@dots{}-grep-2.21.tar.xz.drv
+ /gnu/store/@dots{}-coreutils-8.23.tar.xz.drv
+ /gnu/store/@dots{}-make-4.1.tar.xz.drv
+ /gnu/store/@dots{}-bash-4.3.tar.xz.drv
+@dots{}
+@end example
+
+@end table
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of the
+system type of the build host.
+
+@quotation Note
+The @code{--system} flag is for @emph{native} compilation and must not be
+confused with cross-compilation. See @code{--target} below for information
+on cross-compilation.
+@end quotation
+
+An example use of this is on Linux-based systems, which can emulate
+different personalities. For instance, passing @code{--system=i686-linux}
+on an @code{x86_64-linux} system allows you to build packages in a complete
+32-bit environment.
+
+Similarly, when transparent emulation with QEMU and @code{binfmt_misc} is
+enabled (@pxref{Virtualization Services, @code{qemu-binfmt-service-type}}),
+you can build for any system for which a QEMU @code{binfmt_misc} handler is
+installed.
+
+Builds for a system other than that of the machine you are using can also be
+offloaded to a remote machine of the right architecture. @xref{Réglages du délestage du démon}, for more information on offloading.
+
+@item --target=@var{triplet}
+@cindex cross-compilation
+Cross-build for @var{triplet}, which must be a valid GNU triplet, such as
+@code{"mips64el-linux-gnu"} (@pxref{Specifying target triplets, GNU
+configuration triplets,, autoconf, Autoconf}).
+
+@anchor{build-check}
+@item --check
+@cindex déterminisme, vérification
+@cindex reproductibilité, vérification
+Rebuild @var{package-or-derivation}, which are already available in the
+store, and raise an error if the build results are not bit-for-bit
+identical.
+
+Ce mécanisme vous permet de vérifier si les substituts précédemment
+installés sont authentiques (@pxref{Substituts}) ou si le résultat de la
+construction d'un paquet est déterministe. @xref{Invoquer guix challenge}
+pour plus d'informations et pour les outils.
+
+When used in conjunction with @option{--keep-failed}, the differing output
+is kept in the store, under @file{/gnu/store/@dots{}-check}. This makes it
+easy to look for differences between the two results.
+
+@item --repair
+@cindex repairing store items
+@cindex corruption, recovering from
+Attempt to repair the specified store items, if they are corrupt, by
+re-downloading or rebuilding them.
+
+This operation is not atomic and thus restricted to @code{root}.
+
+@item --derivations
+@itemx -d
+Return the derivation paths, not the output paths, of the given packages.
+
+@item --root=@var{file}
+@itemx -r @var{file}
+@cindex GC roots, adding
+@cindex garbage collector roots, adding
+Make @var{file} a symlink to the result, and register it as a garbage
+collector root.
+
+Consequently, the results of this @command{guix build} invocation are
+protected from garbage collection until @var{file} is removed. When that
+option is omitted, build results are eligible for garbage collection as soon
+as the build completes. @xref{Invoquer guix gc}, for more on GC roots.
+
+@item --log-file
+@cindex build logs, access
+Return the build log file names or URLs for the given
+@var{package-or-derivation}, or raise an error if build logs are missing.
+
+This works regardless of how packages or derivations are specified. For
+instance, the following invocations are equivalent:
+
+@example
+guix build --log-file `guix build -d guile`
+guix build --log-file `guix build guile`
+guix build --log-file guile
+guix build --log-file -e '(@@ (gnu packages guile) guile-2.0)'
+@end example
+
+If a log is unavailable locally, and unless @code{--no-substitutes} is
+passed, the command looks for a corresponding log on one of the substitute
+servers (as specified with @code{--substitute-urls}.)
+
+So for instance, imagine you want to see the build log of GDB on MIPS, but
+you are actually on an @code{x86_64} machine:
+
+@example
+$ guix build --log-file gdb -s mips64el-linux
+https://hydra.gnu.org/log/@dots{}-gdb-7.10
+@end example
+
+You can freely access a huge library of build logs!
+@end table
+
+@node Débogage des échecs de construction
+@subsection Débogage des échecs de construction
+
+@cindex build failures, debugging
+When defining a new package (@pxref{Définition des paquets}), you will probably
+find yourself spending some time debugging and tweaking the build until it
+succeeds. To do that, you need to operate the build commands yourself in an
+environment as close as possible to the one the build daemon uses.
+
+To that end, the first thing to do is to use the @option{--keep-failed} or
+@option{-K} option of @command{guix build}, which will keep the failed build
+tree in @file{/tmp} or whatever directory you specified as @code{TMPDIR}
+(@pxref{Invoquer guix build, @code{--keep-failed}}).
+
+From there on, you can @command{cd} to the failed build tree and source the
+@file{environment-variables} file, which contains all the environment
+variable definitions that were in place when the build failed. So let's say
+you're debugging a build failure in package @code{foo}; a typical session
+would look like this:
+
+@example
+$ guix build foo -K
+@dots{} @i{build fails}
+$ cd /tmp/guix-build-foo.drv-0
+$ source ./environment-variables
+$ cd foo-1.2
+@end example
+
+Now, you can invoke commands as if you were the daemon (almost) and
+troubleshoot your build process.
+
+Sometimes it happens that, for example, a package's tests pass when you run
+them manually but they fail when the daemon runs them. This can happen
+because the daemon runs builds in containers where, unlike in our
+environment above, network access is missing, @file{/bin/sh} does not exist,
+etc. (@pxref{Réglages de l'environnement de construction}).
+
+In such cases, you may need to run inspect the build process from within a
+container similar to the one the build daemon creates:
+
+@example
+$ guix build -K foo
+@dots{}
+$ cd /tmp/guix-build-foo.drv-0
+$ guix environment --no-grafts -C foo --ad-hoc strace gdb
+[env]# source ./environment-variables
+[env]# cd foo-1.2
+@end example
+
+Here, @command{guix environment -C} creates a container and spawns a new
+shell in it (@pxref{Invoquer guix environment}). The @command{--ad-hoc
+strace gdb} part adds the @command{strace} and @command{gdb} commands to the
+container, which would may find handy while debugging. The
+@option{--no-grafts} option makes sure we get the exact same environment,
+with ungrafted packages (@pxref{Mises à jour de sécurité}, for more info on grafts).
+
+To get closer to a container like that used by the build daemon, we can
+remove @file{/bin/sh}:
+
+@example
+[env]# rm /bin/sh
+@end example
+
+(Don't worry, this is harmless: this is all happening in the throw-away
+container created by @command{guix environment}.)
+
+The @command{strace} command is probably not in the search path, but we can
+run:
+
+@example
+[env]# $GUIX_ENVIRONMENT/bin/strace -f -o log make check
+@end example
+
+In this way, not only you will have reproduced the environment variables the
+daemon uses, you will also be running the build process in a container
+similar to the one the daemon uses.
+
+
+@node Invoquer guix edit
+@section Invoking @command{guix edit}
+
+@cindex @command{guix edit}
+@cindex package definition, editing
+So many packages, so many source files! The @command{guix edit} command
+facilitates the life of users and packagers by pointing their editor at the
+source file containing the definition of the specified packages. For
+instance:
+
+@example
+guix edit gcc@@4.9 vim
+@end example
+
+@noindent
+launches the program specified in the @code{VISUAL} or in the @code{EDITOR}
+environment variable to view the recipe of GCC@tie{}4.9.3 and that of Vim.
+
+If you are using a Guix Git checkout (@pxref{Construire depuis Git}), or have
+created your own packages on @code{GUIX_PACKAGE_PATH} (@pxref{Définition des paquets}), you will be able to edit the package recipes. Otherwise, you
+will be able to examine the read-only recipes for packages currently in the
+store.
+
+
+@node Invoquer guix download
+@section Invoking @command{guix download}
+
+@cindex @command{guix download}
+@cindex downloading package sources
+When writing a package definition, developers typically need to download a
+source tarball, compute its SHA256 hash, and write that hash in the package
+definition (@pxref{Définition des paquets}). The @command{guix download} tool
+helps with this task: it downloads a file from the given URI, adds it to the
+store, and prints both its file name in the store and its SHA256 hash.
+
+The fact that the downloaded file is added to the store saves bandwidth:
+when the developer eventually tries to build the newly defined package with
+@command{guix build}, the source tarball will not have to be downloaded
+again because it is already in the store. It is also a convenient way to
+temporarily stash files, which may be deleted eventually (@pxref{Invoquer guix gc}).
+
+The @command{guix download} command supports the same URIs as used in
+package definitions. In particular, it supports @code{mirror://} URIs.
+@code{https} URIs (HTTP over TLS) are supported @emph{provided} the Guile
+bindings for GnuTLS are available in the user's environment; when they are
+not available, an error is raised. @xref{Guile Preparations, how to install
+the GnuTLS bindings for Guile,, gnutls-guile, GnuTLS-Guile}, for more
+information.
+
+@command{guix download} verifies HTTPS server certificates by loading the
+certificates of X.509 authorities from the directory pointed to by the
+@code{SSL_CERT_DIR} environment variable (@pxref{Certificats X.509}),
+unless @option{--no-check-certificate} is used.
+
+The following options are available:
+
+@table @code
+@item --format=@var{fmt}
+@itemx -f @var{fmt}
+Write the hash in the format specified by @var{fmt}. For more information
+on the valid values for @var{fmt}, @pxref{Invoquer guix hash}.
+
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you are
+communicating with the authentic server responsible for the given URL, which
+makes you vulnerable to ``man-in-the-middle'' attacks.
+
+@item --output=@var{file}
+@itemx -o @var{file}
+Save the downloaded file to @var{file} instead of adding it to the store.
+@end table
+
+@node Invoquer guix hash
+@section Invoking @command{guix hash}
+
+@cindex @command{guix hash}
+The @command{guix hash} command computes the SHA256 hash of a file. It is
+primarily a convenience tool for anyone contributing to the distribution: it
+computes the cryptographic hash of a file, which can be used in the
+definition of a package (@pxref{Définition des paquets}).
+
+The general syntax is:
+
+@example
+guix hash @var{option} @var{file}
+@end example
+
+When @var{file} is @code{-} (a hyphen), @command{guix hash} computes the
+hash of data read from standard input. @command{guix hash} has the
+following options:
+
+@table @code
+
+@item --format=@var{fmt}
+@itemx -f @var{fmt}
+Write the hash in the format specified by @var{fmt}.
+
+Supported formats: @code{nix-base32}, @code{base32}, @code{base16}
+(@code{hex} and @code{hexadecimal} can be used as well).
+
+If the @option{--format} option is not specified, @command{guix hash} will
+output the hash in @code{nix-base32}. This representation is used in the
+definitions of packages.
+
+@item --recursive
+@itemx -r
+Compute the hash on @var{file} recursively.
+
+@c FIXME: Replace xref above with xref to an ``Archive'' section when
+@c it exists.
+In this case, the hash is computed on an archive containing @var{file},
+including its children if it is a directory. Some of the metadata of
+@var{file} is part of the archive; for instance, when @var{file} is a
+regular file, the hash is different depending on whether @var{file} is
+executable or not. Metadata such as time stamps has no impact on the hash
+(@pxref{Invoquer guix archive}).
+
+@item --exclude-vcs
+@itemx -x
+When combined with @option{--recursive}, exclude version control system
+directories (@file{.bzr}, @file{.git}, @file{.hg}, etc.)
+
+@vindex git-fetch
+As an example, here is how you would compute the hash of a Git checkout,
+which is useful when using the @code{git-fetch} method (@pxref{Référence d'origine}):
+
+@example
+$ git clone http://example.org/foo.git
+$ cd foo
+$ guix hash -rx .
+@end example
+@end table
+
+@node Invoquer guix import
+@section Invoking @command{guix import}
+
+@cindex importing packages
+@cindex package import
+@cindex package conversion
+@cindex Invoking @command{guix import}
+The @command{guix import} command is useful for people who would like to add
+a package to the distribution with as little work as possible---a legitimate
+demand. The command knows of a few repositories from which it can
+``import'' package metadata. The result is a package definition, or a
+template thereof, in the format we know (@pxref{Définition des paquets}).
+
+The general syntax is:
+
+@example
+guix import @var{importer} @var{options}@dots{}
+@end example
+
+@var{importer} specifies the source from which to import package metadata,
+and @var{options} specifies a package identifier and other options specific
+to @var{importer}. Currently, the available ``importers'' are:
+
+@table @code
+@item gnu
+Import metadata for the given GNU package. This provides a template for the
+latest version of that GNU package, including the hash of its source
+tarball, and its canonical synopsis and description.
+
+Additional information such as the package dependencies and its license
+needs to be figured out manually.
+
+For example, the following command returns a package definition for
+GNU@tie{}Hello:
+
+@example
+guix import gnu hello
+@end example
+
+Specific command-line options are:
+
+@table @code
+@item --key-download=@var{policy}
+As for @code{guix refresh}, specify the policy to handle missing OpenPGP
+keys when verifying the package signature. @xref{Invoquer guix refresh,
+@code{--key-download}}.
+@end table
+
+@item pypi
+@cindex pypi
+Import metadata from the @uref{https://pypi.python.org/, Python Package
+Index}@footnote{This functionality requires Guile-JSON to be installed.
+@xref{Prérequis}.}. Information is taken from the JSON-formatted
+description available at @code{pypi.python.org} and usually includes all the
+relevant information, including package dependencies. For maximum
+efficiency, it is recommended to install the @command{unzip} utility, so
+that the importer can unzip Python wheels and gather data from them.
+
+The command below imports metadata for the @code{itsdangerous} Python
+package:
+
+@example
+guix import pypi itsdangerous
+@end example
+
+@item gem
+@cindex gem
+Import metadata from @uref{https://rubygems.org/, RubyGems}@footnote{This
+functionality requires Guile-JSON to be installed. @xref{Prérequis}.}.
+Information is taken from the JSON-formatted description available at
+@code{rubygems.org} and includes most relevant information, including
+runtime dependencies. There are some caveats, however. The metadata
+doesn't distinguish between synopses and descriptions, so the same string is
+used for both fields. Additionally, the details of non-Ruby dependencies
+required to build native extensions is unavailable and left as an exercise
+to the packager.
+
+The command below imports metadata for the @code{rails} Ruby package:
+
+@example
+guix import gem rails
+@end example
+
+@item cpan
+@cindex CPAN
+Import metadata from @uref{https://www.metacpan.org/,
+MetaCPAN}@footnote{This functionality requires Guile-JSON to be installed.
+@xref{Prérequis}.}. Information is taken from the JSON-formatted
+metadata provided through @uref{https://fastapi.metacpan.org/, MetaCPAN's
+API} and includes most relevant information, such as module dependencies.
+License information should be checked closely. If Perl is available in the
+store, then the @code{corelist} utility will be used to filter core modules
+out of the list of dependencies.
+
+The command command below imports metadata for the @code{Acme::Boolean} Perl
+module:
+
+@example
+guix import cpan Acme::Boolean
+@end example
+
+@item cran
+@cindex CRAN
+@cindex Bioconductor
+Import metadata from @uref{https://cran.r-project.org/, CRAN}, the central
+repository for the @uref{http://r-project.org, GNU@tie{}R statistical and
+graphical environment}.
+
+Information is extracted from the @code{DESCRIPTION} file of the package.
+
+The command command below imports metadata for the @code{Cairo} R package:
+
+@example
+guix import cran Cairo
+@end example
+
+When @code{--recursive} is added, the importer will traverse the dependency
+graph of the given upstream package recursively and generate package
+expressions for all those packages that are not yet in Guix.
+
+When @code{--archive=bioconductor} is added, metadata is imported from
+@uref{https://www.bioconductor.org/, Bioconductor}, a repository of R
+packages for for the analysis and comprehension of high-throughput genomic
+data in bioinformatics.
+
+Information is extracted from the @code{DESCRIPTION} file of a package
+published on the web interface of the Bioconductor SVN repository.
+
+The command below imports metadata for the @code{GenomicRanges} R package:
+
+@example
+guix import cran --archive=bioconductor GenomicRanges
+@end example
+
+@item texlive
+@cindex TeX Live
+@cindex CTAN
+Import metadata from @uref{http://www.ctan.org/, CTAN}, the comprehensive
+TeX archive network for TeX packages that are part of the
+@uref{https://www.tug.org/texlive/, TeX Live distribution}.
+
+Information about the package is obtained through the XML API provided by
+CTAN, while the source code is downloaded from the SVN repository of the Tex
+Live project. This is done because the CTAN does not keep versioned
+archives.
+
+The command command below imports metadata for the @code{fontspec} TeX
+package:
+
+@example
+guix import texlive fontspec
+@end example
+
+When @code{--archive=DIRECTORY} is added, the source code is downloaded not
+from the @file{latex} sub-directory of the @file{texmf-dist/source} tree in
+the TeX Live SVN repository, but from the specified sibling directory under
+the same root.
+
+The command below imports metadata for the @code{ifxetex} package from CTAN
+while fetching the sources from the directory @file{texmf/source/generic}:
+
+@example
+guix import texlive --archive=generic ifxetex
+@end example
+
+@item json
+@cindex JSON, import
+Import package metadata from a local JSON file@footnote{This functionality
+requires Guile-JSON to be installed. @xref{Prérequis}.}. Consider the
+following example package definition in JSON format:
+
+@example
+@{
+ "name": "hello",
+ "version": "2.10",
+ "source": "mirror://gnu/hello/hello-2.10.tar.gz",
+ "build-system": "gnu",
+ "home-page": "https://www.gnu.org/software/hello/",
+ "synopsis": "Hello, GNU world: An example GNU package",
+ "description": "GNU Hello prints a greeting.",
+ "license": "GPL-3.0+",
+ "native-inputs": ["gcc@@6"]
+@}
+@end example
+
+The field names are the same as for the @code{<package>} record
+(@xref{Définition des paquets}). References to other packages are provided as
+JSON lists of quoted package specification strings such as @code{guile} or
+@code{guile@@2.0}.
+
+The importer also supports a more explicit source definition using the
+common fields for @code{<origin>} records:
+
+@example
+@{
+ @dots{}
+ "source": @{
+ "method": "url-fetch",
+ "uri": "mirror://gnu/hello/hello-2.10.tar.gz",
+ "sha256": @{
+ "base32": "0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i"
+ @}
+ @}
+ @dots{}
+@}
+@end example
+
+The command below reads metadata from the JSON file @code{hello.json} and
+outputs a package expression:
+
+@example
+guix import json hello.json
+@end example
+
+@item nix
+Import metadata from a local copy of the source of the
+@uref{http://nixos.org/nixpkgs/, Nixpkgs distribution}@footnote{This relies
+on the @command{nix-instantiate} command of @uref{http://nixos.org/nix/,
+Nix}.}. Package definitions in Nixpkgs are typically written in a mixture
+of Nix-language and Bash code. This command only imports the high-level
+package structure that is written in the Nix language. It normally includes
+all the basic fields of a package definition.
+
+When importing a GNU package, the synopsis and descriptions are replaced by
+their canonical upstream variant.
+
+Usually, you will first need to do:
+
+@example
+export NIX_REMOTE=daemon
+@end example
+
+@noindent
+so that @command{nix-instantiate} does not try to open the Nix database.
+
+As an example, the command below imports the package definition of
+LibreOffice (more precisely, it imports the definition of the package bound
+to the @code{libreoffice} top-level attribute):
+
+@example
+guix import nix ~/path/to/nixpkgs libreoffice
+@end example
+
+@item hackage
+@cindex hackage
+Import metadata from the Haskell community's central package archive
+@uref{https://hackage.haskell.org/, Hackage}. Information is taken from
+Cabal files and includes all the relevant information, including package
+dependencies.
+
+Specific command-line options are:
+
+@table @code
+@item --stdin
+@itemx -s
+Read a Cabal file from standard input.
+@item --no-test-dependencies
+@itemx -t
+Do not include dependencies required only by the test suites.
+@item --cabal-environment=@var{alist}
+@itemx -e @var{alist}
+@var{alist} is a Scheme alist defining the environment in which the Cabal
+conditionals are evaluated. The accepted keys are: @code{os}, @code{arch},
+@code{impl} and a string representing the name of a flag. The value
+associated with a flag has to be either the symbol @code{true} or
+@code{false}. The value associated with other keys has to conform to the
+Cabal file format definition. The default value associated with the keys
+@code{os}, @code{arch} and @code{impl} is @samp{linux}, @samp{x86_64} and
+@samp{ghc}, respectively.
+@end table
+
+The command below imports metadata for the latest version of the @code{HTTP}
+Haskell package without including test dependencies and specifying the value
+of the flag @samp{network-uri} as @code{false}:
+
+@example
+guix import hackage -t -e "'((\"network-uri\" . false))" HTTP
+@end example
+
+A specific package version may optionally be specified by following the
+package name by an at-sign and a version number as in the following example:
+
+@example
+guix import hackage mtl@@2.1.3.1
+@end example
+
+@item stackage
+@cindex stackage
+The @code{stackage} importer is a wrapper around the @code{hackage} one. It
+takes a package name, looks up the package version included in a long-term
+support (LTS) @uref{https://www.stackage.org, Stackage} release and uses the
+@code{hackage} importer to retrieve its metadata. Note that it is up to you
+to select an LTS release compatible with the GHC compiler used by Guix.
+
+Specific command-line options are:
+
+@table @code
+@item --no-test-dependencies
+@itemx -t
+Do not include dependencies required only by the test suites.
+@item --lts-version=@var{version}
+@itemx -r @var{version}
+@var{version} is the desired LTS release version. If omitted the latest
+release is used.
+@end table
+
+The command below imports metadata for the @code{HTTP} Haskell package
+included in the LTS Stackage release version 7.18:
+
+@example
+guix import stackage --lts-version=7.18 HTTP
+@end example
+
+@item elpa
+@cindex elpa
+Import metadata from an Emacs Lisp Package Archive (ELPA) package repository
+(@pxref{Packages,,, emacs, The GNU Emacs Manual}).
+
+Specific command-line options are:
+
+@table @code
+@item --archive=@var{repo}
+@itemx -a @var{repo}
+@var{repo} identifies the archive repository from which to retrieve the
+information. Currently the supported repositories and their identifiers
+are:
+@itemize -
+@item
+@uref{http://elpa.gnu.org/packages, GNU}, selected by the @code{gnu}
+identifier. This is the default.
+
+Packages from @code{elpa.gnu.org} are signed with one of the keys contained
+in the GnuPG keyring at @file{share/emacs/25.1/etc/package-keyring.gpg} (or
+similar) in the @code{emacs} package (@pxref{Package Installation, ELPA
+package signatures,, emacs, The GNU Emacs Manual}).
+
+@item
+@uref{http://stable.melpa.org/packages, MELPA-Stable}, selected by the
+@code{melpa-stable} identifier.
+
+@item
+@uref{http://melpa.org/packages, MELPA}, selected by the @code{melpa}
+identifier.
+@end itemize
+@end table
+
+@item crate
+@cindex crate
+Import metadata from the crates.io Rust package repository
+@uref{https://crates.io, crates.io}.
+@end table
+
+The structure of the @command{guix import} code is modular. It would be
+useful to have more importers for other package formats, and your help is
+welcome here (@pxref{Contribuer}).
+
+@node Invoquer guix refresh
+@section Invoking @command{guix refresh}
+
+@cindex @command{guix refresh}
+The primary audience of the @command{guix refresh} command is developers of
+the GNU software distribution. By default, it reports any packages provided
+by the distribution that are outdated compared to the latest upstream
+version, like this:
+
+@example
+$ guix refresh
+gnu/packages/gettext.scm:29:13: gettext would be upgraded from 0.18.1.1 to 0.18.2.1
+gnu/packages/glib.scm:77:12: glib would be upgraded from 2.34.3 to 2.37.0
+@end example
+
+Alternately, one can specify packages to consider, in which case a warning
+is emitted for packages that lack an updater:
+
+@example
+$ guix refresh coreutils guile guile-ssh
+gnu/packages/ssh.scm:205:2: warning: no updater for guile-ssh
+gnu/packages/guile.scm:136:12: guile would be upgraded from 2.0.12 to 2.0.13
+@end example
+
+@command{guix refresh} browses the upstream repository of each package and
+determines the highest version number of the releases therein. The command
+knows how to update specific types of packages: GNU packages, ELPA packages,
+etc.---see the documentation for @option{--type} below. There are many
+packages, though, for which it lacks a method to determine whether a new
+upstream release is available. However, the mechanism is extensible, so
+feel free to get in touch with us to add a new method!
+
+Sometimes the upstream name differs from the package name used in Guix, and
+@command{guix refresh} needs a little help. Most updaters honor the
+@code{upstream-name} property in package definitions, which can be used to
+that effect:
+
+@example
+(define-public network-manager
+ (package
+ (name "network-manager")
+ ;; @dots{}
+ (properties '((upstream-name . "NetworkManager")))))
+@end example
+
+When passed @code{--update}, it modifies distribution source files to update
+the version numbers and source tarball hashes of those package recipes
+(@pxref{Définition des paquets}). This is achieved by downloading each package's
+latest source tarball and its associated OpenPGP signature, authenticating
+the downloaded tarball against its signature using @command{gpg}, and
+finally computing its hash. When the public key used to sign the tarball is
+missing from the user's keyring, an attempt is made to automatically
+retrieve it from a public key server; when this is successful, the key is
+added to the user's keyring; otherwise, @command{guix refresh} reports an
+error.
+
+The following options are supported:
+
+@table @code
+
+@item --expression=@var{expr}
+@itemx -e @var{expr}
+Consider the package @var{expr} evaluates to.
+
+This is useful to precisely refer to a package, as in this example:
+
+@example
+guix refresh -l -e '(@@@@ (gnu packages commencement) glibc-final)'
+@end example
+
+This command lists the dependents of the ``final'' libc (essentially all the
+packages.)
+
+@item --update
+@itemx -u
+Update distribution source files (package recipes) in place. This is
+usually run from a checkout of the Guix source tree (@pxref{Lancer Guix avant qu'il ne soit installé}):
+
+@example
+$ ./pre-inst-env guix refresh -s non-core -u
+@end example
+
+@xref{Définition des paquets}, for more information on package definitions.
+
+@item --select=[@var{subset}]
+@itemx -s @var{subset}
+Select all the packages in @var{subset}, one of @code{core} or
+@code{non-core}.
+
+The @code{core} subset refers to all the packages at the core of the
+distribution---i.e., packages that are used to build ``everything else''.
+This includes GCC, libc, Binutils, Bash, etc. Usually, changing one of
+these packages in the distribution entails a rebuild of all the others.
+Thus, such updates are an inconvenience to users in terms of build time or
+bandwidth used to achieve the upgrade.
+
+The @code{non-core} subset refers to the remaining packages. It is
+typically useful in cases where an update of the core packages would be
+inconvenient.
+
+@item --manifest=@var{file}
+@itemx -m @var{file}
+Select all the packages from the manifest in @var{file}. This is useful to
+check if any packages of the user manifest can be updated.
+
+@item --type=@var{updater}
+@itemx -t @var{updater}
+Select only packages handled by @var{updater} (may be a comma-separated list
+of updaters). Currently, @var{updater} may be one of:
+
+@table @code
+@item gnu
+the updater for GNU packages;
+@item gnome
+the updater for GNOME packages;
+@item kde
+the updater for KDE packages;
+@item xorg
+the updater for X.org packages;
+@item kernel.org
+the updater for packages hosted on kernel.org;
+@item elpa
+the updater for @uref{http://elpa.gnu.org/, ELPA} packages;
+@item cran
+the updater for @uref{https://cran.r-project.org/, CRAN} packages;
+@item bioconductor
+the updater for @uref{https://www.bioconductor.org/, Bioconductor} R
+packages;
+@item cpan
+the updater for @uref{http://www.cpan.org/, CPAN} packages;
+@item pypi
+the updater for @uref{https://pypi.python.org, PyPI} packages.
+@item gem
+the updater for @uref{https://rubygems.org, RubyGems} packages.
+@item github
+the updater for @uref{https://github.com, GitHub} packages.
+@item hackage
+the updater for @uref{https://hackage.haskell.org, Hackage} packages.
+@item stackage
+the updater for @uref{https://www.stackage.org, Stackage} packages.
+@item crate
+the updater for @uref{https://crates.io, Crates} packages.
+@end table
+
+For instance, the following command only checks for updates of Emacs
+packages hosted at @code{elpa.gnu.org} and for updates of CRAN packages:
+
+@example
+$ guix refresh --type=elpa,cran
+gnu/packages/statistics.scm:819:13: r-testthat would be upgraded from 0.10.0 to 0.11.0
+gnu/packages/emacs.scm:856:13: emacs-auctex would be upgraded from 11.88.6 to 11.88.9
+@end example
+
+@end table
+
+In addition, @command{guix refresh} can be passed one or more package names,
+as in this example:
+
+@example
+$ ./pre-inst-env guix refresh -u emacs idutils gcc@@4.8
+@end example
+
+@noindent
+The command above specifically updates the @code{emacs} and @code{idutils}
+packages. The @code{--select} option would have no effect in this case.
+
+When considering whether to upgrade a package, it is sometimes convenient to
+know which packages would be affected by the upgrade and should be checked
+for compatibility. For this the following option may be used when passing
+@command{guix refresh} one or more package names:
+
+@table @code
+
+@item --list-updaters
+@itemx -L
+List available updaters and exit (see @option{--type} above.)
+
+For each updater, display the fraction of packages it covers; at the end,
+display the fraction of packages covered by all these updaters.
+
+@item --list-dependent
+@itemx -l
+List top-level dependent packages that would need to be rebuilt as a result
+of upgrading one or more packages.
+
+@xref{Invoquer guix graph, the @code{reverse-package} type of @command{guix
+graph}}, for information on how to visualize the list of dependents of a
+package.
+
+@end table
+
+Be aware that the @code{--list-dependent} option only @emph{approximates}
+the rebuilds that would be required as a result of an upgrade. More
+rebuilds might be required under some circumstances.
+
+@example
+$ guix refresh --list-dependent flex
+Building the following 120 packages would ensure 213 dependent packages are rebuilt:
+hop@@2.4.0 geiser@@0.4 notmuch@@0.18 mu@@0.9.9.5 cflow@@1.4 idutils@@4.6 @dots{}
+@end example
+
+The command above lists a set of packages that could be built to check for
+compatibility with an upgraded @code{flex} package.
+
+The following options can be used to customize GnuPG operation:
+
+@table @code
+
+@item --gpg=@var{command}
+Use @var{command} as the GnuPG 2.x command. @var{command} is searched for
+in @code{$PATH}.
+
+@item --key-download=@var{policy}
+Handle missing OpenPGP keys according to @var{policy}, which may be one of:
+
+@table @code
+@item always
+Always download missing OpenPGP keys from the key server, and add them to
+the user's GnuPG keyring.
+
+@item never
+Never try to download missing OpenPGP keys. Instead just bail out.
+
+@item interactive
+When a package signed with an unknown OpenPGP key is encountered, ask the
+user whether to download it or not. This is the default behavior.
+@end table
+
+@item --key-server=@var{host}
+Use @var{host} as the OpenPGP key server when importing a public key.
+
+@end table
+
+The @code{github} updater uses the @uref{https://developer.github.com/v3/,
+GitHub API} to query for new releases. When used repeatedly e.g. when
+refreshing all packages, GitHub will eventually refuse to answer any further
+API requests. By default 60 API requests per hour are allowed, and a full
+refresh on all GitHub packages in Guix requires more than this.
+Authentication with GitHub through the use of an API token alleviates these
+limits. To use an API token, set the environment variable
+@code{GUIX_GITHUB_TOKEN} to a token procured from
+@uref{https://github.com/settings/tokens} or otherwise.
+
+
+@node Invoquer guix lint
+@section Invoking @command{guix lint}
+
+@cindex @command{guix lint}
+@cindex package, checking for errors
+The @command{guix lint} command is meant to help package developers avoid
+common errors and use a consistent style. It runs a number of checks on a
+given set of packages in order to find common mistakes in their
+definitions. Available @dfn{checkers} include (see @code{--list-checkers}
+for a complete list):
+
+@table @code
+@item synopsis
+@itemx description
+Validate certain typographical and stylistic rules about package
+descriptions and synopses.
+
+@item inputs-should-be-native
+Identify inputs that should most likely be native inputs.
+
+@item source
+@itemx home-page
+@itemx mirror-url
+@itemx source-file-name
+Probe @code{home-page} and @code{source} URLs and report those that are
+invalid. Suggest a @code{mirror://} URL when applicable. Check that the
+source file name is meaningful, e.g. is not just a version number or
+``git-checkout'', without a declared @code{file-name} (@pxref{Référence d'origine}).
+
+@item cve
+@cindex security vulnerabilities
+@cindex CVE, Common Vulnerabilities and Exposures
+Report known vulnerabilities found in the Common Vulnerabilities and
+Exposures (CVE) databases of the current and past year
+@uref{https://nvd.nist.gov/download.cfm#CVE_FEED, published by the US NIST}.
+
+To view information about a particular vulnerability, visit pages such as:
+
+@itemize
+@item
+@indicateurl{https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-YYYY-ABCD}
+@item
+@indicateurl{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ABCD}
+@end itemize
+
+@noindent
+where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
+@code{CVE-2015-7554}.
+
+Package developers can specify in package recipes the
+@uref{https://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)} name
+and version of the package when they differ from the name that Guix uses, as
+in this example:
+
+@example
+(package
+ (name "grub")
+ ;; @dots{}
+ ;; CPE calls this package "grub2".
+ (properties '((cpe-name . "grub2"))))
+@end example
+
+@item formatting
+Warn about obvious source code formatting issues: trailing white space, use
+of tabulations, etc.
+@end table
+
+The general syntax is:
+
+@example
+guix lint @var{options} @var{package}@dots{}
+@end example
+
+If no package is given on the command line, then all packages are checked.
+The @var{options} may be zero or more of the following:
+
+@table @code
+@item --list-checkers
+@itemx -l
+List and describe all the available checkers that will be run on packages
+and exit.
+
+@item --checkers
+@itemx -c
+Only enable the checkers specified in a comma-separated list using the names
+returned by @code{--list-checkers}.
+
+@end table
+
+@node Invoquer guix size
+@section Invoking @command{guix size}
+
+@cindex size
+@cindex package size
+@cindex closure
+@cindex @command{guix size}
+The @command{guix size} command helps package developers profile the disk
+usage of packages. It is easy to overlook the impact of an additional
+dependency added to a package, or the impact of using a single output for a
+package that could easily be split (@pxref{Des paquets avec plusieurs résultats}). Such are the typical issues that @command{guix size} can
+highlight.
+
+The command can be passed a package specification such as @code{gcc@@4.8} or
+@code{guile:debug}, or a file name in the store. Consider this example:
+
+@example
+$ guix size coreutils
+store item total self
+/gnu/store/@dots{}-coreutils-8.23 70.0 13.9 19.8%
+/gnu/store/@dots{}-gmp-6.0.0a 55.3 2.5 3.6%
+/gnu/store/@dots{}-acl-2.2.52 53.7 0.5 0.7%
+/gnu/store/@dots{}-attr-2.4.46 53.2 0.3 0.5%
+/gnu/store/@dots{}-gcc-4.8.4-lib 52.9 15.7 22.4%
+/gnu/store/@dots{}-glibc-2.21 37.2 37.2 53.1%
+@end example
+
+@cindex closure
+The store items listed here constitute the @dfn{transitive closure} of
+Coreutils---i.e., Coreutils and all its dependencies, recursively---as would
+be returned by:
+
+@example
+$ guix gc -R /gnu/store/@dots{}-coreutils-8.23
+@end example
+
+Here the output shows three columns next to store items. The first column,
+labeled ``total'', shows the size in mebibytes (MiB) of the closure of the
+store item---that is, its own size plus the size of all its dependencies.
+The next column, labeled ``self'', shows the size of the item itself. The
+last column shows the ratio of the size of the item itself to the space
+occupied by all the items listed here.
+
+In this example, we see that the closure of Coreutils weighs in at
+70@tie{}MiB, half of which is taken by libc. (That libc represents a large
+fraction of the closure is not a problem @i{per se} because it is always
+available on the system anyway.)
+
+When the package passed to @command{guix size} is available in the store,
+@command{guix size} queries the daemon to determine its dependencies, and
+measures its size in the store, similar to @command{du -ms --apparent-size}
+(@pxref{du invocation,,, coreutils, GNU Coreutils}).
+
+Lorsque le paquet donné n'est @emph{pas} dans le dépôt, @command{guix size}
+rapporte les informations en se basant sur les substituts disponibles
+(@pxref{Substituts}). Cela permet de profiler l'utilisation du disque des
+éléments du dépôt qui ne sont pas sur le disque, mais seulement disponibles
+à distance.
+
+You can also specify several package names:
+
+@example
+$ guix size coreutils grep sed bash
+store item total self
+/gnu/store/@dots{}-coreutils-8.24 77.8 13.8 13.4%
+/gnu/store/@dots{}-grep-2.22 73.1 0.8 0.8%
+/gnu/store/@dots{}-bash-4.3.42 72.3 4.7 4.6%
+/gnu/store/@dots{}-readline-6.3 67.6 1.2 1.2%
+@dots{}
+total: 102.3 MiB
+@end example
+
+@noindent
+In this example we see that the combination of the four packages takes
+102.3@tie{}MiB in total, which is much less than the sum of each closure
+since they have a lot of dependencies in common.
+
+The available options are:
+
+@table @option
+
+@item --substitute-urls=@var{urls}
+Use substitute information from @var{urls}. @xref{client-substitute-urls,
+the same option for @code{guix build}}.
+
+@item --sort=@var{key}
+Sort lines according to @var{key}, one of the following options:
+
+@table @code
+@item self
+the size of each item (the default);
+@item closure
+the total size of the item's closure.
+@end table
+
+@item --map-file=@var{file}
+Write a graphical map of disk usage in PNG format to @var{file}.
+
+For the example above, the map looks like this:
+
+@image{images/coreutils-size-map,5in,, map of Coreutils disk usage produced
+by @command{guix size}}
+
+This option requires that
+@uref{http://wingolog.org/software/guile-charting/, Guile-Charting} be
+installed and visible in Guile's module search path. When that is not the
+case, @command{guix size} fails as it tries to load it.
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Consider packages for @var{system}---e.g., @code{x86_64-linux}.
+
+@end table
+
+@node Invoquer guix graph
+@section Invoking @command{guix graph}
+
+@cindex DAG
+@cindex @command{guix graph}
+@cindex package dependencies
+Packages and their dependencies form a @dfn{graph}, specifically a directed
+acyclic graph (DAG). It can quickly become difficult to have a mental model
+of the package DAG, so the @command{guix graph} command provides a visual
+representation of the DAG. By default, @command{guix graph} emits a DAG
+representation in the input format of @uref{http://www.graphviz.org/,
+Graphviz}, so its output can be passed directly to the @command{dot} command
+of Graphviz. It can also emit an HTML page with embedded JavaScript code to
+display a ``chord diagram'' in a Web browser, using the
+@uref{https://d3js.org/, d3.js} library, or emit Cypher queries to construct
+a graph in a graph database supporting the @uref{http://www.opencypher.org/,
+openCypher} query language. The general syntax is:
+
+@example
+guix graph @var{options} @var{package}@dots{}
+@end example
+
+For example, the following command generates a PDF file representing the
+package DAG for the GNU@tie{}Core Utilities, showing its build-time
+dependencies:
+
+@example
+guix graph coreutils | dot -Tpdf > dag.pdf
+@end example
+
+The output looks like this:
+
+@image{images/coreutils-graph,2in,,Dependency graph of the GNU Coreutils}
+
+Nice little graph, no?
+
+But there is more than one graph! The one above is concise: it is the graph
+of package objects, omitting implicit inputs such as GCC, libc, grep, etc.
+It is often useful to have such a concise graph, but sometimes one may want
+to see more details. @command{guix graph} supports several types of graphs,
+allowing you to choose the level of detail:
+
+@table @code
+@item package
+This is the default type used in the example above. It shows the DAG of
+package objects, excluding implicit dependencies. It is concise, but
+filters out many details.
+
+@item reverse-package
+This shows the @emph{reverse} DAG of packages. For example:
+
+@example
+guix graph --type=reverse-package ocaml
+@end example
+
+... yields the graph of packages that depend on OCaml.
+
+Note that for core packages this can yield huge graphs. If all you want is
+to know the number of packages that depend on a given package, use
+@command{guix refresh --list-dependent} (@pxref{Invoquer guix refresh,
+@option{--list-dependent}}).
+
+@item bag-emerged
+This is the package DAG, @emph{including} implicit inputs.
+
+For instance, the following command:
+
+@example
+guix graph --type=bag-emerged coreutils | dot -Tpdf > dag.pdf
+@end example
+
+... yields this bigger graph:
+
+@image{images/coreutils-bag-graph,,5in,Detailed dependency graph of the GNU
+Coreutils}
+
+At the bottom of the graph, we see all the implicit inputs of
+@var{gnu-build-system} (@pxref{Systèmes de construction, @code{gnu-build-system}}).
+
+Now, note that the dependencies of these implicit inputs---that is, the
+@dfn{bootstrap dependencies} (@pxref{Bootstrapping})---are not shown here,
+for conciseness.
+
+@item bag
+Similar to @code{bag-emerged}, but this time including all the bootstrap
+dependencies.
+
+@item bag-with-origins
+Similar to @code{bag}, but also showing origins and their dependencies.
+
+@item derivation
+This is the most detailed representation: It shows the DAG of derivations
+(@pxref{Dérivations}) and plain store items. Compared to the above
+representation, many additional nodes are visible, including build scripts,
+patches, Guile modules, etc.
+
+For this type of graph, it is also possible to pass a @file{.drv} file name
+instead of a package name, as in:
+
+@example
+guix graph -t derivation `guix system build -d my-config.scm`
+@end example
+
+@item module
+This is the graph of @dfn{package modules} (@pxref{Modules de paquets}). For
+example, the following command shows the graph for the package module that
+defines the @code{guile} package:
+
+@example
+guix graph -t module guile | dot -Tpdf > module-graph.pdf
+@end example
+@end table
+
+All the types above correspond to @emph{build-time dependencies}. The
+following graph type represents the @emph{run-time dependencies}:
+
+@table @code
+@item references
+This is the graph of @dfn{references} of a package output, as returned by
+@command{guix gc --references} (@pxref{Invoquer guix gc}).
+
+If the given package output is not available in the store, @command{guix
+graph} attempts to obtain dependency information from substitutes.
+
+Here you can also pass a store file name instead of a package name. For
+example, the command below produces the reference graph of your profile
+(which can be big!):
+
+@example
+guix graph -t references `readlink -f ~/.guix-profile`
+@end example
+
+@item referrers
+This is the graph of the @dfn{referrers} of a store item, as returned by
+@command{guix gc --referrers} (@pxref{Invoquer guix gc}).
+
+This relies exclusively on local information from your store. For instance,
+let us suppose that the current Inkscape is available in 10 profiles on your
+machine; @command{guix graph -t referrers inkscape} will show a graph rooted
+at Inkscape and with those 10 profiles linked to it.
+
+It can help determine what is preventing a store item from being garbage
+collected.
+
+@end table
+
+The available options are the following:
+
+@table @option
+@item --type=@var{type}
+@itemx -t @var{type}
+Produce a graph output of @var{type}, where @var{type} must be one of the
+values listed above.
+
+@item --list-types
+List the supported graph types.
+
+@item --backend=@var{backend}
+@itemx -b @var{backend}
+Produce a graph using the selected @var{backend}.
+
+@item --list-backends
+List the supported graph backends.
+
+Currently, the available backends are Graphviz and d3.js.
+
+@item --expression=@var{expr}
+@itemx -e @var{expr}
+Consider the package @var{expr} evaluates to.
+
+This is useful to precisely refer to a package, as in this example:
+
+@example
+guix graph -e '(@@@@ (gnu packages commencement) gnu-make-final)'
+@end example
+@end table
+
+
+@node Invoquer guix environment
+@section Invoking @command{guix environment}
+
+@cindex reproducible build environments
+@cindex development environments
+@cindex @command{guix environment}
+@cindex environment, package build environment
+The purpose of @command{guix environment} is to assist hackers in creating
+reproducible development environments without polluting their package
+profile. The @command{guix environment} tool takes one or more packages,
+builds all of their inputs, and creates a shell environment to use them.
+
+The general syntax is:
+
+@example
+guix environment @var{options} @var{package}@dots{}
+@end example
+
+The following example spawns a new shell set up for the development of
+GNU@tie{}Guile:
+
+@example
+guix environment guile
+@end example
+
+If the needed dependencies are not built yet, @command{guix environment}
+automatically builds them. The environment of the new shell is an augmented
+version of the environment that @command{guix environment} was run in. It
+contains the necessary search paths for building the given package added to
+the existing environment variables. To create a ``pure'' environment, in
+which the original environment variables have been unset, use the
+@code{--pure} option@footnote{Users sometimes wrongfully augment environment
+variables such as @code{PATH} in their @file{~/.bashrc} file. As a
+consequence, when @code{guix environment} launches it, Bash may read
+@file{~/.bashrc}, thereby introducing ``impurities'' in these environment
+variables. It is an error to define such environment variables in
+@file{.bashrc}; instead, they should be defined in @file{.bash_profile},
+which is sourced only by log-in shells. @xref{Bash Startup Files,,, bash,
+The GNU Bash Reference Manual}, for details on Bash start-up files.}.
+
+@vindex GUIX_ENVIRONMENT
+@command{guix environment} defines the @code{GUIX_ENVIRONMENT} variable in
+the shell it spawns; its value is the file name of the profile of this
+environment. This allows users to, say, define a specific prompt for
+development environments in their @file{.bashrc} (@pxref{Bash Startup
+Files,,, bash, The GNU Bash Reference Manual}):
+
+@example
+if [ -n "$GUIX_ENVIRONMENT" ]
+then
+ export PS1="\u@@\h \w [dev]\$ "
+fi
+@end example
+
+@noindent
+... or to browse the profile:
+
+@example
+$ ls "$GUIX_ENVIRONMENT/bin"
+@end example
+
+Additionally, more than one package may be specified, in which case the
+union of the inputs for the given packages are used. For example, the
+command below spawns a shell where all of the dependencies of both Guile and
+Emacs are available:
+
+@example
+guix environment guile emacs
+@end example
+
+Sometimes an interactive shell session is not desired. An arbitrary command
+may be invoked by placing the @code{--} token to separate the command from
+the rest of the arguments:
+
+@example
+guix environment guile -- make -j4
+@end example
+
+In other situations, it is more convenient to specify the list of packages
+needed in the environment. For example, the following command runs
+@command{python} from an environment containing Python@tie{}2.7 and NumPy:
+
+@example
+guix environment --ad-hoc python2-numpy python-2.7 -- python
+@end example
+
+Furthermore, one might want the dependencies of a package and also some
+additional packages that are not build-time or runtime dependencies, but are
+useful when developing nonetheless. Because of this, the @code{--ad-hoc}
+flag is positional. Packages appearing before @code{--ad-hoc} are
+interpreted as packages whose dependencies will be added to the
+environment. Packages appearing after are interpreted as packages that will
+be added to the environment directly. For example, the following command
+creates a Guix development environment that additionally includes Git and
+strace:
+
+@example
+guix environment guix --ad-hoc git strace
+@end example
+
+Sometimes it is desirable to isolate the environment as much as possible,
+for maximal purity and reproducibility. In particular, when using Guix on a
+host distro that is not GuixSD, it is desirable to prevent access to
+@file{/usr/bin} and other system-wide resources from the development
+environment. For example, the following command spawns a Guile REPL in a
+``container'' where only the store and the current working directory are
+mounted:
+
+@example
+guix environment --ad-hoc --container guile -- guile
+@end example
+
+@quotation Note
+The @code{--container} option requires Linux-libre 3.19 or newer.
+@end quotation
+
+The available options are summarized below.
+
+@table @code
+@item --root=@var{file}
+@itemx -r @var{file}
+@cindex persistent environment
+@cindex garbage collector root, for environments
+Make @var{file} a symlink to the profile for this environment, and register
+it as a garbage collector root.
+
+This is useful if you want to protect your environment from garbage
+collection, to make it ``persistent''.
+
+When this option is omitted, the environment is protected from garbage
+collection only for the duration of the @command{guix environment} session.
+This means that next time you recreate the same environment, you could have
+to rebuild or re-download packages. @xref{Invoquer guix gc}, for more on GC
+roots.
+
+@item --expression=@var{expr}
+@itemx -e @var{expr}
+Create an environment for the package or list of packages that @var{expr}
+evaluates to.
+
+For example, running:
+
+@example
+guix environment -e '(@@ (gnu packages maths) petsc-openmpi)'
+@end example
+
+starts a shell with the environment for this specific variant of the PETSc
+package.
+
+Running:
+
+@example
+guix environment --ad-hoc -e '(@@ (gnu) %base-packages)'
+@end example
+
+starts a shell with all the GuixSD base packages available.
+
+The above commands only use the default output of the given packages. To
+select other outputs, two element tuples can be specified:
+
+@example
+guix environment --ad-hoc -e '(list (@@ (gnu packages bash) bash) "include")'
+@end example
+
+@item --load=@var{file}
+@itemx -l @var{file}
+Create an environment for the package or list of packages that the code
+within @var{file} evaluates to.
+
+As an example, @var{file} might contain a definition like this
+(@pxref{Définition des paquets}):
+
+@example
+@verbatiminclude environment-gdb.scm
+@end example
+
+@item --manifest=@var{file}
+@itemx -m @var{file}
+Create an environment for the packages contained in the manifest object
+returned by the Scheme code in @var{file}.
+
+This is similar to the same-named option in @command{guix package}
+(@pxref{profile-manifest, @option{--manifest}}) and uses the same manifest
+files.
+
+@item --ad-hoc
+Include all specified packages in the resulting environment, as if an @i{ad
+hoc} package were defined with them as inputs. This option is useful for
+quickly creating an environment without having to write a package expression
+to contain the desired inputs.
+
+For instance, the command:
+
+@example
+guix environment --ad-hoc guile guile-sdl -- guile
+@end example
+
+runs @command{guile} in an environment where Guile and Guile-SDL are
+available.
+
+Note that this example implicitly asks for the default output of
+@code{guile} and @code{guile-sdl}, but it is possible to ask for a specific
+output---e.g., @code{glib:bin} asks for the @code{bin} output of @code{glib}
+(@pxref{Des paquets avec plusieurs résultats}).
+
+This option may be composed with the default behavior of @command{guix
+environment}. Packages appearing before @code{--ad-hoc} are interpreted as
+packages whose dependencies will be added to the environment, the default
+behavior. Packages appearing after are interpreted as packages that will be
+added to the environment directly.
+
+@item --pure
+Unset existing environment variables when building the new environment.
+This has the effect of creating an environment in which search paths only
+contain package inputs.
+
+@item --search-paths
+Display the environment variable definitions that make up the environment.
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Attempt to build for @var{system}---e.g., @code{i686-linux}.
+
+@item --container
+@itemx -C
+@cindex container
+Run @var{command} within an isolated container. The current working
+directory outside the container is mapped inside the container.
+Additionally, unless overridden with @code{--user}, a dummy home directory
+is created that matches the current user's home directory, and
+@file{/etc/passwd} is configured accordingly. The spawned process runs as
+the current user outside the container, but has root privileges in the
+context of the container.
+
+@item --network
+@itemx -N
+For containers, share the network namespace with the host system.
+Containers created without this flag only have access to the loopback
+device.
+
+@item --link-profile
+@itemx -P
+For containers, link the environment profile to @file{~/.guix-profile}
+within the container. This is equivalent to running the command @command{ln
+-s $GUIX_ENVIRONMENT ~/.guix-profile} within the container. Linking will
+fail and abort the environment if the directory already exists, which will
+certainly be the case if @command{guix environment} was invoked in the
+user's home directory.
+
+Certain packages are configured to look in @code{~/.guix-profile} for
+configuration files and data;@footnote{For example, the @code{fontconfig}
+package inspects @file{~/.guix-profile/share/fonts} for additional fonts.}
+@code{--link-profile} allows these programs to behave as expected within the
+environment.
+
+@item --user=@var{user}
+@itemx -u @var{user}
+For containers, use the username @var{user} in place of the current user.
+The generated @file{/etc/passwd} entry within the container will contain the
+name @var{user}; the home directory will be @file{/home/USER}; and no user
+GECOS data will be copied. @var{user} need not exist on the system.
+
+Additionally, any shared or exposed path (see @code{--share} and
+@code{--expose} respectively) whose target is within the current user's home
+directory will be remapped relative to @file{/home/USER}; this includes the
+automatic mapping of the current working directory.
+
+@example
+# will expose paths as /home/foo/wd, /home/foo/test, and /home/foo/target
+cd $HOME/wd
+guix environment --container --user=foo \
+ --expose=$HOME/test \
+ --expose=/tmp/target=$HOME/target
+@end example
+
+While this will limit the leaking of user identity through home paths and
+each of the user fields, this is only one useful component of a broader
+privacy/anonymity solution---not one in and of itself.
+
+@item --expose=@var{source}[=@var{target}]
+For containers, expose the file system @var{source} from the host system as
+the read-only file system @var{target} within the container. If
+@var{target} is not specified, @var{source} is used as the target mount
+point in the container.
+
+The example below spawns a Guile REPL in a container in which the user's
+home directory is accessible read-only via the @file{/exchange} directory:
+
+@example
+guix environment --container --expose=$HOME=/exchange --ad-hoc guile -- guile
+@end example
+
+@item --share=@var{source}[=@var{target}]
+For containers, share the file system @var{source} from the host system as
+the writable file system @var{target} within the container. If @var{target}
+is not specified, @var{source} is used as the target mount point in the
+container.
+
+The example below spawns a Guile REPL in a container in which the user's
+home directory is accessible for both reading and writing via the
+@file{/exchange} directory:
+
+@example
+guix environment --container --share=$HOME=/exchange --ad-hoc guile -- guile
+@end example
+@end table
+
+@command{guix environment} also supports all of the common build options
+that @command{guix build} supports (@pxref{Options de construction communes}).
+
+
+@node Invoquer guix publish
+@section Invoking @command{guix publish}
+
+@cindex @command{guix publish}
+Le but de @command{guix publish} est de vous permettre de partager
+facilement votre dépôt avec d'autres personnes qui peuvent ensuite
+l'utiliser comme serveur de substituts (@pxref{Substituts}).
+
+When @command{guix publish} runs, it spawns an HTTP server which allows
+anyone with network access to obtain substitutes from it. This means that
+any machine running Guix can also act as if it were a build farm, since the
+HTTP interface is compatible with Hydra, the software behind the
+@code{hydra.gnu.org} build farm.
+
+Pour des raisons de sécurité, chaque substitut est signé, ce qui permet aux
+destinataires de vérifier leur authenticité et leur intégrité
+(@pxref{Substituts}). Comme @command{guix publish} utilise la clef de
+signature du système, qui n'est lisible que par l'administrateur système, il
+doit être lancé en root ; l'option @code{--user} lui fait baisser ses
+privilèges le plus tôt possible.
+
+The signing key pair must be generated before @command{guix publish} is
+launched, using @command{guix archive --generate-key} (@pxref{Invoquer guix archive}).
+
+The general syntax is:
+
+@example
+guix publish @var{options}@dots{}
+@end example
+
+Running @command{guix publish} without any additional arguments will spawn
+an HTTP server on port 8080:
+
+@example
+guix publish
+@end example
+
+Once a publishing server has been authorized (@pxref{Invoquer guix archive}), the daemon may download substitutes from it:
+
+@example
+guix-daemon --substitute-urls=http://example.org:8080
+@end example
+
+By default, @command{guix publish} compresses archives on the fly as it
+serves them. This ``on-the-fly'' mode is convenient in that it requires no
+setup and is immediately available. However, when serving lots of clients,
+we recommend using the @option{--cache} option, which enables caching of the
+archives before they are sent to clients---see below for details. The
+@command{guix weather} command provides a handy way to check what a server
+provides (@pxref{Invoquer guix weather}).
+
+As a bonus, @command{guix publish} also serves as a content-addressed mirror
+for source files referenced in @code{origin} records (@pxref{Référence d'origine}). For instance, assuming @command{guix publish} is running on
+@code{example.org}, the following URL returns the raw
+@file{hello-2.10.tar.gz} file with the given SHA256 hash (represented in
+@code{nix-base32} format, @pxref{Invoquer guix hash}):
+
+@example
+http://example.org/file/hello-2.10.tar.gz/sha256/0ssi1@dots{}ndq1i
+@end example
+
+Obviously, these URLs only work for files that are in the store; in other
+cases, they return 404 (``Not Found'').
+
+@cindex build logs, publication
+Build logs are available from @code{/log} URLs like:
+
+@example
+http://example.org/log/gwspk@dots{}-guile-2.2.3
+@end example
+
+@noindent
+When @command{guix-daemon} is configured to save compressed build logs, as
+is the case by default (@pxref{Invoquer guix-daemon}), @code{/log} URLs
+return the compressed log as-is, with an appropriate @code{Content-Type}
+and/or @code{Content-Encoding} header. We recommend running
+@command{guix-daemon} with @code{--log-compression=gzip} since Web browsers
+can automatically decompress it, which is not the case with bzip2
+compression.
+
+The following options are available:
+
+@table @code
+@item --port=@var{port}
+@itemx -p @var{port}
+Listen for HTTP requests on @var{port}.
+
+@item --listen=@var{host}
+Listen on the network interface for @var{host}. The default is to accept
+connections from any interface.
+
+@item --user=@var{user}
+@itemx -u @var{user}
+Change privileges to @var{user} as soon as possible---i.e., once the server
+socket is open and the signing key has been read.
+
+@item --compression[=@var{level}]
+@itemx -C [@var{level}]
+Compress data using the given @var{level}. When @var{level} is zero,
+disable compression. The range 1 to 9 corresponds to different gzip
+compression levels: 1 is the fastest, and 9 is the best (CPU-intensive).
+The default is 3.
+
+Unless @option{--cache} is used, compression occurs on the fly and the
+compressed streams are not cached. Thus, to reduce load on the machine that
+runs @command{guix publish}, it may be a good idea to choose a low
+compression level, to run @command{guix publish} behind a caching proxy, or
+to use @option{--cache}. Using @option{--cache} has the advantage that it
+allows @command{guix publish} to add @code{Content-Length} HTTP header to
+its responses.
+
+@item --cache=@var{directory}
+@itemx -c @var{directory}
+Cache archives and meta-data (@code{.narinfo} URLs) to @var{directory} and
+only serve archives that are in cache.
+
+When this option is omitted, archives and meta-data are created on-the-fly.
+This can reduce the available bandwidth, especially when compression is
+enabled, since this may become CPU-bound. Another drawback of the default
+mode is that the length of archives is not known in advance, so
+@command{guix publish} does not add a @code{Content-Length} HTTP header to
+its responses, which in turn prevents clients from knowing the amount of
+data being downloaded.
+
+Conversely, when @option{--cache} is used, the first request for a store
+item (@i{via} a @code{.narinfo} URL) returns 404 and triggers a background
+process to @dfn{bake} the archive---computing its @code{.narinfo} and
+compressing the archive, if needed. Once the archive is cached in
+@var{directory}, subsequent requests succeed and are served directly from
+the cache, which guarantees that clients get the best possible bandwidth.
+
+The ``baking'' process is performed by worker threads. By default, one
+thread per CPU core is created, but this can be customized. See
+@option{--workers} below.
+
+When @option{--ttl} is used, cached entries are automatically deleted when
+they have expired.
+
+@item --workers=@var{N}
+When @option{--cache} is used, request the allocation of @var{N} worker
+threads to ``bake'' archives.
+
+@item --ttl=@var{ttl}
+Produce @code{Cache-Control} HTTP headers that advertise a time-to-live
+(TTL) of @var{ttl}. @var{ttl} must denote a duration: @code{5d} means 5
+days, @code{1m} means 1 month, and so on.
+
+This allows the user's Guix to keep substitute information in cache for
+@var{ttl}. However, note that @code{guix publish} does not itself guarantee
+that the store items it provides will indeed remain available for as long as
+@var{ttl}.
+
+Additionally, when @option{--cache} is used, cached entries that have not
+been accessed for @var{ttl} and that no longer have a corresponding item in
+the store, may be deleted.
+
+@item --nar-path=@var{path}
+Use @var{path} as the prefix for the URLs of ``nar'' files (@pxref{Invoquer guix archive, normalized archives}).
+
+By default, nars are served at a URL such as
+@code{/nar/gzip/@dots{}-coreutils-8.25}. This option allows you to change
+the @code{/nar} part to @var{path}.
+
+@item --public-key=@var{file}
+@itemx --private-key=@var{file}
+Use the specific @var{file}s as the public/private key pair used to sign the
+store items being published.
+
+The files must correspond to the same key pair (the private key is used for
+signing and the public key is merely advertised in the signature metadata).
+They must contain keys in the canonical s-expression format as produced by
+@command{guix archive --generate-key} (@pxref{Invoquer guix archive}). By
+default, @file{/etc/guix/signing-key.pub} and
+@file{/etc/guix/signing-key.sec} are used.
+
+@item --repl[=@var{port}]
+@itemx -r [@var{port}]
+Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile Reference
+Manual}) on @var{port} (37146 by default). This is used primarily for
+debugging a running @command{guix publish} server.
+@end table
+
+Enabling @command{guix publish} on a GuixSD system is a one-liner: just
+instantiate a @code{guix-publish-service-type} service in the
+@code{services} field of the @code{operating-system} declaration
+(@pxref{guix-publish-service-type, @code{guix-publish-service-type}}).
+
+If you are instead running Guix on a ``foreign distro'', follow these
+instructions:”
+
+@itemize
+@item
+If your host distro uses the systemd init system:
+
+@example
+# ln -s ~root/.guix-profile/lib/systemd/system/guix-publish.service \
+ /etc/systemd/system/
+# systemctl start guix-publish && systemctl enable guix-publish
+@end example
+
+@item
+If your host distro uses the Upstart init system:
+
+@example
+# ln -s ~root/.guix-profile/lib/upstart/system/guix-publish.conf /etc/init/
+# start guix-publish
+@end example
+
+@item
+Otherwise, proceed similarly with your distro's init system.
+@end itemize
+
+@node Invoquer guix challenge
+@section Invoking @command{guix challenge}
+
+@cindex reproducible builds
+@cindex verifiable builds
+@cindex @command{guix challenge}
+@cindex challenge
+Do the binaries provided by this server really correspond to the source code
+it claims to build? Is a package build process deterministic? These are the
+questions the @command{guix challenge} command attempts to answer.
+
+La première question est évidemment importante : avant d'utiliser un serveur
+de substituts (@pxref{Substituts}), il vaut mieux @emph{vérifier} qu'il
+fournit les bons binaires et donc le @emph{défier}. La deuxième est ce qui
+permet la première : si les constructions des paquets sont déterministes
+alors des constructions indépendantes du paquet devraient donner le même
+résultat, bit à bit ; si un serveur fournit un binaire différent de celui
+obtenu localement, il peut être soit corrompu, soit malveillant.
+
+We know that the hash that shows up in @file{/gnu/store} file names is the
+hash of all the inputs of the process that built the file or
+directory---compilers, libraries, build scripts,
+etc. (@pxref{Introduction}). Assuming deterministic build processes, one
+store file name should map to exactly one build output. @command{guix
+challenge} checks whether there is, indeed, a single mapping by comparing
+the build outputs of several independent builds of any given store item.
+
+The command output looks like this:
+
+@smallexample
+$ guix challenge --substitute-urls="https://hydra.gnu.org https://guix.example.org"
+updating list of substitutes from 'https://hydra.gnu.org'... 100.0%
+updating list of substitutes from 'https://guix.example.org'... 100.0%
+/gnu/store/@dots{}-openssl-1.0.2d contents differ:
+ local hash: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q
+ https://hydra.gnu.org/nar/@dots{}-openssl-1.0.2d: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q
+ https://guix.example.org/nar/@dots{}-openssl-1.0.2d: 1zy4fmaaqcnjrzzajkdn3f5gmjk754b43qkq47llbyak9z0qjyim
+/gnu/store/@dots{}-git-2.5.0 contents differ:
+ local hash: 00p3bmryhjxrhpn2gxs2fy0a15lnip05l97205pgbk5ra395hyha
+ https://hydra.gnu.org/nar/@dots{}-git-2.5.0: 069nb85bv4d4a6slrwjdy8v1cn4cwspm3kdbmyb81d6zckj3nq9f
+ https://guix.example.org/nar/@dots{}-git-2.5.0: 0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73
+/gnu/store/@dots{}-pius-2.1.1 contents differ:
+ local hash: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax
+ https://hydra.gnu.org/nar/@dots{}-pius-2.1.1: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax
+ https://guix.example.org/nar/@dots{}-pius-2.1.1: 1cy25x1a4fzq5rk0pmvc8xhwyffnqz95h2bpvqsz2mpvlbccy0gs
+
+@dots{}
+
+6,406 store items were analyzed:
+ - 4,749 (74.1%) were identical
+ - 525 (8.2%) differed
+ - 1,132 (17.7%) were inconclusive
+@end smallexample
+
+@noindent
+In this example, @command{guix challenge} first scans the store to determine
+the set of locally-built derivations---as opposed to store items that were
+downloaded from a substitute server---and then queries all the substitute
+servers. It then reports those store items for which the servers obtained a
+result different from the local build.
+
+@cindex non-determinism, in package builds
+As an example, @code{guix.example.org} always gets a different answer.
+Conversely, @code{hydra.gnu.org} agrees with local builds, except in the
+case of Git. This might indicate that the build process of Git is
+non-deterministic, meaning that its output varies as a function of various
+things that Guix does not fully control, in spite of building packages in
+isolated environments (@pxref{Fonctionnalités}). Most common sources of
+non-determinism include the addition of timestamps in build results, the
+inclusion of random numbers, and directory listings sorted by inode number.
+See @uref{https://reproducible-builds.org/docs/}, for more information.
+
+To find out what is wrong with this Git binary, we can do something along
+these lines (@pxref{Invoquer guix archive}):
+
+@example
+$ wget -q -O - https://hydra.gnu.org/nar/@dots{}-git-2.5.0 \
+ | guix archive -x /tmp/git
+$ diff -ur --no-dereference /gnu/store/@dots{}-git.2.5.0 /tmp/git
+@end example
+
+This command shows the difference between the files resulting from the local
+build, and the files resulting from the build on @code{hydra.gnu.org}
+(@pxref{Overview, Comparing and Merging Files,, diffutils, Comparing and
+Merging Files}). The @command{diff} command works great for text files.
+When binary files differ, a better option is @uref{https://diffoscope.org/,
+Diffoscope}, a tool that helps visualize differences for all kinds of files.
+
+Once you have done that work, you can tell whether the differences are due
+to a non-deterministic build process or to a malicious server. We try hard
+to remove sources of non-determinism in packages to make it easier to verify
+substitutes, but of course, this is a process that involves not just Guix,
+but a large part of the free software community. In the meantime,
+@command{guix challenge} is one tool to help address the problem.
+
+If you are writing packages for Guix, you are encouraged to check whether
+@code{hydra.gnu.org} and other substitute servers obtain the same build
+result as you did with:
+
+@example
+$ guix challenge @var{package}
+@end example
+
+@noindent
+where @var{package} is a package specification such as @code{guile@@2.0} or
+@code{glibc:debug}.
+
+The general syntax is:
+
+@example
+guix challenge @var{options} [@var{packages}@dots{}]
+@end example
+
+When a difference is found between the hash of a locally-built item and that
+of a server-provided substitute, or among substitutes provided by different
+servers, the command displays it as in the example above and its exit code
+is 2 (other non-zero exit codes denote other kinds of errors.)
+
+The one option that matters is:
+
+@table @code
+
+@item --substitute-urls=@var{urls}
+Consider @var{urls} the whitespace-separated list of substitute source URLs
+to compare to.
+
+@item --verbose
+@itemx -v
+Show details about matches (identical contents) in addition to information
+about mismatches.
+
+@end table
+
+@node Invoquer guix copy
+@section Invoking @command{guix copy}
+
+@cindex copy, of store items, over SSH
+@cindex SSH, copy of store items
+@cindex sharing store items across machines
+@cindex transferring store items across machines
+The @command{guix copy} command copies items from the store of one machine
+to that of another machine over a secure shell (SSH)
+connection@footnote{This command is available only when Guile-SSH was
+found. @xref{Prérequis}, for details.}. For example, the following
+command copies the @code{coreutils} package, the user's profile, and all
+their dependencies over to @var{host}, logged in as @var{user}:
+
+@example
+guix copy --to=@var{user}@@@var{host} \
+ coreutils `readlink -f ~/.guix-profile`
+@end example
+
+If some of the items to be copied are already present on @var{host}, they
+are not actually sent.
+
+The command below retrieves @code{libreoffice} and @code{gimp} from
+@var{host}, assuming they are available there:
+
+@example
+guix copy --from=@var{host} libreoffice gimp
+@end example
+
+The SSH connection is established using the Guile-SSH client, which is
+compatible with OpenSSH: it honors @file{~/.ssh/known_hosts} and
+@file{~/.ssh/config}, and uses the SSH agent for authentication.
+
+The key used to sign items that are sent must be accepted by the remote
+machine. Likewise, the key used by the remote machine to sign items you are
+retrieving must be in @file{/etc/guix/acl} so it is accepted by your own
+daemon. @xref{Invoquer guix archive}, for more information about store item
+authentication.
+
+The general syntax is:
+
+@example
+guix copy [--to=@var{spec}|--from=@var{spec}] @var{items}@dots{}
+@end example
+
+You must always specify one of the following options:
+
+@table @code
+@item --to=@var{spec}
+@itemx --from=@var{spec}
+Specify the host to send to or receive from. @var{spec} must be an SSH spec
+such as @code{example.org}, @code{charlie@@example.org}, or
+@code{charlie@@example.org:2222}.
+@end table
+
+The @var{items} can be either package names, such as @code{gimp}, or store
+items, such as @file{/gnu/store/@dots{}-idutils-4.6}.
+
+When specifying the name of a package to send, it is first built if needed,
+unless @option{--dry-run} was specified. Common build options are supported
+(@pxref{Options de construction communes}).
+
+
+@node Invoquer guix container
+@section Invoking @command{guix container}
+@cindex container
+@cindex @command{guix container}
+@quotation Note
+As of version @value{VERSION}, this tool is experimental. The interface is
+subject to radical change in the future.
+@end quotation
+
+The purpose of @command{guix container} is to manipulate processes running
+within an isolated environment, commonly known as a ``container'', typically
+created by the @command{guix environment} (@pxref{Invoquer guix environment}) and @command{guix system container} (@pxref{Invoquer guix system}) commands.
+
+The general syntax is:
+
+@example
+guix container @var{action} @var{options}@dots{}
+@end example
+
+@var{action} specifies the operation to perform with a container, and
+@var{options} specifies the context-specific arguments for the action.
+
+The following actions are available:
+
+@table @code
+@item exec
+Execute a command within the context of a running container.
+
+The syntax is:
+
+@example
+guix container exec @var{pid} @var{program} @var{arguments}@dots{}
+@end example
+
+@var{pid} specifies the process ID of the running container. @var{program}
+specifies an executable file name within the root file system of the
+container. @var{arguments} are the additional options that will be passed
+to @var{program}.
+
+The following command launches an interactive login shell inside a GuixSD
+container, started by @command{guix system container}, and whose process ID
+is 9001:
+
+@example
+guix container exec 9001 /run/current-system/profile/bin/bash --login
+@end example
+
+Note that the @var{pid} cannot be the parent process of a container. It
+must be PID 1 of the container or one of its child processes.
+
+@end table
+
+@node Invoquer guix weather
+@section Invoking @command{guix weather}
+
+Vous pouvez parfois grogner lorsque les substituts ne sont pas disponibles
+et que vous devez construire les paquets vous-même (@pxref{Substituts}). La
+commande @command{guix weather} rapporte la disponibilité des substituts sur
+les serveurs spécifiés pour que vous sachiez si vous allez raller
+aujourd'hui. Cela peut parfois être une information utile pour les
+utilisateurs, mais elle est surtout utile pour les personnes qui font
+tourner @command{guix publish} (@pxref{Invoquer guix publish}).
+
+@cindex statistics, for substitutes
+@cindex availability of substitutes
+@cindex substitute availability
+@cindex weather, substitute availability
+Here's a sample run:
+
+@example
+$ guix weather --substitute-urls=https://guix.example.org
+computing 5,872 package derivations for x86_64-linux...
+looking for 6,128 store items on https://guix.example.org..
+updating list of substitutes from 'https://guix.example.org'... 100.0%
+https://guix.example.org
+ 43.4% substitutes available (2,658 out of 6,128)
+ 7,032.5 MiB of nars (compressed)
+ 19,824.2 MiB on disk (uncompressed)
+ 0.030 seconds per request (182.9 seconds in total)
+ 33.5 requests per second
+
+ 9.8% (342 out of 3,470) of the missing items are queued
+ 867 queued builds
+ x86_64-linux: 518 (59.7%)
+ i686-linux: 221 (25.5%)
+ aarch64-linux: 128 (14.8%)
+ build rate: 23.41 builds per hour
+ x86_64-linux: 11.16 builds per hour
+ i686-linux: 6.03 builds per hour
+ aarch64-linux: 6.41 builds per hour
+@end example
+
+@cindex continuous integration, statistics
+As you can see, it reports the fraction of all the packages for which
+substitutes are available on the server---regardless of whether substitutes
+are enabled, and regardless of whether this server's signing key is
+authorized. It also reports the size of the compressed archives (``nars'')
+provided by the server, the size the corresponding store items occupy in the
+store (assuming deduplication is turned off), and the server's throughput.
+The second part gives continuous integration (CI) statistics, if the server
+supports it.
+
+To achieve that, @command{guix weather} queries over HTTP(S) meta-data
+(@dfn{narinfos}) for all the relevant store items. Like @command{guix
+challenge}, it ignores signatures on those substitutes, which is innocuous
+since the command only gathers statistics and cannot install those
+substitutes.
+
+Among other things, it is possible to query specific system types and
+specific package sets. The available options are listed below.
+
+@table @code
+@item --substitute-urls=@var{urls}
+@var{urls} is the space-separated list of substitute server URLs to query.
+When this option is omitted, the default set of substitute servers is
+queried.
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Query substitutes for @var{system}---e.g., @code{aarch64-linux}. This
+option can be repeated, in which case @command{guix weather} will query
+substitutes for several system types.
+
+@item --manifest=@var{file}
+Instead of querying substitutes for all the packages, only ask for those
+specified in @var{file}. @var{file} must contain a @dfn{manifest}, as with
+the @code{-m} option of @command{guix package} (@pxref{Invoquer guix package}).
+@end table
+
+
+@c *********************************************************************
+@node Distribution GNU
+@chapter Distribution GNU
+
+@cindex Distribution Système Guix
+@cindex GuixSD
+Guix comes with a distribution of the GNU system consisting entirely of free
+software@footnote{The term ``free'' here refers to the
+@url{http://www.gnu.org/philosophy/free-sw.html,freedom provided to users of
+that software}.}. The distribution can be installed on its own
+(@pxref{Installation du système}), but it is also possible to install Guix as a
+package manager on top of an installed GNU/Linux system
+(@pxref{Installation}). To distinguish between the two, we refer to the
+standalone distribution as the Guix System Distribution, or GuixSD.
+
+The distribution provides core GNU packages such as GNU libc, GCC, and
+Binutils, as well as many GNU and non-GNU applications. The complete list
+of available packages can be browsed
+@url{http://www.gnu.org/software/guix/packages,on-line} or by running
+@command{guix package} (@pxref{Invoquer guix package}):
+
+@example
+guix package --list-available
+@end example
+
+Our goal is to provide a practical 100% free software distribution of
+Linux-based and other variants of GNU, with a focus on the promotion and
+tight integration of GNU components, and an emphasis on programs and tools
+that help users exert that freedom.
+
+Packages are currently available on the following platforms:
+
+@table @code
+
+@item x86_64-linux
+Intel/AMD @code{x86_64} architecture, Linux-Libre kernel;
+
+@item i686-linux
+Intel 32-bit architecture (IA32), Linux-Libre kernel;
+
+@item armhf-linux
+ARMv7-A architecture with hard float, Thumb-2 and NEON, using the EABI
+hard-float application binary interface (ABI), and Linux-Libre kernel.
+
+@item aarch64-linux
+little-endian 64-bit ARMv8-A processors, Linux-Libre kernel. This is
+currently in an experimental stage, with limited support.
+@xref{Contribuer}, for how to help!
+
+@item mips64el-linux
+little-endian 64-bit MIPS processors, specifically the Loongson series, n32
+ABI, and Linux-Libre kernel.
+
+@end table
+
+GuixSD itself is currently only available on @code{i686} and @code{x86_64}.
+
+@noindent
+For information on porting to other architectures or kernels,
+@pxref{Porter}.
+
+@menu
+* Installation du système:: Installer le système d'exploitation complet.
+* Configuration système:: Configurer le système d'exploitation.
+* Documentation:: Visualiser les manuels d'utilisateur des
+ logiciels.
+* Installer les fichiers de débogage:: Nourrir le débogueur.
+* Mises à jour de sécurité:: Déployer des correctifs de sécurité
+ rapidement.
+* Modules de paquets:: Les paquets du point de vu du programmeur.
+* Consignes d'empaquetage:: Faire grandir la distribution.
+* Bootstrapping:: GNU/Linux depuis zéro.
+* Porter:: Cibler une autre plateforme ou un autre noyau.
+@end menu
+
+Building this distribution is a cooperative effort, and you are invited to
+join! @xref{Contribuer}, for information about how you can help.
+
+@node Installation du système
+@section Installation du système
+
+@cindex installing GuixSD
+@cindex Distribution Système Guix
+This section explains how to install the Guix System Distribution (GuixSD)
+on a machine. The Guix package manager can also be installed on top of a
+running GNU/Linux system, @pxref{Installation}.
+
+@ifinfo
+@quotation Note
+@c This paragraph is for people reading this from tty2 of the
+@c installation image.
+You are reading this documentation with an Info reader. For details on how
+to use it, hit the @key{RET} key (``return'' or ``enter'') on the link that
+follows: @pxref{Top, Info reader,, info-stnd, Stand-alone GNU Info}. Hit
+@kbd{l} afterwards to come back here.
+
+Alternately, run @command{info info} in another tty to keep the manual
+available.
+@end quotation
+@end ifinfo
+
+@menu
+* Limitations:: Ce à quoi vous attendre.
+* Considérations matérielles:: Matériel supporté.
+* Installation depuis une clef USB ou un DVD:: Préparer le média
+ d'installation.
+* Préparer l'installation:: Réseau, partitionnement, etc.
+* Effectuer l'installation:: Pour de vrai.
+* Installer GuixSD dans une VM:: Jouer avec GuixSD.
+* Construire l'image d'installation:: D'où vient tout cela.
+@end menu
+
+@node Limitations
+@subsection Limitations
+
+As of version @value{VERSION}, the Guix System Distribution (GuixSD) is not
+production-ready. It may contain bugs and lack important features. Thus,
+if you are looking for a stable production system that respects your freedom
+as a computer user, a good solution at this point is to consider
+@url{http://www.gnu.org/distros/free-distros.html, one of the more
+established GNU/Linux distributions}. We hope you can soon switch to the
+GuixSD without fear, of course. In the meantime, you can also keep using
+your distribution and try out the package manager on top of it
+(@pxref{Installation}).
+
+Before you proceed with the installation, be aware of the following
+noteworthy limitations applicable to version @value{VERSION}:
+
+@itemize
+@item
+The installation process does not include a graphical user interface and
+requires familiarity with GNU/Linux (see the following subsections to get a
+feel of what that means.)
+
+@item
+Support for the Logical Volume Manager (LVM) is missing.
+
+@item
+More and more system services are provided (@pxref{Services}), but some may
+be missing.
+
+@item
+More than 6,500 packages are available, but you might occasionally find that
+a useful package is missing.
+
+@item
+GNOME, Xfce, LXDE, and Enlightenment are available (@pxref{Desktop
+Services}), as well as a number of X11 window managers. However, some
+graphical applications may be missing, as well as KDE.
+@end itemize
+
+You have been warned! But more than a disclaimer, this is an invitation to
+report issues (and success stories!), and to join us in improving it.
+@xref{Contribuer}, for more info.
+
+
+@node Considérations matérielles
+@subsection Considérations matérielles
+
+@cindex hardware support on GuixSD
+GNU@tie{}GuixSD focuses on respecting the user's computing freedom. It
+builds around the kernel Linux-libre, which means that only hardware for
+which free software drivers and firmware exist is supported. Nowadays, a
+wide range of off-the-shelf hardware is supported on GNU/Linux-libre---from
+keyboards to graphics cards to scanners and Ethernet controllers.
+Unfortunately, there are still areas where hardware vendors deny users
+control over their own computing, and such hardware is not supported on
+GuixSD.
+
+@cindex WiFi, hardware support
+One of the main areas where free drivers or firmware are lacking is WiFi
+devices. WiFi devices known to work include those using Atheros chips
+(AR9271 and AR7010), which corresponds to the @code{ath9k} Linux-libre
+driver, and those using Broadcom/AirForce chips (BCM43xx with Wireless-Core
+Revision 5), which corresponds to the @code{b43-open} Linux-libre driver.
+Free firmware exists for both and is available out-of-the-box on GuixSD, as
+part of @var{%base-firmware} (@pxref{Référence de système d'exploitation,
+@code{firmware}}).
+
+@cindex RYF, Respects Your Freedom
+The @uref{https://www.fsf.org/, Free Software Foundation} runs
+@uref{https://www.fsf.org/ryf, @dfn{Respects Your Freedom}} (RYF), a
+certification program for hardware products that respect your freedom and
+your privacy and ensure that you have control over your device. We
+encourage you to check the list of RYF-certified devices.
+
+Another useful resource is the @uref{https://www.h-node.org/, H-Node} web
+site. It contains a catalog of hardware devices with information about
+their support in GNU/Linux.
+
+
+@node Installation depuis une clef USB ou un DVD
+@subsection Installation depuis une clef USB ou un DVD
+
+An ISO-9660 installation image that can be written to a USB stick or burnt
+to a DVD can be downloaded from
+@indicateurl{ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.iso.xz},
+where @var{system} is one of:
+
+@table @code
+@item x86_64-linux
+for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs;
+
+@item i686-linux
+for a 32-bit GNU/Linux system on Intel-compatible CPUs.
+@end table
+
+@c start duplication of authentication part from ``Binary Installation''
+Make sure to download the associated @file{.sig} file and to verify the
+authenticity of the image against it, along these lines:
+
+@example
+$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.iso.xz.sig
+$ gpg --verify guixsd-install-@value{VERSION}.@var{system}.iso.xz.sig
+@end example
+
+If that command fails because you do not have the required public key, then
+run this command to import it:
+
+@example
+$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
+@end example
+
+@noindent
+@c end duplication
+and rerun the @code{gpg --verify} command.
+
+This image contains the tools necessary for an installation. It is meant to
+be copied @emph{as is} to a large-enough USB stick or DVD.
+
+@unnumberedsubsubsec Copying to a USB Stick
+
+To copy the image to a USB stick, follow these steps:
+
+@enumerate
+@item
+Decompress the image using the @command{xz} command:
+
+@example
+xz -d guixsd-install-@value{VERSION}.@var{system}.iso.xz
+@end example
+
+@item
+Insert a USB stick of 1@tie{}GiB or more into your machine, and determine
+its device name. Assuming that the USB stick is known as @file{/dev/sdX},
+copy the image with:
+
+@example
+dd if=guixsd-install-@value{VERSION}.x86_64-linux.iso of=/dev/sdX
+sync
+@end example
+
+Access to @file{/dev/sdX} usually requires root privileges.
+@end enumerate
+
+@unnumberedsubsubsec Burning on a DVD
+
+To copy the image to a DVD, follow these steps:
+
+@enumerate
+@item
+Decompress the image using the @command{xz} command:
+
+@example
+xz -d guixsd-install-@value{VERSION}.@var{system}.iso.xz
+@end example
+
+@item
+Insert a blank DVD into your machine, and determine its device name.
+Assuming that the DVD drive is known as @file{/dev/srX}, copy the image
+with:
+
+@example
+growisofs -dvd-compat -Z /dev/srX=guixsd-install-@value{VERSION}.x86_64.iso
+@end example
+
+Access to @file{/dev/srX} usually requires root privileges.
+@end enumerate
+
+@unnumberedsubsubsec Booting
+
+Once this is done, you should be able to reboot the system and boot from the
+USB stick or DVD. The latter usually requires you to get in the BIOS or
+UEFI boot menu, where you can choose to boot from the USB stick.
+
+@xref{Installer GuixSD dans une VM}, if, instead, you would like to install
+GuixSD in a virtual machine (VM).
+
+
+@node Préparer l'installation
+@subsection Préparer l'installation
+
+Once you have successfully booted your computer using the installation
+medium, you should end up with a root prompt. Several console TTYs are
+configured and can be used to run commands as root. TTY2 shows this
+documentation, browsable using the Info reader commands (@pxref{Top,,,
+info-stnd, Stand-alone GNU Info}). The installation system runs the GPM
+mouse daemon, which allows you to select text with the left mouse button and
+to paste it with the middle button.
+
+@quotation Note
+Installation requires access to the Internet so that any missing
+dependencies of your system configuration can be downloaded. See the
+``Networking'' section below.
+@end quotation
+
+The installation system includes many common tools needed for this task.
+But it is also a full-blown GuixSD system, which means that you can install
+additional packages, should you need it, using @command{guix package}
+(@pxref{Invoquer guix package}).
+
+@subsubsection Keyboard Layout
+
+@cindex keyboard layout
+The installation image uses the US qwerty keyboard layout. If you want to
+change it, you can use the @command{loadkeys} command. For example, the
+following command selects the Dvorak keyboard layout:
+
+@example
+loadkeys dvorak
+@end example
+
+See the files under @file{/run/current-system/profile/share/keymaps} for a
+list of available keyboard layouts. Run @command{man loadkeys} for more
+information.
+
+@subsubsection Networking
+
+Run the following command see what your network interfaces are called:
+
+@example
+ifconfig -a
+@end example
+
+@noindent
+@dots{} or, using the GNU/Linux-specific @command{ip} command:
+
+@example
+ip a
+@end example
+
+@c http://cgit.freedesktop.org/systemd/systemd/tree/src/udev/udev-builtin-net_id.c#n20
+Wired interfaces have a name starting with @samp{e}; for example, the
+interface corresponding to the first on-board Ethernet controller is called
+@samp{eno1}. Wireless interfaces have a name starting with @samp{w}, like
+@samp{w1p2s0}.
+
+@table @asis
+@item Wired connection
+To configure a wired network run the following command, substituting
+@var{interface} with the name of the wired interface you want to use.
+
+@example
+ifconfig @var{interface} up
+@end example
+
+@item Wireless connection
+@cindex wireless
+@cindex WiFi
+To configure wireless networking, you can create a configuration file for
+the @command{wpa_supplicant} configuration tool (its location is not
+important) using one of the available text editors such as @command{nano}:
+
+@example
+nano wpa_supplicant.conf
+@end example
+
+As an example, the following stanza can go to this file and will work for
+many wireless networks, provided you give the actual SSID and passphrase for
+the network you are connecting to:
+
+@example
+network=@{
+ ssid="@var{my-ssid}"
+ key_mgmt=WPA-PSK
+ psk="the network's secret passphrase"
+@}
+@end example
+
+Start the wireless service and run it in the background with the following
+command (substitute @var{interface} with the name of the network interface
+you want to use):
+
+@example
+wpa_supplicant -c wpa_supplicant.conf -i @var{interface} -B
+@end example
+
+Run @command{man wpa_supplicant} for more information.
+@end table
+
+@cindex DHCP
+At this point, you need to acquire an IP address. On a network where IP
+addresses are automatically assigned @i{via} DHCP, you can run:
+
+@example
+dhclient -v @var{interface}
+@end example
+
+Try to ping a server to see if networking is up and running:
+
+@example
+ping -c 3 gnu.org
+@end example
+
+Setting up network access is almost always a requirement because the image
+does not contain all the software and tools that may be needed.
+
+@cindex installing over SSH
+If you want to, you can continue the installation remotely by starting an
+SSH server:
+
+@example
+herd start ssh-daemon
+@end example
+
+Make sure to either set a password with @command{passwd}, or configure
+OpenSSH public key authentication before logging in.
+
+@subsubsection Disk Partitioning
+
+Unless this has already been done, the next step is to partition, and then
+format the target partition(s).
+
+The installation image includes several partitioning tools, including Parted
+(@pxref{Overview,,, parted, GNU Parted User Manual}), @command{fdisk}, and
+@command{cfdisk}. Run it and set up your disk with the partition layout you
+want:
+
+@example
+cfdisk
+@end example
+
+If your disk uses the GUID Partition Table (GPT) format and you plan to
+install BIOS-based GRUB (which is the default), make sure a BIOS Boot
+Partition is available (@pxref{BIOS installation,,, grub, GNU GRUB manual}).
+
+@cindex EFI, installation
+@cindex UEFI, installation
+@cindex ESP, EFI system partition
+If you instead wish to use EFI-based GRUB, a FAT32 @dfn{EFI System
+Partition} (ESP) is required. This partition should be mounted at
+@file{/boot/efi} and must have the @code{esp} flag set. E.g., for
+@command{parted}:
+
+@example
+parted /dev/sda set 1 esp on
+@end example
+
+Once you are done partitioning the target hard disk drive, you have to
+create a file system on the relevant partition(s)@footnote{Currently GuixSD
+only supports ext4 and btrfs file systems. In particular, code that reads
+file system UUIDs and labels only works for these file system types.}. For
+the ESP, if you have one and assuming it is @file{/dev/sda2}, run:
+
+@example
+mkfs.fat -F32 /dev/sda2
+@end example
+
+Preferably, assign file systems a label so that you can easily and reliably
+refer to them in @code{file-system} declarations (@pxref{Systèmes de fichiers}).
+This is typically done using the @code{-L} option of @command{mkfs.ext4} and
+related commands. So, assuming the target root partition lives at
+@file{/dev/sda1}, a file system with the label @code{my-root} can be created
+with:
+
+@example
+mkfs.ext4 -L my-root /dev/sda1
+@end example
+
+@cindex encrypted disk
+If you are instead planning to encrypt the root partition, you can use the
+Cryptsetup/LUKS utilities to do that (see @inlinefmtifelse{html,
+@uref{https://linux.die.net/man/8/cryptsetup, @code{man cryptsetup}},
+@code{man cryptsetup}} for more information.) Assuming you want to store
+the root partition on @file{/dev/sda1}, the command sequence would be along
+these lines:
+
+@example
+cryptsetup luksFormat /dev/sda1
+cryptsetup open --type luks /dev/sda1 my-partition
+mkfs.ext4 -L my-root /dev/mapper/my-partition
+@end example
+
+Once that is done, mount the target file system under @file{/mnt} with a
+command like (again, assuming @code{my-root} is the label of the root file
+system):
+
+@example
+mount LABEL=my-root /mnt
+@end example
+
+Also mount any other file systems you would like to use on the target system
+relative to this path. If you have @file{/boot} on a separate partition for
+example, mount it at @file{/mnt/boot} now so it is found by @code{guix
+system init} afterwards.
+
+Finally, if you plan to use one or more swap partitions (@pxref{Memory
+Concepts, swap space,, libc, The GNU C Library Reference Manual}), make sure
+to initialize them with @command{mkswap}. Assuming you have one swap
+partition on @file{/dev/sda2}, you would run:
+
+@example
+mkswap /dev/sda2
+swapon /dev/sda2
+@end example
+
+Alternatively, you may use a swap file. For example, assuming that in the
+new system you want to use the file @file{/swapfile} as a swap file, you
+would run@footnote{This example will work for many types of file systems
+(e.g., ext4). However, for copy-on-write file systems (e.g., btrfs), the
+required steps may be different. For details, see the manual pages for
+@command{mkswap} and @command{swapon}.}:
+
+@example
+# This is 10 GiB of swap space. Adjust "count" to change the size.
+dd if=/dev/zero of=/mnt/swapfile bs=1MiB count=10240
+# For security, make the file readable and writable only by root.
+chmod 600 /mnt/swapfile
+mkswap /mnt/swapfile
+swapon /mnt/swapfile
+@end example
+
+Note that if you have encrypted the root partition and created a swap file
+in its file system as described above, then the encryption also protects the
+swap file, just like any other file in that file system.
+
+@node Effectuer l'installation
+@subsection Effectuer l'installation
+
+With the target partitions ready and the target root mounted on @file{/mnt},
+we're ready to go. First, run:
+
+@example
+herd start cow-store /mnt
+@end example
+
+This makes @file{/gnu/store} copy-on-write, such that packages added to it
+during the installation phase are written to the target disk on @file{/mnt}
+rather than kept in memory. This is necessary because the first phase of
+the @command{guix system init} command (see below) entails downloads or
+builds to @file{/gnu/store} which, initially, is an in-memory file system.
+
+Next, you have to edit a file and provide the declaration of the operating
+system to be installed. To that end, the installation system comes with
+three text editors. We recommend GNU nano (@pxref{Top,,, nano, GNU nano
+Manual}), which supports syntax highlighting and parentheses matching; other
+editors include GNU Zile (an Emacs clone), and nvi (a clone of the original
+BSD @command{vi} editor). We strongly recommend storing that file on the
+target root file system, say, as @file{/mnt/etc/config.scm}. Failing to do
+that, you will have lost your configuration file once you have rebooted into
+the newly-installed system.
+
+@xref{Utiliser le système de configuration}, for an overview of the configuration
+file. The example configurations discussed in that section are available
+under @file{/etc/configuration} in the installation image. Thus, to get
+started with a system configuration providing a graphical display server (a
+``desktop'' system), you can run something along these lines:
+
+@example
+# mkdir /mnt/etc
+# cp /etc/configuration/desktop.scm /mnt/etc/config.scm
+# nano /mnt/etc/config.scm
+@end example
+
+You should pay attention to what your configuration file contains, and in
+particular:
+
+@itemize
+@item
+Make sure the @code{bootloader-configuration} form refers to the target you
+want to install GRUB on. It should mention @code{grub-bootloader} if you
+are installing GRUB in the legacy way, or @code{grub-efi-bootloader} for
+newer UEFI systems. For legacy systems, the @code{target} field names a
+device, like @code{/dev/sda}; for UEFI systems it names a path to a mounted
+EFI partition, like @code{/boot/efi}, and do make sure the path is actually
+mounted.
+
+@item
+Be sure that your file system labels match the value of their respective
+@code{device} fields in your @code{file-system} configuration, assuming your
+@code{file-system} configuration sets the value of @code{title} to
+@code{'label}.
+
+@item
+If there are encrypted or RAID partitions, make sure to add a
+@code{mapped-devices} field to describe them (@pxref{Périphériques mappés}).
+@end itemize
+
+Once you are done preparing the configuration file, the new system must be
+initialized (remember that the target root file system is mounted under
+@file{/mnt}):
+
+@example
+guix system init /mnt/etc/config.scm /mnt
+@end example
+
+@noindent
+This copies all the necessary files and installs GRUB on @file{/dev/sdX},
+unless you pass the @option{--no-bootloader} option. For more information,
+@pxref{Invoquer guix system}. This command may trigger downloads or builds
+of missing packages, which can take some time.
+
+Once that command has completed---and hopefully succeeded!---you can run
+@command{reboot} and boot into the new system. The @code{root} password in
+the new system is initially empty; other users' passwords need to be
+initialized by running the @command{passwd} command as @code{root}, unless
+your configuration specifies otherwise (@pxref{user-account-password, user
+account passwords}).
+
+@cindex upgrading GuixSD
+From then on, you can update GuixSD whenever you want by running
+@command{guix pull} as @code{root} (@pxref{Invoquer guix pull}), and then
+running @command{guix system reconfigure} to build a new system generation
+with the latest packages and services (@pxref{Invoquer guix system}). We
+recommend doing that regularly so that your system includes the latest
+security updates (@pxref{Mises à jour de sécurité}).
+
+Join us on @code{#guix} on the Freenode IRC network or on
+@file{guix-devel@@gnu.org} to share your experience---good or not so good.
+
+@node Installer GuixSD dans une VM
+@subsection Installing GuixSD in a Virtual Machine
+
+@cindex virtual machine, GuixSD installation
+@cindex virtual private server (VPS)
+@cindex VPS (virtual private server)
+If you'd like to install GuixSD in a virtual machine (VM) or on a virtual
+private server (VPS) rather than on your beloved machine, this section is
+for you.
+
+To boot a @uref{http://qemu.org/,QEMU} VM for installing GuixSD in a disk
+image, follow these steps:
+
+@enumerate
+@item
+First, retrieve and decompress the GuixSD installation image as described
+previously (@pxref{Installation depuis une clef USB ou un DVD}).
+
+@item
+Create a disk image that will hold the installed system. To make a
+qcow2-formatted disk image, use the @command{qemu-img} command:
+
+@example
+qemu-img create -f qcow2 guixsd.img 50G
+@end example
+
+The resulting file will be much smaller than 50 GB (typically less than 1
+MB), but it will grow as the virtualized storage device is filled up.
+
+@item
+Boot the USB installation image in an VM:
+
+@example
+qemu-system-x86_64 -m 1024 -smp 1 \
+ -net user -net nic,model=virtio -boot menu=on \
+ -drive file=guixsd-install-@value{VERSION}.@var{system}.iso \
+ -drive file=guixsd.img
+@end example
+
+The ordering of the drives matters.
+
+In the VM console, quickly press the @kbd{F12} key to enter the boot menu.
+Then press the @kbd{2} key and the @kbd{RET} key to validate your selection.
+
+@item
+You're now root in the VM, proceed with the installation process.
+@xref{Préparer l'installation}, and follow the instructions.
+@end enumerate
+
+Once installation is complete, you can boot the system that's on your
+@file{guixsd.img} image. @xref{Lancer GuixSD dans une VM}, for how to do that.
+
+@node Construire l'image d'installation
+@subsection Construire l'image d'installation
+
+@cindex installation image
+The installation image described above was built using the @command{guix
+system} command, specifically:
+
+@example
+guix system disk-image gnu/system/install.scm
+@end example
+
+Have a look at @file{gnu/system/install.scm} in the source tree, and see
+also @ref{Invoquer guix system} for more information about the installation
+image.
+
+@node Configuration système
+@section Configuration système
+
+@cindex system configuration
+The Guix System Distribution supports a consistent whole-system
+configuration mechanism. By that we mean that all aspects of the global
+system configuration---such as the available system services, timezone and
+locale settings, user accounts---are declared in a single place. Such a
+@dfn{system configuration} can be @dfn{instantiated}---i.e., effected.
+
+@c Yes, we're talking of Puppet, Chef, & co. here. ↑
+One of the advantages of putting all the system configuration under the
+control of Guix is that it supports transactional system upgrades, and makes
+it possible to roll back to a previous system instantiation, should
+something go wrong with the new one (@pxref{Fonctionnalités}). Another advantage
+is that it makes it easy to replicate the exact same configuration across
+different machines, or at different points in time, without having to resort
+to additional administration tools layered on top of the own tools of the
+system.
+
+This section describes this mechanism. First we focus on the system
+administrator's viewpoint---explaining how the system is configured and
+instantiated. Then we show how this mechanism can be extended, for instance
+to support new system services.
+
+@menu
+* Utiliser le système de configuration:: Personnaliser votre système GNU.
+* Référence de système d'exploitation:: Détail sur la déclaration de
+ système d'exploitation.
+* Systèmes de fichiers:: Configurer les montages de systèmes de
+ fichiers.
+* Périphériques mappés:: Gestion des périphériques de bloc.
+* Comptes utilisateurs:: Spécifier des comptes utilisateurs.
+* Régionalisation:: Paramétrer la langue et les conventions
+ culturelles.
+* Services:: Spécifier les services du système.
+* Programmes setuid:: Programmes tournant avec les privilèges root.
+* Certificats X.509:: Authentifier les serveurs HTTPS.
+* Name Service Switch:: Configurer le « name service switch » de la
+ libc.
+* Disque de RAM initial:: Démarrage de Linux-Libre.
+* Configuration du chargeur d'amorçage:: Configurer le chargeur
+ d'amorçage.
+* Invoquer guix system:: Instantier une configuration du système.
+* Lancer GuixSD dans une VM:: Comment lancer GuixSD dans une machine
+ virtuelle.
+* Définir des services:: Ajouter de nouvelles définitions de services.
+@end menu
+
+@node Utiliser le système de configuration
+@subsection Utiliser le système de configuration
+
+The operating system is configured by providing an @code{operating-system}
+declaration in a file that can then be passed to the @command{guix system}
+command (@pxref{Invoquer guix system}). A simple setup, with the default
+system services, the default Linux-Libre kernel, initial RAM disk, and boot
+loader looks like this:
+
+@findex operating-system
+@lisp
+@include os-config-bare-bones.texi
+@end lisp
+
+This example should be self-describing. Some of the fields defined above,
+such as @code{host-name} and @code{bootloader}, are mandatory. Others, such
+as @code{packages} and @code{services}, can be omitted, in which case they
+get a default value.
+
+Below we discuss the effect of some of the most important fields
+(@pxref{Référence de système d'exploitation}, for details about all the available
+fields), and how to @dfn{instantiate} the operating system using
+@command{guix system}.
+
+@unnumberedsubsubsec Globally-Visible Packages
+
+@vindex %base-packages
+The @code{packages} field lists packages that will be globally visible on
+the system, for all user accounts---i.e., in every user's @code{PATH}
+environment variable---in addition to the per-user profiles (@pxref{Invoquer guix package}). The @var{%base-packages} variable provides all the tools
+one would expect for basic user and administrator tasks---including the GNU
+Core Utilities, the GNU Networking Utilities, the GNU Zile lightweight text
+editor, @command{find}, @command{grep}, etc. The example above adds
+GNU@tie{}Screen and OpenSSH to those, taken from the @code{(gnu packages
+screen)} and @code{(gnu packages ssh)} modules (@pxref{Modules de paquets}).
+The @code{(list package output)} syntax can be used to add a specific output
+of a package:
+
+@lisp
+(use-modules (gnu packages))
+(use-modules (gnu packages dns))
+
+(operating-system
+ ;; ...
+ (packages (cons (list bind "utils")
+ %base-packages)))
+@end lisp
+
+@findex specification->package
+Referring to packages by variable name, like @code{bind} above, has the
+advantage of being unambiguous; it also allows typos and such to be
+diagnosed right away as ``unbound variables''. The downside is that one
+needs to know which module defines which package, and to augment the
+@code{use-package-modules} line accordingly. To avoid that, one can use the
+@code{specification->package} procedure of the @code{(gnu packages)} module,
+which returns the best package for a given name or name and version:
+
+@lisp
+(use-modules (gnu packages))
+
+(operating-system
+ ;; ...
+ (packages (append (map specification->package
+ '("tcpdump" "htop" "gnupg@@2.0"))
+ %base-packages)))
+@end lisp
+
+@unnumberedsubsubsec System Services
+
+@cindex services
+@vindex %base-services
+The @code{services} field lists @dfn{system services} to be made available
+when the system starts (@pxref{Services}). The @code{operating-system}
+declaration above specifies that, in addition to the basic services, we want
+the @command{lshd} secure shell daemon listening on port 2222
+(@pxref{Networking Services, @code{lsh-service}}). Under the hood,
+@code{lsh-service} arranges so that @code{lshd} is started with the right
+command-line options, possibly with supporting configuration files generated
+as needed (@pxref{Définir des services}).
+
+@cindex customization, of services
+@findex modify-services
+Occasionally, instead of using the base services as is, you will want to
+customize them. To do this, use @code{modify-services} (@pxref{Référence de service, @code{modify-services}}) to modify the list.
+
+For example, suppose you want to modify @code{guix-daemon} and Mingetty (the
+console log-in) in the @var{%base-services} list (@pxref{Services de base,
+@code{%base-services}}). To do that, you can write the following in your
+operating system declaration:
+
+@lisp
+(define %my-services
+ ;; My very own list of services.
+ (modify-services %base-services
+ (guix-service-type config =>
+ (guix-configuration
+ (inherit config)
+ (use-substitutes? #f)
+ (extra-options '("--gc-keep-derivations"))))
+ (mingetty-service-type config =>
+ (mingetty-configuration
+ (inherit config)))))
+
+(operating-system
+ ;; @dots{}
+ (services %my-services))
+@end lisp
+
+This changes the configuration---i.e., the service parameters---of the
+@code{guix-service-type} instance, and that of all the
+@code{mingetty-service-type} instances in the @var{%base-services} list.
+Observe how this is accomplished: first, we arrange for the original
+configuration to be bound to the identifier @code{config} in the @var{body},
+and then we write the @var{body} so that it evaluates to the desired
+configuration. In particular, notice how we use @code{inherit} to create a
+new configuration which has the same values as the old configuration, but
+with a few modifications.
+
+@cindex encrypted disk
+The configuration for a typical ``desktop'' usage, with an encrypted root
+partition, the X11 display server, GNOME and Xfce (users can choose which of
+these desktop environments to use at the log-in screen by pressing
+@kbd{F1}), network management, power management, and more, would look like
+this:
+
+@lisp
+@include os-config-desktop.texi
+@end lisp
+
+@cindex UEFI
+A graphical UEFI system with a choice of lightweight window managers instead
+of full-blown desktop environments would look like this:
+
+@lisp
+@include os-config-lightweight-desktop.texi
+@end lisp
+
+This example refers to the @file{/boot/efi} file system by its UUID,
+@code{1234-ABCD}. Replace this UUID with the right UUID on your system, as
+returned by the @command{blkid} command.
+
+@xref{Desktop Services}, for the exact list of services provided by
+@var{%desktop-services}. @xref{Certificats X.509}, for background
+information about the @code{nss-certs} package that is used here.
+
+Again, @var{%desktop-services} is just a list of service objects. If you
+want to remove services from there, you can do so using the procedures for
+list filtering (@pxref{SRFI-1 Filtering and Partitioning,,, guile, GNU Guile
+Reference Manual}). For instance, the following expression returns a list
+that contains all the services in @var{%desktop-services} minus the Avahi
+service:
+
+@example
+(remove (lambda (service)
+ (eq? (service-kind service) avahi-service-type))
+ %desktop-services)
+@end example
+
+@unnumberedsubsubsec Instantiating the System
+
+Assuming the @code{operating-system} declaration is stored in the
+@file{my-system-config.scm} file, the @command{guix system reconfigure
+my-system-config.scm} command instantiates that configuration, and makes it
+the default GRUB boot entry (@pxref{Invoquer guix system}).
+
+The normal way to change the system configuration is by updating this file
+and re-running @command{guix system reconfigure}. One should never have to
+touch files in @file{/etc} or to run commands that modify the system state
+such as @command{useradd} or @command{grub-install}. In fact, you must
+avoid that since that would not only void your warranty but also prevent you
+from rolling back to previous versions of your system, should you ever need
+to.
+
+@cindex roll-back, of the operating system
+Speaking of roll-back, each time you run @command{guix system reconfigure},
+a new @dfn{generation} of the system is created---without modifying or
+deleting previous generations. Old system generations get an entry in the
+bootloader boot menu, allowing you to boot them in case something went wrong
+with the latest generation. Reassuring, no? The @command{guix system
+list-generations} command lists the system generations available on disk.
+It is also possible to roll back the system via the commands @command{guix
+system roll-back} and @command{guix system switch-generation}.
+
+Although the command @command{guix system reconfigure} will not modify
+previous generations, must take care when the current generation is not the
+latest (e.g., after invoking @command{guix system roll-back}), since the
+operation might overwrite a later generation (@pxref{Invoquer guix system}).
+
+@unnumberedsubsubsec The Programming Interface
+
+At the Scheme level, the bulk of an @code{operating-system} declaration is
+instantiated with the following monadic procedure (@pxref{La monad du dépôt}):
+
+@deffn {Monadic Procedure} operating-system-derivation os
+Return a derivation that builds @var{os}, an @code{operating-system} object
+(@pxref{Dérivations}).
+
+The output of the derivation is a single directory that refers to all the
+packages, configuration files, and other supporting files needed to
+instantiate @var{os}.
+@end deffn
+
+This procedure is provided by the @code{(gnu system)} module. Along with
+@code{(gnu services)} (@pxref{Services}), this module contains the guts of
+GuixSD. Make sure to visit it!
+
+
+@node Référence de système d'exploitation
+@subsection @code{operating-system} Reference
+
+This section summarizes all the options available in @code{operating-system}
+declarations (@pxref{Utiliser le système de configuration}).
+
+@deftp {Data Type} operating-system
+This is the data type representing an operating system configuration. By
+that, we mean all the global system configuration, not per-user
+configuration (@pxref{Utiliser le système de configuration}).
+
+@table @asis
+@item @code{kernel} (default: @var{linux-libre})
+The package object of the operating system kernel to use@footnote{Currently
+only the Linux-libre kernel is supported. In the future, it will be
+possible to use the GNU@tie{}Hurd.}.
+
+@item @code{kernel-arguments} (default: @code{'()})
+List of strings or gexps representing additional arguments to pass on the
+command-line of the kernel---e.g., @code{("console=ttyS0")}.
+
+@item @code{bootloader}
+The system bootloader configuration object. @xref{Configuration du chargeur d'amorçage}.
+
+@item @code{initrd-modules} (default: @code{%base-initrd-modules})
+@cindex initrd
+@cindex initial RAM disk
+The list of Linux kernel modules that need to be available in the initial
+RAM disk. @xref{Disque de RAM initial}.
+
+@item @code{initrd} (default: @code{base-initrd})
+A monadic procedure that returns an initial RAM disk for the Linux kernel.
+This field is provided to support low-level customization and should rarely
+be needed for casual use. @xref{Disque de RAM initial}.
+
+@item @code{firmware} (default: @var{%base-firmware})
+@cindex firmware
+List of firmware packages loadable by the operating system kernel.
+
+The default includes firmware needed for Atheros- and Broadcom-based WiFi
+devices (Linux-libre modules @code{ath9k} and @code{b43-open},
+respectively). @xref{Considérations matérielles}, for more info on supported
+hardware.
+
+@item @code{host-name}
+The host name.
+
+@item @code{hosts-file}
+@cindex hosts file
+A file-like object (@pxref{G-Expressions, file-like objects}) for use as
+@file{/etc/hosts} (@pxref{Host Names,,, libc, The GNU C Library Reference
+Manual}). The default is a file with entries for @code{localhost} and
+@var{host-name}.
+
+@item @code{mapped-devices} (default: @code{'()})
+A list of mapped devices. @xref{Périphériques mappés}.
+
+@item @code{file-systems}
+A list of file systems. @xref{Systèmes de fichiers}.
+
+@item @code{swap-devices} (default: @code{'()})
+@cindex swap devices
+A list of strings identifying devices or files to be used for ``swap space''
+(@pxref{Memory Concepts,,, libc, The GNU C Library Reference Manual}). For
+example, @code{'("/dev/sda3")} or @code{'("/swapfile")}. It is possible to
+specify a swap file in a file system on a mapped device, provided that the
+necessary device mapping and file system are also specified. @xref{Périphériques mappés} and @ref{Systèmes de fichiers}.
+
+@item @code{users} (default: @code{%base-user-accounts})
+@itemx @code{groups} (default: @var{%base-groups})
+List of user accounts and groups. @xref{Comptes utilisateurs}.
+
+If the @code{users} list lacks a user account with UID@tie{}0, a ``root''
+account with UID@tie{}0 is automatically added.
+
+@item @code{skeletons} (default: @code{(default-skeletons)})
+A list target file name/file-like object tuples (@pxref{G-Expressions,
+file-like objects}). These are the skeleton files that will be added to the
+home directory of newly-created user accounts.
+
+For instance, a valid value may look like this:
+
+@example
+`((".bashrc" ,(plain-file "bashrc" "echo Hello\n"))
+ (".guile" ,(plain-file "guile"
+ "(use-modules (ice-9 readline))
+ (activate-readline)")))
+@end example
+
+@item @code{issue} (default: @var{%default-issue})
+A string denoting the contents of the @file{/etc/issue} file, which is
+displayed when users log in on a text console.
+
+@item @code{packages} (default: @var{%base-packages})
+The set of packages installed in the global profile, which is accessible at
+@file{/run/current-system/profile}.
+
+The default set includes core utilities and it is good practice to install
+non-core utilities in user profiles (@pxref{Invoquer guix package}).
+
+@item @code{timezone}
+A timezone identifying string---e.g., @code{"Europe/Paris"}.
+
+You can run the @command{tzselect} command to find out which timezone string
+corresponds to your region. Choosing an invalid timezone name causes
+@command{guix system} to fail.
+
+@item @code{locale} (default: @code{"en_US.utf8"})
+The name of the default locale (@pxref{Locale Names,,, libc, The GNU C
+Library Reference Manual}). @xref{Régionalisation}, for more information.
+
+@item @code{locale-definitions} (default: @var{%default-locale-definitions})
+The list of locale definitions to be compiled and that may be used at run
+time. @xref{Régionalisation}.
+
+@item @code{locale-libcs} (default: @code{(list @var{glibc})})
+The list of GNU@tie{}libc packages whose locale data and tools are used to
+build the locale definitions. @xref{Régionalisation}, for compatibility
+considerations that justify this option.
+
+@item @code{name-service-switch} (default: @var{%default-nss})
+Configuration of the libc name service switch (NSS)---a
+@code{<name-service-switch>} object. @xref{Name Service Switch}, for
+details.
+
+@item @code{services} (default: @var{%base-services})
+A list of service objects denoting system services. @xref{Services}.
+
+@item @code{pam-services} (default: @code{(base-pam-services)})
+@cindex PAM
+@cindex pluggable authentication modules
+@c FIXME: Add xref to PAM services section.
+Linux @dfn{pluggable authentication module} (PAM) services.
+
+@item @code{setuid-programs} (default: @var{%setuid-programs})
+List of string-valued G-expressions denoting setuid programs. @xref{Programmes setuid}.
+
+@item @code{sudoers-file} (default: @var{%sudoers-specification})
+@cindex sudoers file
+The contents of the @file{/etc/sudoers} file as a file-like object
+(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}).
+
+This file specifies which users can use the @command{sudo} command, what
+they are allowed to do, and what privileges they may gain. The default is
+that only @code{root} and members of the @code{wheel} group may use
+@code{sudo}.
+
+@end table
+@end deftp
+
+@node Systèmes de fichiers
+@subsection Systèmes de fichiers
+
+The list of file systems to be mounted is specified in the
+@code{file-systems} field of the operating system declaration (@pxref{Utiliser le système de configuration}). Each file system is declared using the
+@code{file-system} form, like this:
+
+@example
+(file-system
+ (mount-point "/home")
+ (device "/dev/sda3")
+ (type "ext4"))
+@end example
+
+As usual, some of the fields are mandatory---those shown in the example
+above---while others can be omitted. These are described below.
+
+@deftp {Data Type} file-system
+Objects of this type represent file systems to be mounted. They contain the
+following members:
+
+@table @asis
+@item @code{type}
+This is a string specifying the type of the file system---e.g.,
+@code{"ext4"}.
+
+@item @code{mount-point}
+This designates the place where the file system is to be mounted.
+
+@item @code{device}
+This names the ``source'' of the file system. By default it is the name of
+a node under @file{/dev}, but its meaning depends on the @code{title} field
+described below.
+
+@item @code{title} (default: @code{'device})
+This is a symbol that specifies how the @code{device} field is to be
+interpreted.
+
+When it is the symbol @code{device}, then the @code{device} field is
+interpreted as a file name; when it is @code{label}, then @code{device} is
+interpreted as a file system label name; when it is @code{uuid},
+@code{device} is interpreted as a file system unique identifier (UUID).
+
+UUIDs may be converted from their string representation (as shown by the
+@command{tune2fs -l} command) using the @code{uuid} form@footnote{The
+@code{uuid} form expects 16-byte UUIDs as defined in
+@uref{https://tools.ietf.org/html/rfc4122, RFC@tie{}4122}. This is the form
+of UUID used by the ext2 family of file systems and others, but it is
+different from ``UUIDs'' found in FAT file systems, for instance.}, like
+this:
+
+@example
+(file-system
+ (mount-point "/home")
+ (type "ext4")
+ (title 'uuid)
+ (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")))
+@end example
+
+The @code{label} and @code{uuid} options offer a way to refer to file
+systems without having to hard-code their actual device name@footnote{Note
+that, while it is tempting to use @file{/dev/disk/by-uuid} and similar
+device names to achieve the same result, this is not recommended: These
+special device nodes are created by the udev daemon and may be unavailable
+at the time the device is mounted.}.
+
+However, when the source of a file system is a mapped device (@pxref{Périphériques mappés}), its @code{device} field @emph{must} refer to the mapped device
+name---e.g., @file{/dev/mapper/root-partition}---and consequently
+@code{title} must be set to @code{'device}. This is required so that the
+system knows that mounting the file system depends on having the
+corresponding device mapping established.
+
+@item @code{flags} (default: @code{'()})
+This is a list of symbols denoting mount flags. Recognized flags include
+@code{read-only}, @code{bind-mount}, @code{no-dev} (disallow access to
+special files), @code{no-suid} (ignore setuid and setgid bits), and
+@code{no-exec} (disallow program execution.)
+
+@item @code{options} (default: @code{#f})
+This is either @code{#f}, or a string denoting mount options.
+
+@item @code{mount?} (default: @code{#t})
+This value indicates whether to automatically mount the file system when the
+system is brought up. When set to @code{#f}, the file system gets an entry
+in @file{/etc/fstab} (read by the @command{mount} command) but is not
+automatically mounted.
+
+@item @code{needed-for-boot?} (default: @code{#f})
+This Boolean value indicates whether the file system is needed when
+booting. If that is true, then the file system is mounted when the initial
+RAM disk (initrd) is loaded. This is always the case, for instance, for the
+root file system.
+
+@item @code{check?} (default: @code{#t})
+This Boolean indicates whether the file system needs to be checked for
+errors before being mounted.
+
+@item @code{create-mount-point?} (default: @code{#f})
+When true, the mount point is created if it does not exist yet.
+
+@item @code{dependencies} (default: @code{'()})
+This is a list of @code{<file-system>} or @code{<mapped-device>} objects
+representing file systems that must be mounted or mapped devices that must
+be opened before (and unmounted or closed after) this one.
+
+As an example, consider a hierarchy of mounts: @file{/sys/fs/cgroup} is a
+dependency of @file{/sys/fs/cgroup/cpu} and @file{/sys/fs/cgroup/memory}.
+
+Another example is a file system that depends on a mapped device, for
+example for an encrypted partition (@pxref{Périphériques mappés}).
+@end table
+@end deftp
+
+The @code{(gnu system file-systems)} exports the following useful variables.
+
+@defvr {Scheme Variable} %base-file-systems
+These are essential file systems that are required on normal systems, such
+as @var{%pseudo-terminal-file-system} and @var{%immutable-store} (see
+below.) Operating system declarations should always contain at least these.
+@end defvr
+
+@defvr {Scheme Variable} %pseudo-terminal-file-system
+This is the file system to be mounted as @file{/dev/pts}. It supports
+@dfn{pseudo-terminals} created @i{via} @code{openpty} and similar functions
+(@pxref{Pseudo-Terminals,,, libc, The GNU C Library Reference Manual}).
+Pseudo-terminals are used by terminal emulators such as @command{xterm}.
+@end defvr
+
+@defvr {Scheme Variable} %shared-memory-file-system
+This file system is mounted as @file{/dev/shm} and is used to support memory
+sharing across processes (@pxref{Memory-mapped I/O, @code{shm_open},, libc,
+The GNU C Library Reference Manual}).
+@end defvr
+
+@defvr {Scheme Variable} %immutable-store
+This file system performs a read-only ``bind mount'' of @file{/gnu/store},
+making it read-only for all the users including @code{root}. This prevents
+against accidental modification by software running as @code{root} or by
+system administrators.
+
+The daemon itself is still able to write to the store: it remounts it
+read-write in its own ``name space.''
+@end defvr
+
+@defvr {Scheme Variable} %binary-format-file-system
+The @code{binfmt_misc} file system, which allows handling of arbitrary
+executable file types to be delegated to user space. This requires the
+@code{binfmt.ko} kernel module to be loaded.
+@end defvr
+
+@defvr {Scheme Variable} %fuse-control-file-system
+The @code{fusectl} file system, which allows unprivileged users to mount and
+unmount user-space FUSE file systems. This requires the @code{fuse.ko}
+kernel module to be loaded.
+@end defvr
+
+@node Périphériques mappés
+@subsection Périphériques mappés
+
+@cindex device mapping
+@cindex mapped devices
+The Linux kernel has a notion of @dfn{device mapping}: a block device, such
+as a hard disk partition, can be @dfn{mapped} into another device, usually
+in @code{/dev/mapper/}, with additional processing over the data that flows
+through it@footnote{Note that the GNU@tie{}Hurd makes no difference between
+the concept of a ``mapped device'' and that of a file system: both boil down
+to @emph{translating} input/output operations made on a file to operations
+on its backing store. Thus, the Hurd implements mapped devices, like file
+systems, using the generic @dfn{translator} mechanism (@pxref{Translators,,,
+hurd, The GNU Hurd Reference Manual}).}. A typical example is encryption
+device mapping: all writes to the mapped device are encrypted, and all reads
+are deciphered, transparently. Guix extends this notion by considering any
+device or set of devices that are @dfn{transformed} in some way to create a
+new device; for instance, RAID devices are obtained by @dfn{assembling}
+several other devices, such as hard disks or partitions, into a new one that
+behaves as one partition. Other examples, not yet implemented, are LVM
+logical volumes.
+
+Mapped devices are declared using the @code{mapped-device} form, defined as
+follows; for examples, see below.
+
+@deftp {Data Type} mapped-device
+Objects of this type represent device mappings that will be made when the
+system boots up.
+
+@table @code
+@item source
+This is either a string specifying the name of the block device to be
+mapped, such as @code{"/dev/sda3"}, or a list of such strings when several
+devices need to be assembled for creating a new one.
+
+@item target
+This string specifies the name of the resulting mapped device. For kernel
+mappers such as encrypted devices of type @code{luks-device-mapping},
+specifying @code{"my-partition"} leads to the creation of the
+@code{"/dev/mapper/my-partition"} device. For RAID devices of type
+@code{raid-device-mapping}, the full device name such as @code{"/dev/md0"}
+needs to be given.
+
+@item type
+This must be a @code{mapped-device-kind} object, which specifies how
+@var{source} is mapped to @var{target}.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} luks-device-mapping
+This defines LUKS block device encryption using the @command{cryptsetup}
+command from the package with the same name. It relies on the
+@code{dm-crypt} Linux kernel module.
+@end defvr
+
+@defvr {Scheme Variable} raid-device-mapping
+This defines a RAID device, which is assembled using the @code{mdadm}
+command from the package with the same name. It requires a Linux kernel
+module for the appropriate RAID level to be loaded, such as @code{raid456}
+for RAID-4, RAID-5 or RAID-6, or @code{raid10} for RAID-10.
+@end defvr
+
+@cindex disk encryption
+@cindex LUKS
+The following example specifies a mapping from @file{/dev/sda3} to
+@file{/dev/mapper/home} using LUKS---the
+@url{https://gitlab.com/cryptsetup/cryptsetup,Linux Unified Key Setup}, a
+standard mechanism for disk encryption. The @file{/dev/mapper/home} device
+can then be used as the @code{device} of a @code{file-system} declaration
+(@pxref{Systèmes de fichiers}).
+
+@example
+(mapped-device
+ (source "/dev/sda3")
+ (target "home")
+ (type luks-device-mapping))
+@end example
+
+Alternatively, to become independent of device numbering, one may obtain the
+LUKS UUID (@dfn{unique identifier}) of the source device by a command like:
+
+@example
+cryptsetup luksUUID /dev/sda3
+@end example
+
+and use it as follows:
+
+@example
+(mapped-device
+ (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44"))
+ (target "home")
+ (type luks-device-mapping))
+@end example
+
+@cindex swap encryption
+It is also desirable to encrypt swap space, since swap space may contain
+sensitive data. One way to accomplish that is to use a swap file in a file
+system on a device mapped via LUKS encryption. In this way, the swap file
+is encrypted because the entire device is encrypted. @xref{Préparer l'installation,,Disk Partitioning}, for an example.
+
+A RAID device formed of the partitions @file{/dev/sda1} and @file{/dev/sdb1}
+may be declared as follows:
+
+@example
+(mapped-device
+ (source (list "/dev/sda1" "/dev/sdb1"))
+ (target "/dev/md0")
+ (type raid-device-mapping))
+@end example
+
+The @file{/dev/md0} device can then be used as the @code{device} of a
+@code{file-system} declaration (@pxref{Systèmes de fichiers}). Note that the RAID
+level need not be given; it is chosen during the initial creation and
+formatting of the RAID device and is determined automatically later.
+
+
+@node Comptes utilisateurs
+@subsection Comptes utilisateurs
+
+@cindex users
+@cindex accounts
+@cindex user accounts
+User accounts and groups are entirely managed through the
+@code{operating-system} declaration. They are specified with the
+@code{user-account} and @code{user-group} forms:
+
+@example
+(user-account
+ (name "alice")
+ (group "users")
+ (supplementary-groups '("wheel" ;allow use of sudo, etc.
+ "audio" ;sound card
+ "video" ;video devices such as webcams
+ "cdrom")) ;the good ol' CD-ROM
+ (comment "Bob's sister")
+ (home-directory "/home/alice"))
+@end example
+
+When booting or upon completion of @command{guix system reconfigure}, the
+system ensures that only the user accounts and groups specified in the
+@code{operating-system} declaration exist, and with the specified
+properties. Thus, account or group creations or modifications made by
+directly invoking commands such as @command{useradd} are lost upon
+reconfiguration or reboot. This ensures that the system remains exactly as
+declared.
+
+@deftp {Data Type} user-account
+Objects of this type represent user accounts. The following members may be
+specified:
+
+@table @asis
+@item @code{name}
+The name of the user account.
+
+@item @code{group}
+@cindex groups
+This is the name (a string) or identifier (a number) of the user group this
+account belongs to.
+
+@item @code{supplementary-groups} (default: @code{'()})
+Optionally, this can be defined as a list of group names that this account
+belongs to.
+
+@item @code{uid} (default: @code{#f})
+This is the user ID for this account (a number), or @code{#f}. In the
+latter case, a number is automatically chosen by the system when the account
+is created.
+
+@item @code{comment} (default: @code{""})
+A comment about the account, such as the account owner's full name.
+
+@item @code{home-directory}
+This is the name of the home directory for the account.
+
+@item @code{create-home-directory?} (default: @code{#t})
+Indicates whether the home directory of this account should be created if it
+does not exist yet.
+
+@item @code{shell} (default: Bash)
+This is a G-expression denoting the file name of a program to be used as the
+shell (@pxref{G-Expressions}).
+
+@item @code{system?} (default: @code{#f})
+This Boolean value indicates whether the account is a ``system'' account.
+System accounts are sometimes treated specially; for instance, graphical
+login managers do not list them.
+
+@anchor{user-account-password}
+@item @code{password} (default: @code{#f})
+You would normally leave this field to @code{#f}, initialize user passwords
+as @code{root} with the @command{passwd} command, and then let users change
+it with @command{passwd}. Passwords set with @command{passwd} are of course
+preserved across reboot and reconfiguration.
+
+If you @emph{do} want to have a preset password for an account, then this
+field must contain the encrypted password, as a string. @xref{crypt,,,
+libc, The GNU C Library Reference Manual}, for more information on password
+encryption, and @ref{Encryption,,, guile, GNU Guile Reference Manual}, for
+information on Guile's @code{crypt} procedure.
+
+@end table
+@end deftp
+
+@cindex groups
+User group declarations are even simpler:
+
+@example
+(user-group (name "students"))
+@end example
+
+@deftp {Data Type} user-group
+This type is for, well, user groups. There are just a few fields:
+
+@table @asis
+@item @code{name}
+The name of the group.
+
+@item @code{id} (default: @code{#f})
+The group identifier (a number). If @code{#f}, a new number is
+automatically allocated when the group is created.
+
+@item @code{system?} (default: @code{#f})
+This Boolean value indicates whether the group is a ``system'' group.
+System groups have low numerical IDs.
+
+@item @code{password} (default: @code{#f})
+What, user groups can have a password? Well, apparently yes. Unless
+@code{#f}, this field specifies the password of the group.
+
+@end table
+@end deftp
+
+For convenience, a variable lists all the basic user groups one may expect:
+
+@defvr {Scheme Variable} %base-groups
+This is the list of basic user groups that users and/or packages expect to
+be present on the system. This includes groups such as ``root'', ``wheel'',
+and ``users'', as well as groups used to control access to specific devices
+such as ``audio'', ``disk'', and ``cdrom''.
+@end defvr
+
+@defvr {Scheme Variable} %base-user-accounts
+This is the list of basic system accounts that programs may expect to find
+on a GNU/Linux system, such as the ``nobody'' account.
+
+Note that the ``root'' account is not included here. It is a special-case
+and is automatically added whether or not it is specified.
+@end defvr
+
+@node Régionalisation
+@subsection Régionalisation
+
+@cindex locale
+A @dfn{locale} defines cultural conventions for a particular language and
+region of the world (@pxref{Régionalisation,,, libc, The GNU C Library Reference
+Manual}). Each locale has a name that typically has the form
+@code{@var{language}_@var{territory}.@var{codeset}}---e.g.,
+@code{fr_LU.utf8} designates the locale for the French language, with
+cultural conventions from Luxembourg, and using the UTF-8 encoding.
+
+@cindex locale definition
+Usually, you will want to specify the default locale for the machine using
+the @code{locale} field of the @code{operating-system} declaration
+(@pxref{Référence de système d'exploitation, @code{locale}}).
+
+The selected locale is automatically added to the @dfn{locale definitions}
+known to the system if needed, with its codeset inferred from its
+name---e.g., @code{bo_CN.utf8} will be assumed to use the @code{UTF-8}
+codeset. Additional locale definitions can be specified in the
+@code{locale-definitions} slot of @code{operating-system}---this is useful,
+for instance, if the codeset could not be inferred from the locale name.
+The default set of locale definitions includes some widely used locales, but
+not all the available locales, in order to save space.
+
+For instance, to add the North Frisian locale for Germany, the value of that
+field may be:
+
+@example
+(cons (locale-definition
+ (name "fy_DE.utf8") (source "fy_DE"))
+ %default-locale-definitions)
+@end example
+
+Likewise, to save space, one might want @code{locale-definitions} to list
+only the locales that are actually used, as in:
+
+@example
+(list (locale-definition
+ (name "ja_JP.eucjp") (source "ja_JP")
+ (charset "EUC-JP")))
+@end example
+
+@vindex LOCPATH
+The compiled locale definitions are available at
+@file{/run/current-system/locale/X.Y}, where @code{X.Y} is the libc version,
+which is the default location where the GNU@tie{}libc provided by Guix looks
+for locale data. This can be overridden using the @code{LOCPATH}
+environment variable (@pxref{locales-and-locpath, @code{LOCPATH} and locale
+packages}).
+
+The @code{locale-definition} form is provided by the @code{(gnu system
+locale)} module. Details are given below.
+
+@deftp {Data Type} locale-definition
+This is the data type of a locale definition.
+
+@table @asis
+
+@item @code{name}
+The name of the locale. @xref{Locale Names,,, libc, The GNU C Library
+Reference Manual}, for more information on locale names.
+
+@item @code{source}
+The name of the source for that locale. This is typically the
+@code{@var{language}_@var{territory}} part of the locale name.
+
+@item @code{charset} (default: @code{"UTF-8"})
+The ``character set'' or ``code set'' for that locale,
+@uref{http://www.iana.org/assignments/character-sets, as defined by IANA}.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %default-locale-definitions
+A list of commonly used UTF-8 locales, used as the default value of the
+@code{locale-definitions} field of @code{operating-system} declarations.
+
+@cindex locale name
+@cindex normalized codeset in locale names
+These locale definitions use the @dfn{normalized codeset} for the part that
+follows the dot in the name (@pxref{Using gettextized software, normalized
+codeset,, libc, The GNU C Library Reference Manual}). So for instance it
+has @code{uk_UA.utf8} but @emph{not}, say, @code{uk_UA.UTF-8}.
+@end defvr
+
+@subsubsection Locale Data Compatibility Considerations
+
+@cindex incompatibility, of locale data
+@code{operating-system} declarations provide a @code{locale-libcs} field to
+specify the GNU@tie{}libc packages that are used to compile locale
+declarations (@pxref{Référence de système d'exploitation}). ``Why would I care?'',
+you may ask. Well, it turns out that the binary format of locale data is
+occasionally incompatible from one libc version to another.
+
+@c See <https://sourceware.org/ml/libc-alpha/2015-09/msg00575.html>
+@c and <https://lists.gnu.org/archive/html/guix-devel/2015-08/msg00737.html>.
+For instance, a program linked against libc version 2.21 is unable to read
+locale data produced with libc 2.22; worse, that program @emph{aborts}
+instead of simply ignoring the incompatible locale data@footnote{Versions
+2.23 and later of GNU@tie{}libc will simply skip the incompatible locale
+data, which is already an improvement.}. Similarly, a program linked
+against libc 2.22 can read most, but not all, of the locale data from libc
+2.21 (specifically, @code{LC_COLLATE} data is incompatible); thus calls to
+@code{setlocale} may fail, but programs will not abort.
+
+The ``problem'' in GuixSD is that users have a lot of freedom: They can
+choose whether and when to upgrade software in their profiles, and might be
+using a libc version different from the one the system administrator used to
+build the system-wide locale data.
+
+Fortunately, unprivileged users can also install their own locale data and
+define @var{GUIX_LOCPATH} accordingly (@pxref{locales-and-locpath,
+@code{GUIX_LOCPATH} and locale packages}).
+
+Still, it is best if the system-wide locale data at
+@file{/run/current-system/locale} is built for all the libc versions
+actually in use on the system, so that all the programs can access it---this
+is especially crucial on a multi-user system. To do that, the administrator
+can specify several libc packages in the @code{locale-libcs} field of
+@code{operating-system}:
+
+@example
+(use-package-modules base)
+
+(operating-system
+ ;; @dots{}
+ (locale-libcs (list glibc-2.21 (canonical-package glibc))))
+@end example
+
+This example would lead to a system containing locale definitions for both
+libc 2.21 and the current version of libc in
+@file{/run/current-system/locale}.
+
+
+@node Services
+@subsection Services
+
+@cindex system services
+An important part of preparing an @code{operating-system} declaration is
+listing @dfn{system services} and their configuration (@pxref{Utiliser le système de configuration}). System services are typically daemons launched when
+the system boots, or other actions needed at that time---e.g., configuring
+network access.
+
+GuixSD has a broad definition of ``service'' (@pxref{Composition de services}),
+but many services are managed by the GNU@tie{}Shepherd (@pxref{Services Shepherd}). On a running system, the @command{herd} command allows you to
+list the available services, show their status, start and stop them, or do
+other specific operations (@pxref{Jump Start,,, shepherd, The GNU Shepherd
+Manual}). For example:
+
+@example
+# herd status
+@end example
+
+The above command, run as @code{root}, lists the currently defined
+services. The @command{herd doc} command shows a synopsis of the given
+service:
+
+@example
+# herd doc nscd
+Run libc's name service cache daemon (nscd).
+@end example
+
+The @command{start}, @command{stop}, and @command{restart} sub-commands have
+the effect you would expect. For instance, the commands below stop the nscd
+service and restart the Xorg display server:
+
+@example
+# herd stop nscd
+Service nscd has been stopped.
+# herd restart xorg-server
+Service xorg-server has been stopped.
+Service xorg-server has been started.
+@end example
+
+The following sections document the available services, starting with the
+core services, that may be used in an @code{operating-system} declaration.
+
+@menu
+* Services de base:: Services systèmes essentiels.
+* Scheduled Job Execution:: The mcron service.
+* Log Rotation:: The rottlog service.
+* Networking Services:: Network setup, SSH daemon, etc.
+* X Window:: Graphical display.
+* Printing Services:: Local and remote printer support.
+* Desktop Services:: D-Bus and desktop services.
+* Database Services:: SQL databases, key-value stores, etc.
+* Mail Services:: IMAP, POP3, SMTP, and all that.
+* Messaging Services:: Messaging services.
+* Telephony Services:: Telephony services.
+* Monitoring Services:: Monitoring services.
+* Kerberos Services:: Kerberos services.
+* Web Services:: Web servers.
+* Certificate Services:: TLS certificates via Let's Encrypt.
+* DNS Services:: DNS daemons.
+* VPN Services:: VPN daemons.
+* Network File System:: NFS related services.
+* Continuous Integration:: The Cuirass service.
+* Power management Services:: The TLP tool.
+* Audio Services:: The MPD.
+* Virtualization Services:: Virtualization services.
+* Version Control Services:: Providing remote access to Git repositories.
+* Game Services:: Game servers.
+* Miscellaneous Services:: Other services.
+@end menu
+
+@node Services de base
+@subsubsection Services de base
+
+The @code{(gnu services base)} module provides definitions for the basic
+services that one expects from the system. The services exported by this
+module are listed below.
+
+@defvr {Scheme Variable} %base-services
+This variable contains a list of basic services (@pxref{Types service et services}, for more information on service objects) one would expect from
+the system: a login service (mingetty) on each tty, syslogd, the libc name
+service cache daemon (nscd), the udev device manager, and more.
+
+This is the default value of the @code{services} field of
+@code{operating-system} declarations. Usually, when customizing a system,
+you will want to append services to @var{%base-services}, like this:
+
+@example
+(cons* (avahi-service) (lsh-service) %base-services)
+@end example
+@end defvr
+
+@defvr {Scheme Variable} special-files-service-type
+This is the service that sets up ``special files'' such as @file{/bin/sh};
+an instance of it is part of @code{%base-services}.
+
+The value associated with @code{special-files-service-type} services must be
+a list of tuples where the first element is the ``special file'' and the
+second element is its target. By default it is:
+
+@cindex @file{/bin/sh}
+@cindex @file{sh}, in @file{/bin}
+@example
+`(("/bin/sh" ,(file-append @var{bash} "/bin/sh")))
+@end example
+
+@cindex @file{/usr/bin/env}
+@cindex @file{env}, in @file{/usr/bin}
+If you want to add, say, @code{/usr/bin/env} to your system, you can change
+it to:
+
+@example
+`(("/bin/sh" ,(file-append @var{bash} "/bin/sh"))
+ ("/usr/bin/env" ,(file-append @var{coreutils} "/bin/env")))
+@end example
+
+Since this is part of @code{%base-services}, you can use
+@code{modify-services} to customize the set of special files (@pxref{Référence de service, @code{modify-services}}). But the simple way to add a special
+file is @i{via} the @code{extra-special-file} procedure (see below.)
+@end defvr
+
+@deffn {Scheme Procedure} extra-special-file @var{file} @var{target}
+Use @var{target} as the ``special file'' @var{file}.
+
+For example, adding the following lines to the @code{services} field of your
+operating system declaration leads to a @file{/usr/bin/env} symlink:
+
+@example
+(extra-special-file "/usr/bin/env"
+ (file-append coreutils "/bin/env"))
+@end example
+@end deffn
+
+@deffn {Scheme Procedure} host-name-service @var{name}
+Return a service that sets the host name to @var{name}.
+@end deffn
+
+@deffn {Scheme Procedure} login-service @var{config}
+Return a service to run login according to @var{config}, a
+@code{<login-configuration>} object, which specifies the message of the day,
+among other things.
+@end deffn
+
+@deftp {Data Type} login-configuration
+This is the data type representing the configuration of login.
+
+@table @asis
+
+@item @code{motd}
+@cindex message of the day
+A file-like object containing the ``message of the day''.
+
+@item @code{allow-empty-passwords?} (default: @code{#t})
+Allow empty passwords by default so that first-time users can log in when
+the 'root' account has just been created.
+
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} mingetty-service @var{config}
+Return a service to run mingetty according to @var{config}, a
+@code{<mingetty-configuration>} object, which specifies the tty to run,
+among other things.
+@end deffn
+
+@deftp {Data Type} mingetty-configuration
+This is the data type representing the configuration of Mingetty, which
+provides the default implementation of virtual console log-in.
+
+@table @asis
+
+@item @code{tty}
+The name of the console this Mingetty runs on---e.g., @code{"tty1"}.
+
+@item @code{auto-login} (default: @code{#f})
+When true, this field must be a string denoting the user name under which
+the system automatically logs in. When it is @code{#f}, a user name and
+password must be entered to log in.
+
+@item @code{login-program} (default: @code{#f})
+This must be either @code{#f}, in which case the default log-in program is
+used (@command{login} from the Shadow tool suite), or a gexp denoting the
+name of the log-in program.
+
+@item @code{login-pause?} (default: @code{#f})
+When set to @code{#t} in conjunction with @var{auto-login}, the user will
+have to press a key before the log-in shell is launched.
+
+@item @code{mingetty} (default: @var{mingetty})
+The Mingetty package to use.
+
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} agetty-service @var{config}
+Return a service to run agetty according to @var{config}, an
+@code{<agetty-configuration>} object, which specifies the tty to run, among
+other things.
+@end deffn
+
+@deftp {Data Type} agetty-configuration
+This is the data type representing the configuration of agetty, which
+implements virtual and serial console log-in. See the @code{agetty(8)} man
+page for more information.
+
+@table @asis
+
+@item @code{tty}
+The name of the console this agetty runs on, as a string---e.g.,
+@code{"ttyS0"}. This argument is optional, it will default to a reasonable
+default serial port used by the kernel Linux.
+
+For this, if there is a value for an option @code{agetty.tty} in the kernel
+command line, agetty will extract the device name of the serial port from it
+and use that.
+
+If not and if there is a value for an option @code{console} with a tty in
+the Linux command line, agetty will extract the device name of the serial
+port from it and use that.
+
+In both cases, agetty will leave the other serial device settings (baud rate
+etc.) alone---in the hope that Linux pinned them to the correct values.
+
+@item @code{baud-rate} (default: @code{#f})
+A string containing a comma-separated list of one or more baud rates, in
+descending order.
+
+@item @code{term} (default: @code{#f})
+A string containing the value used for the @code{TERM} environment variable.
+
+@item @code{eight-bits?} (default: @code{#f})
+When @code{#t}, the tty is assumed to be 8-bit clean, and parity detection
+is disabled.
+
+@item @code{auto-login} (default: @code{#f})
+When passed a login name, as a string, the specified user will be logged in
+automatically without prompting for their login name or password.
+
+@item @code{no-reset?} (default: @code{#f})
+When @code{#t}, don't reset terminal cflags (control modes).
+
+@item @code{host} (default: @code{#f})
+This accepts a string containing the "login_host", which will be written
+into the @file{/var/run/utmpx} file.
+
+@item @code{remote?} (default: @code{#f})
+When set to @code{#t} in conjunction with @var{host}, this will add an
+@code{-r} fakehost option to the command line of the login program specified
+in @var{login-program}.
+
+@item @code{flow-control?} (default: @code{#f})
+When set to @code{#t}, enable hardware (RTS/CTS) flow control.
+
+@item @code{no-issue?} (default: @code{#f})
+When set to @code{#t}, the contents of the @file{/etc/issue} file will not
+be displayed before presenting the login prompt.
+
+@item @code{init-string} (default: @code{#f})
+This accepts a string that will be sent to the tty or modem before sending
+anything else. It can be used to initialize a modem.
+
+@item @code{no-clear?} (default: @code{#f})
+When set to @code{#t}, agetty will not clear the screen before showing the
+login prompt.
+
+@item @code{login-program} (default: (file-append shadow "/bin/login"))
+This must be either a gexp denoting the name of a log-in program, or unset,
+in which case the default value is the @command{login} from the Shadow tool
+suite.
+
+@item @code{local-line} (default: @code{#f})
+Control the CLOCAL line flag. This accepts one of three symbols as
+arguments, @code{'auto}, @code{'always}, or @code{'never}. If @code{#f}, the
+default value chosen by agetty is @code{'auto}.
+
+@item @code{extract-baud?} (default: @code{#f})
+When set to @code{#t}, instruct agetty to try to extract the baud rate from
+the status messages produced by certain types of modems.
+
+@item @code{skip-login?} (default: @code{#f})
+When set to @code{#t}, do not prompt the user for a login name. This can be
+used with @var{login-program} field to use non-standard login systems.
+
+@item @code{no-newline?} (default: @code{#f})
+When set to @code{#t}, do not print a newline before printing the
+@file{/etc/issue} file.
+
+@c Is this dangerous only when used with login-program, or always?
+@item @code{login-options} (default: @code{#f})
+This option accepts a string containing options that are passed to the login
+program. When used with the @var{login-program}, be aware that a malicious
+user could try to enter a login name containing embedded options that could
+be parsed by the login program.
+
+@item @code{login-pause} (default: @code{#f})
+When set to @code{#t}, wait for any key before showing the login prompt.
+This can be used in conjunction with @var{auto-login} to save memory by
+lazily spawning shells.
+
+@item @code{chroot} (default: @code{#f})
+Change root to the specified directory. This option accepts a directory
+path as a string.
+
+@item @code{hangup?} (default: @code{#f})
+Use the Linux system call @code{vhangup} to do a virtual hangup of the
+specified terminal.
+
+@item @code{keep-baud?} (default: @code{#f})
+When set to @code{#t}, try to keep the existing baud rate. The baud rates
+from @var{baud-rate} are used when agetty receives a @key{BREAK} character.
+
+@item @code{timeout} (default: @code{#f})
+When set to an integer value, terminate if no user name could be read within
+@var{timeout} seconds.
+
+@item @code{detect-case?} (default: @code{#f})
+When set to @code{#t}, turn on support for detecting an uppercase-only
+terminal. This setting will detect a login name containing only uppercase
+letters as indicating an uppercase-only terminal and turn on some
+upper-to-lower case conversions. Note that this will not support Unicode
+characters.
+
+@item @code{wait-cr?} (default: @code{#f})
+When set to @code{#t}, wait for the user or modem to send a carriage-return
+or linefeed character before displaying @file{/etc/issue} or login prompt.
+This is typically used with the @var{init-string} option.
+
+@item @code{no-hints?} (default: @code{#f})
+When set to @code{#t}, do not print hints about Num, Caps, and Scroll locks.
+
+@item @code{no-hostname?} (default: @code{#f})
+By default, the hostname is printed. When this option is set to @code{#t},
+no hostname will be shown at all.
+
+@item @code{long-hostname?} (default: @code{#f})
+By default, the hostname is only printed until the first dot. When this
+option is set to @code{#t}, the fully qualified hostname by
+@code{gethostname} or @code{getaddrinfo} is shown.
+
+@item @code{erase-characters} (default: @code{#f})
+This option accepts a string of additional characters that should be
+interpreted as backspace when the user types their login name.
+
+@item @code{kill-characters} (default: @code{#f})
+This option accepts a string that should be interpreted to mean "ignore all
+previous characters" (also called a "kill" character) when the types their
+login name.
+
+@item @code{chdir} (default: @code{#f})
+This option accepts, as a string, a directory path that will be changed to
+before login.
+
+@item @code{delay} (default: @code{#f})
+This options accepts, as an integer, the number of seconds to sleep before
+opening the tty and displaying the login prompt.
+
+@item @code{nice} (default: @code{#f})
+This option accepts, as an integer, the nice value with which to run the
+@command{login} program.
+
+@item @code{extra-options} (default: @code{'()})
+This option provides an "escape hatch" for the user to provide arbitrary
+command-line arguments to @command{agetty} as a list of strings.
+
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} kmscon-service-type @var{config}
+Return a service to run
+@uref{https://www.freedesktop.org/wiki/Software/kmscon,kmscon} according to
+@var{config}, a @code{<kmscon-configuration>} object, which specifies the
+tty to run, among other things.
+@end deffn
+
+@deftp {Data Type} kmscon-configuration
+This is the data type representing the configuration of Kmscon, which
+implements virtual console log-in.
+
+@table @asis
+
+@item @code{virtual-terminal}
+The name of the console this Kmscon runs on---e.g., @code{"tty1"}.
+
+@item @code{login-program} (default: @code{#~(string-append #$shadow "/bin/login")})
+A gexp denoting the name of the log-in program. The default log-in program
+is @command{login} from the Shadow tool suite.
+
+@item @code{login-arguments} (default: @code{'("-p")})
+A list of arguments to pass to @command{login}.
+
+@item @code{hardware-acceleration?} (default: #f)
+Whether to use hardware acceleration.
+
+@item @code{kmscon} (default: @var{kmscon})
+The Kmscon package to use.
+
+@end table
+@end deftp
+
+@cindex name service cache daemon
+@cindex nscd
+@deffn {Scheme Procedure} nscd-service [@var{config}] [#:glibc glibc] @
+ [#:name-services '()] Return a service that runs the libc name service cache
+daemon (nscd) with the given @var{config}---an @code{<nscd-configuration>}
+object. @xref{Name Service Switch}, for an example.
+@end deffn
+
+@defvr {Scheme Variable} %nscd-default-configuration
+This is the default @code{<nscd-configuration>} value (see below) used by
+@code{nscd-service}. It uses the caches defined by
+@var{%nscd-default-caches}; see below.
+@end defvr
+
+@deftp {Data Type} nscd-configuration
+This is the data type representing the name service cache daemon (nscd)
+configuration.
+
+@table @asis
+
+@item @code{name-services} (default: @code{'()})
+List of packages denoting @dfn{name services} that must be visible to the
+nscd---e.g., @code{(list @var{nss-mdns})}.
+
+@item @code{glibc} (default: @var{glibc})
+Package object denoting the GNU C Library providing the @command{nscd}
+command.
+
+@item @code{log-file} (default: @code{"/var/log/nscd.log"})
+Name of the nscd log file. This is where debugging output goes when
+@code{debug-level} is strictly positive.
+
+@item @code{debug-level} (default: @code{0})
+Integer denoting the debugging levels. Higher numbers mean that more
+debugging output is logged.
+
+@item @code{caches} (default: @var{%nscd-default-caches})
+List of @code{<nscd-cache>} objects denoting things to be cached; see below.
+
+@end table
+@end deftp
+
+@deftp {Data Type} nscd-cache
+Data type representing a cache database of nscd and its parameters.
+
+@table @asis
+
+@item @code{database}
+This is a symbol representing the name of the database to be cached. Valid
+values are @code{passwd}, @code{group}, @code{hosts}, and @code{services},
+which designate the corresponding NSS database (@pxref{NSS Basics,,, libc,
+The GNU C Library Reference Manual}).
+
+@item @code{positive-time-to-live}
+@itemx @code{negative-time-to-live} (default: @code{20})
+A number representing the number of seconds during which a positive or
+negative lookup result remains in cache.
+
+@item @code{check-files?} (default: @code{#t})
+Whether to check for updates of the files corresponding to @var{database}.
+
+For instance, when @var{database} is @code{hosts}, setting this flag
+instructs nscd to check for updates in @file{/etc/hosts} and to take them
+into account.
+
+@item @code{persistent?} (default: @code{#t})
+Whether the cache should be stored persistently on disk.
+
+@item @code{shared?} (default: @code{#t})
+Whether the cache should be shared among users.
+
+@item @code{max-database-size} (default: 32@tie{}MiB)
+Maximum size in bytes of the database cache.
+
+@c XXX: 'suggested-size' and 'auto-propagate?' seem to be expert
+@c settings, so leave them out.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %nscd-default-caches
+List of @code{<nscd-cache>} objects used by default by
+@code{nscd-configuration} (see above).
+
+It enables persistent and aggressive caching of service and host name
+lookups. The latter provides better host name lookup performance,
+resilience in the face of unreliable name servers, and also better
+privacy---often the result of host name lookups is in local cache, so
+external name servers do not even need to be queried.
+@end defvr
+
+@anchor{syslog-configuration-type}
+@cindex syslog
+@cindex logging
+@deftp {Data Type} syslog-configuration
+This data type represents the configuration of the syslog daemon.
+
+@table @asis
+@item @code{syslogd} (default: @code{#~(string-append #$inetutils "/libexec/syslogd")})
+The syslog daemon to use.
+
+@item @code{config-file} (default: @code{%default-syslog.conf})
+The syslog configuration file to use.
+
+@end table
+@end deftp
+
+@anchor{syslog-service}
+@cindex syslog
+@deffn {Scheme Procedure} syslog-service @var{config}
+Return a service that runs a syslog daemon according to @var{config}.
+
+@xref{syslogd invocation,,, inetutils, GNU Inetutils}, for more information
+on the configuration file syntax.
+@end deffn
+
+@anchor{guix-configuration-type}
+@deftp {Data Type} guix-configuration
+This data type represents the configuration of the Guix build daemon.
+@xref{Invoquer guix-daemon}, for more information.
+
+@table @asis
+@item @code{guix} (default: @var{guix})
+The Guix package to use.
+
+@item @code{build-group} (default: @code{"guixbuild"})
+Name of the group for build user accounts.
+
+@item @code{build-accounts} (default: @code{10})
+Number of build user accounts to create.
+
+@item @code{authorize-key?} (default: @code{#t})
+@cindex substitutes, authorization thereof
+Autoriser ou non les clefs de substituts listées dans @code{authorize-keys}
+— par défaut celle de @code{hydra.gny.org} (@pxref{Substituts}).
+
+@vindex %default-authorized-guix-keys
+@item @code{authorized-keys} (default: @var{%default-authorized-guix-keys})
+La liste des fichiers de clefs autorisées pour les imports d'archives, en
+tant que liste de gexps sous forme de chaînes (@pxref{Invoquer guix archive}). Par défaut, elle contient celle de @code{hydra.gnu.org}
+(@pxref{Substituts}).
+
+@item @code{use-substitutes?} (default: @code{#t})
+Whether to use substitutes.
+
+@item @code{substitute-urls} (default: @var{%default-substitute-urls})
+The list of URLs where to look for substitutes by default.
+
+@item @code{max-silent-time} (default: @code{0})
+@itemx @code{timeout} (default: @code{0})
+The number of seconds of silence and the number of seconds of activity,
+respectively, after which a build process times out. A value of zero
+disables the timeout.
+
+@item @code{log-compression} (default: @code{'bzip2})
+The type of compression used for build logs---one of @code{gzip},
+@code{bzip2}, or @code{none}.
+
+@item @code{extra-options} (default: @code{'()})
+List of extra command-line options for @command{guix-daemon}.
+
+@item @code{log-file} (default: @code{"/var/log/guix-daemon.log"})
+File where @command{guix-daemon}'s standard output and standard error are
+written.
+
+@item @code{http-proxy} (default: @code{#f})
+The HTTP proxy used for downloading fixed-output derivations and
+substitutes.
+
+@item @code{tmpdir} (default: @code{#f})
+A directory path where the @command{guix-daemon} will perform builds.
+
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} guix-service @var{config}
+Return a service that runs the Guix build daemon according to @var{config}.
+@end deffn
+
+@deffn {Scheme Procedure} udev-service [#:udev @var{eudev} #:rules @code{'()}]
+Run @var{udev}, which populates the @file{/dev} directory dynamically. udev
+rules can be provided as a list of files through the @var{rules} variable.
+The procedures @var{udev-rule} and @var{file->udev-rule} from @code{(gnu
+services base)} simplify the creation of such rule files.
+
+@deffn {Scheme Procedure} udev-rule [@var{file-name} @var{contents}]
+Return a udev-rule file named @var{file-name} containing the rules defined
+by the @var{contents} literal.
+
+In the following example, a rule for a USB device is defined to be stored in
+the file @file{90-usb-thing.rules}. The rule runs a script upon detecting a
+USB device with a given product identifier.
+
+@example
+(define %example-udev-rule
+ (udev-rule
+ "90-usb-thing.rules"
+ (string-append "ACTION==\"add\", SUBSYSTEM==\"usb\", "
+ "ATTR@{product@}==\"Example\", "
+ "RUN+=\"/path/to/script\"")))
+@end example
+@end deffn
+
+Here we show how the default @var{udev-service} can be extended with it.
+
+@example
+(operating-system
+ ;; @dots{}
+ (services
+ (modify-services %desktop-services
+ (udev-service-type config =>
+ (udev-configuration (inherit config)
+ (rules (append (udev-configuration-rules config)
+ (list %example-udev-rule))))))))
+@end example
+
+@deffn {Scheme Procedure} file->udev-rule [@var{file-name} @var{file}]
+Return a udev file named @var{file-name} containing the rules defined within
+@var{file}, a file-like object.
+
+The following example showcases how we can use an existing rule file.
+
+@example
+(use-modules (guix download) ;for url-fetch
+ (guix packages) ;for origin
+ ;; @dots{})
+
+(define %android-udev-rules
+ (file->udev-rule
+ "51-android-udev.rules"
+ (let ((version "20170910"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://raw.githubusercontent.com/M0Rf30/"
+ "android-udev-rules/" version "/51-android.rules"))
+ (sha256
+ (base32 "0lmmagpyb6xsq6zcr2w1cyx9qmjqmajkvrdbhjx32gqf1d9is003"))))))
+@end example
+@end deffn
+
+Additionally, Guix package definitions can be included in @var{rules} in
+order to extend the udev rules with the definitions found under their
+@file{lib/udev/rules.d} sub-directory. In lieu of the previous
+@var{file->udev-rule} example, we could have used the
+@var{android-udev-rules} package which exists in Guix in the @code{(gnu
+packages android)} module.
+
+The following example shows how to use the @var{android-udev-rules} package
+so that the Android tool @command{adb} can detect devices without root
+privileges. It also details how to create the @code{adbusers} group, which
+is required for the proper functioning of the rules defined within the
+@var{android-udev-rules} package. To create such a group, we must define it
+both as part of the @var{supplementary-groups} of our @var{user-account}
+declaration, as well as in the @var{groups} field of the
+@var{operating-system} record.
+
+@example
+(use-modules (gnu packages android) ;for android-udev-rules
+ (gnu system shadow) ;for user-group
+ ;; @dots{})
+
+(operating-system
+ ;; @dots{}
+ (users (cons (user-acount
+ ;; @dots{}
+ (supplementary-groups
+ '("adbusers" ;for adb
+ "wheel" "netdev" "audio" "video"))
+ ;; @dots{})))
+
+ (groups (cons (user-group (system? #t) (name "adbusers"))
+ %base-groups))
+
+ ;; @dots{}
+
+ (services
+ (modify-services %desktop-services
+ (udev-service-type config =>
+ (udev-configuration (inherit config)
+ (rules (cons* android-udev-rules
+ (udev-configuration-rules config))))))))
+@end example
+@end deffn
+
+@defvr {Scheme Variable} urandom-seed-service-type
+Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom}
+when rebooting. It also tries to seed @file{/dev/urandom} from
+@file{/dev/hwrng} while booting, if @file{/dev/hwrng} exists and is
+readable.
+@end defvr
+
+@defvr {Scheme Variable} %random-seed-file
+This is the name of the file where some random bytes are saved by
+@var{urandom-seed-service} to seed @file{/dev/urandom} when rebooting. It
+defaults to @file{/var/lib/random-seed}.
+@end defvr
+
+@cindex keymap
+@cindex keyboard
+@deffn {Scheme Procedure} console-keymap-service @var{files} ...
+@cindex keyboard layout
+Return a service to load console keymaps from @var{files} using
+@command{loadkeys} command. Most likely, you want to load some default
+keymap, which can be done like this:
+
+@example
+(console-keymap-service "dvorak")
+@end example
+
+Or, for example, for a Swedish keyboard, you may need to combine the
+following keymaps:
+@example
+(console-keymap-service "se-lat6" "se-fi-lat6")
+@end example
+
+Also you can specify a full file name (or file names) of your keymap(s).
+See @code{man loadkeys} for details.
+
+@end deffn
+
+@cindex mouse
+@cindex gpm
+@deffn {Scheme Procedure} gpm-service [#:gpm @var{gpm}] @
+ [#:options] Run @var{gpm}, the general-purpose mouse daemon, with the given
+command-line @var{options}. GPM allows users to use the mouse in the
+console, notably to select, copy, and paste text. The default value of
+@var{options} uses the @code{ps2} protocol, which works for both USB and
+PS/2 mice.
+
+This service is not part of @var{%base-services}.
+@end deffn
+
+@anchor{guix-publish-service-type}
+@deffn {Scheme Variable} guix-publish-service-type
+This is the service type for @command{guix publish} (@pxref{Invoquer guix publish}). Its value must be a @code{guix-configuration} object, as
+described below.
+
+This assumes that @file{/etc/guix} already contains a signing key pair as
+created by @command{guix archive --generate-key} (@pxref{Invoquer guix archive}). If that is not the case, the service will fail to start.
+@end deffn
+
+@deftp {Data Type} guix-publish-configuration
+Data type representing the configuration of the @code{guix publish} service.
+
+@table @asis
+@item @code{guix} (default: @code{guix})
+The Guix package to use.
+
+@item @code{port} (default: @code{80})
+The TCP port to listen for connections.
+
+@item @code{host} (default: @code{"localhost"})
+The host (and thus, network interface) to listen to. Use @code{"0.0.0.0"}
+to listen on all the network interfaces.
+
+@item @code{compression-level} (default: @code{3})
+The gzip compression level at which substitutes are compressed. Use
+@code{0} to disable compression altogether, and @code{9} to get the best
+compression ratio at the expense of increased CPU usage.
+
+@item @code{nar-path} (default: @code{"nar"})
+The URL path at which ``nars'' can be fetched. @xref{Invoquer guix publish,
+@code{--nar-path}}, for details.
+
+@item @code{cache} (default: @code{#f})
+When it is @code{#f}, disable caching and instead generate archives on
+demand. Otherwise, this should be the name of a directory---e.g.,
+@code{"/var/cache/guix/publish"}---where @command{guix publish} caches
+archives and meta-data ready to be sent. @xref{Invoquer guix publish,
+@option{--cache}}, for more information on the tradeoffs involved.
+
+@item @code{workers} (default: @code{#f})
+When it is an integer, this is the number of worker threads used for
+caching; when @code{#f}, the number of processors is used. @xref{Invoquer guix publish, @option{--workers}}, for more information.
+
+@item @code{ttl} (default: @code{#f})
+When it is an integer, this denotes the @dfn{time-to-live} in seconds of the
+published archives. @xref{Invoquer guix publish, @option{--ttl}}, for more
+information.
+@end table
+@end deftp
+
+@anchor{rngd-service}
+@deffn {Scheme Procedure} rngd-service [#:rng-tools @var{rng-tools}] @
+ [#:device "/dev/hwrng"] Return a service that runs the @command{rngd}
+program from @var{rng-tools} to add @var{device} to the kernel's entropy
+pool. The service will fail if @var{device} does not exist.
+@end deffn
+
+@anchor{pam-limits-service}
+@cindex session limits
+@cindex ulimit
+@cindex priority
+@cindex realtime
+@cindex jackd
+@deffn {Scheme Procedure} pam-limits-service [#:limits @code{'()}]
+
+Return a service that installs a configuration file for the
+@uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html,
+@code{pam_limits} module}. The procedure optionally takes a list of
+@code{pam-limits-entry} values, which can be used to specify @code{ulimit}
+limits and nice priority limits to user sessions.
+
+The following limits definition sets two hard and soft limits for all login
+sessions of users in the @code{realtime} group:
+
+@example
+(pam-limits-service
+ (list
+ (pam-limits-entry "@@realtime" 'both 'rtprio 99)
+ (pam-limits-entry "@@realtime" 'both 'memlock 'unlimited)))
+@end example
+
+The first entry increases the maximum realtime priority for non-privileged
+processes; the second entry lifts any restriction of the maximum address
+space that can be locked in memory. These settings are commonly used for
+real-time audio systems.
+@end deffn
+
+@node Scheduled Job Execution
+@subsubsection Scheduled Job Execution
+
+@cindex cron
+@cindex mcron
+@cindex scheduling jobs
+The @code{(gnu services mcron)} module provides an interface to
+GNU@tie{}mcron, a daemon to run jobs at scheduled times (@pxref{Top,,,
+mcron, GNU@tie{}mcron}). GNU@tie{}mcron is similar to the traditional Unix
+@command{cron} daemon; the main difference is that it is implemented in
+Guile Scheme, which provides a lot of flexibility when specifying the
+scheduling of jobs and their actions.
+
+The example below defines an operating system that runs the
+@command{updatedb} (@pxref{Invoking updatedb,,, find, Finding Files}) and
+the @command{guix gc} commands (@pxref{Invoquer guix gc}) daily, as well as
+the @command{mkid} command on behalf of an unprivileged user (@pxref{mkid
+invocation,,, idutils, ID Database Utilities}). It uses gexps to introduce
+job definitions that are passed to mcron (@pxref{G-Expressions}).
+
+@lisp
+(use-modules (guix) (gnu) (gnu services mcron))
+(use-package-modules base idutils)
+
+(define updatedb-job
+ ;; Run 'updatedb' at 3AM every day. Here we write the
+ ;; job's action as a Scheme procedure.
+ #~(job '(next-hour '(3))
+ (lambda ()
+ (execl (string-append #$findutils "/bin/updatedb")
+ "updatedb"
+ "--prunepaths=/tmp /var/tmp /gnu/store"))))
+
+(define garbage-collector-job
+ ;; Collect garbage 5 minutes after midnight every day.
+ ;; The job's action is a shell command.
+ #~(job "5 0 * * *" ;Vixie cron syntax
+ "guix gc -F 1G"))
+
+(define idutils-job
+ ;; Update the index database as user "charlie" at 12:15PM
+ ;; and 19:15PM. This runs from the user's home directory.
+ #~(job '(next-minute-from (next-hour '(12 19)) '(15))
+ (string-append #$idutils "/bin/mkid src")
+ #:user "charlie"))
+
+(operating-system
+ ;; @dots{}
+ (services (cons (mcron-service (list garbage-collector-job
+ updatedb-job
+ idutils-job))
+ %base-services)))
+@end lisp
+
+@xref{Guile Syntax, mcron job specifications,, mcron, GNU@tie{}mcron}, for
+more information on mcron job specifications. Below is the reference of the
+mcron service.
+
+@deffn {Scheme Procedure} mcron-service @var{jobs} [#:mcron @var{mcron}]
+Return an mcron service running @var{mcron} that schedules @var{jobs}, a
+list of gexps denoting mcron job specifications.
+
+This is a shorthand for:
+@example
+(service mcron-service-type
+ (mcron-configuration (mcron mcron) (jobs jobs)))
+@end example
+@end deffn
+
+@defvr {Scheme Variable} mcron-service-type
+This is the type of the @code{mcron} service, whose value is an
+@code{mcron-configuration} object.
+
+This service type can be the target of a service extension that provides it
+additional job specifications (@pxref{Composition de services}). In other
+words, it is possible to define services that provide additional mcron jobs
+to run.
+@end defvr
+
+@deftp {Data Type} mcron-configuration
+Data type representing the configuration of mcron.
+
+@table @asis
+@item @code{mcron} (default: @var{mcron})
+The mcron package to use.
+
+@item @code{jobs}
+This is a list of gexps (@pxref{G-Expressions}), where each gexp corresponds
+to an mcron job specification (@pxref{Syntax, mcron job specifications,,
+mcron, GNU@tie{}mcron}).
+@end table
+@end deftp
+
+
+@node Log Rotation
+@subsubsection Log Rotation
+
+@cindex rottlog
+@cindex log rotation
+@cindex logging
+Log files such as those found in @file{/var/log} tend to grow endlessly, so
+it's a good idea to @dfn{rotate} them once in a while---i.e., archive their
+contents in separate files, possibly compressed. The @code{(gnu services
+admin)} module provides an interface to GNU@tie{}Rot[t]log, a log rotation
+tool (@pxref{Top,,, rottlog, GNU Rot[t]log Manual}).
+
+The example below defines an operating system that provides log rotation
+with the default settings, for commonly encountered log files.
+
+@lisp
+(use-modules (guix) (gnu))
+(use-service-modules admin mcron)
+(use-package-modules base idutils)
+
+(operating-system
+ ;; @dots{}
+ (services (cons (service rottlog-service-type)
+ %base-services)))
+@end lisp
+
+@defvr {Scheme Variable} rottlog-service-type
+This is the type of the Rottlog service, whose value is a
+@code{rottlog-configuration} object.
+
+Other services can extend this one with new @code{log-rotation} objects (see
+below), thereby augmenting the set of files to be rotated.
+
+This service type can define mcron jobs (@pxref{Scheduled Job Execution}) to
+run the rottlog service.
+@end defvr
+
+@deftp {Data Type} rottlog-configuration
+Data type representing the configuration of rottlog.
+
+@table @asis
+@item @code{rottlog} (default: @code{rottlog})
+The Rottlog package to use.
+
+@item @code{rc-file} (default: @code{(file-append rottlog "/etc/rc")})
+The Rottlog configuration file to use (@pxref{Mandatory RC Variables,,,
+rottlog, GNU Rot[t]log Manual}).
+
+@item @code{rotations} (default: @code{%default-rotations})
+A list of @code{log-rotation} objects as defined below.
+
+@item @code{jobs}
+This is a list of gexps where each gexp corresponds to an mcron job
+specification (@pxref{Scheduled Job Execution}).
+@end table
+@end deftp
+
+@deftp {Data Type} log-rotation
+Data type representing the rotation of a group of log files.
+
+Taking an example from the Rottlog manual (@pxref{Period Related File
+Examples,,, rottlog, GNU Rot[t]log Manual}), a log rotation might be defined
+like this:
+
+@example
+(log-rotation
+ (frequency 'daily)
+ (files '("/var/log/apache/*"))
+ (options '("storedir apache-archives"
+ "rotate 6"
+ "notifempty"
+ "nocompress")))
+@end example
+
+The list of fields is as follows:
+
+@table @asis
+@item @code{frequency} (default: @code{'weekly})
+The log rotation frequency, a symbol.
+
+@item @code{files}
+The list of files or file glob patterns to rotate.
+
+@item @code{options} (default: @code{'()})
+The list of rottlog options for this rotation (@pxref{Configuration
+parameters,,, rottlog, GNU Rot[t]lg Manual}).
+
+@item @code{post-rotate} (default: @code{#f})
+Either @code{#f} or a gexp to execute once the rotation has completed.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %default-rotations
+Specifies weekly rotation of @var{%rotated-files} and a couple of other
+files.
+@end defvr
+
+@defvr {Scheme Variable} %rotated-files
+The list of syslog-controlled files to be rotated. By default it is:
+@code{'("/var/log/messages" "/var/log/secure")}.
+@end defvr
+
+@node Networking Services
+@subsubsection Networking Services
+
+The @code{(gnu services networking)} module provides services to configure
+the network interface.
+
+@cindex DHCP, networking service
+@deffn {Scheme Procedure} dhcp-client-service [#:dhcp @var{isc-dhcp}]
+Return a service that runs @var{dhcp}, a Dynamic Host Configuration Protocol
+(DHCP) client, on all the non-loopback network interfaces.
+@end deffn
+
+@defvr {Scheme Variable} static-networking-service-type
+@c TODO Document <static-networking> data structures.
+This is the type for statically-configured network interfaces.
+@end defvr
+
+@deffn {Scheme Procedure} static-networking-service @var{interface} @var{ip} @
+ [#:netmask #f] [#:gateway #f] [#:name-servers @code{'()}] [#:requirement
+@code{'(udev)}] Return a service that starts @var{interface} with address
+@var{ip}. If @var{netmask} is true, use it as the network mask. If
+@var{gateway} is true, it must be a string specifying the default network
+gateway. @var{requirement} can be used to declare a dependency on another
+service before configuring the interface.
+
+This procedure can be called several times, one for each network interface
+of interest. Behind the scenes what it does is extend
+@code{static-networking-service-type} with additional network interfaces to
+handle.
+@end deffn
+
+@cindex wicd
+@cindex wireless
+@cindex WiFi
+@cindex network management
+@deffn {Scheme Procedure} wicd-service [#:wicd @var{wicd}]
+Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network
+management daemon that aims to simplify wired and wireless networking.
+
+This service adds the @var{wicd} package to the global profile, providing
+several commands to interact with the daemon and configure networking:
+@command{wicd-client}, a graphical user interface, and the
+@command{wicd-cli} and @command{wicd-curses} user interfaces.
+@end deffn
+
+@cindex NetworkManager
+
+@defvr {Scheme Variable} network-manager-service-type
+This is the service type for the
+@uref{https://wiki.gnome.org/Projects/NetworkManager, NetworkManager}
+service. The value for this service type is a
+@code{network-manager-configuration} record.
+
+This service is part of @code{%desktop-services} (@pxref{Desktop Services}).
+@end defvr
+
+@deftp {Data Type} network-manager-configuration
+Data type representing the configuration of NetworkManager.
+
+@table @asis
+@item @code{network-manager} (default: @code{network-manager})
+The NetworkManager package to use.
+
+@item @code{dns} (default: @code{"default"})
+Processing mode for DNS, which affects how NetworkManager uses the
+@code{resolv.conf} configuration file.
+
+@table @samp
+@item default
+NetworkManager will update @code{resolv.conf} to reflect the nameservers
+provided by currently active connections.
+
+@item dnsmasq
+NetworkManager will run @code{dnsmasq} as a local caching nameserver, using
+a "split DNS" configuration if you are connected to a VPN, and then update
+@code{resolv.conf} to point to the local nameserver.
+
+@item none
+NetworkManager will not modify @code{resolv.conf}.
+@end table
+
+@item @code{vpn-plugins} (default: @code{'()})
+This is the list of available plugins for virtual private networks (VPNs).
+An example of this is the @code{network-manager-openvpn} package, which
+allows NetworkManager to manage VPNs @i{via} OpenVPN.
+
+@end table
+@end deftp
+
+@cindex Connman
+@deffn {Scheme Variable} connman-service-type
+This is the service type to run @url{https://01.org/connman,Connman}, a
+network connection manager.
+
+Its value must be an @code{connman-configuration} record as in this example:
+
+@example
+(service connman-service-type
+ (connman-configuration
+ (disable-vpn? #t)))
+@end example
+
+See below for details about @code{connman-configuration}.
+@end deffn
+
+@deftp {Data Type} connman-configuration
+Data Type representing the configuration of connman.
+
+@table @asis
+@item @code{connman} (default: @var{connman})
+The connman package to use.
+
+@item @code{disable-vpn?} (default: @code{#f})
+When true, enable connman's vpn plugin.
+@end table
+@end deftp
+
+@cindex WPA Supplicant
+@defvr {Scheme Variable} wpa-supplicant-service-type
+This is the service type to run @url{https://w1.fi/wpa_supplicant/,WPA
+supplicant}, an authentication daemon required to authenticate against
+encrypted WiFi or ethernet networks. It is configured to listen for
+requests on D-Bus.
+
+The value of this service is the @code{wpa-supplicant} package to use.
+Thus, it can be instantiated like this:
+
+@lisp
+(use-modules (gnu services networking))
+
+(service wpa-supplicant-service-type)
+@end lisp
+@end defvr
+
+@cindex NTP
+@cindex real time clock
+@deffn {Scheme Procedure} ntp-service [#:ntp @var{ntp}] @
+ [#:servers @var{%ntp-servers}] @ [#:allow-large-adjustment? #f] Return a
+service that runs the daemon from @var{ntp}, the @uref{http://www.ntp.org,
+Network Time Protocol package}. The daemon will keep the system clock
+synchronized with that of @var{servers}. @var{allow-large-adjustment?}
+determines whether @command{ntpd} is allowed to make an initial adjustment
+of more than 1,000 seconds.
+@end deffn
+
+@defvr {Scheme Variable} %ntp-servers
+List of host names used as the default NTP servers.
+@end defvr
+
+@cindex OpenNTPD
+@deffn {Scheme Procedure} openntpd-service-type
+Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as
+implemented by @uref{http://www.openntpd.org, OpenNTPD}. The daemon will
+keep the system clock synchronized with that of the given servers.
+
+@example
+(service
+ openntpd-service-type
+ (openntpd-configuration
+ (listen-on '("127.0.0.1" "::1"))
+ (sensor '("udcf0 correction 70000"))
+ (constraint-from '("www.gnu.org"))
+ (constraints-from '("https://www.google.com/"))
+ (allow-large-adjustment? #t)))
+
+@end example
+@end deffn
+
+@deftp {Data Type} openntpd-configuration
+@table @asis
+@item @code{openntpd} (default: @code{(file-append openntpd "/sbin/ntpd")})
+The openntpd executable to use.
+@item @code{listen-on} (default: @code{'("127.0.0.1" "::1")})
+A list of local IP addresses or hostnames the ntpd daemon should listen on.
+@item @code{query-from} (default: @code{'()})
+A list of local IP address the ntpd daemon should use for outgoing queries.
+@item @code{sensor} (default: @code{'()})
+Specify a list of timedelta sensor devices ntpd should use. @code{ntpd}
+will listen to each sensor that acutally exists and ignore non-existant
+ones. See @uref{https://man.openbsd.org/ntpd.conf, upstream documentation}
+for more information.
+@item @code{server} (default: @var{%ntp-servers})
+Specify a list of IP addresses or hostnames of NTP servers to synchronize
+to.
+@item @code{servers} (default: @code{'()})
+Specify a list of IP addresses or hostnames of NTP pools to synchronize to.
+@item @code{constraint-from} (default: @code{'()})
+@code{ntpd} can be configured to query the ‘Date’ from trusted HTTPS servers
+via TLS. This time information is not used for precision but acts as an
+authenticated constraint, thereby reducing the impact of unauthenticated NTP
+man-in-the-middle attacks. Specify a list of URLs, IP addresses or
+hostnames of HTTPS servers to provide a constraint.
+@item @code{constraints-from} (default: @code{'()})
+As with constraint from, specify a list of URLs, IP addresses or hostnames
+of HTTPS servers to provide a constraint. Should the hostname resolve to
+multiple IP addresses, @code{ntpd} will calculate a median constraint from
+all of them.
+@item @code{allow-large-adjustment?} (default: @code{#f})
+Determines if @code{ntpd} is allowed to make an initial adjustment of more
+than 180 seconds.
+@end table
+@end deftp
+
+@cindex inetd
+@deffn {Scheme variable} inetd-service-type
+This service runs the @command{inetd} (@pxref{inetd invocation,,, inetutils,
+GNU Inetutils}) daemon. @command{inetd} listens for connections on internet
+sockets, and lazily starts the specified server program when a connection is
+made on one of these sockets.
+
+The value of this service is an @code{inetd-configuration} object. The
+following example configures the @command{inetd} daemon to provide the
+built-in @command{echo} service, as well as an smtp service which forwards
+smtp traffic over ssh to a server @code{smtp-server} behind a gateway
+@code{hostname}:
+
+@example
+(service
+ inetd-service-type
+ (inetd-configuration
+ (entries (list
+ (inetd-entry
+ (name "echo")
+ (socket-type 'stream)
+ (protocol "tcp")
+ (wait? #f)
+ (user "root"))
+ (inetd-entry
+ (node "127.0.0.1")
+ (name "smtp")
+ (socket-type 'stream)
+ (protocol "tcp")
+ (wait? #f)
+ (user "root")
+ (program (file-append openssh "/bin/ssh"))
+ (arguments
+ '("ssh" "-qT" "-i" "/path/to/ssh_key"
+ "-W" "smtp-server:25" "user@@hostname")))))
+@end example
+
+See below for more details about @code{inetd-configuration}.
+@end deffn
+
+@deftp {Data Type} inetd-configuration
+Data type representing the configuration of @command{inetd}.
+
+@table @asis
+@item @code{program} (default: @code{(file-append inetutils "/libexec/inetd")})
+The @command{inetd} executable to use.
+
+@item @code{entries} (default: @code{'()})
+A list of @command{inetd} service entries. Each entry should be created by
+the @code{inetd-entry} constructor.
+@end table
+@end deftp
+
+@deftp {Data Type} inetd-entry
+Data type representing an entry in the @command{inetd} configuration. Each
+entry corresponds to a socket where @command{inetd} will listen for
+requests.
+
+@table @asis
+@item @code{node} (default: @code{#f})
+Optional string, a comma-separated list of local addresses @command{inetd}
+should use when listening for this service. @xref{Configuration file,,,
+inetutils, GNU Inetutils} for a complete description of all options.
+@item @code{name}
+A string, the name must correspond to an entry in @code{/etc/services}.
+@item @code{socket-type}
+One of @code{'stream}, @code{'dgram}, @code{'raw}, @code{'rdm} or
+@code{'seqpacket}.
+@item @code{protocol}
+A string, must correspond to an entry in @code{/etc/protocols}.
+@item @code{wait?} (default: @code{#t})
+Whether @command{inetd} should wait for the server to exit before listening
+to new service requests.
+@item @code{user}
+A string containing the user (and, optionally, group) name of the user as
+whom the server should run. The group name can be specified in a suffix,
+separated by a colon or period, i.e. @code{"user"}, @code{"user:group"} or
+@code{"user.group"}.
+@item @code{program} (default: @code{"internal"})
+The server program which will serve the requests, or @code{"internal"} if
+@command{inetd} should use a built-in service.
+@item @code{arguments} (default: @code{'()})
+A list strings or file-like objects, which are the server program's
+arguments, starting with the zeroth argument, i.e. the name of the program
+itself. For @command{inetd}'s internal services, this entry must be
+@code{'()} or @code{'("internal")}.
+@end table
+
+@xref{Configuration file,,, inetutils, GNU Inetutils} for a more detailed
+discussion of each configuration field.
+@end deftp
+
+@cindex Tor
+@deffn {Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]
+Return a service to run the @uref{https://torproject.org, Tor} anonymous
+networking daemon.
+
+The daemon runs as the @code{tor} unprivileged user. It is passed
+@var{config-file}, a file-like object, with an additional @code{User tor}
+line and lines for hidden services added via @code{tor-hidden-service}. Run
+@command{man tor} for information about the configuration file.
+@end deffn
+
+@cindex hidden service
+@deffn {Scheme Procedure} tor-hidden-service @var{name} @var{mapping}
+Define a new Tor @dfn{hidden service} called @var{name} and implementing
+@var{mapping}. @var{mapping} is a list of port/host tuples, such as:
+
+@example
+ '((22 "127.0.0.1:22")
+ (80 "127.0.0.1:8080"))
+@end example
+
+In this example, port 22 of the hidden service is mapped to local port 22,
+and port 80 is mapped to local port 8080.
+
+This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory,
+where the @file{hostname} file contains the @code{.onion} host name for the
+hidden service.
+
+See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the
+Tor project's documentation} for more information.
+@end deffn
+
+The @code{(gnu services rsync)} module provides the following services:
+
+You might want an rsync daemon if you have files that you want available so
+anyone (or just yourself) can download existing files or upload new files.
+
+@deffn {Scheme Variable} rsync-service-type
+This is the type for the @uref{https://rsync.samba.org, rsync} rsync daemon,
+@command{rsync-configuration} record as in this example:
+
+@example
+(service rsync-service-type)
+@end example
+
+See below for details about @code{rsync-configuration}.
+@end deffn
+
+@deftp {Data Type} rsync-configuration
+Data type representing the configuration for @code{rsync-service}.
+
+@table @asis
+@item @code{package} (default: @var{rsync})
+@code{rsync} package to use.
+
+@item @code{port-number} (default: @code{873})
+TCP port on which @command{rsync} listens for incoming connections. If port
+is less than @code{1024} @command{rsync} needs to be started as the
+@code{root} user and group.
+
+@item @code{pid-file} (default: @code{"/var/run/rsyncd/rsyncd.pid"})
+Name of the file where @command{rsync} writes its PID.
+
+@item @code{lock-file} (default: @code{"/var/run/rsyncd/rsyncd.lock"})
+Name of the file where @command{rsync} writes its lock file.
+
+@item @code{log-file} (default: @code{"/var/log/rsyncd.log"})
+Name of the file where @command{rsync} writes its log file.
+
+@item @code{use-chroot?} (default: @var{#t})
+Whether to use chroot for @command{rsync} shared directory.
+
+@item @code{share-path} (default: @file{/srv/rsync})
+Location of the @command{rsync} shared directory.
+
+@item @code{share-comment} (default: @code{"Rsync share"})
+Comment of the @command{rsync} shared directory.
+
+@item @code{read-only?} (default: @var{#f})
+Read-write permissions to shared directory.
+
+@item @code{timeout} (default: @code{300})
+I/O timeout in seconds.
+
+@item @code{user} (default: @var{"root"})
+Owner of the @code{rsync} process.
+
+@item @code{group} (default: @var{"root"})
+Group of the @code{rsync} process.
+
+@item @code{uid} (default: @var{"rsyncd"})
+User name or user ID that file transfers to and from that module should take
+place as when the daemon was run as @code{root}.
+
+@item @code{gid} (default: @var{"rsyncd"})
+Group name or group ID that will be used when accessing the module.
+
+@end table
+@end deftp
+
+Furthermore, @code{(gnu services ssh)} provides the following services.
+@cindex SSH
+@cindex SSH server
+
+@deffn {Scheme Procedure} lsh-service [#:host-key "/etc/lsh/host-key"] @
+ [#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @
+[#:allow-empty-passwords? #f] [#:root-login? #f] @ [#:syslog-output? #t]
+[#:x11-forwarding? #t] @ [#:tcp/ip-forwarding? #t]
+[#:password-authentication? #t] @ [#:public-key-authentication? #t]
+[#:initialize? #t] Run the @command{lshd} program from @var{lsh} to listen
+on port @var{port-number}. @var{host-key} must designate a file containing
+the host key, and readable only by root.
+
+When @var{daemonic?} is true, @command{lshd} will detach from the
+controlling terminal and log its output to syslogd, unless one sets
+@var{syslog-output?} to false. Obviously, it also makes lsh-service depend
+on existence of syslogd service. When @var{pid-file?} is true,
+@command{lshd} writes its PID to the file called @var{pid-file}.
+
+When @var{initialize?} is true, automatically create the seed and host key
+upon service activation if they do not exist yet. This may take long and
+require interaction.
+
+When @var{initialize?} is false, it is up to the user to initialize the
+randomness generator (@pxref{lsh-make-seed,,, lsh, LSH Manual}), and to
+create a key pair with the private key stored in file @var{host-key}
+(@pxref{lshd basics,,, lsh, LSH Manual}).
+
+When @var{interfaces} is empty, lshd listens for connections on all the
+network interfaces; otherwise, @var{interfaces} must be a list of host names
+or addresses.
+
+@var{allow-empty-passwords?} specifies whether to accept log-ins with empty
+passwords, and @var{root-login?} specifies whether to accept log-ins as
+root.
+
+The other options should be self-descriptive.
+@end deffn
+
+@cindex SSH
+@cindex SSH server
+@deffn {Scheme Variable} openssh-service-type
+This is the type for the @uref{http://www.openssh.org, OpenSSH} secure shell
+daemon, @command{sshd}. Its value must be an @code{openssh-configuration}
+record as in this example:
+
+@example
+(service openssh-service-type
+ (openssh-configuration
+ (x11-forwarding? #t)
+ (permit-root-login 'without-password)
+ (authorized-keys
+ `(("alice" ,(local-file "alice.pub"))
+ ("bob" ,(local-file "bob.pub"))))))
+@end example
+
+See below for details about @code{openssh-configuration}.
+
+This service can be extended with extra authorized keys, as in this example:
+
+@example
+(service-extension openssh-service-type
+ (const `(("charlie"
+ ,(local-file "charlie.pub")))))
+@end example
+@end deffn
+
+@deftp {Data Type} openssh-configuration
+This is the configuration record for OpenSSH's @command{sshd}.
+
+@table @asis
+@item @code{pid-file} (default: @code{"/var/run/sshd.pid"})
+Name of the file where @command{sshd} writes its PID.
+
+@item @code{port-number} (default: @code{22})
+TCP port on which @command{sshd} listens for incoming connections.
+
+@item @code{permit-root-login} (default: @code{#f})
+This field determines whether and when to allow logins as root. If
+@code{#f}, root logins are disallowed; if @code{#t}, they are allowed. If
+it's the symbol @code{'without-password}, then root logins are permitted but
+not with password-based authentication.
+
+@item @code{allow-empty-passwords?} (default: @code{#f})
+When true, users with empty passwords may log in. When false, they may not.
+
+@item @code{password-authentication?} (default: @code{#t})
+When true, users may log in with their password. When false, they have
+other authentication methods.
+
+@item @code{public-key-authentication?} (default: @code{#t})
+When true, users may log in using public key authentication. When false,
+users have to use other authentication method.
+
+Authorized public keys are stored in @file{~/.ssh/authorized_keys}. This is
+used only by protocol version 2.
+
+@item @code{x11-forwarding?} (default: @code{#f})
+When true, forwarding of X11 graphical client connections is enabled---in
+other words, @command{ssh} options @option{-X} and @option{-Y} will work.
+
+@item @code{challenge-response-authentication?} (default: @code{#f})
+Specifies whether challenge response authentication is allowed (e.g. via
+PAM).
+
+@item @code{use-pam?} (default: @code{#t})
+Enables the Pluggable Authentication Module interface. If set to @code{#t},
+this will enable PAM authentication using
+@code{challenge-response-authentication?} and
+@code{password-authentication?}, in addition to PAM account and session
+module processing for all authentication types.
+
+Because PAM challenge response authentication usually serves an equivalent
+role to password authentication, you should disable either
+@code{challenge-response-authentication?} or
+@code{password-authentication?}.
+
+@item @code{print-last-log?} (default: @code{#t})
+Specifies whether @command{sshd} should print the date and time of the last
+user login when a user logs in interactively.
+
+@item @code{subsystems} (default: @code{'(("sftp" "internal-sftp"))})
+Configures external subsystems (e.g. file transfer daemon).
+
+This is a list of two-element lists, each of which containing the subsystem
+name and a command (with optional arguments) to execute upon subsystem
+request.
+
+The command @command{internal-sftp} implements an in-process SFTP server.
+Alternately, one can specify the @command{sftp-server} command:
+@example
+(service openssh-service-type
+ (openssh-configuration
+ (subsystems
+ `(("sftp" ,(file-append openssh "/libexec/sftp-server"))))))
+@end example
+
+@item @code{accepted-environment} (default: @code{'()})
+List of strings describing which environment variables may be exported.
+
+Each string gets on its own line. See the @code{AcceptEnv} option in
+@code{man sshd_config}.
+
+This example allows ssh-clients to export the @code{COLORTERM} variable. It
+is set by terminal emulators, which support colors. You can use it in your
+shell's ressource file to enable colors for the prompt and commands if this
+variable is set.
+
+@example
+(service openssh-service-type
+ (openssh-configuration
+ (accepted-environment '("COLORTERM"))))
+@end example
+
+@item @code{authorized-keys} (default: @code{'()})
+@cindex authorized keys, SSH
+@cindex SSH authorized keys
+This is the list of authorized keys. Each element of the list is a user
+name followed by one or more file-like objects that represent SSH public
+keys. For example:
+
+@example
+(openssh-configuration
+ (authorized-keys
+ `(("rekado" ,(local-file "rekado.pub"))
+ ("chris" ,(local-file "chris.pub"))
+ ("root" ,(local-file "rekado.pub") ,(local-file "chris.pub")))))
+@end example
+
+@noindent
+registers the specified public keys for user accounts @code{rekado},
+@code{chris}, and @code{root}.
+
+Additional authorized keys can be specified @i{via}
+@code{service-extension}.
+
+Note that this does @emph{not} interfere with the use of
+@file{~/.ssh/authorized_keys}.
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} dropbear-service [@var{config}]
+Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH
+daemon} with the given @var{config}, a @code{<dropbear-configuration>}
+object.
+
+For example, to specify a Dropbear service listening on port 1234, add this
+call to the operating system's @code{services} field:
+
+@example
+(dropbear-service (dropbear-configuration
+ (port-number 1234)))
+@end example
+@end deffn
+
+@deftp {Data Type} dropbear-configuration
+This data type represents the configuration of a Dropbear SSH daemon.
+
+@table @asis
+@item @code{dropbear} (default: @var{dropbear})
+The Dropbear package to use.
+
+@item @code{port-number} (default: 22)
+The TCP port where the daemon waits for incoming connections.
+
+@item @code{syslog-output?} (default: @code{#t})
+Whether to enable syslog output.
+
+@item @code{pid-file} (default: @code{"/var/run/dropbear.pid"})
+File name of the daemon's PID file.
+
+@item @code{root-login?} (default: @code{#f})
+Whether to allow @code{root} logins.
+
+@item @code{allow-empty-passwords?} (default: @code{#f})
+Whether to allow empty passwords.
+
+@item @code{password-authentication?} (default: @code{#t})
+Whether to enable password-based authentication.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %facebook-host-aliases
+This variable contains a string for use in @file{/etc/hosts} (@pxref{Host
+Names,,, libc, The GNU C Library Reference Manual}). Each line contains a
+entry that maps a known server name of the Facebook on-line service---e.g.,
+@code{www.facebook.com}---to the local host---@code{127.0.0.1} or its IPv6
+equivalent, @code{::1}.
+
+This variable is typically used in the @code{hosts-file} field of an
+@code{operating-system} declaration (@pxref{Référence de système d'exploitation,
+@file{/etc/hosts}}):
+
+@example
+(use-modules (gnu) (guix))
+
+(operating-system
+ (host-name "mymachine")
+ ;; ...
+ (hosts-file
+ ;; Create a /etc/hosts file with aliases for "localhost"
+ ;; and "mymachine", as well as for Facebook servers.
+ (plain-file "hosts"
+ (string-append (local-host-aliases host-name)
+ %facebook-host-aliases))))
+@end example
+
+This mechanism can prevent programs running locally, such as Web browsers,
+from accessing Facebook.
+@end defvr
+
+The @code{(gnu services avahi)} provides the following definition.
+
+@deffn {Scheme Procedure} avahi-service [#:avahi @var{avahi}] @
+ [#:host-name #f] [#:publish? #t] [#:ipv4? #t] @ [#:ipv6? #t] [#:wide-area?
+#f] @ [#:domains-to-browse '()] [#:debug? #f] Return a service that runs
+@command{avahi-daemon}, a system-wide mDNS/DNS-SD responder that allows for
+service discovery and "zero-configuration" host name lookups (see
+@uref{http://avahi.org/}), and extends the name service cache daemon (nscd)
+so that it can resolve @code{.local} host names using
+@uref{http://0pointer.de/lennart/projects/nss-mdns/, nss-mdns}.
+Additionally, add the @var{avahi} package to the system profile so that
+commands such as @command{avahi-browse} are directly usable.
+
+If @var{host-name} is different from @code{#f}, use that as the host name to
+publish for this machine; otherwise, use the machine's actual host name.
+
+When @var{publish?} is true, publishing of host names and services is
+allowed; in particular, avahi-daemon will publish the machine's host name
+and IP address via mDNS on the local network.
+
+When @var{wide-area?} is true, DNS-SD over unicast DNS is enabled.
+
+Boolean values @var{ipv4?} and @var{ipv6?} determine whether to use
+IPv4/IPv6 sockets.
+@end deffn
+
+@deffn {Scheme Variable} openvswitch-service-type
+This is the type of the @uref{http://www.openvswitch.org, Open vSwitch}
+service, whose value should be an @code{openvswitch-configuration} object.
+@end deffn
+
+@deftp {Data Type} openvswitch-configuration
+Data type representing the configuration of Open vSwitch, a multilayer
+virtual switch which is designed to enable massive network automation
+through programmatic extension.
+
+@table @asis
+@item @code{package} (default: @var{openvswitch})
+Package object of the Open vSwitch.
+
+@end table
+@end deftp
+
+@node X Window
+@subsubsection X Window
+
+@cindex X11
+@cindex X Window System
+@cindex login manager
+Support for the X Window graphical display system---specifically Xorg---is
+provided by the @code{(gnu services xorg)} module. Note that there is no
+@code{xorg-service} procedure. Instead, the X server is started by the
+@dfn{login manager}, by default SLiM.
+
+@cindex window manager
+To use X11, you must install at least one @dfn{window manager}---for example
+the @code{windowmaker} or @code{openbox} packages---preferably by adding it
+to the @code{packages} field of your operating system definition
+(@pxref{Référence de système d'exploitation, system-wide packages}).
+
+@defvr {Scheme Variable} slim-service-type
+This is the type for the SLiM graphical login manager for X11.
+
+@cindex session types (X11)
+@cindex X11 session types
+SLiM looks for @dfn{session types} described by the @file{.desktop} files in
+@file{/run/current-system/profile/share/xsessions} and allows users to
+choose a session from the log-in screen using @kbd{F1}. Packages such as
+@code{xfce}, @code{sawfish}, and @code{ratpoison} provide @file{.desktop}
+files; adding them to the system-wide set of packages automatically makes
+them available at the log-in screen.
+
+In addition, @file{~/.xsession} files are honored. When available,
+@file{~/.xsession} must be an executable that starts a window manager and/or
+other X clients.
+@end defvr
+
+@deftp {Data Type} slim-configuration
+Data type representing the configuration of @code{slim-service-type}.
+
+@table @asis
+@item @code{allow-empty-passwords?} (default: @code{#t})
+Whether to allow logins with empty passwords.
+
+@item @code{auto-login?} (default: @code{#f})
+@itemx @code{default-user} (default: @code{""})
+When @code{auto-login?} is false, SLiM presents a log-in screen.
+
+When @code{auto-login?} is true, SLiM logs in directly as
+@code{default-user}.
+
+@item @code{theme} (default: @code{%default-slim-theme})
+@itemx @code{theme-name} (default: @code{%default-slim-theme-name})
+The graphical theme to use and its name.
+
+@item @code{auto-login-session} (default: @code{#f})
+If true, this must be the name of the executable to start as the default
+session---e.g., @code{(file-append windowmaker "/bin/windowmaker")}.
+
+If false, a session described by one of the available @file{.desktop} files
+in @code{/run/current-system/profile} and @code{~/.guix-profile} will be
+used.
+
+@quotation Note
+You must install at least one window manager in the system profile or in
+your user profile. Failing to do that, if @code{auto-login-session} is
+false, you will be unable to log in.
+@end quotation
+
+@item @code{startx} (default: @code{(xorg-start-command)})
+The command used to start the X11 graphical server.
+
+@item @code{xauth} (default: @code{xauth})
+The XAuth package to use.
+
+@item @code{shepherd} (default: @code{shepherd})
+The Shepherd package used when invoking @command{halt} and @command{reboot}.
+
+@item @code{sessreg} (default: @code{sessreg})
+The sessreg package used in order to register the session.
+
+@item @code{slim} (default: @code{slim})
+The SLiM package to use.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %default-theme
+@defvrx {Scheme Variable} %default-theme-name
+The default SLiM theme and its name.
+@end defvr
+
+
+@deftp {Data Type} sddm-configuration
+This is the data type representing the sddm service configuration.
+
+@table @asis
+@item @code{display-server} (default: "x11")
+Select display server to use for the greeter. Valid values are "x11" or
+"wayland".
+
+@item @code{numlock} (default: "on")
+Valid values are "on", "off" or "none".
+
+@item @code{halt-command} (default @code{#~(string-apppend #$shepherd "/sbin/halt")})
+Command to run when halting.
+
+@item @code{reboot-command} (default @code{#~(string-append #$shepherd "/sbin/reboot")})
+Command to run when rebooting.
+
+@item @code{theme} (default "maldives")
+Theme to use. Default themes provided by SDDM are "elarun" or "maldives".
+
+@item @code{themes-directory} (default "/run/current-system/profile/share/sddm/themes")
+Directory to look for themes.
+
+@item @code{faces-directory} (default "/run/current-system/profile/share/sddm/faces")
+Directory to look for faces.
+
+@item @code{default-path} (default "/run/current-system/profile/bin")
+Default PATH to use.
+
+@item @code{minimum-uid} (default 1000)
+Minimum UID to display in SDDM.
+
+@item @code{maximum-uid} (default 2000)
+Maximum UID to display in SDDM
+
+@item @code{remember-last-user?} (default #t)
+Remember last user.
+
+@item @code{remember-last-session?} (default #t)
+Remember last session.
+
+@item @code{hide-users} (default "")
+Usernames to hide from SDDM greeter.
+
+@item @code{hide-shells} (default @code{#~(string-append #$shadow "/sbin/nologin")})
+Users with shells listed will be hidden from the SDDM greeter.
+
+@item @code{session-command} (default @code{#~(string-append #$sddm "/share/sddm/scripts/wayland-session")})
+Script to run before starting a wayland session.
+
+@item @code{sessions-directory} (default "/run/current-system/profile/share/wayland-sessions")
+Directory to look for desktop files starting wayland sessions.
+
+@item @code{xorg-server-path} (default @code{xorg-start-command})
+Path to xorg-server.
+
+@item @code{xauth-path} (default @code{#~(string-append #$xauth "/bin/xauth")})
+Path to xauth.
+
+@item @code{xephyr-path} (default @code{#~(string-append #$xorg-server "/bin/Xephyr")})
+Path to Xephyr.
+
+@item @code{xdisplay-start} (default @code{#~(string-append #$sddm "/share/sddm/scripts/Xsetup")})
+Script to run after starting xorg-server.
+
+@item @code{xdisplay-stop} (default @code{#~(string-append #$sddm "/share/sddm/scripts/Xstop")})
+Script to run before stopping xorg-server.
+
+@item @code{xsession-command} (default: @code{xinitr })
+Script to run before starting a X session.
+
+@item @code{xsessions-directory} (default: "/run/current-system/profile/share/xsessions")
+Directory to look for desktop files starting X sessions.
+
+@item @code{minimum-vt} (default: 7)
+Minimum VT to use.
+
+@item @code{xserver-arguments} (default "-nolisten tcp")
+Arguments to pass to xorg-server.
+
+@item @code{auto-login-user} (default "")
+User to use for auto-login.
+
+@item @code{auto-login-session} (default "")
+Desktop file to use for auto-login.
+
+@item @code{relogin?} (default #f)
+Relogin after logout.
+
+@end table
+@end deftp
+
+@cindex login manager
+@cindex X11 login
+@deffn {Scheme Procedure} sddm-service config
+Return a service that spawns the SDDM graphical login manager for config of
+type @code{<sddm-configuration>}.
+
+@example
+ (sddm-service (sddm-configuration
+ (auto-login-user "Alice")
+ (auto-login-session "xfce.desktop")))
+@end example
+@end deffn
+
+@deffn {Scheme Procedure} xorg-start-command [#:guile] @
+ [#:modules %default-xorg-modules] @ [#:fonts %default-xorg-fonts] @
+[#:configuration-file (xorg-configuration-file @dots{})] @ [#:xorg-server
+@var{xorg-server}] Return a @code{startx} script in which @var{modules}, a
+list of X module packages, and @var{fonts}, a list of X font directories,
+are available. See @code{xorg-wrapper} for more details on the arguments.
+The result should be used in place of @code{startx}.
+
+Usually the X server is started by a login manager.
+@end deffn
+
+@deffn {Scheme Procedure} xorg-configuration-file @
+ [#:modules %default-xorg-modules] @ [#:fonts %default-xorg-fonts] @
+[#:drivers '()] [#:resolutions '()] [#:extra-config '()] Return a
+configuration file for the Xorg server containing search paths for all the
+common drivers.
+
+@var{modules} must be a list of @dfn{module packages} loaded by the Xorg
+server---e.g., @code{xf86-video-vesa}, @code{xf86-input-keyboard}, and so
+on. @var{fonts} must be a list of font directories to add to the server's
+@dfn{font path}.
+
+@var{drivers} must be either the empty list, in which case Xorg chooses a
+graphics driver automatically, or a list of driver names that will be tried
+in this order---e.g., @code{("modesetting" "vesa")}.
+
+Likewise, when @var{resolutions} is the empty list, Xorg chooses an
+appropriate screen resolution; otherwise, it must be a list of
+resolutions---e.g., @code{((1024 768) (640 480))}.
+
+Last, @var{extra-config} is a list of strings or objects appended to the
+configuration file. It is used to pass extra text to be added verbatim to
+the configuration file.
+@end deffn
+
+@deffn {Scheme Procedure} screen-locker-service @var{package} [@var{program}]
+Add @var{package}, a package for a screen locker or screen saver whose
+command is @var{program}, to the set of setuid programs and add a PAM entry
+for it. For example:
+
+@lisp
+(screen-locker-service xlockmore "xlock")
+@end lisp
+
+makes the good ol' XlockMore usable.
+@end deffn
+
+
+@node Printing Services
+@subsubsection Printing Services
+
+@cindex printer support with CUPS
+The @code{(gnu services cups)} module provides a Guix service definition for
+the CUPS printing service. To add printer support to a GuixSD system, add a
+@code{cups-service} to the operating system definition:
+
+@deffn {Scheme Variable} cups-service-type
+The service type for the CUPS print server. Its value should be a valid
+CUPS configuration (see below). To use the default settings, simply write:
+@example
+(service cups-service-type)
+@end example
+@end deffn
+
+The CUPS configuration controls the basic things about your CUPS
+installation: what interfaces it listens on, what to do if a print job
+fails, how much logging to do, and so on. To actually add a printer, you
+have to visit the @url{http://localhost:631} URL, or use a tool such as
+GNOME's printer configuration services. By default, configuring a CUPS
+service will generate a self-signed certificate if needed, for secure
+connections to the print server.
+
+Suppose you want to enable the Web interface of CUPS and also add support
+for Epson printers @i{via} the @code{escpr} package and for HP printers
+@i{via} the @code{hplip} package. You can do that directly, like this (you
+need to use the @code{(gnu packages cups)} module):
+
+@example
+(service cups-service-type
+ (cups-configuration
+ (web-interface? #t)
+ (extensions
+ (list cups-filters escpr hplip))))
+@end example
+
+The available configuration parameters follow. Each parameter definition is
+preceded by its type; for example, @samp{string-list foo} indicates that the
+@code{foo} parameter should be specified as a list of strings. There is
+also a way to specify the configuration as a string, if you have an old
+@code{cupsd.conf} file that you want to port over from some other system;
+see the end for more details.
+
+@c The following documentation was initially generated by
+@c (generate-documentation) in (gnu services cups). Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed. However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as CUPS updates.
+
+
+Available @code{cups-configuration} fields are:
+
+@deftypevr {@code{cups-configuration} parameter} package cups
+The CUPS package.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} package-list extensions
+Drivers and other extensions to the CUPS package.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} files-configuration files-configuration
+Configuration of where to write logs, what directories to use for print
+spools, and related privileged configuration parameters.
+
+Available @code{files-configuration} fields are:
+
+@deftypevr {@code{files-configuration} parameter} log-location access-log
+Defines the access log filename. Specifying a blank filename disables
+access log generation. The value @code{stderr} causes log entries to be
+sent to the standard error file when the scheduler is running in the
+foreground, or to the system log daemon when run in the background. The
+value @code{syslog} causes log entries to be sent to the system log daemon.
+The server name may be included in filenames using the string @code{%s}, as
+in @code{/var/log/cups/%s-access_log}.
+
+Defaults to @samp{"/var/log/cups/access_log"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name cache-dir
+Where CUPS should cache data.
+
+Defaults to @samp{"/var/cache/cups"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string config-file-perm
+Specifies the permissions for all configuration files that the scheduler
+writes.
+
+Note that the permissions for the printers.conf file are currently masked to
+only allow access from the scheduler user (typically root). This is done
+because printer device URIs sometimes contain sensitive authentication
+information that should not be generally known on the system. There is no
+way to disable this security feature.
+
+Defaults to @samp{"0640"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} log-location error-log
+Defines the error log filename. Specifying a blank filename disables access
+log generation. The value @code{stderr} causes log entries to be sent to
+the standard error file when the scheduler is running in the foreground, or
+to the system log daemon when run in the background. The value
+@code{syslog} causes log entries to be sent to the system log daemon. The
+server name may be included in filenames using the string @code{%s}, as in
+@code{/var/log/cups/%s-error_log}.
+
+Defaults to @samp{"/var/log/cups/error_log"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string fatal-errors
+Specifies which errors are fatal, causing the scheduler to exit. The kind
+strings are:
+
+@table @code
+@item none
+No errors are fatal.
+
+@item all
+All of the errors below are fatal.
+
+@item browse
+Browsing initialization errors are fatal, for example failed connections to
+the DNS-SD daemon.
+
+@item config
+Configuration file syntax errors are fatal.
+
+@item listen
+Listen or Port errors are fatal, except for IPv6 failures on the loopback or
+@code{any} addresses.
+
+@item log
+Log file creation or write errors are fatal.
+
+@item permissions
+Bad startup file permissions are fatal, for example shared TLS certificate
+and key files with world-read permissions.
+@end table
+
+Defaults to @samp{"all -browse"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} boolean file-device?
+Specifies whether the file pseudo-device can be used for new printer
+queues. The URI @uref{file:///dev/null} is always allowed.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string group
+Specifies the group name or ID that will be used when executing external
+programs.
+
+Defaults to @samp{"lp"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string log-file-perm
+Specifies the permissions for all log files that the scheduler writes.
+
+Defaults to @samp{"0644"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} log-location page-log
+Defines the page log filename. Specifying a blank filename disables access
+log generation. The value @code{stderr} causes log entries to be sent to
+the standard error file when the scheduler is running in the foreground, or
+to the system log daemon when run in the background. The value
+@code{syslog} causes log entries to be sent to the system log daemon. The
+server name may be included in filenames using the string @code{%s}, as in
+@code{/var/log/cups/%s-page_log}.
+
+Defaults to @samp{"/var/log/cups/page_log"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string remote-root
+Specifies the username that is associated with unauthenticated accesses by
+clients claiming to be the root user. The default is @code{remroot}.
+
+Defaults to @samp{"remroot"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name request-root
+Specifies the directory that contains print jobs and other HTTP request
+data.
+
+Defaults to @samp{"/var/spool/cups"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} sandboxing sandboxing
+Specifies the level of security sandboxing that is applied to print filters,
+backends, and other child processes of the scheduler; either @code{relaxed}
+or @code{strict}. This directive is currently only used/supported on macOS.
+
+Defaults to @samp{strict}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name server-keychain
+Specifies the location of TLS certificates and private keys. CUPS will look
+for public and private keys in this directory: a @code{.crt} files for
+PEM-encoded certificates and corresponding @code{.key} files for PEM-encoded
+private keys.
+
+Defaults to @samp{"/etc/cups/ssl"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name server-root
+Specifies the directory containing the server configuration files.
+
+Defaults to @samp{"/etc/cups"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} boolean sync-on-close?
+Specifies whether the scheduler calls fsync(2) after writing configuration
+or state files.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} space-separated-string-list system-group
+Specifies the group(s) to use for @code{@@SYSTEM} group authentication.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} file-name temp-dir
+Specifies the directory where temporary files are stored.
+
+Defaults to @samp{"/var/spool/cups/tmp"}.
+@end deftypevr
+
+@deftypevr {@code{files-configuration} parameter} string user
+Specifies the user name or ID that is used when running external programs.
+
+Defaults to @samp{"lp"}.
+@end deftypevr
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} access-log-level access-log-level
+Specifies the logging level for the AccessLog file. The @code{config} level
+logs when printers and classes are added, deleted, or modified and when
+configuration files are accessed or updated. The @code{actions} level logs
+when print jobs are submitted, held, released, modified, or canceled, and
+any of the conditions for @code{config}. The @code{all} level logs all
+requests.
+
+Defaults to @samp{actions}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean auto-purge-jobs?
+Specifies whether to purge job history data automatically when it is no
+longer required for quotas.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} browse-local-protocols browse-local-protocols
+Specifies which protocols to use for local printer sharing.
+
+Defaults to @samp{dnssd}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean browse-web-if?
+Specifies whether the CUPS web interface is advertised.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean browsing?
+Specifies whether shared printers are advertised.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string classification
+Specifies the security classification of the server. Any valid banner name
+can be used, including "classified", "confidential", "secret", "topsecret",
+and "unclassified", or the banner can be omitted to disable secure printing
+functions.
+
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean classify-override?
+Specifies whether users may override the classification (cover page) of
+individual print jobs using the @code{job-sheets} option.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} default-auth-type default-auth-type
+Specifies the default type of authentication to use.
+
+Defaults to @samp{Basic}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} default-encryption default-encryption
+Specifies whether encryption will be used for authenticated requests.
+
+Defaults to @samp{Required}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string default-language
+Specifies the default language to use for text and web content.
+
+Defaults to @samp{"en"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string default-paper-size
+Specifies the default paper size for new print queues. @samp{"Auto"} uses a
+locale-specific default, while @samp{"None"} specifies there is no default
+paper size. Specific size names are typically @samp{"Letter"} or
+@samp{"A4"}.
+
+Defaults to @samp{"Auto"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string default-policy
+Specifies the default access policy to use.
+
+Defaults to @samp{"default"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean default-shared?
+Specifies whether local printers are shared by default.
+
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer dirty-clean-interval
+Specifies the delay for updating of configuration and state files, in
+seconds. A value of 0 causes the update to happen as soon as possible,
+typically within a few milliseconds.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} error-policy error-policy
+Specifies what to do when an error occurs. Possible values are
+@code{abort-job}, which will discard the failed print job; @code{retry-job},
+which will retry the job at a later time; @code{retry-this-job}, which
+retries the failed job immediately; and @code{stop-printer}, which stops the
+printer.
+
+Defaults to @samp{stop-printer}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-limit
+Specifies the maximum cost of filters that are run concurrently, which can
+be used to minimize disk, memory, and CPU resource problems. A limit of 0
+disables filter limiting. An average print to a non-PostScript printer
+needs a filter limit of about 200. A PostScript printer needs about half
+that (100). Setting the limit below these thresholds will effectively limit
+the scheduler to printing a single job at any time.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer filter-nice
+Specifies the scheduling priority of filters that are run to print a job.
+The nice value ranges from 0, the highest priority, to 19, the lowest
+priority.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} host-name-lookups host-name-lookups
+Specifies whether to do reverse lookups on connecting clients. The
+@code{double} setting causes @code{cupsd} to verify that the hostname
+resolved from the address matches one of the addresses returned for that
+hostname. Double lookups also prevent clients with unregistered addresses
+from connecting to your server. Only set this option to @code{#t} or
+@code{double} if absolutely required.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-kill-delay
+Specifies the number of seconds to wait before killing the filters and
+backend associated with a canceled or held job.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-interval
+Specifies the interval between retries of jobs in seconds. This is
+typically used for fax queues but can also be used with normal print queues
+whose error policy is @code{retry-job} or @code{retry-current-job}.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer job-retry-limit
+Specifies the number of retries that are done for jobs. This is typically
+used for fax queues but can also be used with normal print queues whose
+error policy is @code{retry-job} or @code{retry-current-job}.
+
+Defaults to @samp{5}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean keep-alive?
+Specifies whether to support HTTP keep-alive connections.
+
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer keep-alive-timeout
+Specifies how long an idle client connection remains open, in seconds.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer limit-request-body
+Specifies the maximum size of print files, IPP requests, and HTML form
+data. A limit of 0 disables the limit check.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} multiline-string-list listen
+Listens on the specified interfaces for connections. Valid values are of
+the form @var{address}:@var{port}, where @var{address} is either an IPv6
+address enclosed in brackets, an IPv4 address, or @code{*} to indicate all
+addresses. Values can also be file names of local UNIX domain sockets. The
+Listen directive is similar to the Port directive but allows you to restrict
+access to specific interfaces or networks.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer listen-back-log
+Specifies the number of pending connections that will be allowed. This
+normally only affects very busy servers that have reached the MaxClients
+limit, but can also be triggered by large numbers of simultaneous
+connections. When the limit is reached, the operating system will refuse
+additional connections until the scheduler can accept the pending ones.
+
+Defaults to @samp{128}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} location-access-control-list location-access-controls
+Specifies a set of additional access controls.
+
+Available @code{location-access-controls} fields are:
+
+@deftypevr {@code{location-access-controls} parameter} file-name path
+Specifies the URI path to which the access control applies.
+@end deftypevr
+
+@deftypevr {@code{location-access-controls} parameter} access-control-list access-controls
+Access controls for all access to this path, in the same format as the
+@code{access-controls} of @code{operation-access-control}.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{location-access-controls} parameter} method-access-control-list method-access-controls
+Access controls for method-specific access to this path.
+
+Defaults to @samp{()}.
+
+Available @code{method-access-controls} fields are:
+
+@deftypevr {@code{method-access-controls} parameter} boolean reverse?
+If @code{#t}, apply access controls to all methods except the listed
+methods. Otherwise apply to only the listed methods.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{method-access-controls} parameter} method-list methods
+Methods to which this access control applies.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{method-access-controls} parameter} access-control-list access-controls
+Access control directives, as a list of strings. Each string should be one
+directive, such as "Order allow,deny".
+
+Defaults to @samp{()}.
+@end deftypevr
+@end deftypevr
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer log-debug-history
+Specifies the number of debugging messages that are retained for logging if
+an error occurs in a print job. Debug messages are logged regardless of the
+LogLevel setting.
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} log-level log-level
+Specifies the level of logging for the ErrorLog file. The value @code{none}
+stops all logging while @code{debug2} logs everything.
+
+Defaults to @samp{info}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} log-time-format log-time-format
+Specifies the format of the date and time in the log files. The value
+@code{standard} logs whole seconds while @code{usecs} logs microseconds.
+
+Defaults to @samp{standard}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients
+Specifies the maximum number of simultaneous clients that are allowed by the
+scheduler.
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-clients-per-host
+Specifies the maximum number of simultaneous clients that are allowed from a
+single address.
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-copies
+Specifies the maximum number of copies that a user can print of each job.
+
+Defaults to @samp{9999}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-hold-time
+Specifies the maximum time a job may remain in the @code{indefinite} hold
+state before it is canceled. A value of 0 disables cancellation of held
+jobs.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs
+Specifies the maximum number of simultaneous jobs that are allowed. Set to
+0 to allow an unlimited number of jobs.
+
+Defaults to @samp{500}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-printer
+Specifies the maximum number of simultaneous jobs that are allowed per
+printer. A value of 0 allows up to MaxJobs jobs per printer.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-jobs-per-user
+Specifies the maximum number of simultaneous jobs that are allowed per
+user. A value of 0 allows up to MaxJobs jobs per user.
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-job-time
+Specifies the maximum time a job may take to print before it is canceled, in
+seconds. Set to 0 to disable cancellation of "stuck" jobs.
+
+Defaults to @samp{10800}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer max-log-size
+Specifies the maximum size of the log files before they are rotated, in
+bytes. The value 0 disables log rotation.
+
+Defaults to @samp{1048576}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer multiple-operation-timeout
+Specifies the maximum amount of time to allow between files in a multiple
+file print job, in seconds.
+
+Defaults to @samp{300}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string page-log-format
+Specifies the format of PageLog lines. Sequences beginning with percent
+(@samp{%}) characters are replaced with the corresponding information, while
+all other characters are copied literally. The following percent sequences
+are recognized:
+
+@table @samp
+@item %%
+insert a single percent character
+
+@item %@{name@}
+insert the value of the specified IPP attribute
+
+@item %C
+insert the number of copies for the current page
+
+@item %P
+insert the current page number
+
+@item %T
+insert the current date and time in common log format
+
+@item %j
+insert the job ID
+
+@item %p
+insert the printer name
+
+@item %u
+insert the username
+@end table
+
+A value of the empty string disables page logging. The string @code{%p %u
+%j %T %P %C %@{job-billing@} %@{job-originating-host-name@} %@{job-name@}
+%@{media@} %@{sides@}} creates a page log with the standard items.
+
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} environment-variables environment-variables
+Passes the specified environment variable(s) to child processes; a list of
+strings.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} policy-configuration-list policies
+Specifies named access control policies.
+
+Available @code{policy-configuration} fields are:
+
+@deftypevr {@code{policy-configuration} parameter} string name
+Name of the policy.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string job-private-access
+Specifies an access list for a job's private values. @code{@@ACL} maps to
+the printer's requesting-user-name-allowed or requesting-user-name-denied
+values. @code{@@OWNER} maps to the job's owner. @code{@@SYSTEM} maps to
+the groups listed for the @code{system-group} field of the
+@code{files-config} configuration, which is reified into the
+@code{cups-files.conf(5)} file. Other possible elements of the access list
+include specific user names, and @code{@@@var{group}} to indicate members of
+a specific group. The access list may also be simply @code{all} or
+@code{default}.
+
+Defaults to @samp{"@@OWNER @@SYSTEM"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string job-private-values
+Specifies the list of job values to make private, or @code{all},
+@code{default}, or @code{none}.
+
+Defaults to @samp{"job-name job-originating-host-name
+job-originating-user-name phone"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string subscription-private-access
+Specifies an access list for a subscription's private values. @code{@@ACL}
+maps to the printer's requesting-user-name-allowed or
+requesting-user-name-denied values. @code{@@OWNER} maps to the job's
+owner. @code{@@SYSTEM} maps to the groups listed for the
+@code{system-group} field of the @code{files-config} configuration, which is
+reified into the @code{cups-files.conf(5)} file. Other possible elements of
+the access list include specific user names, and @code{@@@var{group}} to
+indicate members of a specific group. The access list may also be simply
+@code{all} or @code{default}.
+
+Defaults to @samp{"@@OWNER @@SYSTEM"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} string subscription-private-values
+Specifies the list of job values to make private, or @code{all},
+@code{default}, or @code{none}.
+
+Defaults to @samp{"notify-events notify-pull-method notify-recipient-uri
+notify-subscriber-user-name notify-user-data"}.
+@end deftypevr
+
+@deftypevr {@code{policy-configuration} parameter} operation-access-control-list access-controls
+Access control by IPP operation.
+
+Defaults to @samp{()}.
+@end deftypevr
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-files
+Specifies whether job files (documents) are preserved after a job is
+printed. If a numeric value is specified, job files are preserved for the
+indicated number of seconds after printing. Otherwise a boolean value
+applies indefinitely.
+
+Defaults to @samp{86400}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-history
+Specifies whether the job history is preserved after a job is printed. If a
+numeric value is specified, the job history is preserved for the indicated
+number of seconds after printing. If @code{#t}, the job history is
+preserved until the MaxJobs limit is reached.
+
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer reload-timeout
+Specifies the amount of time to wait for job completion before restarting
+the scheduler.
+
+Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string rip-cache
+Specifies the maximum amount of memory to use when converting documents into
+bitmaps for a printer.
+
+Defaults to @samp{"128m"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string server-admin
+Specifies the email address of the server administrator.
+
+Defaults to @samp{"root@@localhost.localdomain"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} host-name-list-or-* server-alias
+The ServerAlias directive is used for HTTP Host header validation when
+clients connect to the scheduler from external interfaces. Using the
+special name @code{*} can expose your system to known browser-based DNS
+rebinding attacks, even when accessing sites through a firewall. If the
+auto-discovery of alternate names does not work, we recommend listing each
+alternate name with a ServerAlias directive instead of using @code{*}.
+
+Defaults to @samp{*}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string server-name
+Specifies the fully-qualified host name of the server.
+
+Defaults to @samp{"localhost"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} server-tokens server-tokens
+Specifies what information is included in the Server header of HTTP
+responses. @code{None} disables the Server header. @code{ProductOnly}
+reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor}
+reports @code{CUPS 2.0}. @code{Minimal} reports @code{CUPS 2.0.0}.
+@code{OS} reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is the
+output of the @code{uname} command. @code{Full} reports @code{CUPS 2.0.0
+(@var{uname}) IPP/2.0}.
+
+Defaults to @samp{Minimal}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string set-env
+Set the specified environment variable to be passed to child processes.
+
+Defaults to @samp{"variable value"}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} multiline-string-list ssl-listen
+Listens on the specified interfaces for encrypted connections. Valid values
+are of the form @var{address}:@var{port}, where @var{address} is either an
+IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate
+all addresses.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} ssl-options ssl-options
+Sets encryption options. By default, CUPS only supports encryption using
+TLS v1.0 or higher using known secure cipher suites. The @code{AllowRC4}
+option enables the 128-bit RC4 cipher suites, which are required for some
+older clients that do not implement newer ones. The @code{AllowSSL3} option
+enables SSL v3.0, which is required for some older clients that do not
+support TLS v1.0.
+
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean strict-conformance?
+Specifies whether the scheduler requires clients to strictly adhere to the
+IPP specifications.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} non-negative-integer timeout
+Specifies the HTTP request timeout, in seconds.
+
+Defaults to @samp{300}.
+
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean web-interface?
+Specifies whether the web interface is enabled.
+
+Defaults to @samp{#f}.
+@end deftypevr
+
+At this point you're probably thinking ``oh dear, Guix manual, I like you
+but you can stop already with the configuration options''. Indeed.
+However, one more point: it could be that you have an existing
+@code{cupsd.conf} that you want to use. In that case, you can pass an
+@code{opaque-cups-configuration} as the configuration of a
+@code{cups-service-type}.
+
+Available @code{opaque-cups-configuration} fields are:
+
+@deftypevr {@code{opaque-cups-configuration} parameter} package cups
+The CUPS package.
+@end deftypevr
+
+@deftypevr {@code{opaque-cups-configuration} parameter} string cupsd.conf
+The contents of the @code{cupsd.conf}, as a string.
+@end deftypevr
+
+@deftypevr {@code{opaque-cups-configuration} parameter} string cups-files.conf
+The contents of the @code{cups-files.conf} file, as a string.
+@end deftypevr
+
+For example, if your @code{cupsd.conf} and @code{cups-files.conf} are in
+strings of the same name, you could instantiate a CUPS service like this:
+
+@example
+(service cups-service-type
+ (opaque-cups-configuration
+ (cupsd.conf cupsd.conf)
+ (cups-files.conf cups-files.conf)))
+@end example
+
+
+@node Desktop Services
+@subsubsection Desktop Services
+
+The @code{(gnu services desktop)} module provides services that are usually
+useful in the context of a ``desktop'' setup---that is, on a machine running
+a graphical display server, possibly with graphical user interfaces, etc.
+It also defines services that provide specific desktop environments like
+GNOME, XFCE or MATE.
+
+To simplify things, the module defines a variable containing the set of
+services that users typically expect on a machine with a graphical
+environment and networking:
+
+@defvr {Scheme Variable} %desktop-services
+This is a list of services that builds upon @var{%base-services} and adds or
+adjusts services for a typical ``desktop'' setup.
+
+In particular, it adds a graphical login manager (@pxref{X Window,
+@code{slim-service}}), screen lockers, a network management tool
+(@pxref{Networking Services, @code{network-manager-service-type}}), energy
+and color management services, the @code{elogind} login and seat manager,
+the Polkit privilege service, the GeoClue location service, the
+AccountsService daemon that allows authorized users change system passwords,
+an NTP client (@pxref{Networking Services}), the Avahi daemon, and has the
+name service switch service configured to be able to use @code{nss-mdns}
+(@pxref{Name Service Switch, mDNS}).
+@end defvr
+
+The @var{%desktop-services} variable can be used as the @code{services}
+field of an @code{operating-system} declaration (@pxref{Référence de système d'exploitation, @code{services}}).
+
+Additionally, the @code{gnome-desktop-service}, @code{xfce-desktop-service}
+and @code{mate-desktop-service} procedures can add GNOME, XFCE and/or MATE
+to a system. To ``add GNOME'' means that system-level services like the
+backlight adjustment helpers and the power management utilities are added to
+the system, extending @code{polkit} and @code{dbus} appropriately, allowing
+GNOME to operate with elevated privileges on a limited number of
+special-purpose system interfaces. Additionally, adding a service made by
+@code{gnome-desktop-service} adds the GNOME metapackage to the system
+profile. Likewise, adding the XFCE service not only adds the @code{xfce}
+metapackage to the system profile, but it also gives the Thunar file manager
+the ability to open a ``root-mode'' file management window, if the user
+authenticates using the administrator's password via the standard polkit
+graphical interface. To ``add MATE'' means that @code{polkit} and
+@code{dbus} are extended appropriately, allowing MATE to operate with
+elevated privileges on a limited number of special-purpose system
+interfaces. Additionally, adding a service made by
+@code{mate-desktop-service} adds the MATE metapackage to the system profile.
+
+The desktop environments in Guix use the Xorg display server by default. If
+you'd like to use the newer display server protocol called Wayland, you need
+to use the @code{sddm-service} instead of the @code{slim-service} for the
+graphical login manager. You should then select the ``GNOME (Wayland)''
+session in SDDM. Alternatively you can also try starting GNOME on Wayland
+manually from a TTY with the command ``XDG_SESSION_TYPE=wayland exec
+dbus-run-session gnome-session``. Currently only GNOME has support for
+Wayland.
+
+@deffn {Scheme Procedure} gnome-desktop-service
+Return a service that adds the @code{gnome} package to the system profile,
+and extends polkit with the actions from @code{gnome-settings-daemon}.
+@end deffn
+
+@deffn {Scheme Procedure} xfce-desktop-service
+Return a service that adds the @code{xfce} package to the system profile,
+and extends polkit with the ability for @code{thunar} to manipulate the file
+system as root from within a user session, after the user has authenticated
+with the administrator's password.
+@end deffn
+
+@deffn {Scheme Procedure} mate-desktop-service
+Return a service that adds the @code{mate} package to the system profile,
+and extends polkit with the actions from @code{mate-settings-daemon}.
+@end deffn
+
+Because the GNOME, XFCE and MATE desktop services pull in so many packages,
+the default @code{%desktop-services} variable doesn't include either of them
+by default. To add GNOME, XFCE or MATE, just @code{cons} them onto
+@code{%desktop-services} in the @code{services} field of your
+@code{operating-system}:
+
+@example
+(use-modules (gnu))
+(use-service-modules desktop)
+(operating-system
+ ...
+ ;; cons* adds items to the list given as its last argument.
+ (services (cons* (gnome-desktop-service)
+ (xfce-desktop-service)
+ %desktop-services))
+ ...)
+@end example
+
+These desktop environments will then be available as options in the
+graphical login window.
+
+The actual service definitions included in @code{%desktop-services} and
+provided by @code{(gnu services dbus)} and @code{(gnu services desktop)} are
+described below.
+
+@deffn {Scheme Procedure} dbus-service [#:dbus @var{dbus}] [#:services '()]
+Return a service that runs the ``system bus'', using @var{dbus}, with
+support for @var{services}.
+
+@uref{http://dbus.freedesktop.org/, D-Bus} is an inter-process communication
+facility. Its system bus is used to allow system services to communicate
+and to be notified of system-wide events.
+
+@var{services} must be a list of packages that provide an
+@file{etc/dbus-1/system.d} directory containing additional D-Bus
+configuration and policy files. For example, to allow avahi-daemon to use
+the system bus, @var{services} must be equal to @code{(list avahi)}.
+@end deffn
+
+@deffn {Scheme Procedure} elogind-service [#:config @var{config}]
+Return a service that runs the @code{elogind} login and seat management
+daemon. @uref{https://github.com/elogind/elogind, Elogind} exposes a D-Bus
+interface that can be used to know which users are logged in, know what kind
+of sessions they have open, suspend the system, inhibit system suspend,
+reboot the system, and other tasks.
+
+Elogind handles most system-level power events for a computer, for example
+suspending the system when a lid is closed, or shutting it down when the
+power button is pressed.
+
+The @var{config} keyword argument specifies the configuration for elogind,
+and should be the result of an @code{(elogind-configuration (@var{parameter}
+@var{value})...)} invocation. Available parameters and their default values
+are:
+
+@table @code
+@item kill-user-processes?
+@code{#f}
+@item kill-only-users
+@code{()}
+@item kill-exclude-users
+@code{("root")}
+@item inhibit-delay-max-seconds
+@code{5}
+@item handle-power-key
+@code{poweroff}
+@item handle-suspend-key
+@code{suspend}
+@item handle-hibernate-key
+@code{hibernate}
+@item handle-lid-switch
+@code{suspend}
+@item handle-lid-switch-docked
+@code{ignore}
+@item power-key-ignore-inhibited?
+@code{#f}
+@item suspend-key-ignore-inhibited?
+@code{#f}
+@item hibernate-key-ignore-inhibited?
+@code{#f}
+@item lid-switch-ignore-inhibited?
+@code{#t}
+@item holdoff-timeout-seconds
+@code{30}
+@item idle-action
+@code{ignore}
+@item idle-action-seconds
+@code{(* 30 60)}
+@item runtime-directory-size-percent
+@code{10}
+@item runtime-directory-size
+@code{#f}
+@item remove-ipc?
+@code{#t}
+@item suspend-state
+@code{("mem" "standby" "freeze")}
+@item suspend-mode
+@code{()}
+@item hibernate-state
+@code{("disk")}
+@item hibernate-mode
+@code{("platform" "shutdown")}
+@item hybrid-sleep-state
+@code{("disk")}
+@item hybrid-sleep-mode
+@code{("suspend" "platform" "shutdown")}
+@end table
+@end deffn
+
+@deffn {Scheme Procedure} accountsservice-service @
+ [#:accountsservice @var{accountsservice}] Return a service that runs
+AccountsService, a system service that can list available accounts, change
+their passwords, and so on. AccountsService integrates with PolicyKit to
+enable unprivileged users to acquire the capability to modify their system
+configuration.
+@uref{https://www.freedesktop.org/wiki/Software/AccountsService/, the
+accountsservice web site} for more information.
+
+The @var{accountsservice} keyword argument is the @code{accountsservice}
+package to expose as a service.
+@end deffn
+
+@deffn {Scheme Procedure} polkit-service @
+ [#:polkit @var{polkit}] Return a service that runs the
+@uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege
+management service}, which allows system administrators to grant access to
+privileged operations in a structured way. By querying the Polkit service,
+a privileged system component can know when it should grant additional
+capabilities to ordinary users. For example, an ordinary user can be
+granted the capability to suspend the system if the user is logged in
+locally.
+@end deffn
+
+@deffn {Scheme Procedure} upower-service [#:upower @var{upower}] @
+ [#:watts-up-pro? #f] @ [#:poll-batteries? #t] @ [#:ignore-lid? #f] @
+[#:use-percentage-for-policy? #f] @ [#:percentage-low 10] @
+[#:percentage-critical 3] @ [#:percentage-action 2] @ [#:time-low 1200] @
+[#:time-critical 300] @ [#:time-action 120] @ [#:critical-power-action
+'hybrid-sleep] Return a service that runs
+@uref{http://upower.freedesktop.org/, @command{upowerd}}, a system-wide
+monitor for power consumption and battery levels, with the given
+configuration settings. It implements the @code{org.freedesktop.UPower}
+D-Bus interface, and is notably used by GNOME.
+@end deffn
+
+@deffn {Scheme Procedure} udisks-service [#:udisks @var{udisks}]
+Return a service for @uref{http://udisks.freedesktop.org/docs/latest/,
+UDisks}, a @dfn{disk management} daemon that provides user interfaces with
+notifications and ways to mount/unmount disks. Programs that talk to UDisks
+include the @command{udisksctl} command, part of UDisks, and GNOME Disks.
+@end deffn
+
+@deffn {Scheme Procedure} colord-service [#:colord @var{colord}]
+Return a service that runs @command{colord}, a system service with a D-Bus
+interface to manage the color profiles of input and output devices such as
+screens and scanners. It is notably used by the GNOME Color Manager
+graphical tool. See @uref{http://www.freedesktop.org/software/colord/, the
+colord web site} for more information.
+@end deffn
+
+@deffn {Scheme Procedure} geoclue-application name [#:allowed? #t] [#:system? #f] [#:users '()]
+Return a configuration allowing an application to access GeoClue location
+data. @var{name} is the Desktop ID of the application, without the
+@code{.desktop} part. If @var{allowed?} is true, the application will have
+access to location information by default. The boolean @var{system?} value
+indicates whether an application is a system component or not. Finally
+@var{users} is a list of UIDs of all users for which this application is
+allowed location info access. An empty users list means that all users are
+allowed.
+@end deffn
+
+@defvr {Scheme Variable} %standard-geoclue-applications
+The standard list of well-known GeoClue application configurations, granting
+authority to the GNOME date-and-time utility to ask for the current location
+in order to set the time zone, and allowing the IceCat and Epiphany web
+browsers to request location information. IceCat and Epiphany both query
+the user before allowing a web page to know the user's location.
+@end defvr
+
+@deffn {Scheme Procedure} geoclue-service [#:colord @var{colord}] @
+ [#:whitelist '()] @ [#:wifi-geolocation-url
+"https://location.services.mozilla.com/v1/geolocate?key=geoclue"] @
+[#:submit-data? #f] [#:wifi-submission-url
+"https://location.services.mozilla.com/v1/submit?key=geoclue"] @
+[#:submission-nick "geoclue"] @ [#:applications
+%standard-geoclue-applications] Return a service that runs the GeoClue
+location service. This service provides a D-Bus interface to allow
+applications to request access to a user's physical location, and optionally
+to add information to online location databases. See
+@uref{https://wiki.freedesktop.org/www/Software/GeoClue/, the GeoClue web
+site} for more information.
+@end deffn
+
+@deffn {Scheme Procedure} bluetooth-service [#:bluez @var{bluez}] @
+ [@w{#:auto-enable? #f}] Return a service that runs the @command{bluetoothd}
+daemon, which manages all the Bluetooth devices and provides a number of
+D-Bus interfaces. When AUTO-ENABLE? is true, the bluetooth controller is
+powered automatically at boot, which can be useful when using a bluetooth
+keyboard or mouse.
+
+Users need to be in the @code{lp} group to access the D-Bus service.
+@end deffn
+
+@node Database Services
+@subsubsection Database Services
+
+@cindex database
+@cindex SQL
+The @code{(gnu services databases)} module provides the following services.
+
+@deffn {Scheme Procedure} postgresql-service [#:postgresql postgresql] @
+ [#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ [#:port
+5432] [#:locale ``en_US.utf8''] Return a service that runs @var{postgresql},
+the PostgreSQL database server.
+
+The PostgreSQL daemon loads its runtime configuration from
+@var{config-file}, creates a database cluster with @var{locale} as the
+default locale, stored in @var{data-directory}. It then listens on
+@var{port}.
+@end deffn
+
+@deffn {Scheme Procedure} mysql-service [#:config (mysql-configuration)]
+Return a service that runs @command{mysqld}, the MySQL or MariaDB database
+server.
+
+The optional @var{config} argument specifies the configuration for
+@command{mysqld}, which should be a @code{<mysql-configuration>} object.
+@end deffn
+
+@deftp {Data Type} mysql-configuration
+Data type representing the configuration of @var{mysql-service}.
+
+@table @asis
+@item @code{mysql} (default: @var{mariadb})
+Package object of the MySQL database server, can be either @var{mariadb} or
+@var{mysql}.
+
+For MySQL, a temporary root password will be displayed at activation time.
+For MariaDB, the root password is empty.
+
+@item @code{port} (default: @code{3306})
+TCP port on which the database server listens for incoming connections.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} memcached-service-type
+This is the service type for the @uref{https://memcached.org/, Memcached}
+service, which provides a distributed in memory cache. The value for the
+service type is a @code{memcached-configuration} object.
+@end defvr
+
+@example
+(service memcached-service-type)
+@end example
+
+@deftp {Data Type} memcached-configuration
+Data type representing the configuration of memcached.
+
+@table @asis
+@item @code{memcached} (default: @code{memcached})
+The Memcached package to use.
+
+@item @code{interfaces} (default: @code{'("0.0.0.0")})
+Network interfaces on which to listen.
+
+@item @code{tcp-port} (default: @code{11211})
+Port on which to accept connections on,
+
+@item @code{udp-port} (default: @code{11211})
+Port on which to accept UDP connections on, a value of 0 will disable
+listening on a UDP socket.
+
+@item @code{additional-options} (default: @code{'()})
+Additional command line options to pass to @code{memcached}.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} mongodb-service-type
+This is the service type for @uref{https://www.mongodb.com/, MongoDB}. The
+value for the service type is a @code{mongodb-configuration} object.
+@end defvr
+
+@example
+(service mongodb-service-type)
+@end example
+
+@deftp {Data Type} mongodb-configuration
+Data type representing the configuration of mongodb.
+
+@table @asis
+@item @code{mongodb} (default: @code{mongodb})
+The MongoDB package to use.
+
+@item @code{config-file} (default: @code{%default-mongodb-configuration-file})
+The configuration file for MongoDB.
+
+@item @code{data-directory} (default: @code{"/var/lib/mongodb"})
+This value is used to create the directory, so that it exists and is owned
+by the mongodb user. It should match the data-directory which MongoDB is
+configured to use through the configuration file.
+@end table
+@end deftp
+
+@defvr {Scheme Variable} redis-service-type
+This is the service type for the @uref{https://redis.io/, Redis} key/value
+store, whose value is a @code{redis-configuration} object.
+@end defvr
+
+@deftp {Data Type} redis-configuration
+Data type representing the configuration of redis.
+
+@table @asis
+@item @code{redis} (default: @code{redis})
+The Redis package to use.
+
+@item @code{bind} (default: @code{"127.0.0.1"})
+Network interface on which to listen.
+
+@item @code{port} (default: @code{6379})
+Port on which to accept connections on, a value of 0 will disable listening
+on a TCP socket.
+
+@item @code{working-directory} (default: @code{"/var/lib/redis"})
+Directory in which to store the database and related files.
+@end table
+@end deftp
+
+@node Mail Services
+@subsubsection Mail Services
+
+@cindex mail
+@cindex email
+The @code{(gnu services mail)} module provides Guix service definitions for
+email services: IMAP, POP3, and LMTP servers, as well as mail transport
+agents (MTAs). Lots of acronyms! These services are detailed in the
+subsections below.
+
+@subsubheading Dovecot Service
+
+@deffn {Scheme Procedure} dovecot-service [#:config (dovecot-configuration)]
+Return a service that runs the Dovecot IMAP/POP3/LMTP mail server.
+@end deffn
+
+By default, Dovecot does not need much configuration; the default
+configuration object created by @code{(dovecot-configuration)} will suffice
+if your mail is delivered to @code{~/Maildir}. A self-signed certificate
+will be generated for TLS-protected connections, though Dovecot will also
+listen on cleartext ports by default. There are a number of options,
+though, which mail administrators might need to change, and as is the case
+with other services, Guix allows the system administrator to specify these
+parameters via a uniform Scheme interface.
+
+For example, to specify that mail is located at @code{maildir~/.mail}, one
+would instantiate the Dovecot service like this:
+
+@example
+(dovecot-service #:config
+ (dovecot-configuration
+ (mail-location "maildir:~/.mail")))
+@end example
+
+The available configuration parameters follow. Each parameter definition is
+preceded by its type; for example, @samp{string-list foo} indicates that the
+@code{foo} parameter should be specified as a list of strings. There is
+also a way to specify the configuration as a string, if you have an old
+@code{dovecot.conf} file that you want to port over from some other system;
+see the end for more details.
+
+@c The following documentation was initially generated by
+@c (generate-documentation) in (gnu services mail). Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed. However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as dovecot updates.
+
+Available @code{dovecot-configuration} fields are:
+
+@deftypevr {@code{dovecot-configuration} parameter} package dovecot
+The dovecot package.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} comma-separated-string-list listen
+A list of IPs or hosts where to listen for connections. @samp{*} listens on
+all IPv4 interfaces, @samp{::} listens on all IPv6 interfaces. If you want
+to specify non-default ports or anything more complex, customize the address
+and port fields of the @samp{inet-listener} of the specific services you are
+interested in.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} protocol-configuration-list protocols
+List of protocols we want to serve. Available protocols include
+@samp{imap}, @samp{pop3}, and @samp{lmtp}.
+
+Available @code{protocol-configuration} fields are:
+
+@deftypevr {@code{protocol-configuration} parameter} string name
+The name of the protocol.
+@end deftypevr
+
+@deftypevr {@code{protocol-configuration} parameter} string auth-socket-path
+UNIX socket path to the master authentication server to find users. This is
+used by imap (for shared users) and lda. It defaults to
+@samp{"/var/run/dovecot/auth-userdb"}.
+@end deftypevr
+
+@deftypevr {@code{protocol-configuration} parameter} space-separated-string-list mail-plugins
+Space separated list of plugins to load.
+@end deftypevr
+
+@deftypevr {@code{protocol-configuration} parameter} non-negative-integer mail-max-userip-connections
+Maximum number of IMAP connections allowed for a user from each IP address.
+NOTE: The username is compared case-sensitively. Defaults to @samp{10}.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} service-configuration-list services
+List of services to enable. Available services include @samp{imap},
+@samp{imap-login}, @samp{pop3}, @samp{pop3-login}, @samp{auth}, and
+@samp{lmtp}.
+
+Available @code{service-configuration} fields are:
+
+@deftypevr {@code{service-configuration} parameter} string kind
+The service kind. Valid values include @code{director}, @code{imap-login},
+@code{pop3-login}, @code{lmtp}, @code{imap}, @code{pop3}, @code{auth},
+@code{auth-worker}, @code{dict}, @code{tcpwrap}, @code{quota-warning}, or
+anything else.
+@end deftypevr
+
+@deftypevr {@code{service-configuration} parameter} listener-configuration-list listeners
+Listeners for the service. A listener is either a
+@code{unix-listener-configuration}, a @code{fifo-listener-configuration}, or
+an @code{inet-listener-configuration}. Defaults to @samp{()}.
+
+Available @code{unix-listener-configuration} fields are:
+
+@deftypevr {@code{unix-listener-configuration} parameter} string path
+Path to the file, relative to @code{base-dir} field. This is also used as
+the section name.
+@end deftypevr
+
+@deftypevr {@code{unix-listener-configuration} parameter} string mode
+The access mode for the socket. Defaults to @samp{"0600"}.
+@end deftypevr
+
+@deftypevr {@code{unix-listener-configuration} parameter} string user
+The user to own the socket. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{unix-listener-configuration} parameter} string group
+The group to own the socket. Defaults to @samp{""}.
+@end deftypevr
+
+
+Available @code{fifo-listener-configuration} fields are:
+
+@deftypevr {@code{fifo-listener-configuration} parameter} string path
+Path to the file, relative to @code{base-dir} field. This is also used as
+the section name.
+@end deftypevr
+
+@deftypevr {@code{fifo-listener-configuration} parameter} string mode
+The access mode for the socket. Defaults to @samp{"0600"}.
+@end deftypevr
+
+@deftypevr {@code{fifo-listener-configuration} parameter} string user
+The user to own the socket. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{fifo-listener-configuration} parameter} string group
+The group to own the socket. Defaults to @samp{""}.
+@end deftypevr
+
+
+Available @code{inet-listener-configuration} fields are:
+
+@deftypevr {@code{inet-listener-configuration} parameter} string protocol
+The protocol to listen for.
+@end deftypevr
+
+@deftypevr {@code{inet-listener-configuration} parameter} string address
+The address on which to listen, or empty for all addresses. Defaults to
+@samp{""}.
+@end deftypevr
+
+@deftypevr {@code{inet-listener-configuration} parameter} non-negative-integer port
+The port on which to listen.
+@end deftypevr
+
+@deftypevr {@code{inet-listener-configuration} parameter} boolean ssl?
+Whether to use SSL for this service; @samp{yes}, @samp{no}, or
+@samp{required}. Defaults to @samp{#t}.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{service-configuration} parameter} non-negative-integer service-count
+Number of connections to handle before starting a new process. Typically
+the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 is
+faster. <doc/wiki/LoginProcess.txt>. Defaults to @samp{1}.
+@end deftypevr
+
+@deftypevr {@code{service-configuration} parameter} non-negative-integer process-min-avail
+Number of processes to always keep waiting for more connections. Defaults
+to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{service-configuration} parameter} non-negative-integer vsz-limit
+If you set @samp{service-count 0}, you probably need to grow this. Defaults
+to @samp{256000000}.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} dict-configuration dict
+Dict configuration, as created by the @code{dict-configuration} constructor.
+
+Available @code{dict-configuration} fields are:
+
+@deftypevr {@code{dict-configuration} parameter} free-form-fields entries
+A list of key-value pairs that this dict should hold. Defaults to
+@samp{()}.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} passdb-configuration-list passdbs
+A list of passdb configurations, each one created by the
+@code{passdb-configuration} constructor.
+
+Available @code{passdb-configuration} fields are:
+
+@deftypevr {@code{passdb-configuration} parameter} string driver
+The driver that the passdb should use. Valid values include @samp{pam},
+@samp{passwd}, @samp{shadow}, @samp{bsdauth}, and @samp{static}. Defaults
+to @samp{"pam"}.
+@end deftypevr
+
+@deftypevr {@code{passdb-configuration} parameter} space-separated-string-list args
+Space separated list of arguments to the passdb driver. Defaults to
+@samp{""}.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} userdb-configuration-list userdbs
+List of userdb configurations, each one created by the
+@code{userdb-configuration} constructor.
+
+Available @code{userdb-configuration} fields are:
+
+@deftypevr {@code{userdb-configuration} parameter} string driver
+The driver that the userdb should use. Valid values include @samp{passwd}
+and @samp{static}. Defaults to @samp{"passwd"}.
+@end deftypevr
+
+@deftypevr {@code{userdb-configuration} parameter} space-separated-string-list args
+Space separated list of arguments to the userdb driver. Defaults to
+@samp{""}.
+@end deftypevr
+
+@deftypevr {@code{userdb-configuration} parameter} free-form-args override-fields
+Override fields from passwd. Defaults to @samp{()}.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} plugin-configuration plugin-configuration
+Plug-in configuration, created by the @code{plugin-configuration}
+constructor.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} list-of-namespace-configuration namespaces
+List of namespaces. Each item in the list is created by the
+@code{namespace-configuration} constructor.
+
+Available @code{namespace-configuration} fields are:
+
+@deftypevr {@code{namespace-configuration} parameter} string name
+Name for this namespace.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} string type
+Namespace type: @samp{private}, @samp{shared} or @samp{public}. Defaults to
+@samp{"private"}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} string separator
+Hierarchy separator to use. You should use the same separator for all
+namespaces or some clients get confused. @samp{/} is usually a good one.
+The default however depends on the underlying mail storage format. Defaults
+to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} string prefix
+Prefix required to access this namespace. This needs to be different for
+all namespaces. For example @samp{Public/}. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} string location
+Physical location of the mailbox. This is in the same format as
+mail_location, which is also the default for it. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} boolean inbox?
+There can be only one INBOX, and this setting defines which namespace has
+it. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} boolean hidden?
+If namespace is hidden, it's not advertised to clients via NAMESPACE
+extension. You'll most likely also want to set @samp{list? #f}. This is
+mostly useful when converting from another server with different namespaces
+which you want to deprecate but still keep working. For example you can
+create hidden namespaces with prefixes @samp{~/mail/}, @samp{~%u/mail/} and
+@samp{mail/}. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} boolean list?
+Show the mailboxes under this namespace with the LIST command. This makes
+the namespace visible for clients that do not support the NAMESPACE
+extension. The special @code{children} value lists child mailboxes, but
+hides the namespace prefix. Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} boolean subscriptions?
+Namespace handles its own subscriptions. If set to @code{#f}, the parent
+namespace handles them. The empty prefix should always have this as
+@code{#t}). Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{namespace-configuration} parameter} mailbox-configuration-list mailboxes
+List of predefined mailboxes in this namespace. Defaults to @samp{()}.
+
+Available @code{mailbox-configuration} fields are:
+
+@deftypevr {@code{mailbox-configuration} parameter} string name
+Name for this mailbox.
+@end deftypevr
+
+@deftypevr {@code{mailbox-configuration} parameter} string auto
+@samp{create} will automatically create this mailbox. @samp{subscribe} will
+both create and subscribe to the mailbox. Defaults to @samp{"no"}.
+@end deftypevr
+
+@deftypevr {@code{mailbox-configuration} parameter} space-separated-string-list special-use
+List of IMAP @code{SPECIAL-USE} attributes as specified by RFC 6154. Valid
+values are @code{\All}, @code{\Archive}, @code{\Drafts}, @code{\Flagged},
+@code{\Junk}, @code{\Sent}, and @code{\Trash}. Defaults to @samp{()}.
+@end deftypevr
+
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} file-name base-dir
+Base directory where to store runtime data. Defaults to
+@samp{"/var/run/dovecot/"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string login-greeting
+Greeting message for clients. Defaults to @samp{"Dovecot ready."}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list login-trusted-networks
+List of trusted network ranges. Connections from these IPs are allowed to
+override their IP addresses and ports (for logging and for authentication
+checks). @samp{disable-plaintext-auth} is also ignored for these networks.
+Typically you would specify your IMAP proxy servers here. Defaults to
+@samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list login-access-sockets
+List of login access check sockets (e.g. tcpwrap). Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean verbose-proctitle?
+Show more verbose process titles (in ps). Currently shows user name and IP
+address. Useful for seeing who is actually using the IMAP processes
+(e.g. shared mailboxes or if the same uid is used for multiple accounts).
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean shutdown-clients?
+Should all processes be killed when Dovecot master process shuts down.
+Setting this to @code{#f} means that Dovecot can be upgraded without forcing
+existing client connections to close (although that could also be a problem
+if the upgrade is e.g. due to a security fix). Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer doveadm-worker-count
+If non-zero, run mail commands via this many connections to doveadm server,
+instead of running them directly in the same process. Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string doveadm-socket-path
+UNIX socket or host:port used for connecting to doveadm server. Defaults to
+@samp{"doveadm-server"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list import-environment
+List of environment variables that are preserved on Dovecot startup and
+passed down to all of its child processes. You can also give key=value
+pairs to always set specific settings.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean disable-plaintext-auth?
+Disable LOGIN command and all other plaintext authentications unless SSL/TLS
+is used (LOGINDISABLED capability). Note that if the remote IP matches the
+local IP (i.e. you're connecting from the same computer), the connection is
+considered secure and plaintext authentication is allowed. See also
+ssl=required setting. Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer auth-cache-size
+Authentication cache size (e.g. @samp{#e10e6}). 0 means it's disabled.
+Note that bsdauth, PAM and vpopmail require @samp{cache-key} to be set for
+caching to be used. Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-cache-ttl
+Time to live for cached data. After TTL expires the cached record is no
+longer used, *except* if the main database lookup returns internal failure.
+We also try to handle password changes automatically: If user's previous
+authentication was successful, but this one wasn't, the cache isn't used.
+For now this works only with plaintext authentication. Defaults to @samp{"1
+hour"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-cache-negative-ttl
+TTL for negative hits (user not found, password mismatch). 0 disables
+caching them completely. Defaults to @samp{"1 hour"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list auth-realms
+List of realms for SASL authentication mechanisms that need them. You can
+leave it empty if you don't want to support multiple realms. Many clients
+simply use the first one listed here, so keep the default realm first.
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-default-realm
+Default realm/domain to use if none was specified. This is used for both
+SASL realms and appending @@domain to username in plaintext logins.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-username-chars
+List of allowed characters in username. If the user-given username contains
+a character not listed in here, the login automatically fails. This is just
+an extra check to make sure user can't exploit any potential quote escaping
+vulnerabilities with SQL/LDAP databases. If you want to allow all
+characters, set this value to empty. Defaults to
+@samp{"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@@"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-username-translation
+Username character translations before it's looked up from databases. The
+value contains series of from -> to characters. For example @samp{#@@/@@}
+means that @samp{#} and @samp{/} characters are translated to @samp{@@}.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-username-format
+Username formatting before it's looked up from databases. You can use the
+standard variables here, e.g. %Lu would lowercase the username, %n would
+drop away the domain if it was given, or @samp{%n-AT-%d} would change the
+@samp{@@} into @samp{-AT-}. This translation is done after
+@samp{auth-username-translation} changes. Defaults to @samp{"%Lu"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-master-user-separator
+If you want to allow master users to log in by specifying the master
+username within the normal username string (i.e. not using SASL mechanism's
+support for it), you can specify the separator character here. The format
+is then <username><separator><master username>. UW-IMAP uses @samp{*} as
+the separator, so that could be a good choice. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-anonymous-username
+Username to use for users logging in with ANONYMOUS SASL mechanism.
+Defaults to @samp{"anonymous"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer auth-worker-max-count
+Maximum number of dovecot-auth worker processes. They're used to execute
+blocking passdb and userdb queries (e.g. MySQL and PAM). They're
+automatically created and destroyed as needed. Defaults to @samp{30}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-gssapi-hostname
+Host name to use in GSSAPI principal names. The default is to use the name
+returned by gethostname(). Use @samp{$ALL} (with quotes) to allow all
+keytab entries. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-krb5-keytab
+Kerberos keytab to use for the GSSAPI mechanism. Will use the system
+default (usually @file{/etc/krb5.keytab}) if not specified. You may need to
+change the auth service to run as root to be able to read this file.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-use-winbind?
+Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
+@samp{ntlm-auth} helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} file-name auth-winbind-helper-path
+Path for Samba's @samp{ntlm-auth} helper binary. Defaults to
+@samp{"/usr/bin/ntlm_auth"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string auth-failure-delay
+Time to delay before replying to failed authentications. Defaults to
+@samp{"2 secs"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-ssl-require-client-cert?
+Require a valid SSL client certificate or the authentication fails.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-ssl-username-from-cert?
+Take the username from client's SSL certificate, using
+@code{X509_NAME_get_text_by_NID()} which returns the subject's DN's
+CommonName. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list auth-mechanisms
+List of wanted authentication mechanisms. Supported mechanisms are:
+@samp{plain}, @samp{login}, @samp{digest-md5}, @samp{cram-md5}, @samp{ntlm},
+@samp{rpa}, @samp{apop}, @samp{anonymous}, @samp{gssapi}, @samp{otp},
+@samp{skey}, and @samp{gss-spnego}. NOTE: See also
+@samp{disable-plaintext-auth} setting.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list director-servers
+List of IPs or hostnames to all director servers, including ourself. Ports
+can be specified as ip:port. The default port is the same as what director
+service's @samp{inet-listener} is using. Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list director-mail-servers
+List of IPs or hostnames to all backend mail servers. Ranges are allowed
+too, like 10.0.0.10-10.0.0.30. Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string director-user-expire
+How long to redirect users to a specific server after it no longer has any
+connections. Defaults to @samp{"15 min"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string director-username-hash
+How the username is translated before being hashed. Useful values include
+%Ln if user can log in with or without @@domain, %Ld if mailboxes are shared
+within domain. Defaults to @samp{"%Lu"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string log-path
+Log file to use for error messages. @samp{syslog} logs to syslog,
+@samp{/dev/stderr} logs to stderr. Defaults to @samp{"syslog"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string info-log-path
+Log file to use for informational messages. Defaults to @samp{log-path}.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string debug-log-path
+Log file to use for debug messages. Defaults to @samp{info-log-path}.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string syslog-facility
+Syslog facility to use if you're logging to syslog. Usually if you don't
+want to use @samp{mail}, you'll use local0..local7. Also other standard
+facilities are supported. Defaults to @samp{"mail"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-verbose?
+Log unsuccessful authentication attempts and the reasons why they failed.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-verbose-passwords?
+In case of password mismatches, log the attempted password. Valid values
+are no, plain and sha1. sha1 can be useful for detecting brute force
+password attempts vs. user simply trying the same password over and over
+again. You can also truncate the value to n chars by appending ":n"
+(e.g. sha1:6). Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-debug?
+Even more verbose logging for debugging purposes. Shows for example SQL
+queries. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean auth-debug-passwords?
+In case of password mismatches, log the passwords and used scheme so the
+problem can be debugged. Enabling this also enables @samp{auth-debug}.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mail-debug?
+Enable mail process debugging. This can help you figure out why Dovecot
+isn't finding your mails. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean verbose-ssl?
+Show protocol level SSL errors. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string log-timestamp
+Prefix for each line written to log file. % codes are in strftime(3)
+format. Defaults to @samp{"\"%b %d %H:%M:%S \""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list login-log-format-elements
+List of elements we want to log. The elements which have a non-empty
+variable value are joined together to form a comma-separated string.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string login-log-format
+Login log format. %s contains @samp{login-log-format-elements} string, %$
+contains the data we want to log. Defaults to @samp{"%$: %s"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-log-prefix
+Log prefix for mail processes. See doc/wiki/Variables.txt for list of
+possible variables you can use. Defaults to
+@samp{"\"%s(%u)<%@{pid@}><%@{session@}>: \""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string deliver-log-format
+Format to use for logging mail deliveries. You can use variables:
+@table @code
+@item %$
+Delivery status message (e.g. @samp{saved to INBOX})
+@item %m
+Message-ID
+@item %s
+Subject
+@item %f
+From address
+@item %p
+Physical size
+@item %w
+Virtual size.
+@end table
+Defaults to @samp{"msgid=%m: %$"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-location
+Location for users' mailboxes. The default is empty, which means that
+Dovecot tries to find the mailboxes automatically. This won't work if the
+user doesn't yet have any mail, so you should explicitly tell Dovecot the
+full location.
+
+If you're using mbox, giving a path to the INBOX file (e.g. /var/mail/%u)
+isn't enough. You'll also need to tell Dovecot where the other mailboxes
+are kept. This is called the "root mail directory", and it must be the
+first path given in the @samp{mail-location} setting.
+
+There are a few special variables you can use, eg.:
+
+@table @samp
+@item %u
+username
+@item %n
+user part in user@@domain, same as %u if there's no domain
+@item %d
+domain part in user@@domain, empty if there's no domain
+@item %h
+home director
+@end table
+
+See doc/wiki/Variables.txt for full list. Some examples:
+@table @samp
+@item maildir:~/Maildir
+@item mbox:~/mail:INBOX=/var/mail/%u
+@item mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%
+@end table
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-uid
+System user and group used to access mails. If you use multiple, userdb can
+override these by returning uid or gid fields. You can use either numbers
+or names. <doc/wiki/UserIds.txt>. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-gid
+
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-privileged-group
+Group to enable temporarily for privileged operations. Currently this is
+used only with INBOX when either its initial creation or dotlocking fails.
+Typically this is set to "mail" to give access to /var/mail. Defaults to
+@samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-access-groups
+Grant access to these supplementary groups for mail processes. Typically
+these are used to set up access to shared mailboxes. Note that it may be
+dangerous to set these if users can create symlinks (e.g. if "mail" group is
+set here, ln -s /var/mail ~/mail/var could allow a user to delete others'
+mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading
+it). Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mail-full-filesystem-access?
+Allow full file system access to clients. There's no access checks other
+than what the operating system does for the active UID/GID. It works with
+both maildir and mboxes, allowing you to prefix mailboxes names with
+e.g. /path/ or ~user/. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mmap-disable?
+Don't use mmap() at all. This is required if you store indexes to shared
+file systems (NFS or clustered file system). Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean dotlock-use-excl?
+Rely on @samp{O_EXCL} to work when creating dotlock files. NFS supports
+@samp{O_EXCL} since version 3, so this should be safe to use nowadays by
+default. Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-fsync
+When to use fsync() or fdatasync() calls:
+@table @code
+@item optimized
+Whenever necessary to avoid losing important data
+@item always
+Useful with e.g. NFS when write()s are delayed
+@item never
+Never use it (best performance, but crashes can lose data).
+@end table
+Defaults to @samp{"optimized"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mail-nfs-storage?
+Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS
+caches whenever needed. If you're using only a single mail server this
+isn't needed. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mail-nfs-index?
+Mail index files also exist in NFS. Setting this to yes requires
+@samp{mmap-disable? #t} and @samp{fsync-disable? #f}. Defaults to
+@samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string lock-method
+Locking method for index files. Alternatives are fcntl, flock and dotlock.
+Dotlocking uses some tricks which may create more disk I/O than other
+locking methods. NFS users: flock doesn't work, remember to change
+@samp{mmap-disable}. Defaults to @samp{"fcntl"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} file-name mail-temp-dir
+Directory in which LDA/LMTP temporarily stores incoming mails >128 kB.
+Defaults to @samp{"/tmp"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer first-valid-uid
+Valid UID range for users. This is mostly to make sure that users can't log
+in as daemons or other system users. Note that denying root logins is
+hardcoded to dovecot binary and can't be done even if @samp{first-valid-uid}
+is set to 0. Defaults to @samp{500}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer last-valid-uid
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer first-valid-gid
+Valid GID range for users. Users having non-valid GID as primary group ID
+aren't allowed to log in. If user belongs to supplementary groups with
+non-valid GIDs, those groups are not set. Defaults to @samp{1}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer last-valid-gid
+
+Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer mail-max-keyword-length
+Maximum allowed length for mail keyword name. It's only forced when trying
+to create new keywords. Defaults to @samp{50}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} colon-separated-file-name-list valid-chroot-dirs
+List of directories under which chrooting is allowed for mail processes
+(i.e. /var/mail will allow chrooting to /var/mail/foo/bar too). This
+setting doesn't affect @samp{login-chroot} @samp{mail-chroot} or auth chroot
+settings. If this setting is empty, "/./" in home dirs are ignored.
+WARNING: Never add directories here which local users can modify, that may
+lead to root exploit. Usually this should be done only if you don't allow
+shell access for users. <doc/wiki/Chrooting.txt>. Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-chroot
+Default chroot directory for mail processes. This can be overridden for
+specific users in user database by giving /./ in user's home directory
+(e.g. /home/./user chroots into /home). Note that usually there is no real
+need to do chrooting, Dovecot doesn't allow users to access files outside
+their mail directory anyway. If your home directories are prefixed with the
+chroot directory, append "/." to @samp{mail-chroot}.
+<doc/wiki/Chrooting.txt>. Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} file-name auth-socket-path
+UNIX socket path to master authentication server to find users. This is
+used by imap (for shared users) and lda. Defaults to
+@samp{"/var/run/dovecot/auth-userdb"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} file-name mail-plugin-dir
+Directory where to look up mail plugins. Defaults to
+@samp{"/usr/lib/dovecot"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list mail-plugins
+List of plugins to load for all services. Plugins specific to IMAP, LDA,
+etc. are added to this list in their own .conf files. Defaults to
+@samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer mail-cache-min-mail-count
+The minimum number of mails in a mailbox before updates are done to cache
+file. This allows optimizing Dovecot's behavior to do less disk writes at
+the cost of more disk reads. Defaults to @samp{0}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mailbox-idle-check-interval
+When IDLE command is running, mailbox is checked once in a while to see if
+there are any new mails or other changes. This setting defines the minimum
+time to wait between those checks. Dovecot can also use dnotify, inotify
+and kqueue to find out immediately when changes occur. Defaults to
+@samp{"30 secs"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mail-save-crlf?
+Save mails with CR+LF instead of plain LF. This makes sending those mails
+take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
+But it also creates a bit more disk I/O which may just make it slower. Also
+note that if other software reads the mboxes/maildirs, they may handle the
+extra CRs wrong and cause problems. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean maildir-stat-dirs?
+By default LIST command returns all entries in maildir beginning with a
+dot. Enabling this option makes Dovecot return only entries which are
+directories. This is done by stat()ing each entry, so it causes more disk
+I/O. (For systems setting struct @samp{dirent->d_type} this check is free
+and it's done always regardless of this setting). Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean maildir-copy-with-hardlinks?
+When copying a message, do it with hard links whenever possible. This makes
+the performance much better, and it's unlikely to have any side effects.
+Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean maildir-very-dirty-syncs?
+Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only
+when its mtime changes unexpectedly or when we can't find the mail
+otherwise. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list mbox-read-locks
+Which locking methods to use for locking mbox. There are four available:
+
+@table @code
+@item dotlock
+Create <mailbox>.lock file. This is the oldest and most NFS-safe solution.
+If you want to use /var/mail/ like directory, the users will need write
+access to that directory.
+@item dotlock-try
+Same as dotlock, but if it fails because of permissions or because there
+isn't enough disk space, just skip it.
+@item fcntl
+Use this if possible. Works with NFS too if lockd is used.
+@item flock
+May not exist in all systems. Doesn't work with NFS.
+@item lockf
+May not exist in all systems. Doesn't work with NFS.
+@end table
+
+You can use multiple locking methods; if you do the order they're declared
+in is important to avoid deadlocks if other MTAs/MUAs are using multiple
+locking methods as well. Some operating systems don't allow using some of
+them simultaneously.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list mbox-write-locks
+
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mbox-lock-timeout
+Maximum time to wait for lock (all of them) before aborting. Defaults to
+@samp{"5 mins"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mbox-dotlock-change-timeout
+If dotlock exists but the mailbox isn't modified in any way, override the
+lock file after this much time. Defaults to @samp{"2 mins"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mbox-dirty-syncs?
+When mbox changes unexpectedly we have to fully read it to find out what
+changed. If the mbox is large this can take a long time. Since the change
+is usually just a newly appended mail, it'd be faster to simply read the new
+mails. If this setting is enabled, Dovecot does this but still safely
+fallbacks to re-reading the whole mbox file whenever something in mbox isn't
+how it's expected to be. The only real downside to this setting is that if
+some other MUA changes message flags, Dovecot doesn't notice it
+immediately. Note that a full sync is done with SELECT, EXAMINE, EXPUNGE
+and CHECK commands. Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mbox-very-dirty-syncs?
+Like @samp{mbox-dirty-syncs}, but don't do full syncs even with SELECT,
+EXAMINE, EXPUNGE or CHECK commands. If this is set, @samp{mbox-dirty-syncs}
+is ignored. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mbox-lazy-writes?
+Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK
+commands and when closing the mailbox). This is especially useful for POP3
+where clients often delete all mails. The downside is that our changes
+aren't immediately visible to other MUAs. Defaults to @samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer mbox-min-index-size
+If mbox size is smaller than this (e.g. 100k), don't write index files. If
+an index file already exists it's still read, just not updated. Defaults to
+@samp{0}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer mdbox-rotate-size
+Maximum dbox file size until it's rotated. Defaults to @samp{10000000}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mdbox-rotate-interval
+Maximum dbox file age until it's rotated. Typically in days. Day begins
+from midnight, so 1d = today, 2d = yesterday, etc. 0 = check disabled.
+Defaults to @samp{"1d"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean mdbox-preallocate-space?
+When creating new mdbox files, immediately preallocate their size to
+@samp{mdbox-rotate-size}. This setting currently works only in Linux with
+some file systems (ext4, xfs). Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-attachment-dir
+sdbox and mdbox support saving mail attachments to external files, which
+also allows single instance storage for them. Other backends don't support
+this for now.
+
+WARNING: This feature hasn't been tested much yet. Use at your own risk.
+
+Directory root where to store mail attachments. Disabled, if empty.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer mail-attachment-min-size
+Attachments smaller than this aren't saved externally. It's also possible
+to write a plugin to disable saving specific attachments externally.
+Defaults to @samp{128000}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-attachment-fs
+File system backend to use for saving attachments:
+@table @code
+@item posix
+No SiS done by Dovecot (but this might help FS's own deduplication)
+@item sis posix
+SiS with immediate byte-by-byte comparison during saving
+@item sis-queue posix
+SiS with delayed comparison and deduplication.
+@end table
+Defaults to @samp{"sis posix"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string mail-attachment-hash
+Hash format to use in attachment filenames. You can add any text and
+variables: @code{%@{md4@}}, @code{%@{md5@}}, @code{%@{sha1@}},
+@code{%@{sha256@}}, @code{%@{sha512@}}, @code{%@{size@}}. Variables can be
+truncated, e.g. @code{%@{sha256:80@}} returns only first 80 bits. Defaults
+to @samp{"%@{sha1@}"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer default-process-limit
+
+Defaults to @samp{100}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer default-client-limit
+
+Defaults to @samp{1000}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer default-vsz-limit
+Default VSZ (virtual memory size) limit for service processes. This is
+mainly intended to catch and kill processes that leak memory before they eat
+up everything. Defaults to @samp{256000000}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string default-login-user
+Login user is internally used by login processes. This is the most
+untrusted user in Dovecot system. It shouldn't have access to anything at
+all. Defaults to @samp{"dovenull"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string default-internal-user
+Internal user is used by unprivileged processes. It should be separate from
+login user, so that login processes can't disturb other processes. Defaults
+to @samp{"dovecot"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl?
+SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>. Defaults to
+@samp{"required"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-cert
+PEM encoded X.509 SSL/TLS certificate (public key). Defaults to
+@samp{"</etc/dovecot/default.pem"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-key
+PEM encoded SSL/TLS private key. The key is opened before dropping root
+privileges, so keep the key file unreadable by anyone but root. Defaults to
+@samp{"</etc/dovecot/private/default.pem"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-key-password
+If key file is password protected, give the password here. Alternatively
+give it when starting dovecot with -p parameter. Since this file is often
+world-readable, you may want to place this setting instead to a different.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-ca
+PEM encoded trusted certificate authority. Set this only if you intend to
+use @samp{ssl-verify-client-cert? #t}. The file should contain the CA
+certificate(s) followed by the matching CRL(s). (e.g. @samp{ssl-ca
+</etc/ssl/certs/ca.pem}). Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean ssl-require-crl?
+Require that CRL check succeeds for client certificates. Defaults to
+@samp{#t}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean ssl-verify-client-cert?
+Request client to send a certificate. If you also want to require it, set
+@samp{auth-ssl-require-client-cert? #t} in auth section. Defaults to
+@samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-cert-username-field
+Which field from certificate to use for username. commonName and
+x500UniqueIdentifier are the usual choices. You'll also need to set
+@samp{auth-ssl-username-from-cert? #t}. Defaults to @samp{"commonName"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-min-protocol
+Minimum SSL protocol version to accept. Defaults to @samp{"TLSv1"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-cipher-list
+SSL ciphers to use. Defaults to
+@samp{"ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@@STRENGTH"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string ssl-crypto-device
+SSL crypto device to use, for valid values run "openssl engine". Defaults
+to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string postmaster-address
+Address to use when sending rejection mails. %d expands to recipient
+domain. Defaults to @samp{"postmaster@@%d"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string hostname
+Hostname to use in various parts of sent mails (e.g. in Message-Id) and in
+LMTP replies. Default is the system's real hostname@@domain. Defaults to
+@samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean quota-full-tempfail?
+If user is over quota, return with temporary failure instead of bouncing the
+mail. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} file-name sendmail-path
+Binary to use for sending mails. Defaults to @samp{"/usr/sbin/sendmail"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string submission-host
+If non-empty, send mails via this SMTP host[:port] instead of sendmail.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string rejection-subject
+Subject: header to use for rejection mails. You can use the same variables
+as for @samp{rejection-reason} below. Defaults to @samp{"Rejected: %s"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string rejection-reason
+Human readable error message for rejection mails. You can use variables:
+
+@table @code
+@item %n
+CRLF
+@item %r
+reason
+@item %s
+original subject
+@item %t
+recipient
+@end table
+Defaults to @samp{"Your message to <%t> was automatically rejected:%n%r"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string recipient-delimiter
+Delimiter character between local-part and detail in email address.
+Defaults to @samp{"+"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string lda-original-recipient-header
+Header where the original recipient address (SMTP's RCPT TO: address) is
+taken from if not available elsewhere. With dovecot-lda -a parameter
+overrides this. A commonly used header for this is X-Original-To. Defaults
+to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean lda-mailbox-autocreate?
+Should saving a mail to a nonexistent mailbox automatically create it?.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} boolean lda-mailbox-autosubscribe?
+Should automatically created mailboxes be also automatically subscribed?.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} non-negative-integer imap-max-line-length
+Maximum IMAP command line length. Some clients generate very long command
+lines with huge mailboxes, so you may need to raise this if you get "Too
+long argument" or "IMAP command line too large" errors often. Defaults to
+@samp{64000}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string imap-logout-format
+IMAP logout format string:
+@table @code
+@item %i
+total number of bytes read from client
+@item %o
+total number of bytes sent to client.
+@end table
+See @file{doc/wiki/Variables.txt} for a list of all the variables you can
+use. Defaults to @samp{"in=%i out=%o deleted=%@{deleted@}
+expunged=%@{expunged@} trashed=%@{trashed@} hdr_count=%@{fetch_hdr_count@}
+hdr_bytes=%@{fetch_hdr_bytes@} body_count=%@{fetch_body_count@}
+body_bytes=%@{fetch_body_bytes@}"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string imap-capability
+Override the IMAP CAPABILITY response. If the value begins with '+', add
+the given capabilities on top of the defaults (e.g. +XFOO XBAR). Defaults
+to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string imap-idle-notify-interval
+How long to wait between "OK Still here" notifications when client is
+IDLEing. Defaults to @samp{"2 mins"}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string imap-id-send
+ID field names and values to send to clients. Using * as the value makes
+Dovecot use the default value. The following fields have default values
+currently: name, version, os, os-version, support-url, support-email.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string imap-id-log
+ID fields sent by client to log. * means everything. Defaults to
+@samp{""}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} space-separated-string-list imap-client-workarounds
+Workarounds for various client bugs:
+
+@table @code
+@item delay-newmail
+Send EXISTS/RECENT new mail notifications only when replying to NOOP and
+CHECK commands. Some clients ignore them otherwise, for example OSX Mail
+(<v2.1). Outlook Express breaks more badly though, without this it may show
+user "Message no longer in server" errors. Note that OE6 still breaks even
+with this workaround if synchronization is set to "Headers Only".
+
+@item tb-extra-mailbox-sep
+Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and adds
+extra @samp{/} suffixes to mailbox names. This option causes Dovecot to
+ignore the extra @samp{/} instead of treating it as invalid mailbox name.
+
+@item tb-lsub-flags
+Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). This
+makes Thunderbird realize they aren't selectable and show them greyed out,
+instead of only later giving "not selectable" popup error.
+@end table
+Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{dovecot-configuration} parameter} string imap-urlauth-host
+Host allowed in URLAUTH URLs sent by client. "*" allows all. Defaults to
+@samp{""}.
+@end deftypevr
+
+
+Whew! Lots of configuration options. The nice thing about it though is that
+GuixSD has a complete interface to Dovecot's configuration language. This
+allows not only a nice way to declare configurations, but also offers
+reflective capabilities as well: users can write code to inspect and
+transform configurations from within Scheme.
+
+However, it could be that you just want to get a @code{dovecot.conf} up and
+running. In that case, you can pass an @code{opaque-dovecot-configuration}
+as the @code{#:config} parameter to @code{dovecot-service}. As its name
+indicates, an opaque configuration does not have easy reflective
+capabilities.
+
+Available @code{opaque-dovecot-configuration} fields are:
+
+@deftypevr {@code{opaque-dovecot-configuration} parameter} package dovecot
+The dovecot package.
+@end deftypevr
+
+@deftypevr {@code{opaque-dovecot-configuration} parameter} string string
+The contents of the @code{dovecot.conf}, as a string.
+@end deftypevr
+
+For example, if your @code{dovecot.conf} is just the empty string, you could
+instantiate a dovecot service like this:
+
+@example
+(dovecot-service #:config
+ (opaque-dovecot-configuration
+ (string "")))
+@end example
+
+@subsubheading OpenSMTPD Service
+
+@deffn {Scheme Variable} opensmtpd-service-type
+This is the type of the @uref{https://www.opensmtpd.org, OpenSMTPD} service,
+whose value should be an @code{opensmtpd-configuration} object as in this
+example:
+
+@example
+(service opensmtpd-service-type
+ (opensmtpd-configuration
+ (config-file (local-file "./my-smtpd.conf"))))
+@end example
+@end deffn
+
+@deftp {Data Type} opensmtpd-configuration
+Data type representing the configuration of opensmtpd.
+
+@table @asis
+@item @code{package} (default: @var{opensmtpd})
+Package object of the OpenSMTPD SMTP server.
+
+@item @code{config-file} (default: @var{%default-opensmtpd-file})
+File-like object of the OpenSMTPD configuration file to use. By default it
+listens on the loopback network interface, and allows for mail from users
+and daemons on the local machine, as well as permitting email to remote
+servers. Run @command{man smtpd.conf} for more information.
+
+@end table
+@end deftp
+
+@subsubheading Exim Service
+
+@cindex mail transfer agent (MTA)
+@cindex MTA (mail transfer agent)
+@cindex SMTP
+
+@deffn {Scheme Variable} exim-service-type
+This is the type of the @uref{https://exim.org, Exim} mail transfer agent
+(MTA), whose value should be an @code{exim-configuration} object as in this
+example:
+
+@example
+(service exim-service-type
+ (exim-configuration
+ (config-file (local-file "./my-exim.conf"))))
+@end example
+@end deffn
+
+In order to use an @code{exim-service-type} service you must also have a
+@code{mail-aliases-service-type} service present in your
+@code{operating-system} (even if it has no aliases).
+
+@deftp {Data Type} exim-configuration
+Data type representing the configuration of exim.
+
+@table @asis
+@item @code{package} (default: @var{exim})
+Package object of the Exim server.
+
+@item @code{config-file} (default: @code{#f})
+File-like object of the Exim configuration file to use. If its value is
+@code{#f} then use the default configuration file from the package provided
+in @code{package}. The resulting configuration file is loaded after setting
+the @code{exim_user} and @code{exim_group} configuration variables.
+
+@end table
+@end deftp
+
+@subsubheading Mail Aliases Service
+
+@cindex email aliases
+@cindex aliases, for email addresses
+
+@deffn {Scheme Variable} mail-aliases-service-type
+This is the type of the service which provides @code{/etc/aliases},
+specifying how to deliver mail to users on this system.
+
+@example
+(service mail-aliases-service-type
+ '(("postmaster" "bob")
+ ("bob" "bob@@example.com" "bob@@example2.com")))
+@end example
+@end deffn
+
+The configuration for a @code{mail-aliases-service-type} service is an
+association list denoting how to deliver mail that comes to this
+system. Each entry is of the form @code{(alias addresses ...)}, with
+@code{alias} specifying the local alias and @code{addresses} specifying
+where to deliver this user's mail.
+
+The aliases aren't required to exist as users on the local system. In the
+above example, there doesn't need to be a @code{postmaster} entry in the
+@code{operating-system}'s @code{user-accounts} in order to deliver the
+@code{postmaster} mail to @code{bob} (which subsequently would deliver mail
+to @code{bob@@example.com} and @code{bob@@example2.com}).
+
+@node Messaging Services
+@subsubsection Messaging Services
+
+@cindex messaging
+@cindex jabber
+@cindex XMPP
+The @code{(gnu services messaging)} module provides Guix service definitions
+for messaging services: currently only Prosody is supported.
+
+@subsubheading Prosody Service
+
+@deffn {Scheme Variable} prosody-service-type
+This is the type for the @uref{https://prosody.im, Prosody XMPP
+communication server}. Its value must be a @code{prosody-configuration}
+record as in this example:
+
+@example
+(service prosody-service-type
+ (prosody-configuration
+ (modules-enabled (cons "groups" "mam" %default-modules-enabled))
+ (int-components
+ (list
+ (int-component-configuration
+ (hostname "conference.example.net")
+ (plugin "muc")
+ (mod-muc (mod-muc-configuration)))))
+ (virtualhosts
+ (list
+ (virtualhost-configuration
+ (domain "example.net"))))))
+@end example
+
+See below for details about @code{prosody-configuration}.
+
+@end deffn
+
+By default, Prosody does not need much configuration. Only one
+@code{virtualhosts} field is needed: it specifies the domain you wish
+Prosody to serve.
+
+You can perform various sanity checks on the generated configuration with
+the @code{prosodyctl check} command.
+
+Prosodyctl will also help you to import certificates from the
+@code{letsencrypt} directory so that the @code{prosody} user can access
+them. See @url{https://prosody.im/doc/letsencrypt}.
+
+@example
+prosodyctl --root cert import /etc/letsencrypt/live
+@end example
+
+The available configuration parameters follow. Each parameter definition is
+preceded by its type; for example, @samp{string-list foo} indicates that the
+@code{foo} parameter should be specified as a list of strings. Types
+starting with @code{maybe-} denote parameters that won't show up in
+@code{prosody.cfg.lua} when their value is @code{'disabled}.
+
+There is also a way to specify the configuration as a string, if you have an
+old @code{prosody.cfg.lua} file that you want to port over from some other
+system; see the end for more details.
+
+The @code{file-object} type designates either a file-like object
+(@pxref{G-Expressions, file-like objects}) or a file name.
+
+@c The following documentation was initially generated by
+@c (generate-documentation) in (gnu services messaging). Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed. However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as Prosody updates.
+
+Available @code{prosody-configuration} fields are:
+
+@deftypevr {@code{prosody-configuration} parameter} package prosody
+The Prosody package.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} file-name data-path
+Location of the Prosody data storage directory. See
+@url{https://prosody.im/doc/configure}. Defaults to
+@samp{"/var/lib/prosody"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} file-object-list plugin-paths
+Additional plugin directories. They are searched in all the specified paths
+in order. See @url{https://prosody.im/doc/plugins_directory}. Defaults to
+@samp{()}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} file-name certificates
+Every virtual host and component needs a certificate so that clients and
+servers can securely verify its identity. Prosody will automatically load
+certificates/keys from the directory specified here. Defaults to
+@samp{"/etc/prosody/certs"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string-list admins
+This is a list of accounts that are admins for the server. Note that you
+must create the accounts separately. See
+@url{https://prosody.im/doc/admins} and
+@url{https://prosody.im/doc/creating_accounts}. Example: @code{(admins
+'("user1@@example.com" "user2@@example.net"))} Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} boolean use-libevent?
+Enable use of libevent for better performance under high load. See
+@url{https://prosody.im/doc/libevent}. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} module-list modules-enabled
+This is the list of modules Prosody will load on startup. It looks for
+@code{mod_modulename.lua} in the plugins folder, so make sure that exists
+too. Documentation on modules can be found at:
+@url{https://prosody.im/doc/modules}. Defaults to @samp{("roster"
+"saslauth" "tls" "dialback" "disco" "carbons" "private" "blocklist" "vcard"
+"version" "uptime" "time" "ping" "pep" "register" "admin_adhoc")}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string-list modules-disabled
+@samp{"offline"}, @samp{"c2s"} and @samp{"s2s"} are auto-loaded, but should
+you want to disable them then add them to this list. Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} file-object groups-file
+Path to a text file where the shared groups are defined. If this path is
+empty then @samp{mod_groups} does nothing. See
+@url{https://prosody.im/doc/modules/mod_groups}. Defaults to
+@samp{"/var/lib/prosody/sharedgroups.txt"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} boolean allow-registration?
+Disable account creation by default, for security. See
+@url{https://prosody.im/doc/creating_accounts}. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} maybe-ssl-configuration ssl
+These are the SSL/TLS-related settings. Most of them are disabled so to use
+Prosody's defaults. If you do not completely understand these options, do
+not add them to your config, it is easy to lower the security of your server
+using them. See @url{https://prosody.im/doc/advanced_ssl_config}.
+
+Available @code{ssl-configuration} fields are:
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string protocol
+This determines what handshake to use.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name key
+Path to your private key file.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name certificate
+Path to your certificate file.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} file-object capath
+Path to directory containing root certificates that you wish Prosody to
+trust when verifying the certificates of remote servers. Defaults to
+@samp{"/etc/ssl/certs"}.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-object cafile
+Path to a file containing root certificates that you wish Prosody to trust.
+Similar to @code{capath} but with all certificates concatenated together.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string-list verify
+A list of verification options (these mostly map to OpenSSL's
+@code{set_verify()} flags).
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string-list options
+A list of general options relating to SSL/TLS. These map to OpenSSL's
+@code{set_options()}. For a full list of options available in LuaSec, see
+the LuaSec source.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-non-negative-integer depth
+How long a chain of certificate authorities to check when looking for a
+trusted root certificate.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string ciphers
+An OpenSSL cipher string. This selects what ciphers Prosody will offer to
+clients, and in what order.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-file-name dhparam
+A path to a file containing parameters for Diffie-Hellman key exchange. You
+can create such a file with: @code{openssl dhparam -out
+/etc/prosody/certs/dh-2048.pem 2048}
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string curve
+Curve for Elliptic curve Diffie-Hellman. Prosody's default is
+@samp{"secp384r1"}.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string-list verifyext
+A list of "extra" verification options.
+@end deftypevr
+
+@deftypevr {@code{ssl-configuration} parameter} maybe-string password
+Password for encrypted private keys.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} boolean c2s-require-encryption?
+Whether to force all client-to-server connections to be encrypted or not.
+See @url{https://prosody.im/doc/modules/mod_tls}. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string-list disable-sasl-mechanisms
+Set of mechanisms that will never be offered. See
+@url{https://prosody.im/doc/modules/mod_saslauth}. Defaults to
+@samp{("DIGEST-MD5")}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} boolean s2s-require-encryption?
+Whether to force all server-to-server connections to be encrypted or not.
+See @url{https://prosody.im/doc/modules/mod_tls}. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} boolean s2s-secure-auth?
+Whether to require encryption and certificate authentication. This provides
+ideal security, but requires servers you communicate with to support
+encryption AND present valid, trusted certificates. See
+@url{https://prosody.im/doc/s2s#security}. Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string-list s2s-insecure-domains
+Many servers don't support encryption or have invalid or self-signed
+certificates. You can list domains here that will not be required to
+authenticate using certificates. They will be authenticated using DNS. See
+@url{https://prosody.im/doc/s2s#security}. Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string-list s2s-secure-domains
+Even if you leave @code{s2s-secure-auth?} disabled, you can still require
+valid certificates for some domains by specifying a list here. See
+@url{https://prosody.im/doc/s2s#security}. Defaults to @samp{()}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string authentication
+Select the authentication backend to use. The default provider stores
+passwords in plaintext and uses Prosody's configured data storage to store
+the authentication data. If you do not trust your server please see
+@url{https://prosody.im/doc/modules/mod_auth_internal_hashed} for
+information about using the hashed backend. See also
+@url{https://prosody.im/doc/authentication} Defaults to
+@samp{"internal_plain"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} maybe-string log
+Set logging options. Advanced logging configuration is not yet supported by
+the GuixSD Prosody Service. See @url{https://prosody.im/doc/logging}.
+Defaults to @samp{"*syslog"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} file-name pidfile
+File to write pid in. See @url{https://prosody.im/doc/modules/mod_posix}.
+Defaults to @samp{"/var/run/prosody/prosody.pid"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} maybe-non-negative-integer http-max-content-size
+Maximum allowed size of the HTTP body (in bytes).
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} maybe-string http-external-url
+Some modules expose their own URL in various ways. This URL is built from
+the protocol, host and port used. If Prosody sits behind a proxy, the
+public URL will be @code{http-external-url} instead. See
+@url{https://prosody.im/doc/http#external_url}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} virtualhost-configuration-list virtualhosts
+A host in Prosody is a domain on which user accounts can be created. For
+example if you want your users to have addresses like
+@samp{"john.smith@@example.com"} then you need to add a host
+@samp{"example.com"}. All options in this list will apply only to this
+host.
+
+Note: the name "virtual" host is used in configuration to avoid confusion
+with the actual physical host that Prosody is installed on. A single
+Prosody instance can serve many domains, each one defined as a VirtualHost
+entry in Prosody's configuration. Conversely a server that hosts a single
+domain would have just one VirtualHost entry.
+
+See @url{https://prosody.im/doc/configure#virtual_host_settings}.
+
+Available @code{virtualhost-configuration} fields are:
+
+all these @code{prosody-configuration} fields: @code{admins},
+@code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled},
+@code{groups-file}, @code{allow-registration?}, @code{ssl},
+@code{c2s-require-encryption?}, @code{disable-sasl-mechanisms},
+@code{s2s-require-encryption?}, @code{s2s-secure-auth?},
+@code{s2s-insecure-domains}, @code{s2s-secure-domains},
+@code{authentication}, @code{log}, @code{http-max-content-size},
+@code{http-external-url}, @code{raw-content}, plus:
+@deftypevr {@code{virtualhost-configuration} parameter} string domain
+Domain you wish Prosody to serve.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} int-component-configuration-list int-components
+Components are extra services on a server which are available to clients,
+usually on a subdomain of the main server (such as
+@samp{"mycomponent.example.com"}). Example components might be chatroom
+servers, user directories, or gateways to other protocols.
+
+Internal components are implemented with Prosody-specific plugins. To add
+an internal component, you simply fill the hostname field, and the plugin
+you wish to use for the component.
+
+See @url{https://prosody.im/doc/components}. Defaults to @samp{()}.
+
+Available @code{int-component-configuration} fields are:
+
+all these @code{prosody-configuration} fields: @code{admins},
+@code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled},
+@code{groups-file}, @code{allow-registration?}, @code{ssl},
+@code{c2s-require-encryption?}, @code{disable-sasl-mechanisms},
+@code{s2s-require-encryption?}, @code{s2s-secure-auth?},
+@code{s2s-insecure-domains}, @code{s2s-secure-domains},
+@code{authentication}, @code{log}, @code{http-max-content-size},
+@code{http-external-url}, @code{raw-content}, plus:
+@deftypevr {@code{int-component-configuration} parameter} string hostname
+Hostname of the component.
+@end deftypevr
+
+@deftypevr {@code{int-component-configuration} parameter} string plugin
+Plugin you wish to use for the component.
+@end deftypevr
+
+@deftypevr {@code{int-component-configuration} parameter} maybe-mod-muc-configuration mod-muc
+Multi-user chat (MUC) is Prosody's module for allowing you to create hosted
+chatrooms/conferences for XMPP users.
+
+General information on setting up and using multi-user chatrooms can be
+found in the "Chatrooms" documentation
+(@url{https://prosody.im/doc/chatrooms}), which you should read if you are
+new to XMPP chatrooms.
+
+See also @url{https://prosody.im/doc/modules/mod_muc}.
+
+Available @code{mod-muc-configuration} fields are:
+
+@deftypevr {@code{mod-muc-configuration} parameter} string name
+The name to return in service discovery responses. Defaults to
+@samp{"Prosody Chatrooms"}.
+@end deftypevr
+
+@deftypevr {@code{mod-muc-configuration} parameter} string-or-boolean restrict-room-creation
+If @samp{#t}, this will only allow admins to create new chatrooms.
+Otherwise anyone can create a room. The value @samp{"local"} restricts room
+creation to users on the service's parent domain.
+E.g. @samp{user@@example.com} can create rooms on @samp{rooms.example.com}.
+The value @samp{"admin"} restricts to service administrators only. Defaults
+to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{mod-muc-configuration} parameter} non-negative-integer max-history-messages
+Maximum number of history messages that will be sent to the member that has
+just joined the room. Defaults to @samp{20}.
+@end deftypevr
+
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} ext-component-configuration-list ext-components
+External components use XEP-0114, which most standalone components support.
+To add an external component, you simply fill the hostname field. See
+@url{https://prosody.im/doc/components}. Defaults to @samp{()}.
+
+Available @code{ext-component-configuration} fields are:
+
+all these @code{prosody-configuration} fields: @code{admins},
+@code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled},
+@code{groups-file}, @code{allow-registration?}, @code{ssl},
+@code{c2s-require-encryption?}, @code{disable-sasl-mechanisms},
+@code{s2s-require-encryption?}, @code{s2s-secure-auth?},
+@code{s2s-insecure-domains}, @code{s2s-secure-domains},
+@code{authentication}, @code{log}, @code{http-max-content-size},
+@code{http-external-url}, @code{raw-content}, plus:
+@deftypevr {@code{ext-component-configuration} parameter} string component-secret
+Password which the component will use to log in.
+@end deftypevr
+
+@deftypevr {@code{ext-component-configuration} parameter} string hostname
+Hostname of the component.
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} non-negative-integer-list component-ports
+Port(s) Prosody listens on for component connections. Defaults to
+@samp{(5347)}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} string component-interface
+Interface Prosody listens on for component connections. Defaults to
+@samp{"127.0.0.1"}.
+@end deftypevr
+
+@deftypevr {@code{prosody-configuration} parameter} maybe-raw-content raw-content
+Raw content that will be added to the configuration file.
+@end deftypevr
+
+It could be that you just want to get a @code{prosody.cfg.lua} up and
+running. In that case, you can pass an @code{opaque-prosody-configuration}
+record as the value of @code{prosody-service-type}. As its name indicates,
+an opaque configuration does not have easy reflective capabilities.
+Available @code{opaque-prosody-configuration} fields are:
+
+@deftypevr {@code{opaque-prosody-configuration} parameter} package prosody
+The prosody package.
+@end deftypevr
+
+@deftypevr {@code{opaque-prosody-configuration} parameter} string prosody.cfg.lua
+The contents of the @code{prosody.cfg.lua} to use.
+@end deftypevr
+
+For example, if your @code{prosody.cfg.lua} is just the empty string, you
+could instantiate a prosody service like this:
+
+@example
+(service prosody-service-type
+ (opaque-prosody-configuration
+ (prosody.cfg.lua "")))
+@end example
+
+@c end of Prosody auto-generated documentation
+
+@subsubheading BitlBee Service
+
+@cindex IRC (Internet Relay Chat)
+@cindex IRC gateway
+@url{http://bitlbee.org,BitlBee} is a gateway that provides an IRC interface
+to a variety of messaging protocols such as XMPP.
+
+@defvr {Scheme Variable} bitlbee-service-type
+This is the service type for the @url{http://bitlbee.org,BitlBee} IRC
+gateway daemon. Its value is a @code{bitlbee-configuration} (see below).
+
+To have BitlBee listen on port 6667 on localhost, add this line to your
+services:
+
+@example
+(service bitlbee-service-type)
+@end example
+@end defvr
+
+@deftp {Data Type} bitlbee-configuration
+This is the configuration for BitlBee, with the following fields:
+
+@table @asis
+@item @code{interface} (default: @code{"127.0.0.1"})
+@itemx @code{port} (default: @code{6667})
+Listen on the network interface corresponding to the IP address specified in
+@var{interface}, on @var{port}.
+
+When @var{interface} is @code{127.0.0.1}, only local clients can connect;
+when it is @code{0.0.0.0}, connections can come from any networking
+interface.
+
+@item @code{package} (default: @code{bitlbee})
+The BitlBee package to use.
+
+@item @code{extra-settings} (default: @code{""})
+Configuration snippet added as-is to the BitlBee configuration file.
+@end table
+@end deftp
+
+
+@node Telephony Services
+@subsubsection Telephony Services
+
+@cindex Murmur (VoIP server)
+@cindex VoIP server
+This section describes how to set up and run a Murmur server. Murmur is the
+server of the @uref{https://mumble.info, Mumble} voice-over-IP (VoIP) suite.
+
+@deftp {Data Type} murmur-configuration
+The service type for the Murmur server. An example configuration can look
+like this:
+
+@example
+(service murmur-service-type
+ (murmur-configuration
+ (welcome-text
+ "Welcome to this Mumble server running on GuixSD!")
+ (cert-required? #t) ;disallow text password logins
+ (ssl-cert "/etc/letsencrypt/live/mumble.example.com/fullchain.pem")
+ (ssl-key "/etc/letsencrypt/live/mumble.example.com/privkey.pem")))
+@end example
+
+After reconfiguring your system, you can manually set the murmur
+@code{SuperUser} password with the command that is printed during the
+activation phase.
+
+It is recommended to register a normal Mumble user account and grant it
+admin or moderator rights. You can use the @code{mumble} client to login as
+new normal user, register yourself, and log out. For the next step login
+with the name @code{SuperUser} use the @code{SuperUser} password that you
+set previously, and grant your newly registered mumble user administrator or
+moderator rights and create some channels.
+
+Available @code{murmur-configuration} fields are:
+
+@table @asis
+@item @code{package} (default: @code{mumble})
+Package that contains @code{bin/murmurd}.
+
+@item @code{user} (default: @code{"murmur"})
+User who will run the Murmur server.
+
+@item @code{group} (default: @code{"murmur"})
+Group of the user who will run the murmur server.
+
+@item @code{port} (default: @code{64738})
+Port on which the server will listen.
+
+@item @code{welcome-text} (default: @code{""})
+Welcome text sent to clients when they connect.
+
+@item @code{server-password} (default: @code{""})
+Password the clients have to enter in order to connect.
+
+@item @code{max-users} (default: @code{100})
+Maximum of users that can be connected to the server at once.
+
+@item @code{max-user-bandwidth} (default: @code{#f})
+Maximum voice traffic a user can send per second.
+
+@item @code{database-file} (default: @code{"/var/lib/murmur/db.sqlite"})
+File name of the sqlite database. The service's user will become the owner
+of the directory.
+
+@item @code{log-file} (default: @code{"/var/log/murmur/murmur.log"})
+File name of the log file. The service's user will become the owner of the
+directory.
+
+@item @code{autoban-attempts} (default: @code{10})
+Maximum number of logins a user can make in @code{autoban-timeframe} without
+getting auto banned for @code{autoban-time}.
+
+@item @code{autoban-timeframe} (default: @code{120})
+Timeframe for autoban in seconds.
+
+@item @code{autoban-time} (default: @code{300})
+Amount of time in seconds for which a client gets banned when violating the
+autoban limits.
+
+@item @code{opus-threshold} (default: @code{100})
+Percentage of clients that need to support opus before switching over to
+opus audio codec.
+
+@item @code{channel-nesting-limit} (default: @code{10})
+How deep channels can be nested at maximum.
+
+@item @code{channelname-regex} (default: @code{#f})
+A string in from of a Qt regular expression that channel names must conform
+to.
+
+@item @code{username-regex} (default: @code{#f})
+A string in from of a Qt regular expression that user names must conform to.
+
+@item @code{text-message-length} (default: @code{5000})
+Maximum size in bytes that a user can send in one text chat message.
+
+@item @code{image-message-length} (default: @code{(* 128 1024)})
+Maximum size in bytes that a user can send in one image message.
+
+@item @code{cert-required?} (default: @code{#f})
+If it is set to @code{#t} clients that use weak password authentification
+will not be accepted. Users must have completed the certificate wizard to
+join.
+
+@item @code{remember-channel?} (defualt @code{#f})
+Should murmur remember the last channel each user was in when they
+disconnected and put them into the remembered channel when they rejoin.
+
+@item @code{allow-html?} (default: @code{#f})
+Should html be allowed in text messages, user comments, and channel
+descriptions.
+
+@item @code{allow-ping?} (default: @code{#f})
+Setting to true exposes the current user count, the maximum user count, and
+the server's maximum bandwidth per client to unauthenticated users. In the
+Mumble client, this information is shown in the Connect dialog.
+
+Disabling this setting will prevent public listing of the server.
+
+@item @code{bonjour?} (default: @code{#f})
+Should the server advertise itself in the local network through the bonjour
+protocol.
+
+@item @code{send-version?} (default: @code{#f})
+Should the murmur server version be exposed in ping requests.
+
+@item @code{log-days} (default: @code{31})
+Murmur also stores logs in the database, which are accessible via RPC. The
+default is 31 days of months, but you can set this setting to 0 to keep logs
+forever, or -1 to disable logging to the database.
+
+@item @code{obfuscate-ips?} (default @code{#t})
+Should logged ips be obfuscated to protect the privacy of users.
+
+@item @code{ssl-cert} (default: @code{#f})
+File name of the SSL/TLS certificate used for encrypted connections.
+
+@example
+(ssl-cert "/etc/letsencrypt/live/example.com/fullchain.pem")
+@end example
+@item @code{ssl-key} (default: @code{#f})
+Filepath to the ssl private key used for encrypted connections.
+@example
+(ssl-key "/etc/letsencrypt/live/example.com/privkey.pem")
+@end example
+
+@item @code{ssl-dh-params} (default: @code{#f})
+File name of a PEM-encoded file with Diffie-Hellman parameters for the
+SSL/TLS encryption. Alternatively you set it to @code{"@@ffdhe2048"},
+@code{"@@ffdhe3072"}, @code{"@@ffdhe4096"}, @code{"@@ffdhe6144"} or
+@code{"@@ffdhe8192"} to use bundled parameters from RFC 7919.
+
+@item @code{ssl-ciphers} (default: @code{#f})
+The @code{ssl-ciphers} option chooses the cipher suites to make available
+for use in SSL/TLS.
+
+This option is specified using
+@uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT,
+OpenSSL cipher list notation}.
+
+It is recommended that you try your cipher string using 'openssl ciphers
+<string>' before setting it here, to get a feel for which cipher suites you
+will get. After setting this option, it is recommend that you inspect your
+Murmur log to ensure that Murmur is using the cipher suites that you
+expected it to.
+
+Note: Changing this option may impact the backwards compatibility of your
+Murmur server, and can remove the ability for older Mumble clients to be
+able to connect to it.
+
+@item @code{public-registration} (default: @code{#f})
+Must be a @code{<murmur-public-registration-configuration>} record or
+@code{#f}.
+
+You can optionally register your server in the public server list that the
+@code{mumble} client shows on startup. You cannot register your server if
+you have set a @code{server-password}, or set @code{allow-ping} to
+@code{#f}.
+
+It might take a few hours until it shows up in the public list.
+
+@item @code{file} (default: @code{#f})
+Optional alternative override for this configuration.
+@end table
+@end deftp
+
+@deftp {Data Type} murmur-public-registration-configuration
+Configuration for public registration of a murmur service.
+
+@table @asis
+@item @code{name}
+This is a display name for your server. Not to be confused with the
+hostname.
+
+@item @code{password}
+A password to identify your registration. Subsequent updates will need the
+same password. Don't lose your password.
+
+@item @code{url}
+This should be a @code{http://} or @code{https://} link to your web site.
+
+@item @code{hostname} (default: @code{#f})
+By default your server will be listed by its IP address. If it is set your
+server will be linked by this host name instead.
+@end table
+@end deftp
+
+
+
+@node Monitoring Services
+@subsubsection Monitoring Services
+
+@subsubheading Tailon Service
+
+@uref{https://tailon.readthedocs.io/, Tailon} is a web application for
+viewing and searching log files.
+
+The following example will configure the service with default values. By
+default, Tailon can be accessed on port 8080 (@code{http://localhost:8080}).
+
+@example
+(service tailon-service-type)
+@end example
+
+The following example customises more of the Tailon configuration, adding
+@command{sed} to the list of allowed commands.
+
+@example
+(service tailon-service-type
+ (tailon-configuration
+ (config-file
+ (tailon-configuration-file
+ (allowed-commands '("tail" "grep" "awk" "sed"))))))
+@end example
+
+
+@deftp {Data Type} tailon-configuration
+Data type representing the configuration of Tailon. This type has the
+following parameters:
+
+@table @asis
+@item @code{config-file} (default: @code{(tailon-configuration-file)})
+The configuration file to use for Tailon. This can be set to a
+@dfn{tailon-configuration-file} record value, or any gexp
+(@pxref{G-Expressions}).
+
+For example, to instead use a local file, the @code{local-file} function can
+be used:
+
+@example
+(service tailon-service-type
+ (tailon-configuration
+ (config-file (local-file "./my-tailon.conf"))))
+@end example
+
+@item @code{package} (default: @code{tailon})
+The tailon package to use.
+
+@end table
+@end deftp
+
+@deftp {Data Type} tailon-configuration-file
+Data type representing the configuration options for Tailon. This type has
+the following parameters:
+
+@table @asis
+@item @code{files} (default: @code{(list "/var/log")})
+List of files to display. The list can include strings for a single file or
+directory, or a list, where the first item is the name of a subsection, and
+the remaining items are the files or directories in that subsection.
+
+@item @code{bind} (default: @code{"localhost:8080"})
+Address and port to which Tailon should bind on.
+
+@item @code{relative-root} (default: @code{#f})
+URL path to use for Tailon, set to @code{#f} to not use a path.
+
+@item @code{allow-transfers?} (default: @code{#t})
+Allow downloading the log files in the web interface.
+
+@item @code{follow-names?} (default: @code{#t})
+Allow tailing of not-yet existent files.
+
+@item @code{tail-lines} (default: @code{200})
+Number of lines to read initially from each file.
+
+@item @code{allowed-commands} (default: @code{(list "tail" "grep" "awk")})
+Commands to allow running. By default, @code{sed} is disabled.
+
+@item @code{debug?} (default: @code{#f})
+Set @code{debug?} to @code{#t} to show debug messages.
+
+@item @code{wrap-lines} (default: @code{#t})
+Initial line wrapping state in the web interface. Set to @code{#t} to
+initially wrap lines (the default), or to @code{#f} to initially not wrap
+lines.
+
+@item @code{http-auth} (default: @code{#f})
+HTTP authentication type to use. Set to @code{#f} to disable authentication
+(the default). Supported values are @code{"digest"} or @code{"basic"}.
+
+@item @code{users} (default: @code{#f})
+If HTTP authentication is enabled (see @code{http-auth}), access will be
+restricted to the credentials provided here. To configure users, use a list
+of pairs, where the first element of the pair is the username, and the 2nd
+element of the pair is the password.
+
+@example
+(tailon-configuration-file
+ (http-auth "basic")
+ (users '(("user1" . "password1")
+ ("user2" . "password2"))))
+@end example
+
+@end table
+@end deftp
+
+
+@subsubheading Darkstat Service
+@cindex darkstat
+Darkstat is a packet sniffer that captures network traffic, calculates
+statistics about usage, and serves reports over HTTP.
+
+@defvar {Scheme Variable} darkstat-service-type
+This is the service type for the @uref{https://unix4lyfe.org/darkstat/,
+darkstat} service, its value must be a @code{darkstat-configuration} record
+as in this example:
+
+@example
+(service darkstat-service-type
+ (darkstat-configuration
+ (interface "eno1")))
+@end example
+@end defvar
+
+@deftp {Data Type} darkstat-configuration
+Data type representing the configuration of @command{darkstat}.
+
+@table @asis
+@item @code{package} (default: @code{darkstat})
+The darkstat package to use.
+
+@item @code{interface}
+Capture traffic on the specified network interface.
+
+@item @code{port} (default: @code{"667"})
+Bind the web interface to the specified port.
+
+@item @code{bind-address} (default: @code{"127.0.0.1"})
+Bind the web interface to the specified address.
+
+@item @code{base} (default: @code{"/"})
+Specify the path of the base URL. This can be useful if @command{darkstat}
+is accessed via a reverse proxy.
+
+@end table
+@end deftp
+
+
+@node Kerberos Services
+@subsubsection Kerberos Services
+@cindex Kerberos
+
+The @code{(gnu services kerberos)} module provides services relating to the
+authentication protocol @dfn{Kerberos}.
+
+@subsubheading Krb5 Service
+
+Programs using a Kerberos client library normally expect a configuration
+file in @file{/etc/krb5.conf}. This service generates such a file from a
+definition provided in the operating system declaration. It does not cause
+any daemon to be started.
+
+No ``keytab'' files are provided by this service---you must explicitly
+create them. This service is known to work with the MIT client library,
+@code{mit-krb5}. Other implementations have not been tested.
+
+@defvr {Scheme Variable} krb5-service-type
+A service type for Kerberos 5 clients.
+@end defvr
+
+@noindent
+Here is an example of its use:
+@lisp
+(service krb5-service-type
+ (krb5-configuration
+ (default-realm "EXAMPLE.COM")
+ (allow-weak-crypto? #t)
+ (realms (list
+ (krb5-realm
+ (name "EXAMPLE.COM")
+ (admin-server "groucho.example.com")
+ (kdc "karl.example.com"))
+ (krb5-realm
+ (name "ARGRX.EDU")
+ (admin-server "kerb-admin.argrx.edu")
+ (kdc "keys.argrx.edu"))))))
+@end lisp
+
+@noindent
+This example provides a Kerberos@tie{}5 client configuration which:
+@itemize
+@item Recognizes two realms, @i{viz:} ``EXAMPLE.COM'' and ``ARGRX.EDU'', both
+of which have distinct administration servers and key distribution centers;
+@item Will default to the realm ``EXAMPLE.COM'' if the realm is not explicitly
+specified by clients;
+@item Accepts services which only support encryption types known to be weak.
+@end itemize
+
+The @code{krb5-realm} and @code{krb5-configuration} types have many fields.
+Only the most commonly used ones are described here. For a full list, and
+more detailed explanation of each, see the MIT
+@uref{http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html,,krb5.conf}
+documentation.
+
+
+@deftp {Data Type} krb5-realm
+@cindex realm, kerberos
+@table @asis
+@item @code{name}
+This field is a string identifying the name of the realm. A common
+convention is to use the fully qualified DNS name of your organization,
+converted to upper case.
+
+@item @code{admin-server}
+This field is a string identifying the host where the administration server
+is running.
+
+@item @code{kdc}
+This field is a string identifying the key distribution center for the
+realm.
+@end table
+@end deftp
+
+@deftp {Data Type} krb5-configuration
+
+@table @asis
+@item @code{allow-weak-crypto?} (default: @code{#f})
+If this flag is @code{#t} then services which only offer encryption
+algorithms known to be weak will be accepted.
+
+@item @code{default-realm} (default: @code{#f})
+This field should be a string identifying the default Kerberos realm for the
+client. You should set this field to the name of your Kerberos realm. If
+this value is @code{#f} then a realm must be specified with every Kerberos
+principal when invoking programs such as @command{kinit}.
+
+@item @code{realms}
+This should be a non-empty list of @code{krb5-realm} objects, which clients
+may access. Normally, one of them will have a @code{name} field matching
+the @code{default-realm} field.
+@end table
+@end deftp
+
+
+@subsubheading PAM krb5 Service
+@cindex pam-krb5
+
+The @code{pam-krb5} service allows for login authentication and password
+management via Kerberos. You will need this service if you want PAM enabled
+applications to authenticate users using Kerberos.
+
+@defvr {Scheme Variable} pam-krb5-service-type
+A service type for the Kerberos 5 PAM module.
+@end defvr
+
+@deftp {Data Type} pam-krb5-configuration
+Data type representing the configuration of the Kerberos 5 PAM module This
+type has the following parameters:
+@table @asis
+@item @code{pam-krb5} (default: @code{pam-krb5})
+The pam-krb5 package to use.
+
+@item @code{minimum-uid} (default: @code{1000})
+The smallest user ID for which Kerberos authentications should be
+attempted. Local accounts with lower values will silently fail to
+authenticate.
+@end table
+@end deftp
+
+
+@node Web Services
+@subsubsection Web Services
+
+@cindex web
+@cindex www
+@cindex HTTP
+The @code{(gnu services web)} module provides the Apache HTTP Server, the
+nginx web server, and also a fastcgi wrapper daemon.
+
+@subsubheading Apache HTTP Server
+
+@deffn {Scheme Variable} httpd-service-type
+Service type for the @uref{https://httpd.apache.org/,Apache HTTP} server
+(@dfn{httpd}). The value for this service type is a
+@code{https-configuration} record.
+
+A simple example configuration is given below.
+
+@example
+(service httpd-service-type
+ (httpd-configuration
+ (config
+ (httpd-config-file
+ (server-name "www.example.com")
+ (document-root "/srv/http/www.example.com")))))
+@end example
+
+Other services can also extend the @code{httpd-service-type} to add to the
+configuration.
+
+@example
+(simple-service 'my-extra-server httpd-service-type
+ (list
+ (httpd-virtualhost
+ "*:80"
+ (list (string-append
+ "ServerName "www.example.com
+ DocumentRoot \"/srv/http/www.example.com\"")))))
+@end example
+@end deffn
+
+The details for the @code{httpd-configuration}, @code{httpd-module},
+@code{httpd-config-file} and @code{httpd-virtualhost} record types are given
+below.
+
+@deffn {Data Type} httpd-configuration
+This data type represents the configuration for the httpd service.
+
+@table @asis
+@item @code{package} (default: @code{httpd})
+The httpd package to use.
+
+@item @code{pid-file} (default: @code{"/var/run/httpd"})
+The pid file used by the shepherd-service.
+
+@item @code{config} (default: @code{(httpd-config-file)})
+The configuration file to use with the httpd service. The default value is a
+@code{httpd-config-file} record, but this can also be a different
+G-expression that generates a file, for example a @code{plain-file}. A file
+outside of the store can also be specified through a string.
+
+@end table
+@end deffn
+
+@deffn {Data Type} httpd-module
+This data type represents a module for the httpd service.
+
+@table @asis
+@item @code{name}
+The name of the module.
+
+@item @code{file}
+The file for the module. This can be relative to the httpd package being
+used, the absolute location of a file, or a G-expression for a file within
+the store, for example @code{(file-append mod-wsgi "/modules/mod_wsgi.so")}.
+
+@end table
+@end deffn
+
+@deffn {Data Type} httpd-config-file
+This data type represents a configuration file for the httpd service.
+
+@table @asis
+@item @code{modules} (default: @code{%default-httpd-modules})
+The modules to load. Additional modules can be added here, or loaded by
+additional configuration.
+
+@item @code{server-root} (default: @code{httpd})
+The @code{ServerRoot} in the configuration file, defaults to the httpd
+package. Directives including @code{Include} and @code{LoadModule} are taken
+as relative to the server root.
+
+@item @code{server-name} (default: @code{#f})
+The @code{ServerName} in the configuration file, used to specify the request
+scheme, hostname and port that the server uses to identify itself.
+
+This doesn't need to be set in the server config, and can be specifyed in
+virtual hosts. The default is @code{#f} to not specify a @code{ServerName}.
+
+@item @code{document-root} (default: @code{"/srv/http"})
+The @code{DocumentRoot} from which files will be served.
+
+@item @code{listen} (default: @code{'("80")})
+The list of values for the @code{Listen} directives in the config file. The
+value should be a list of strings, when each string can specify the port
+number to listen on, and optionally the IP address and protocol to use.
+
+@item @code{pid-file} (default: @code{"/var/run/httpd"})
+The @code{PidFile} to use. This should match the @code{pid-file} set in the
+@code{httpd-configuration} so that the Shepherd service is configured
+correctly.
+
+@item @code{error-log} (default: @code{"/var/log/httpd/error_log"})
+The @code{ErrorLog} to which the server will log errors.
+
+@item @code{user} (default: @code{"httpd"})
+The @code{User} which the server will answer requests as.
+
+@item @code{group} (default: @code{"httpd"})
+The @code{Group} which the server will answer requests as.
+
+@item @code{extra-config} (default: @code{(list "TypesConfig etc/httpd/mime.types")})
+A flat list of strings and G-expressions which will be added to the end of
+the configuration file.
+
+Any values which the service is extended with will be appended to this list.
+
+@end table
+@end deffn
+
+@deffn {Data Type} httpd-virtualhost
+This data type represents a virtualhost configuration block for the httpd
+service.
+
+These should be added to the extra-config for the httpd-service.
+
+@example
+(simple-service 'my-extra-server httpd-service-type
+ (list
+ (httpd-virtualhost
+ "*:80"
+ (list (string-append
+ "ServerName "www.example.com
+ DocumentRoot \"/srv/http/www.example.com\"")))))
+@end example
+
+@table @asis
+@item @code{addresses-and-ports}
+The addresses and ports for the @code{VirtualHost} directive.
+
+@item @code{contents}
+The contents of the @code{VirtualHost} directive, this should be a list of
+strings and G-expressions.
+
+@end table
+@end deffn
+
+@subsubheading NGINX
+
+@deffn {Scheme Variable} nginx-service-type
+Service type for the @uref{https://nginx.org/,NGinx} web server. The value
+for this service type is a @code{<nginx-configuration>} record.
+
+A simple example configuration is given below.
+
+@example
+(service nginx-service-type
+ (nginx-configuration
+ (server-blocks
+ (list (nginx-server-configuration
+ (server-name '("www.example.com"))
+ (root "/srv/http/www.example.com"))))))
+@end example
+
+In addition to adding server blocks to the service configuration directly,
+this service can be extended by other services to add server blocks, as in
+this example:
+
+@example
+(simple-service 'my-extra-server nginx-service-type
+ (list (nginx-server-configuration
+ (root "/srv/http/extra-website")
+ (try-files (list "$uri" "$uri/index.html")))))
+@end example
+@end deffn
+
+At startup, @command{nginx} has not yet read its configuration file, so it
+uses a default file to log error messages. If it fails to load its
+configuration file, that is where error messages are logged. After the
+configuration file is loaded, the default error log file changes as per
+configuration. In our case, startup error messages can be found in
+@file{/var/run/nginx/logs/error.log}, and after configuration in
+@file{/var/log/nginx/error.log}. The second location can be changed with
+the @var{log-directory} configuration option.
+
+@deffn {Data Type} nginx-configuration
+This data type represents the configuration for NGinx. Some configuration
+can be done through this and the other provided record types, or
+alternatively, a config file can be provided.
+
+@table @asis
+@item @code{nginx} (default: @code{nginx})
+The nginx package to use.
+
+@item @code{log-directory} (default: @code{"/var/log/nginx"})
+The directory to which NGinx will write log files.
+
+@item @code{run-directory} (default: @code{"/var/run/nginx"})
+The directory in which NGinx will create a pid file, and write temporary
+files.
+
+@item @code{server-blocks} (default: @code{'()})
+A list of @dfn{server blocks} to create in the generated configuration file,
+the elements should be of type @code{<nginx-server-configuration>}.
+
+The following example would setup NGinx to serve @code{www.example.com} from
+the @code{/srv/http/www.example.com} directory, without using HTTPS.
+@example
+(service nginx-service-type
+ (nginx-configuration
+ (server-blocks
+ (list (nginx-server-configuration
+ (server-name '("www.example.com"))
+ (root "/srv/http/www.example.com"))))))
+@end example
+
+@item @code{upstream-blocks} (default: @code{'()})
+A list of @dfn{upstream blocks} to create in the generated configuration
+file, the elements should be of type @code{<nginx-upstream-configuration>}.
+
+Configuring upstreams through the @code{upstream-blocks} can be useful when
+combined with @code{locations} in the @code{<nginx-server-configuration>}
+records. The following example creates a server configuration with one
+location configuration, that will proxy requests to a upstream
+configuration, which will handle requests with two servers.
+
+@example
+(service
+ nginx-service-type
+ (nginx-configuration
+ (server-blocks
+ (list (nginx-server-configuration
+ (server-name '("www.example.com"))
+ (root "/srv/http/www.example.com")
+ (locations
+ (list
+ (nginx-location-configuration
+ (uri "/path1")
+ (body '("proxy_pass http://server-proxy;"))))))))
+ (upstream-blocks
+ (list (nginx-upstream-configuration
+ (name "server-proxy")
+ (servers (list "server1.example.com"
+ "server2.example.com")))))))
+@end example
+
+@item @code{file} (default: @code{#f})
+If a configuration @var{file} is provided, this will be used, rather than
+generating a configuration file from the provided @code{log-directory},
+@code{run-directory}, @code{server-blocks} and @code{upstream-blocks}. For
+proper operation, these arguments should match what is in @var{file} to
+ensure that the directories are created when the service is activated.
+
+This can be useful if you have an existing configuration file, or it's not
+possible to do what is required through the other parts of the
+nginx-configuration record.
+
+@item @code{server-names-hash-bucket-size} (default: @code{#f})
+Bucket size for the server names hash tables, defaults to @code{#f} to use
+the size of the processors cache line.
+
+@item @code{server-names-hash-bucket-max-size} (default: @code{#f})
+Maximum bucket size for the server names hash tables.
+
+@end table
+@end deffn
+
+@deftp {Data Type} nginx-server-configuration
+Data type representing the configuration of an nginx server block. This
+type has the following parameters:
+
+@table @asis
+@item @code{listen} (default: @code{'("80" "443 ssl")})
+Each @code{listen} directive sets the address and port for IP, or the path
+for a UNIX-domain socket on which the server will accept requests. Both
+address and port, or only address or only port can be specified. An address
+may also be a hostname, for example:
+
+@example
+'("127.0.0.1:8000" "127.0.0.1" "8000" "*:8000" "localhost:8000")
+@end example
+
+@item @code{server-name} (default: @code{(list 'default)})
+A list of server names this server represents. @code{'default} represents
+the default server for connections matching no other server.
+
+@item @code{root} (default: @code{"/srv/http"})
+Root of the website nginx will serve.
+
+@item @code{locations} (default: @code{'()})
+A list of @dfn{nginx-location-configuration} or
+@dfn{nginx-named-location-configuration} records to use within this server
+block.
+
+@item @code{index} (default: @code{(list "index.html")})
+Index files to look for when clients ask for a directory. If it cannot be
+found, Nginx will send the list of files in the directory.
+
+@item @code{try-files} (default: @code{'()})
+A list of files whose existence is checked in the specified order.
+@code{nginx} will use the first file it finds to process the request.
+
+@item @code{ssl-certificate} (default: @code{#f})
+Where to find the certificate for secure connections. Set it to @code{#f}
+if you don't have a certificate or you don't want to use HTTPS.
+
+@item @code{ssl-certificate-key} (default: @code{#f})
+Where to find the private key for secure connections. Set it to @code{#f}
+if you don't have a key or you don't want to use HTTPS.
+
+@item @code{server-tokens?} (default: @code{#f})
+Whether the server should add its configuration to response.
+
+@item @code{raw-content} (default: @code{'()})
+A list of raw lines added to the server block.
+
+@end table
+@end deftp
+
+@deftp {Data Type} nginx-upstream-configuration
+Data type representing the configuration of an nginx @code{upstream} block.
+This type has the following parameters:
+
+@table @asis
+@item @code{name}
+Name for this group of servers.
+
+@item @code{servers}
+Specify the addresses of the servers in the group. The address can be
+specified as a IP address (e.g. @samp{127.0.0.1}), domain name
+(e.g. @samp{backend1.example.com}) or a path to a UNIX socket using the
+prefix @samp{unix:}. For addresses using an IP address or domain name, the
+default port is 80, and a different port can be specified explicitly.
+
+@end table
+@end deftp
+
+@deftp {Data Type} nginx-location-configuration
+Data type representing the configuration of an nginx @code{location} block.
+This type has the following parameters:
+
+@table @asis
+@item @code{uri}
+URI which this location block matches.
+
+@anchor{nginx-location-configuration body}
+@item @code{body}
+Body of the location block, specified as a list of strings. This can contain
+many configuration directives. For example, to pass requests to a upstream
+server group defined using an @code{nginx-upstream-configuration} block, the
+following directive would be specified in the body @samp{(list "proxy_pass
+http://upstream-name;")}.
+
+@end table
+@end deftp
+
+@deftp {Data Type} nginx-named-location-configuration
+Data type representing the configuration of an nginx named location block.
+Named location blocks are used for request redirection, and not used for
+regular request processing. This type has the following parameters:
+
+@table @asis
+@item @code{name}
+Name to identify this location block.
+
+@item @code{body}
+@xref{nginx-location-configuration body}, as the body for named location
+blocks can be used in a similar way to the
+@code{nginx-location-configuration body}. One restriction is that the body
+of a named location block cannot contain location blocks.
+
+@end table
+@end deftp
+
+@cindex fastcgi
+@cindex fcgiwrap
+FastCGI is an interface between the front-end and the back-end of a web
+service. It is a somewhat legacy facility; new web services should
+generally just talk HTTP between the front-end and the back-end. However
+there are a number of back-end services such as PHP or the optimized HTTP
+Git repository access that use FastCGI, so we have support for it in Guix.
+
+To use FastCGI, you configure the front-end web server (e.g., nginx) to
+dispatch some subset of its requests to the fastcgi backend, which listens
+on a local TCP or UNIX socket. There is an intermediary @code{fcgiwrap}
+program that sits between the actual backend process and the web server.
+The front-end indicates which backend program to run, passing that
+information to the @code{fcgiwrap} process.
+
+@defvr {Scheme Variable} fcgiwrap-service-type
+A service type for the @code{fcgiwrap} FastCGI proxy.
+@end defvr
+
+@deftp {Data Type} fcgiwrap-configuration
+Data type representing the configuration of the @code{fcgiwrap} serice.
+This type has the following parameters:
+@table @asis
+@item @code{package} (default: @code{fcgiwrap})
+The fcgiwrap package to use.
+
+@item @code{socket} (default: @code{tcp:127.0.0.1:9000})
+The socket on which the @code{fcgiwrap} process should listen, as a string.
+Valid @var{socket} values include @code{unix:@var{/path/to/unix/socket}},
+@code{tcp:@var{dot.ted.qu.ad}:@var{port}} and
+@code{tcp6:[@var{ipv6_addr}]:port}.
+
+@item @code{user} (default: @code{fcgiwrap})
+@itemx @code{group} (default: @code{fcgiwrap})
+The user and group names, as strings, under which to run the @code{fcgiwrap}
+process. The @code{fastcgi} service will ensure that if the user asks for
+the specific user or group names @code{fcgiwrap} that the corresponding user
+and/or group is present on the system.
+
+It is possible to configure a FastCGI-backed web service to pass HTTP
+authentication information from the front-end to the back-end, and to allow
+@code{fcgiwrap} to run the back-end process as a corresponding local user.
+To enable this capability on the back-end., run @code{fcgiwrap} as the
+@code{root} user and group. Note that this capability also has to be
+configured on the front-end as well.
+@end table
+@end deftp
+
+@cindex php-fpm
+PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI
+implementation with some additional features useful for sites of any size.
+
+These features include:
+@itemize @bullet
+@item Adaptive process spawning
+@item Basic statistics (similar to Apache's mod_status)
+@item Advanced process management with graceful stop/start
+@item Ability to start workers with different uid/gid/chroot/environment
+and different php.ini (replaces safe_mode)
+@item Stdout & stderr logging
+@item Emergency restart in case of accidental opcode cache destruction
+@item Accelerated upload support
+@item Support for a "slowlog"
+@item Enhancements to FastCGI, such as fastcgi_finish_request() -
+a special function to finish request & flush all data while continuing to do
+something time-consuming (video converting, stats processing, etc.)
+@end itemize
+... and much more.
+
+@defvr {Scheme Variable} php-fpm-service-type
+A Service type for @code{php-fpm}.
+@end defvr
+
+@deftp {Data Type} php-fpm-configuration
+Data Type for php-fpm service configuration.
+@table @asis
+@item @code{php} (default: @code{php})
+The php package to use.
+@item @code{socket} (default: @code{(string-append "/var/run/php" (version-major (package-version php)) "-fpm.sock")})
+The address on which to accept FastCGI requests. Valid syntaxes are:
+@table @asis
+@item @code{"ip.add.re.ss:port"}
+Listen on a TCP socket to a specific address on a specific port.
+@item @code{"port"}
+Listen on a TCP socket to all addresses on a specific port.
+@item @code{"/path/to/unix/socket"}
+Listen on a unix socket.
+@end table
+
+@item @code{user} (default: @code{php-fpm})
+User who will own the php worker processes.
+@item @code{group} (default: @code{php-fpm})
+Group of the worker processes.
+@item @code{socket-user} (default: @code{php-fpm})
+User who can speak to the php-fpm socket.
+@item @code{socket-group} (default: @code{php-fpm})
+Group that can speak to the php-fpm socket.
+@item @code{pid-file} (default: @code{(string-append "/var/run/php" (version-major (package-version php)) "-fpm.pid")})
+The process id of the php-fpm process is written to this file once the
+service has started.
+@item @code{log-file} (default: @code{(string-append "/var/log/php" (version-major (package-version php)) "-fpm.log")})
+Log for the php-fpm master process.
+@item @code{process-manager} (default: @code{(php-fpm-dynamic-process-manager-configuration)})
+Detailed settings for the php-fpm process manager. Must be either:
+@table @asis
+@item @code{<php-fpm-dynamic-process-manager-configuration>}
+@item @code{<php-fpm-static-process-manager-configuration>}
+@item @code{<php-fpm-on-demand-process-manager-configuration>}
+@end table
+@item @code{display-errors} (default @code{#f})
+Determines whether php errors and warning should be sent to clients and
+displayed in their browsers. This is useful for local php development, but
+a security risk for public sites, as error messages can reveal passwords and
+personal data.
+@item @code{workers-logfile} (default @code{(string-append "/var/log/php" (version-major (package-version php)) "-fpm.www.log")})
+This file will log the @code{stderr} outputs of php worker processes. Can
+be set to @code{#f} to disable logging.
+@item @code{file} (default @code{#f})
+An optional override of the whole configuration. You can use the
+@code{mixed-text-file} function or an absolute filepath for it.
+@end table
+@end deftp
+
+@deftp {Data type} php-fpm-dynamic-process-manager-configuration
+Data Type for the @code{dynamic} php-fpm process manager. With the
+@code{dynamic} process manager, spare worker processes are kept around based
+on it's configured limits.
+@table @asis
+@item @code{max-children} (default: @code{5})
+Maximum of worker processes.
+@item @code{start-servers} (default: @code{2})
+How many worker processes should be started on start-up.
+@item @code{min-spare-servers} (default: @code{1})
+How many spare worker processes should be kept around at minimum.
+@item @code{max-spare-servers} (default: @code{3})
+How many spare worker processes should be kept around at maximum.
+@end table
+@end deftp
+
+@deftp {Data type} php-fpm-static-process-manager-configuration
+Data Type for the @code{static} php-fpm process manager. With the
+@code{static} process manager, an unchanging number of worker processes are
+created.
+@table @asis
+@item @code{max-children} (default: @code{5})
+Maximum of worker processes.
+@end table
+@end deftp
+
+@deftp {Data type} php-fpm-on-demand-process-manager-configuration
+Data Type for the @code{on-demand} php-fpm process manager. With the
+@code{on-demand} process manager, worker processes are only created as
+requests arrive.
+@table @asis
+@item @code{max-children} (default: @code{5})
+Maximum of worker processes.
+@item @code{process-idle-timeout} (default: @code{10})
+The time in seconds after which a process with no requests is killed.
+@end table
+@end deftp
+
+
+@deffn {Scheme Procedure} nginx-php-fpm-location @
+ [#:nginx-package nginx] @ [socket (string-append "/var/run/php" @
+(version-major (package-version php)) @ "-fpm.sock")] A helper function to
+quickly add php to an @code{nginx-server-configuration}.
+@end deffn
+
+A simple services setup for nginx with php can look like this:
+@example
+(services (cons* (dhcp-client-service)
+ (service php-fpm-service-type)
+ (service nginx-service-type
+ (nginx-server-configuration
+ (server-name '("example.com"))
+ (root "/srv/http/")
+ (locations
+ (list (nginx-php-location)))
+ (https-port #f)
+ (ssl-certificate #f)
+ (ssl-certificate-key #f)))
+ %base-services))
+@end example
+
+@cindex cat-avatar-generator
+The cat avatar generator is a simple service to demonstrate the use of
+php-fpm in @code{Nginx}. It is used to generate cat avatar from a seed, for
+instance the hash of a user's email address.
+
+@deffn {Scheme Procedure} cat-avatar-generator-serice @
+ [#:cache-dir "/var/cache/cat-avatar-generator"] @ [#:package
+cat-avatar-generator] @ [#:configuration (nginx-server-configuration)]
+Returns an nginx-server-configuration that inherits @code{configuration}.
+It extends the nginx configuration to add a server block that serves
+@code{package}, a version of cat-avatar-generator. During execution,
+cat-avatar-generator will be able to use @code{cache-dir} as its cache
+directory.
+@end deffn
+
+A simple setup for cat-avatar-generator can look like this:
+@example
+(services (cons* (cat-avatar-generator-service
+ #:configuration
+ (nginx-server-configuration
+ (server-name '("example.com"))))
+ ...
+ %base-services))
+@end example
+
+@node Certificate Services
+@subsubsection Certificate Services
+
+@cindex Web
+@cindex HTTP, HTTPS
+@cindex Let's Encrypt
+@cindex TLS certificates
+The @code{(gnu services certbot)} module provides a service to automatically
+obtain a valid TLS certificate from the Let's Encrypt certificate
+authority. These certificates can then be used to serve content securely
+over HTTPS or other TLS-based protocols, with the knowledge that the client
+will be able to verify the server's authenticity.
+
+@url{https://letsencrypt.org/, Let's Encrypt} provides the @code{certbot}
+tool to automate the certification process. This tool first securely
+generates a key on the server. It then makes a request to the Let's Encrypt
+certificate authority (CA) to sign the key. The CA checks that the request
+originates from the host in question by using a challenge-response protocol,
+requiring the server to provide its response over HTTP. If that protocol
+completes successfully, the CA signs the key, resulting in a certificate.
+That certificate is valid for a limited period of time, and therefore to
+continue to provide TLS services, the server needs to periodically ask the
+CA to renew its signature.
+
+The certbot service automates this process: the initial key generation, the
+initial certification request to the Let's Encrypt service, the web server
+challenge/response integration, writing the certificate to disk, the
+automated periodic renewals, and the deployment tasks associated with the
+renewal (e.g. reloading services, copying keys with different permissions).
+
+Certbot is run twice a day, at a random minute within the hour. It won't do
+anything until your certificates are due for renewal or revoked, but running
+it regularly would give your service a chance of staying online in case a
+Let's Encrypt-initiated revocation happened for some reason.
+
+By using this service, you agree to the ACME Subscriber Agreement, which can
+be found there: @url{https://acme-v01.api.letsencrypt.org/directory}.
+
+@defvr {Scheme Variable} certbot-service-type
+A service type for the @code{certbot} Let's Encrypt client. Its value must
+be a @code{certbot-configuration} record as in this example:
+
+@example
+(define %nginx-deploy-hook
+ (program-file
+ "nginx-deploy-hook"
+ #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read)))
+ (kill pid SIGHUP))))
+
+(service certbot-service-type
+ (certbot-configuration
+ (email "foo@@example.net")
+ (certificates
+ (list
+ (certificate-configuration
+ (domains '("example.net" "www.example.net"))
+ (deploy-hook %nginx-deploy-hook))
+ (certificate-configuration
+ (domains '("bar.example.net")))))))
+@end example
+
+See below for details about @code{certbot-configuration}.
+@end defvr
+
+@deftp {Data Type} certbot-configuration
+Data type representing the configuration of the @code{certbot} service.
+This type has the following parameters:
+
+@table @asis
+@item @code{package} (default: @code{certbot})
+The certbot package to use.
+
+@item @code{webroot} (default: @code{/var/www})
+The directory from which to serve the Let's Encrypt challenge/response
+files.
+
+@item @code{certificates} (default: @code{()})
+A list of @code{certificates-configuration}s for which to generate
+certificates and request signatures. Each certificate has a @code{name} and
+several @code{domains}.
+
+@item @code{email}
+Mandatory email used for registration, recovery contact, and important
+account notifications.
+
+@item @code{rsa-key-size} (default: @code{2048})
+Size of the RSA key.
+
+@item @code{default-location} (default: @i{see below})
+The default @code{nginx-location-configuration}. Because @code{certbot}
+needs to be able to serve challenges and responses, it needs to be able to
+run a web server. It does so by extending the @code{nginx} web service with
+an @code{nginx-server-configuration} listening on the @var{domains} on port
+80, and which has a @code{nginx-location-configuration} for the
+@code{/.well-known/} URI path subspace used by Let's Encrypt. @xref{Web
+Services}, for more on these nginx configuration data types.
+
+Requests to other URL paths will be matched by the @code{default-location},
+which if present is added to all @code{nginx-server-configuration}s.
+
+By default, the @code{default-location} will issue a redirect from
+@code{http://@var{domain}/...} to @code{https://@var{domain}/...}, leaving
+you to define what to serve on your site via @code{https}.
+
+Pass @code{#f} to not issue a default location.
+@end table
+@end deftp
+
+@deftp {Data Type} certificate-configuration
+Data type representing the configuration of a certificate. This type has
+the following parameters:
+
+@table @asis
+@item @code{name} (default: @i{see below})
+This name is used by Certbot for housekeeping and in file paths; it doesn't
+affect the content of the certificate itself. To see certificate names, run
+@code{certbot certificates}.
+
+Its default is the first provided domain.
+
+@item @code{domains} (default: @code{()})
+The first domain provided will be the subject CN of the certificate, and all
+domains will be Subject Alternative Names on the certificate.
+
+@item @code{deploy-hook} (default: @code{#f})
+Command to be run in a shell once for each successfully issued certificate.
+For this command, the shell variable @code{$RENEWED_LINEAGE} will point to
+the config live subdirectory (for example,
+@samp{"/etc/letsencrypt/live/example.com"}) containing the new certificates
+and keys; the shell variable @code{$RENEWED_DOMAINS} will contain a
+space-delimited list of renewed certificate domains (for example,
+@samp{"example.com www.example.com"}.
+
+@end table
+@end deftp
+
+For each @code{certificate-configuration}, the certificate is saved to
+@code{/etc/letsencrypt/live/@var{name}/fullchain.pem} and the key is saved
+to @code{/etc/letsencrypt/live/@var{name}/privkey.pem}.
+@node DNS Services
+@subsubsection DNS Services
+@cindex DNS (domain name system)
+@cindex domain name system (DNS)
+
+The @code{(gnu services dns)} module provides services related to the
+@dfn{domain name system} (DNS). It provides a server service for hosting an
+@emph{authoritative} DNS server for multiple zones, slave or master. This
+service uses @uref{https://www.knot-dns.cz/, Knot DNS}.
+
+An example configuration of an authoritative server for two zones, one
+master and one slave, is:
+
+@lisp
+(define-zone-entries example.org.zone
+;; Name TTL Class Type Data
+ ("@@" "" "IN" "A" "127.0.0.1")
+ ("@@" "" "IN" "NS" "ns")
+ ("ns" "" "IN" "A" "127.0.0.1"))
+
+(define master-zone
+ (knot-zone-configuration
+ (domain "example.org")
+ (zone (zone-file
+ (origin "example.org")
+ (entries example.org.zone)))))
+
+(define slave-zone
+ (knot-zone-configuration
+ (domain "plop.org")
+ (dnssec-policy "default")
+ (master (list "plop-master"))))
+
+(define plop-master
+ (knot-remote-configuration
+ (id "plop-master")
+ (address (list "208.76.58.171"))))
+
+(operating-system
+ ;; ...
+ (services (cons* (service knot-service-type
+ (knot-configuration
+ (remotes (list plop-master))
+ (zones (list master-zone slave-zone))))
+ ;; ...
+ %base-services)))
+@end lisp
+
+@deffn {Scheme Variable} knot-service-type
+This is the type for the Knot DNS server.
+
+Knot DNS is an authoritative DNS server, meaning that it can serve multiple
+zones, that is to say domain names you would buy from a registrar. This
+server is not a resolver, meaning that it can only resolve names for which
+it is authoritative. This server can be configured to serve zones as a
+master server or a slave server as a per-zone basis. Slave zones will get
+their data from masters, and will serve it as an authoritative server. From
+the point of view of a resolver, there is no difference between master and
+slave.
+
+The following data types are used to configure the Knot DNS server:
+@end deffn
+
+@deftp {Data Type} knot-key-configuration
+Data type representing a key. This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+An identifier for other configuration fields to refer to this key. IDs must
+be unique and must not be empty.
+
+@item @code{algorithm} (default: @code{#f})
+The algorithm to use. Choose between @code{#f}, @code{'hmac-md5},
+@code{'hmac-sha1}, @code{'hmac-sha224}, @code{'hmac-sha256},
+@code{'hmac-sha384} and @code{'hmac-sha512}.
+
+@item @code{secret} (default: @code{""})
+The secret key itself.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-acl-configuration
+Data type representing an Access Control List (ACL) configuration. This
+type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+An identifier for ether configuration fields to refer to this key. IDs must
+be unique and must not be empty.
+
+@item @code{address} (default: @code{'()})
+An ordered list of IP addresses, network subnets, or network ranges
+represented with strings. The query must match one of them. Empty value
+means that address match is not required.
+
+@item @code{key} (default: @code{'()})
+An ordered list of references to keys represented with strings. The string
+must match a key ID defined in a @code{knot-key-configuration}. No key
+means that a key is not require to match that ACL.
+
+@item @code{action} (default: @code{'()})
+An ordered list of actions that are permitted or forbidden by this ACL.
+Possible values are lists of zero or more elements from @code{'transfer},
+@code{'notify} and @code{'update}.
+
+@item @code{deny?} (default: @code{#f})
+When true, the ACL defines restrictions. Listed actions are forbidden.
+When false, listed actions are allowed.
+
+@end table
+@end deftp
+
+@deftp {Data Type} zone-entry
+Data type represnting a record entry in a zone file. This type has the
+following parameters:
+
+@table @asis
+@item @code{name} (default: @code{"@@"})
+The name of the record. @code{"@@"} refers to the origin of the zone.
+Names are relative to the origin of the zone. For example, in the
+@code{example.org} zone, @code{"ns.example.org"} actually refers to
+@code{ns.example.org.example.org}. Names ending with a dot are absolute,
+which means that @code{"ns.example.org."} refers to @code{ns.example.org}.
+
+@item @code{ttl} (default: @code{""})
+The Time-To-Live (TTL) of this record. If not set, the default TTL is used.
+
+@item @code{class} (default: @code{"IN"})
+The class of the record. Knot currently supports only @code{"IN"} and
+partially @code{"CH"}.
+
+@item @code{type} (default: @code{"A"})
+The type of the record. Common types include A (IPv4 address), AAAA (IPv6
+address), NS (Name Server) and MX (Mail eXchange). Many other types are
+defined.
+
+@item @code{data} (default: @code{""})
+The data contained in the record. For instance an IP address associated
+with an A record, or a domain name associated with an NS record. Remember
+that domain names are relative to the origin unless they end with a dot.
+
+@end table
+@end deftp
+
+@deftp {Data Type} zone-file
+Data type representing the content of a zone file. This type has the
+following parameters:
+
+@table @asis
+@item @code{entries} (default: @code{'()})
+The list of entries. The SOA record is taken care of, so you don't need to
+put it in the list of entries. This list should probably contain an entry
+for your primary authoritative DNS server. Other than using a list of
+entries directly, you can use @code{define-zone-entries} to define a object
+containing the list of entries more easily, that you can later pass to the
+@code{entries} field of the @code{zone-file}.
+
+@item @code{origin} (default: @code{""})
+The name of your zone. This parameter cannot be empty.
+
+@item @code{ns} (default: @code{"ns"})
+The domain of your primary authoritative DNS server. The name is relative
+to the origin, unless it ends with a dot. It is mandatory that this primary
+DNS server corresponds to an NS record in the zone and that it is associated
+to an IP address in the list of entries.
+
+@item @code{mail} (default: @code{"hostmaster"})
+An email address people can contact you at, as the owner of the zone. This
+is translated as @code{<mail>@@<origin>}.
+
+@item @code{serial} (default: @code{1})
+The serial number of the zone. As this is used to keep track of changes by
+both slaves and resolvers, it is mandatory that it @emph{never} decreases.
+Always increment it when you make a change in your zone.
+
+@item @code{refresh} (default: @code{(* 2 24 3600)})
+The frequency at which slaves will do a zone transfer. This value is a
+number of seconds. It can be computed by multiplications or with
+@code{(string->duration)}.
+
+@item @code{retry} (default: @code{(* 15 60)})
+The period after which a slave will retry to contact its master when it
+fails to do so a first time.
+
+@item @code{expiry} (default: @code{(* 14 24 3600)})
+Default TTL of records. Existing records are considered correct for at most
+this amount of time. After this period, resolvers will invalidate their
+cache and check again that it still exists.
+
+@item @code{nx} (default: @code{3600})
+Default TTL of inexistant records. This delay is usually short because you
+want your new domains to reach everyone quickly.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-remote-configuration
+Data type representing a remote configuration. This type has the following
+parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+An identifier for other configuration fields to refer to this remote. IDs
+must be unique and must not be empty.
+
+@item @code{address} (default: @code{'()})
+An ordered list of destination IP addresses. Addresses are tried in
+sequence. An optional port can be given with the @@ separator. For
+instance: @code{(list "1.2.3.4" "2.3.4.5@@53")}. Default port is 53.
+
+@item @code{via} (default: @code{'()})
+An ordered list of source IP addresses. An empty list will have Knot choose
+an appropriate source IP. An optional port can be given with the @@
+separator. The default is to choose at random.
+
+@item @code{key} (default: @code{#f})
+A reference to a key, that is a string containing the identifier of a key
+defined in a @code{knot-key-configuration} field.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-keystore-configuration
+Data type representing a keystore to hold dnssec keys. This type has the
+following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+The id of the keystore. It must not be empty.
+
+@item @code{backend} (default: @code{'pem})
+The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}.
+
+@item @code{config} (default: @code{"/var/lib/knot/keys/keys"})
+The configuration string of the backend. An example for the PKCS#11 is:
+@code{"pkcs11:token=knot;pin-value=1234
+/gnu/store/.../lib/pkcs11/libsofthsm2.so"}. For the pem backend, the string
+reprensents a path in the file system.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-policy-configuration
+Data type representing a dnssec policy. Knot DNS is able to automatically
+sign your zones. It can either generate and manage your keys automatically
+or use keys that you generate.
+
+Dnssec is usually implemented using two keys: a Key Signing Key (KSK) that
+is used to sign the second, and a Zone Signing Key (ZSK) that is used to
+sign the zone. In order to be trusted, the KSK needs to be present in the
+parent zone (usually a top-level domain). If your registrar supports
+dnssec, you will have to send them your KSK's hash so they can add a DS
+record in their zone. This is not automated and need to be done each time
+you change your KSK.
+
+The policy also defines the lifetime of keys. Usually, ZSK can be changed
+easily and use weaker cryptographic functions (they use lower parameters) in
+order to sign records quickly, so they are changed often. The KSK however
+requires manual interaction with the registrar, so they are changed less
+often and use stronger parameters because they sign only one record.
+
+This type has the following parameters:
+
+@table @asis
+@item @code{id} (default: @code{""})
+The id of the policy. It must not be empty.
+
+@item @code{keystore} (default: @code{"default"})
+A reference to a keystore, that is a string containing the identifier of a
+keystore defined in a @code{knot-keystore-configuration} field. The
+@code{"default"} identifier means the default keystore (a kasp database that
+was setup by this service).
+
+@item @code{manual?} (default: @code{#f})
+Whether the key management is manual or automatic.
+
+@item @code{single-type-signing?} (default: @code{#f})
+When @code{#t}, use the Single-Type Signing Scheme.
+
+@item @code{algorithm} (default: @code{"ecdsap256sha256"})
+An algorithm of signing keys and issued signatures.
+
+@item @code{ksk-size} (default: @code{256})
+The length of the KSK. Note that this value is correct for the default
+algorithm, but would be unsecure for other algorithms.
+
+@item @code{zsk-size} (default: @code{256})
+The length of the ZSK. Note that this value is correct for the default
+algorithm, but would be unsecure for other algorithms.
+
+@item @code{dnskey-ttl} (default: @code{'default})
+The TTL value for DNSKEY records added into zone apex. The special
+@code{'default} value means same as the zone SOA TTL.
+
+@item @code{zsk-lifetime} (default: @code{(* 30 24 3600)})
+The period between ZSK publication and the next rollover initiation.
+
+@item @code{propagation-delay} (default: @code{(* 24 3600)})
+An extra delay added for each key rollover step. This value should be high
+enough to cover propagation of data from the master server to all slaves.
+
+@item @code{rrsig-lifetime} (default: @code{(* 14 24 3600)})
+A validity period of newly issued signatures.
+
+@item @code{rrsig-refresh} (default: @code{(* 7 24 3600)})
+A period how long before a signature expiration the signature will be
+refreshed.
+
+@item @code{nsec3?} (default: @code{#f})
+When @code{#t}, NSEC3 will be used instead of NSEC.
+
+@item @code{nsec3-iterations} (default: @code{5})
+The number of additional times the hashing is performed.
+
+@item @code{nsec3-salt-length} (default: @code{8})
+The length of a salt field in octets, which is appended to the original
+owner name before hashing.
+
+@item @code{nsec3-salt-lifetime} (default: @code{(* 30 24 3600)})
+The validity period of newly issued salt field.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-zone-configuration
+Data type representing a zone served by Knot. This type has the following
+parameters:
+
+@table @asis
+@item @code{domain} (default: @code{""})
+The domain served by this configuration. It must not be empty.
+
+@item @code{file} (default: @code{""})
+The file where this zone is saved. This parameter is ignored by master
+zones. Empty means default location that depends on the domain name.
+
+@item @code{zone} (default: @code{(zone-file)})
+The content of the zone file. This parameter is ignored by slave zones. It
+must contain a zone-file record.
+
+@item @code{master} (default: @code{'()})
+A list of master remotes. When empty, this zone is a master. When set,
+this zone is a slave. This is a list of remotes identifiers.
+
+@item @code{ddns-master} (default: @code{#f})
+The main master. When empty, it defaults to the first master in the list of
+masters.
+
+@item @code{notify} (default: @code{'()})
+A list of slave remote identifiers.
+
+@item @code{acl} (default: @code{'()})
+A list of acl identifiers.
+
+@item @code{semantic-checks?} (default: @code{#f})
+When set, this adds more semantic checks to the zone.
+
+@item @code{disable-any?} (default: @code{#f})
+When set, this forbids queries of the ANY type.
+
+@item @code{zonefile-sync} (default: @code{0})
+The delay between a modification in memory and on disk. 0 means immediate
+synchronization.
+
+@item @code{serial-policy} (default: @code{'increment})
+A policy between @code{'increment} and @code{'unixtime}.
+
+@end table
+@end deftp
+
+@deftp {Data Type} knot-configuration
+Data type representing the Knot configuration. This type has the following
+parameters:
+
+@table @asis
+@item @code{knot} (default: @code{knot})
+The Knot package.
+
+@item @code{run-directory} (default: @code{"/var/run/knot"})
+The run directory. This directory will be used for pid file and sockets.
+
+@item @code{listen-v4} (default: @code{"0.0.0.0"})
+An ip address on which to listen.
+
+@item @code{listen-v6} (default: @code{"::"})
+An ip address on which to listen.
+
+@item @code{listen-port} (default: @code{53})
+A port on which to listen.
+
+@item @code{keys} (default: @code{'()})
+The list of knot-key-configuration used by this configuration.
+
+@item @code{acls} (default: @code{'()})
+The list of knot-acl-configuration used by this configuration.
+
+@item @code{remotes} (default: @code{'()})
+The list of knot-remote-configuration used by this configuration.
+
+@item @code{zones} (default: @code{'()})
+The list of knot-zone-configuration used by this configuration.
+
+@end table
+@end deftp
+
+
+@node VPN Services
+@subsubsection VPN Services
+@cindex VPN (virtual private network)
+@cindex virtual private network (VPN)
+
+The @code{(gnu services vpn)} module provides services related to
+@dfn{virtual private networks} (VPNs). It provides a @emph{client} service
+for your machine to connect to a VPN, and a @emph{servire} service for your
+machine to host a VPN. Both services use @uref{https://openvpn.net/,
+OpenVPN}.
+
+@deffn {Scheme Procedure} openvpn-client-service @
+ [#:config (openvpn-client-configuration)]
+
+Return a service that runs @command{openvpn}, a VPN daemon, as a client.
+@end deffn
+
+@deffn {Scheme Procedure} openvpn-server-service @
+ [#:config (openvpn-server-configuration)]
+
+Return a service that runs @command{openvpn}, a VPN daemon, as a server.
+
+Both can be run simultaneously.
+@end deffn
+
+@c %automatically generated documentation
+
+Available @code{openvpn-client-configuration} fields are:
+
+@deftypevr {@code{openvpn-client-configuration} parameter} package openvpn
+The OpenVPN package.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} string pid-file
+The OpenVPN pid file.
+
+Defaults to @samp{"/var/run/openvpn/openvpn.pid"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} proto proto
+The protocol (UDP or TCP) used to open a channel between clients and
+servers.
+
+Defaults to @samp{udp}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} dev dev
+The device type used to represent the VPN connection.
+
+Defaults to @samp{tun}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} string ca
+The certificate authority to check connections against.
+
+Defaults to @samp{"/etc/openvpn/ca.crt"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} string cert
+The certificate of the machine the daemon is running on. It should be
+signed by the authority given in @code{ca}.
+
+Defaults to @samp{"/etc/openvpn/client.crt"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} string key
+The key of the machine the daemon is running on. It must be the key whose
+certificate is @code{cert}.
+
+Defaults to @samp{"/etc/openvpn/client.key"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean comp-lzo?
+Whether to use the lzo compression algorithm.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean persist-key?
+Don't re-read key files across SIGUSR1 or --ping-restart.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} boolean persist-tun?
+Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1
+or --ping-restart restarts.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} number verbosity
+Verbosity level.
+
+Defaults to @samp{3}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} tls-auth-client tls-auth
+Add an additional layer of HMAC authentication on top of the TLS control
+channel to protect against DoS attacks.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} key-usage verify-key-usage?
+Whether to check the server certificate has server usage extension.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} bind bind?
+Bind to a specific local port number.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} resolv-retry resolv-retry?
+Retry resolving server address.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-client-configuration} parameter} openvpn-remote-list remote
+A list of remote servers to connect to.
+
+Defaults to @samp{()}.
+
+Available @code{openvpn-remote-configuration} fields are:
+
+@deftypevr {@code{openvpn-remote-configuration} parameter} string name
+Server name.
+
+Defaults to @samp{"my-server"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-remote-configuration} parameter} number port
+Port number the server listens to.
+
+Defaults to @samp{1194}.
+
+@end deftypevr
+
+@end deftypevr
+@c %end of automatic openvpn-client documentation
+
+@c %automatically generated documentation
+
+Available @code{openvpn-server-configuration} fields are:
+
+@deftypevr {@code{openvpn-server-configuration} parameter} package openvpn
+The OpenVPN package.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string pid-file
+The OpenVPN pid file.
+
+Defaults to @samp{"/var/run/openvpn/openvpn.pid"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} proto proto
+The protocol (UDP or TCP) used to open a channel between clients and
+servers.
+
+Defaults to @samp{udp}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} dev dev
+The device type used to represent the VPN connection.
+
+Defaults to @samp{tun}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string ca
+The certificate authority to check connections against.
+
+Defaults to @samp{"/etc/openvpn/ca.crt"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string cert
+The certificate of the machine the daemon is running on. It should be
+signed by the authority given in @code{ca}.
+
+Defaults to @samp{"/etc/openvpn/client.crt"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string key
+The key of the machine the daemon is running on. It must be the key whose
+certificate is @code{cert}.
+
+Defaults to @samp{"/etc/openvpn/client.key"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean comp-lzo?
+Whether to use the lzo compression algorithm.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean persist-key?
+Don't re-read key files across SIGUSR1 or --ping-restart.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean persist-tun?
+Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1
+or --ping-restart restarts.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} number verbosity
+Verbosity level.
+
+Defaults to @samp{3}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} tls-auth-server tls-auth
+Add an additional layer of HMAC authentication on top of the TLS control
+channel to protect against DoS attacks.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} number port
+Specifies the port number on which the server listens.
+
+Defaults to @samp{1194}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} ip-mask server
+An ip and mask specifying the subnet inside the virtual network.
+
+Defaults to @samp{"10.8.0.0 255.255.255.0"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} cidr6 server-ipv6
+A CIDR notation specifying the IPv6 subnet inside the virtual network.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string dh
+The Diffie-Hellman parameters file.
+
+Defaults to @samp{"/etc/openvpn/dh2048.pem"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string ifconfig-pool-persist
+The file that records client IPs.
+
+Defaults to @samp{"/etc/openvpn/ipp.txt"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} gateway redirect-gateway?
+When true, the server will act as a gateway for its clients.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} boolean client-to-client?
+When true, clients are allowed to talk to each other inside the VPN.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} keepalive keepalive
+Causes ping-like messages to be sent back and forth over the link so that
+each side knows when the other side has gone down. @code{keepalive}
+requires a pair. The first element is the period of the ping sending, and
+the second element is the timeout before considering the other side down.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} number max-clients
+The maximum number of clients.
+
+Defaults to @samp{100}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} string status
+The status file. This file shows a small report on current connection. It
+is truncated and rewritten every minute.
+
+Defaults to @samp{"/var/run/openvpn/status"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-server-configuration} parameter} openvpn-ccd-list client-config-dir
+The list of configuration for some clients.
+
+Defaults to @samp{()}.
+
+Available @code{openvpn-ccd-configuration} fields are:
+
+@deftypevr {@code{openvpn-ccd-configuration} parameter} string name
+Client name.
+
+Defaults to @samp{"client"}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-ccd-configuration} parameter} ip-mask iroute
+Client own network
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{openvpn-ccd-configuration} parameter} ip-mask ifconfig-push
+Client VPN IP.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@end deftypevr
+
+
+@c %end of automatic openvpn-server documentation
+
+
+@node Network File System
+@subsubsection Network File System
+@cindex NFS
+
+The @code{(gnu services nfs)} module provides the following services, which
+are most commonly used in relation to mounting or exporting directory trees
+as @dfn{network file systems} (NFS).
+
+@subsubheading RPC Bind Service
+@cindex rpcbind
+
+The RPC Bind service provides a facility to map program numbers into
+universal addresses. Many NFS related services use this facility. Hence it
+is automatically started when a dependent service starts.
+
+@defvr {Scheme Variable} rpcbind-service-type
+A service type for the RPC portmapper daemon.
+@end defvr
+
+
+@deftp {Data Type} rpcbind-configuration
+Data type representing the configuration of the RPC Bind Service. This type
+has the following parameters:
+@table @asis
+@item @code{rpcbind} (default: @code{rpcbind})
+The rpcbind package to use.
+
+@item @code{warm-start?} (default: @code{#t})
+If this parameter is @code{#t}, then the daemon will read a state file on
+startup thus reloading state information saved by a previous instance.
+@end table
+@end deftp
+
+
+@subsubheading Pipefs Pseudo File System
+@cindex pipefs
+@cindex rpc_pipefs
+
+The pipefs file system is used to transfer NFS related data between the
+kernel and user space programs.
+
+@defvr {Scheme Variable} pipefs-service-type
+A service type for the pipefs pseudo file system.
+@end defvr
+
+@deftp {Data Type} pipefs-configuration
+Data type representing the configuration of the pipefs pseudo file system
+service. This type has the following parameters:
+@table @asis
+@item @code{mount-point} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory to which the file system is to be attached.
+@end table
+@end deftp
+
+
+@subsubheading GSS Daemon Service
+@cindex GSSD
+@cindex GSS
+@cindex global security system
+
+The @dfn{global security system} (GSS) daemon provides strong security for
+RPC based protocols. Before exchanging RPC requests an RPC client must
+establish a security context. Typically this is done using the Kerberos
+command @command{kinit} or automatically at login time using PAM services
+(@pxref{Kerberos Services}).
+
+@defvr {Scheme Variable} gss-service-type
+A service type for the Global Security System (GSS) daemon.
+@end defvr
+
+@deftp {Data Type} gss-configuration
+Data type representing the configuration of the GSS daemon service. This
+type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.gssd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@end table
+@end deftp
+
+
+@subsubheading IDMAP Daemon Service
+@cindex idmapd
+@cindex name mapper
+
+The idmap daemon service provides mapping between user IDs and user names.
+Typically it is required in order to access file systems mounted via NFSv4.
+
+@defvr {Scheme Variable} idmap-service-type
+A service type for the Identity Mapper (IDMAP) daemon.
+@end defvr
+
+@deftp {Data Type} idmap-configuration
+Data type representing the configuration of the IDMAP daemon service. This
+type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.idmapd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@item @code{domain} (default: @code{#f})
+The local NFSv4 domain name. This must be a string or @code{#f}. If it is
+@code{#f} then the daemon will use the host's fully qualified domain name.
+
+@end table
+@end deftp
+
+@node Continuous Integration
+@subsubsection Continuous Integration
+
+@cindex continuous integration
+@uref{https://notabug.org/mthl/cuirass, Cuirass} est un outil d'intégration
+continue pour Guix. On peut l'utiliser aussi bien pour le développement que
+pour fournir des substituts à d'autres (@pxref{Substituts}).
+
+The @code{(gnu services cuirass)} module provides the following service.
+
+@defvr {Scheme Procedure} cuirass-service-type
+The type of the Cuirass service. Its value must be a
+@code{cuirass-configuration} object, as described below.
+@end defvr
+
+To add build jobs, you have to set the @code{specifications} field of the
+configuration. Here is an example of a service defining a build job based
+on a specification that can be found in Cuirass source tree. This service
+polls the Guix repository and builds a subset of the Guix packages, as
+prescribed in the @file{gnu-system.scm} example spec:
+
+@example
+(let ((spec #~((#:name . "guix")
+ (#:url . "git://git.savannah.gnu.org/guix.git")
+ (#:load-path . ".")
+ (#:file . "build-aux/cuirass/gnu-system.scm")
+ (#:proc . cuirass-jobs)
+ (#:arguments (subset . "hello"))
+ (#:branch . "master"))))
+ (service cuirass-service-type
+ (cuirass-configuration
+ (specifications #~(list '#$spec)))))
+@end example
+
+While information related to build jobs is located directly in the
+specifications, global settings for the @command{cuirass} process are
+accessible in other @code{cuirass-configuration} fields.
+
+@deftp {Data Type} cuirass-configuration
+Data type representing the configuration of Cuirass.
+
+@table @asis
+@item @code{log-file} (default: @code{"/var/log/cuirass.log"})
+Location of the log file.
+
+@item @code{cache-directory} (default: @code{"/var/cache/cuirass"})
+Location of the repository cache.
+
+@item @code{user} (default: @code{"cuirass"})
+Owner of the @code{cuirass} process.
+
+@item @code{group} (default: @code{"cuirass"})
+Owner's group of the @code{cuirass} process.
+
+@item @code{interval} (default: @code{60})
+Number of seconds between the poll of the repositories followed by the
+Cuirass jobs.
+
+@item @code{database} (default: @code{"/var/run/cuirass/cuirass.db"})
+Location of sqlite database which contains the build results and previously
+added specifications.
+
+@item @code{port} (default: @code{8081})
+Port number used by the HTTP server.
+
+@item --listen=@var{host}
+Listen on the network interface for @var{host}. The default is to accept
+connections from localhost.
+
+@item @code{specifications} (default: @code{#~'()})
+A gexp (@pxref{G-Expressions}) that evaluates to a list of specifications,
+where a specification is an association list (@pxref{Associations Lists,,,
+guile, GNU Guile Reference Manual}) whose keys are keywords
+(@code{#:keyword-example}) as shown in the example above.
+
+@item @code{use-substitutes?} (default: @code{#f})
+This allows using substitutes to avoid building every dependencies of a job
+from source.
+
+@item @code{one-shot?} (default: @code{#f})
+Only evaluate specifications and build derivations once.
+
+@item @code{fallback?} (default: @code{#f})
+When substituting a pre-built binary fails, fall back to building packages
+locally.
+
+@item @code{load-path} (default: @code{'()})
+This allows users to define their own packages and make them visible to
+cuirass as in @command{guix build} command.
+
+@item @code{cuirass} (default: @code{cuirass})
+The Cuirass package to use.
+@end table
+@end deftp
+
+@node Power management Services
+@subsubsection Power management Services
+
+@cindex power management with TLP
+The @code{(gnu services pm)} module provides a Guix service definition for
+the Linux power management tool TLP.
+
+TLP enables various powersaving modes in userspace and kernel. Contrary to
+@code{upower-service}, it is not a passive, monitoring tool, as it will
+apply custom settings each time a new power source is detected. More
+information can be found at @uref{http://linrunner.de/en/tlp/tlp.html, TLP
+home page}.
+
+@deffn {Scheme Variable} tlp-service-type
+The service type for the TLP tool. Its value should be a valid TLP
+configuration (see below). To use the default settings, simply write:
+@example
+(service tlp-service-type)
+@end example
+@end deffn
+
+By default TLP does not need much configuration but most TLP parameters can
+be tweaked using @code{tlp-configuration}.
+
+Each parameter definition is preceded by its type; for example,
+@samp{boolean foo} indicates that the @code{foo} parameter should be
+specified as a boolean. Types starting with @code{maybe-} denote parameters
+that won't show up in TLP config file when their value is @code{'disabled}.
+
+@c The following documentation was initially generated by
+@c (generate-tlp-documentation) in (gnu services pm). Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed. However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as TLP updates.
+
+Available @code{tlp-configuration} fields are:
+
+@deftypevr {@code{tlp-configuration} parameter} package tlp
+The TLP package.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean tlp-enable?
+Set to true if you wish to enable TLP.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string tlp-default-mode
+Default mode when no power supply can be detected. Alternatives are AC and
+BAT.
+
+Defaults to @samp{"AC"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer disk-idle-secs-on-ac
+Number of seconds Linux kernel has to wait after the disk goes idle, before
+syncing on AC.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer disk-idle-secs-on-bat
+Same as @code{disk-idle-ac} but on BAT mode.
+
+Defaults to @samp{2}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer max-lost-work-secs-on-ac
+Dirty pages flushing periodicity, expressed in seconds.
+
+Defaults to @samp{15}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer max-lost-work-secs-on-bat
+Same as @code{max-lost-work-secs-on-ac} but on BAT mode.
+
+Defaults to @samp{60}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list cpu-scaling-governor-on-ac
+CPU frequency scaling governor on AC mode. With intel_pstate driver,
+alternatives are powersave and performance. With acpi-cpufreq driver,
+alternatives are ondemand, powersave, performance and conservative.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list cpu-scaling-governor-on-bat
+Same as @code{cpu-scaling-governor-on-ac} but on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-min-freq-on-ac
+Set the min available frequency for the scaling governor on AC.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-max-freq-on-ac
+Set the max available frequency for the scaling governor on AC.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-min-freq-on-bat
+Set the min available frequency for the scaling governor on BAT.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-max-freq-on-bat
+Set the max available frequency for the scaling governor on BAT.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-min-perf-on-ac
+Limit the min P-state to control the power dissipation of the CPU, in AC
+mode. Values are stated as a percentage of the available performance.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-max-perf-on-ac
+Limit the max P-state to control the power dissipation of the CPU, in AC
+mode. Values are stated as a percentage of the available performance.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-min-perf-on-bat
+Same as @code{cpu-min-perf-on-ac} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-max-perf-on-bat
+Same as @code{cpu-max-perf-on-ac} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-boolean cpu-boost-on-ac?
+Enable CPU turbo boost feature on AC mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-boolean cpu-boost-on-bat?
+Same as @code{cpu-boost-on-ac?} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean sched-powersave-on-ac?
+Allow Linux kernel to minimize the number of CPU cores/hyper-threads used
+under light load conditions.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean sched-powersave-on-bat?
+Same as @code{sched-powersave-on-ac?} but on BAT mode.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean nmi-watchdog?
+Enable Linux kernel NMI watchdog.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string phc-controls
+For Linux kernels with PHC patch applied, change CPU voltages. An example
+value would be @samp{"F:V F:V F:V F:V"}.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string energy-perf-policy-on-ac
+Set CPU performance versus energy saving policy on AC. Alternatives are
+performance, normal, powersave.
+
+Defaults to @samp{"performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string energy-perf-policy-on-bat
+Same as @code{energy-perf-policy-ac} but on BAT mode.
+
+Defaults to @samp{"powersave"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list disks-devices
+Hard disk devices.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list disk-apm-level-on-ac
+Hard disk advanced power management level.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list disk-apm-level-on-bat
+Same as @code{disk-apm-bat} but on BAT mode.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-spindown-timeout-on-ac
+Hard disk spin down timeout. One value has to be specified for each
+declared hard disk.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-spindown-timeout-on-bat
+Same as @code{disk-spindown-timeout-on-ac} but on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-iosched
+Select IO scheduler for disk devices. One value has to be specified for
+each declared hard disk. Example alternatives are cfq, deadline and noop.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string sata-linkpwr-on-ac
+SATA aggressive link power management (ALPM) level. Alternatives are
+min_power, medium_power, max_performance.
+
+Defaults to @samp{"max_performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string sata-linkpwr-on-bat
+Same as @code{sata-linkpwr-ac} but on BAT mode.
+
+Defaults to @samp{"min_power"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string sata-linkpwr-blacklist
+Exclude specified SATA host devices for link power management.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-on-off-boolean ahci-runtime-pm-on-ac?
+Enable Runtime Power Management for AHCI controller and disks on AC mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-on-off-boolean ahci-runtime-pm-on-bat?
+Same as @code{ahci-runtime-pm-on-ac} on BAT mode.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer ahci-runtime-pm-timeout
+Seconds of inactivity before disk is suspended.
+
+Defaults to @samp{15}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string pcie-aspm-on-ac
+PCI Express Active State Power Management level. Alternatives are default,
+performance, powersave.
+
+Defaults to @samp{"performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string pcie-aspm-on-bat
+Same as @code{pcie-aspm-ac} but on BAT mode.
+
+Defaults to @samp{"powersave"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-power-profile-on-ac
+Radeon graphics clock speed level. Alternatives are low, mid, high, auto,
+default.
+
+Defaults to @samp{"high"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-power-profile-on-bat
+Same as @code{radeon-power-ac} but on BAT mode.
+
+Defaults to @samp{"low"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-state-on-ac
+Radeon dynamic power management method (DPM). Alternatives are battery,
+performance.
+
+Defaults to @samp{"performance"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-state-on-bat
+Same as @code{radeon-dpm-state-ac} but on BAT mode.
+
+Defaults to @samp{"battery"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-perf-level-on-ac
+Radeon DPM performance level. Alternatives are auto, low, high.
+
+Defaults to @samp{"auto"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string radeon-dpm-perf-level-on-bat
+Same as @code{radeon-dpm-perf-ac} but on BAT mode.
+
+Defaults to @samp{"auto"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} on-off-boolean wifi-pwr-on-ac?
+Wifi power saving mode.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} on-off-boolean wifi-pwr-on-bat?
+Same as @code{wifi-power-ac?} but on BAT mode.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} y-n-boolean wol-disable?
+Disable wake on LAN.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer sound-power-save-on-ac
+Timeout duration in seconds before activating audio power saving on Intel
+HDA and AC97 devices. A value of 0 disables power saving.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} non-negative-integer sound-power-save-on-bat
+Same as @code{sound-powersave-ac} but on BAT mode.
+
+Defaults to @samp{1}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} y-n-boolean sound-power-save-controller?
+Disable controller in powersaving mode on Intel HDA devices.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean bay-poweroff-on-bat?
+Enable optical drive in UltraBay/MediaBay on BAT mode. Drive can be powered
+on again by releasing (and reinserting) the eject lever or by pressing the
+disc eject button on newer models.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string bay-device
+Name of the optical drive device to power off.
+
+Defaults to @samp{"sr0"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string runtime-pm-on-ac
+Runtime Power Management for PCI(e) bus devices. Alternatives are on and
+auto.
+
+Defaults to @samp{"on"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} string runtime-pm-on-bat
+Same as @code{runtime-pm-ac} but on BAT mode.
+
+Defaults to @samp{"auto"}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean runtime-pm-all?
+Runtime Power Management for all PCI(e) bus devices, except blacklisted
+ones.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-space-separated-string-list runtime-pm-blacklist
+Exclude specified PCI(e) device addresses from Runtime Power Management.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} space-separated-string-list runtime-pm-driver-blacklist
+Exclude PCI(e) devices assigned to the specified drivers from Runtime Power
+Management.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean usb-autosuspend?
+Enable USB autosuspend feature.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string usb-blacklist
+Exclude specified devices from USB autosuspend.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean usb-blacklist-wwan?
+Exclude WWAN devices from USB autosuspend.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-string usb-whitelist
+Include specified devices into USB autosuspend, even if they are already
+excluded by the driver or via @code{usb-blacklist-wwan?}.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} maybe-boolean usb-autosuspend-disable-on-shutdown?
+Enable USB autosuspend before shutdown.
+
+Defaults to @samp{disabled}.
+
+@end deftypevr
+
+@deftypevr {@code{tlp-configuration} parameter} boolean restore-device-state-on-startup?
+Restore radio device state (bluetooth, wifi, wwan) from previous shutdown on
+system startup.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+
+The @code{(gnu services pm)} module provides an interface to thermald, a CPU
+frequency scaling service which helps prevent overheating.
+
+@defvr {Scheme Variable} thermald-service-type
+This is the service type for @uref{https://01.org/linux-thermal-daemon/,
+thermald}, the Linux Thermal Daemon, which is responsible for controlling
+the thermal state of processors and preventing overheating.
+@end defvr
+
+@deftp {Data Type} thermald-configuration
+Data type representing the configuration of @code{thermald-service-type}.
+
+@table @asis
+@item @code{ignore-cpuid-check?} (default: @code{#f})
+Ignore cpuid check for supported CPU models.
+
+@item @code{thermald} (default: @var{thermald})
+Package object of thermald.
+
+@end table
+@end deftp
+
+@node Audio Services
+@subsubsection Audio Services
+
+The @code{(gnu services audio)} module provides a service to start MPD (the
+Music Player Daemon).
+
+@cindex mpd
+@subsubheading Music Player Daemon
+
+The Music Player Daemon (MPD) is a service that can play music while being
+controlled from the local machine or over the network by a variety of
+clients.
+
+The following example shows how one might run @code{mpd} as user
+@code{"bob"} on port @code{6666}. It uses pulseaudio for output.
+
+@example
+(service mpd-service-type
+ (mpd-configuration
+ (user "bob")
+ (port "6666")))
+@end example
+
+@defvr {Scheme Variable} mpd-service-type
+The service type for @command{mpd}
+@end defvr
+
+@deftp {Data Type} mpd-configuration
+Data type representing the configuration of @command{mpd}.
+
+@table @asis
+@item @code{user} (default: @code{"mpd"})
+The user to run mpd as.
+
+@item @code{music-dir} (default: @code{"~/Music"})
+The directory to scan for music files.
+
+@item @code{playlist-dir} (default: @code{"~/.mpd/playlists"})
+The directory to store playlists.
+
+@item @code{port} (default: @code{"6600"})
+The port to run mpd on.
+
+@item @code{address} (default: @code{"any"})
+The address that mpd will bind to. To use a Unix domain socket, an absolute
+path can be specified here.
+
+@end table
+@end deftp
+
+@node Virtualization Services
+@subsubsection Virtualization services
+
+The @code{(gnu services virtualization)} module provides services for the
+libvirt and virtlog daemons, as well as other virtualization-related
+services.
+
+@subsubheading Libvirt daemon
+@code{libvirtd} is the server side daemon component of the libvirt
+virtualization management system. This daemon runs on host servers and
+performs required management tasks for virtualized guests.
+
+@deffn {Scheme Variable} libvirt-service-type
+This is the type of the @uref{https://libvirt.org, libvirt daemon}. Its
+value must be a @code{libvirt-configuration}.
+
+@example
+(service libvirt-service-type
+ (libvirt-configuration
+ (unix-sock-group "libvirt")
+ (tls-port "16555")))
+@end example
+@end deffn
+
+@c Auto-generated with (generate-libvirt-documentation)
+Available @code{libvirt-configuration} fields are:
+
+@deftypevr {@code{libvirt-configuration} parameter} package libvirt
+Libvirt package.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tls?
+Flag listening for secure TLS connections on the public TCP/IP port. must
+set @code{listen} for this to have any effect.
+
+It is necessary to setup a CA and issue server certificates before using
+this capability.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} boolean listen-tcp?
+Listen for unencrypted TCP connections on the public TCP/IP port. must set
+@code{listen} for this to have any effect.
+
+Using the TCP socket requires SASL authentication by default. Only SASL
+mechanisms which support data encryption are allowed. This is DIGEST_MD5
+and GSSAPI (Kerberos5)
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string tls-port
+Port for accepting secure TLS connections This can be a port number, or
+service name
+
+Defaults to @samp{"16514"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string tcp-port
+Port for accepting insecure TCP connections This can be a port number, or
+service name
+
+Defaults to @samp{"16509"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string listen-addr
+IP address or hostname used for client connections.
+
+Defaults to @samp{"0.0.0.0"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} boolean mdns-adv?
+Flag toggling mDNS advertisement of the libvirt service.
+
+Alternatively can disable for all services on a host by stopping the Avahi
+daemon.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string mdns-name
+Default mDNS advertisement name. This must be unique on the immediate
+broadcast network.
+
+Defaults to @samp{"Virtualization Host <hostname>"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-group
+UNIX domain socket group ownership. This can be used to allow a 'trusted'
+set of users access to management capabilities without becoming root.
+
+Defaults to @samp{"root"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-ro-perms
+UNIX socket permissions for the R/O socket. This is used for monitoring VM
+status only.
+
+Defaults to @samp{"0777"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-rw-perms
+UNIX socket permissions for the R/W socket. Default allows only root. If
+PolicyKit is enabled on the socket, the default will change to allow
+everyone (eg, 0777)
+
+Defaults to @samp{"0770"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-admin-perms
+UNIX socket permissions for the admin socket. Default allows only owner
+(root), do not change it unless you are sure to whom you are exposing the
+access to.
+
+Defaults to @samp{"0777"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string unix-sock-dir
+The directory in which sockets will be found/created.
+
+Defaults to @samp{"/var/run/libvirt"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-ro
+Authentication scheme for UNIX read-only sockets. By default socket
+permissions allow anyone to connect
+
+Defaults to @samp{"polkit"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string auth-unix-rw
+Authentication scheme for UNIX read-write sockets. By default socket
+permissions only allow root. If PolicyKit support was compiled into
+libvirt, the default will be to use 'polkit' auth.
+
+Defaults to @samp{"polkit"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string auth-tcp
+Authentication scheme for TCP sockets. If you don't enable SASL, then all
+TCP traffic is cleartext. Don't do this outside of a dev/test scenario.
+
+Defaults to @samp{"sasl"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string auth-tls
+Authentication scheme for TLS sockets. TLS sockets already have encryption
+provided by the TLS layer, and limited authentication is done by
+certificates.
+
+It is possible to make use of any SASL authentication mechanism as well, by
+using 'sasl' for this option
+
+Defaults to @samp{"none"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} optional-list access-drivers
+API access control scheme.
+
+By default an authenticated user is allowed access to all APIs. Access
+drivers can place restrictions on this.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string key-file
+Server key file path. If set to an empty string, then no private key is
+loaded.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string cert-file
+Server key file path. If set to an empty string, then no certificate is
+loaded.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string ca-file
+Server key file path. If set to an empty string, then no CA certificate is
+loaded.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string crl-file
+Certificate revocation list path. If set to an empty string, then no CRL is
+loaded.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-sanity-cert
+Disable verification of our own server certificates.
+
+When libvirtd starts it performs some sanity checks against its own
+certificates.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} boolean tls-no-verify-cert
+Disable verification of client certificates.
+
+Client certificate verification is the primary authentication mechanism.
+Any client which does not present a certificate signed by the CA will be
+rejected.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} optional-list tls-allowed-dn-list
+Whitelist of allowed x509 Distinguished Name.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} optional-list sasl-allowed-usernames
+Whitelist of allowed SASL usernames. The format for username depends on the
+SASL authentication mechanism.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string tls-priority
+Override the compile time default TLS priority string. The default is
+usually "NORMAL" unless overridden at build time. Only set this is it is
+desired for libvirt to deviate from the global default settings.
+
+Defaults to @samp{"NORMAL"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer max-clients
+Maximum number of concurrent client connections to allow over all sockets
+combined.
+
+Defaults to @samp{5000}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer max-queued-clients
+Maximum length of queue of connections waiting to be accepted by the
+daemon. Note, that some protocols supporting retransmission may obey this
+so that a later reattempt at connection succeeds.
+
+Defaults to @samp{1000}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer max-anonymous-clients
+Maximum length of queue of accepted but not yet authenticated clients. Set
+this to zero to turn this feature off
+
+Defaults to @samp{20}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer min-workers
+Number of workers to start up initially.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer max-workers
+Maximum number of worker threads.
+
+If the number of active clients exceeds @code{min-workers}, then more
+threads are spawned, up to max_workers limit. Typically you'd want
+max_workers to equal maximum number of clients allowed.
+
+Defaults to @samp{20}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer prio-workers
+Number of priority workers. If all workers from above pool are stuck, some
+calls marked as high priority (notably domainDestroy) can be executed in
+this pool.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer max-requests
+Total global limit on concurrent RPC calls.
+
+Defaults to @samp{20}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer max-client-requests
+Limit on concurrent requests from a single client connection. To avoid one
+client monopolizing the server this should be a small fraction of the global
+max_requests and max_workers parameter.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-min-workers
+Same as @code{min-workers} but for the admin interface.
+
+Defaults to @samp{1}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-workers
+Same as @code{max-workers} but for the admin interface.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-clients
+Same as @code{max-clients} but for the admin interface.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-queued-clients
+Same as @code{max-queued-clients} but for the admin interface.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-max-client-requests
+Same as @code{max-client-requests} but for the admin interface.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer log-level
+Logging level. 4 errors, 3 warnings, 2 information, 1 debug.
+
+Defaults to @samp{3}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string log-filters
+Logging filters.
+
+A filter allows to select a different logging level for a given category of
+logs The format for a filter is one of:
+
+@itemize @bullet
+@item
+x:name
+
+@item
+x:+name
+
+@end itemize
+
+where @code{name} is a string which is matched against the category given in
+the @code{VIR_LOG_INIT()} at the top of each libvirt source file, e.g.,
+"remote", "qemu", or "util.json" (the name in the filter can be a substring
+of the full category name, in order to match multiple similar categories),
+the optional "+" prefix tells libvirt to log stack trace for each message
+matching name, and @code{x} is the minimal level where matching messages
+should be logged:
+
+@itemize @bullet
+@item
+1: DEBUG
+
+@item
+2: INFO
+
+@item
+3: WARNING
+
+@item
+4: ERROR
+
+@end itemize
+
+Multiple filters can be defined in a single filters statement, they just
+need to be separated by spaces.
+
+Defaults to @samp{"3:remote 4:event"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string log-outputs
+Logging outputs.
+
+An output is one of the places to save logging information The format for an
+output can be:
+
+@table @code
+@item x:stderr
+output goes to stderr
+
+@item x:syslog:name
+use syslog for the output and use the given name as the ident
+
+@item x:file:file_path
+output to a file, with the given filepath
+
+@item x:journald
+output to journald logging system
+
+@end table
+
+In all case the x prefix is the minimal level, acting as a filter
+
+@itemize @bullet
+@item
+1: DEBUG
+
+@item
+2: INFO
+
+@item
+3: WARNING
+
+@item
+4: ERROR
+
+@end itemize
+
+Multiple outputs can be defined, they just need to be separated by spaces.
+
+Defaults to @samp{"3:stderr"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer audit-level
+Allows usage of the auditing subsystem to be altered
+
+@itemize @bullet
+@item
+0: disable all auditing
+
+@item
+1: enable auditing, only if enabled on host
+
+@item
+2: enable auditing, and exit if disabled on host.
+
+@end itemize
+
+Defaults to @samp{1}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} boolean audit-logging
+Send audit messages via libvirt logging infrastructure.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} optional-string host-uuid
+Host UUID. UUID must not have all digits be the same.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} string host-uuid-source
+Source to read host UUID.
+
+@itemize @bullet
+@item
+@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid}
+
+@item
+@code{machine-id}: fetch the UUID from @code{/etc/machine-id}
+
+@end itemize
+
+If @code{dmidecode} does not provide a valid UUID a temporary UUID will be
+generated.
+
+Defaults to @samp{"smbios"}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-interval
+A keepalive message is sent to a client after @code{keepalive_interval}
+seconds of inactivity to check if the client is still responding. If set to
+-1, libvirtd will never send keepalive requests; however clients can still
+send them and the daemon will send responses.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer keepalive-count
+Maximum number of keepalive messages that are allowed to be sent to the
+client without getting any response before the connection is considered
+broken.
+
+In other words, the connection is automatically closed approximately after
+@code{keepalive_interval * (keepalive_count + 1)} seconds since the last
+message received from the client. When @code{keepalive-count} is set to 0,
+connections will be automatically closed after @code{keepalive-interval}
+seconds of inactivity without sending any keepalive messages.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-interval
+Same as above but for admin interface.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer admin-keepalive-count
+Same as above but for admin interface.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{libvirt-configuration} parameter} integer ovs-timeout
+Timeout for Open vSwitch calls.
+
+The @code{ovs-vsctl} utility is used for the configuration and its timeout
+option is set by default to 5 seconds to avoid potential infinite waits
+blocking libvirt.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@c %end of autogenerated docs
+
+@subsubheading Virtlog daemon
+The virtlogd service is a server side daemon component of libvirt that is
+used to manage logs from virtual machine consoles.
+
+This daemon is not used directly by libvirt client applications, rather it
+is called on their behalf by @code{libvirtd}. By maintaining the logs in a
+standalone daemon, the main @code{libvirtd} daemon can be restarted without
+risk of losing logs. The @code{virtlogd} daemon has the ability to re-exec()
+itself upon receiving @code{SIGUSR1}, to allow live upgrades without
+downtime.
+
+@deffn {Scheme Variable} virtlog-service-type
+This is the type of the virtlog daemon. Its value must be a
+@code{virtlog-configuration}.
+
+@example
+(service virtlog-service-type
+ (virtlog-configuration
+ (max-clients 1000)))
+@end example
+@end deffn
+
+@deftypevr {@code{virtlog-configuration} parameter} integer log-level
+Logging level. 4 errors, 3 warnings, 2 information, 1 debug.
+
+Defaults to @samp{3}.
+
+@end deftypevr
+
+@deftypevr {@code{virtlog-configuration} parameter} string log-filters
+Logging filters.
+
+A filter allows to select a different logging level for a given category of
+logs The format for a filter is one of:
+
+@itemize @bullet
+@item
+x:name
+
+@item
+x:+name
+
+@end itemize
+
+where @code{name} is a string which is matched against the category given in
+the @code{VIR_LOG_INIT()} at the top of each libvirt source file, e.g.,
+"remote", "qemu", or "util.json" (the name in the filter can be a substring
+of the full category name, in order to match multiple similar categories),
+the optional "+" prefix tells libvirt to log stack trace for each message
+matching name, and @code{x} is the minimal level where matching messages
+should be logged:
+
+@itemize @bullet
+@item
+1: DEBUG
+
+@item
+2: INFO
+
+@item
+3: WARNING
+
+@item
+4: ERROR
+
+@end itemize
+
+Multiple filters can be defined in a single filters statement, they just
+need to be separated by spaces.
+
+Defaults to @samp{"3:remote 4:event"}.
+
+@end deftypevr
+
+@deftypevr {@code{virtlog-configuration} parameter} string log-outputs
+Logging outputs.
+
+An output is one of the places to save logging information The format for an
+output can be:
+
+@table @code
+@item x:stderr
+output goes to stderr
+
+@item x:syslog:name
+use syslog for the output and use the given name as the ident
+
+@item x:file:file_path
+output to a file, with the given filepath
+
+@item x:journald
+output to journald logging system
+
+@end table
+
+In all case the x prefix is the minimal level, acting as a filter
+
+@itemize @bullet
+@item
+1: DEBUG
+
+@item
+2: INFO
+
+@item
+3: WARNING
+
+@item
+4: ERROR
+
+@end itemize
+
+Multiple outputs can be defined, they just need to be separated by spaces.
+
+Defaults to @samp{"3:stderr"}.
+
+@end deftypevr
+
+@deftypevr {@code{virtlog-configuration} parameter} integer max-clients
+Maximum number of concurrent client connections to allow over all sockets
+combined.
+
+Defaults to @samp{1024}.
+
+@end deftypevr
+
+@deftypevr {@code{virtlog-configuration} parameter} integer max-size
+Maximum file size before rolling over.
+
+Defaults to @samp{2MB}
+
+@end deftypevr
+
+@deftypevr {@code{virtlog-configuration} parameter} integer max-backups
+Maximum number of backup files to keep.
+
+Defaults to @samp{3}
+
+@end deftypevr
+
+@subsubheading Transparent Emulation with QEMU
+
+@cindex emulation
+@cindex @code{binfmt_misc}
+@code{qemu-binfmt-service-type} provides support for transparent emulation
+of program binaries built for different architectures---e.g., it allows you
+to transparently execute an ARMv7 program on an x86_64 machine. It achieves
+this by combining the @uref{https://www.qemu.org, QEMU} emulator and the
+@code{binfmt_misc} feature of the kernel Linux.
+
+@defvr {Scheme Variable} qemu-binfmt-service-type
+This is the type of the QEMU/binfmt service for transparent emulation. Its
+value must be a @code{qemu-binfmt-configuration} object, which specifies the
+QEMU package to use as well as the architecture we want to emulated:
+
+@example
+(service qemu-binfmt-service-type
+ (qemu-binfmt-configuration
+ (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc"))))
+@end example
+
+In this example, we enable transparent emulation for the ARM and aarch64
+platforms. Running @code{herd stop qemu-binfmt} turns it off, and running
+@code{herd start qemu-binfmt} turns it back on (@pxref{Invoking herd, the
+@command{herd} command,, shepherd, The GNU Shepherd Manual}).
+@end defvr
+
+@deftp {Data Type} qemu-binfmt-configuration
+This is the configuration for the @code{qemu-binfmt} service.
+
+@table @asis
+@item @code{platforms} (default: @code{'()})
+The list of emulated QEMU platforms. Each item must be a @dfn{platform
+object} as returned by @code{lookup-qemu-platforms} (see below).
+
+@item @code{guix-support?} (default: @code{#f})
+When it is true, QEMU and all its dependencies are added to the build
+environment of @command{guix-daemon} (@pxref{Invoquer guix-daemon,
+@code{--chroot-directory} option}). This allows the @code{binfmt_misc}
+handlers to be used within the build environment, which in turn means that
+you can transparently build programs for another architecture.
+
+For example, let's suppose you're on an x86_64 machine and you have this
+service:
+
+@example
+(service qemu-binfmt-service-type
+ (qemu-binfmt-configuration
+ (platforms (lookup-qemu-platforms "arm"))
+ (guix-support? #t)))
+@end example
+
+You can run:
+
+@example
+guix build -s armhf-linux inkscape
+@end example
+
+@noindent
+and it will build Inkscape for ARMv7 @emph{as if it were a native build},
+transparently using QEMU to emulate the ARMv7 CPU. Pretty handy if you'd
+like to test a package build for an architecture you don't have access to!
+
+@item @code{qemu} (default: @code{qemu})
+The QEMU package to use.
+@end table
+@end deftp
+
+@deffn {Scheme Procedure} lookup-qemu-platforms @var{platforms}@dots{}
+Return the list of QEMU platform objects corresponding to
+@var{platforms}@dots{}. @var{platforms} must be a list of strings
+corresponding to platform names, such as @code{"arm"}, @code{"sparc"},
+@code{"mips64el"}, and so on.
+@end deffn
+
+@deffn {Scheme Procedure} qemu-platform? @var{obj}
+Return true if @var{obj} is a platform object.
+@end deffn
+
+@deffn {Scheme Procedure} qemu-platform-name @var{platform}
+Return the name of @var{platform}---a string such as @code{"arm"}.
+@end deffn
+
+@node Version Control Services
+@subsubsection Version Control Services
+
+The @code{(gnu services version-control)} module provides a service to allow
+remote access to local Git repositories. There are three options: the
+@code{git-daemon-service}, which provides access to repositories via the
+@code{git://} unsecured TCP-based protocol, extending the @code{nginx} web
+server to proxy some requests to @code{git-http-backend}, or providing a web
+interface with @code{cgit-service-type}.
+
+@deffn {Scheme Procedure} git-daemon-service [#:config (git-daemon-configuration)]
+
+Return a service that runs @command{git daemon}, a simple TCP server to
+expose repositories over the Git protocol for anonymous access.
+
+The optional @var{config} argument should be a
+@code{<git-daemon-configuration>} object, by default it allows read-only
+access to exported@footnote{By creating the magic file
+"git-daemon-export-ok" in the repository directory.} repositories under
+@file{/srv/git}.
+
+@end deffn
+
+@deftp {Data Type} git-daemon-configuration
+Data type representing the configuration for @code{git-daemon-service}.
+
+@table @asis
+@item @code{package} (default: @var{git})
+Package object of the Git distributed version control system.
+
+@item @code{export-all?} (default: @var{#f})
+Whether to allow access for all Git repositories, even if they do not have
+the @file{git-daemon-export-ok} file.
+
+@item @code{base-path} (default: @file{/srv/git})
+Whether to remap all the path requests as relative to the given path. If
+you run git daemon with @var{(base-path "/srv/git")} on example.com, then if
+you later try to pull @code{git://example.com/hello.git}, git daemon will
+interpret the path as @code{/srv/git/hello.git}.
+
+@item @code{user-path} (default: @var{#f})
+Whether to allow @code{~user} notation to be used in requests. When
+specified with empty string, requests to @code{git://host/~alice/foo} is
+taken as a request to access @code{foo} repository in the home directory of
+user @code{alice}. If @var{(user-path "path")} is specified, the same
+request is taken as a request to access @code{path/foo} repository in the
+home directory of user @code{alice}.
+
+@item @code{listen} (default: @var{'()})
+Whether to listen on specific IP addresses or hostnames, defaults to all.
+
+@item @code{port} (default: @var{#f})
+Whether to listen on an alternative port, which defaults to 9418.
+
+@item @code{whitelist} (default: @var{'()})
+If not empty, only allow access to this list of directories.
+
+@item @code{extra-options} (default: @var{'()})
+Extra options will be passed to @code{git daemon}, please run @command{man
+git-daemon} for more information.
+
+@end table
+@end deftp
+
+The @code{git://} protocol lacks authentication. When you pull from a
+repository fetched via @code{git://}, you don't know that the data you
+receive was modified is really coming from the specified host, and you have
+your connection is subject to eavesdropping. It's better to use an
+authenticated and encrypted transport, such as @code{https}. Although Git
+allows you to serve repositories using unsophisticated file-based web
+servers, there is a faster protocol implemented by the
+@code{git-http-backend} program. This program is the back-end of a proper
+Git web service. It is designed to sit behind a FastCGI proxy. @xref{Web
+Services}, for more on running the necessary @code{fcgiwrap} daemon.
+
+Guix has a separate configuration data type for serving Git repositories
+over HTTP.
+
+@deftp {Data Type} git-http-configuration
+Data type representing the configuration for @code{git-http-service}.
+
+@table @asis
+@item @code{package} (default: @var{git})
+Package object of the Git distributed version control system.
+
+@item @code{git-root} (default: @file{/srv/git})
+Directory containing the Git repositories to expose to the world.
+
+@item @code{export-all?} (default: @var{#f})
+Whether to expose access for all Git repositories in @var{git-root}, even if
+they do not have the @file{git-daemon-export-ok} file.
+
+@item @code{uri-path} (default: @file{/git/})
+Path prefix for Git access. With the default @code{/git/} prefix, this will
+map @code{http://@var{server}/git/@var{repo}.git} to
+@code{/srv/git/@var{repo}.git}. Requests whose URI paths do not begin with
+this prefix are not passed on to this Git instance.
+
+@item @code{fcgiwrap-socket} (default: @code{127.0.0.1:9000})
+The socket on which the @code{fcgiwrap} daemon is listening. @xref{Web
+Services}.
+@end table
+@end deftp
+
+There is no @code{git-http-service-type}, currently; instead you can create
+an @code{nginx-location-configuration} from a @code{git-http-configuration}
+and then add that location to a web server.
+
+@deffn {Scheme Procedure} git-http-nginx-location-configuration @
+ [config=(git-http-configuration)] Compute an
+@code{nginx-location-configuration} that corresponds to the given Git http
+configuration. An example nginx service definition to serve the default
+@file{/srv/git} over HTTPS might be:
+
+@example
+(service nginx-service-type
+ (nginx-configuration
+ (server-blocks
+ (list
+ (nginx-server-configuration
+ (listen '("443 ssl"))
+ (server-name "git.my-host.org")
+ (ssl-certificate
+ "/etc/letsencrypt/live/git.my-host.org/fullchain.pem")
+ (ssl-certificate-key
+ "/etc/letsencrypt/live/git.my-host.org/privkey.pem")
+ (locations
+ (list
+ (git-http-nginx-location-configuration
+ (git-http-configuration (uri-path "/"))))))))))
+@end example
+
+This example assumes that you are using Let's Encrypt to get your TLS
+certificate. @xref{Certificate Services}. The default @code{certbot}
+service will redirect all HTTP traffic on @code{git.my-host.org} to HTTPS.
+You will also need to add an @code{fcgiwrap} proxy to your system services.
+@xref{Web Services}.
+@end deffn
+
+@subsubheading Cgit Service
+
+@cindex Cgit service
+@cindex Git, web interface
+@uref{https://git.zx2c4.com/cgit/, Cgit} is a web frontend for Git
+repositories written in C.
+
+The following example will configure the service with default values. By
+default, Cgit can be accessed on port 80 (@code{http://localhost:80}).
+
+@example
+(service cgit-service-type)
+@end example
+
+The @code{file-object} type designates either a file-like object
+(@pxref{G-Expressions, file-like objects}) or a string.
+
+@c %start of fragment
+
+Available @code{cgit-configuration} fields are:
+
+@deftypevr {@code{cgit-configuration} parameter} package package
+The CGIT package.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} nginx-server-configuration-list nginx
+NGINX configuration.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object about-filter
+Specifies a command which will be invoked to format the content of about
+pages (both top-level and for each repository).
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string agefile
+Specifies a path, relative to each repository path, which can be used to
+specify the date and time of the youngest commit in the repository.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object auth-filter
+Specifies a command that will be invoked for authenticating repository
+access.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string branch-sort
+Flag which, when set to @samp{age}, enables date ordering in the branch ref
+list, and when set @samp{name} enables ordering by branch name.
+
+Defaults to @samp{"name"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string cache-root
+Path used to store the cgit cache entries.
+
+Defaults to @samp{"/var/cache/cgit"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-static-ttl
+Number which specifies the time-to-live, in minutes, for the cached version
+of repository pages accessed with a fixed SHA1.
+
+Defaults to @samp{-1}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-dynamic-ttl
+Number which specifies the time-to-live, in minutes, for the cached version
+of repository pages accessed without a fixed SHA1.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-repo-ttl
+Number which specifies the time-to-live, in minutes, for the cached version
+of the repository summary page.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-root-ttl
+Number which specifies the time-to-live, in minutes, for the cached version
+of the repository index page.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-scanrc-ttl
+Number which specifies the time-to-live, in minutes, for the result of
+scanning a path for Git repositories.
+
+Defaults to @samp{15}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-about-ttl
+Number which specifies the time-to-live, in minutes, for the cached version
+of the repository about page.
+
+Defaults to @samp{15}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-snapshot-ttl
+Number which specifies the time-to-live, in minutes, for the cached version
+of snapshots.
+
+Defaults to @samp{5}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer cache-size
+The maximum number of entries in the cgit cache. When set to @samp{0},
+caching is disabled.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean case-sensitive-sort?
+Sort items in the repo list case sensitively.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} list clone-prefix
+List of common prefixes which, when combined with a repository URL,
+generates valid clone URLs for the repository.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} list clone-url
+List of @code{clone-url} templates.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object commit-filter
+Command which will be invoked to format commit messages.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string commit-sort
+Flag which, when set to @samp{date}, enables strict date ordering in the
+commit log, and when set to @samp{topo} enables strict topological ordering.
+
+Defaults to @samp{"git log"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object css
+URL which specifies the css document to include in all cgit pages.
+
+Defaults to @samp{"/share/cgit/cgit.css"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object email-filter
+Specifies a command which will be invoked to format names and email address
+of committers, authors, and taggers, as represented in various places
+throughout the cgit interface.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean embedded?
+Flag which, when set to @samp{#t}, will make cgit generate a HTML fragment
+suitable for embedding in other HTML pages.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-commit-graph?
+Flag which, when set to @samp{#t}, will make cgit print an ASCII-art commit
+history graph to the left of the commit messages in the repository log page.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-filter-overrides?
+Flag which, when set to @samp{#t}, allows all filter settings to be
+overridden in repository-specific cgitrc files.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-follow-links?
+Flag which, when set to @samp{#t}, allows users to follow a file in the log
+view.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-http-clone?
+If set to @samp{#t}, cgit will act as an dumb HTTP endpoint for Git clones.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-index-links?
+Flag which, when set to @samp{#t}, will make cgit generate extra links
+"summary", "commit", "tree" for each repo in the repository index.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-index-owner?
+Flag which, when set to @samp{#t}, will make cgit display the owner of each
+repo in the repository index.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-log-filecount?
+Flag which, when set to @samp{#t}, will make cgit print the number of
+modified files for each commit on the repository log page.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-log-linecount?
+Flag which, when set to @samp{#t}, will make cgit print the number of added
+and removed lines for each commit on the repository log page.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-remote-branches?
+Flag which, when set to @code{#t}, will make cgit display remote branches in
+the summary and refs views.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-subject-links?
+Flag which, when set to @code{1}, will make cgit use the subject of the
+parent commit as link text when generating links to parent commits in commit
+view.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-html-serving?
+Flag which, when set to @samp{#t}, will make cgit use the subject of the
+parent commit as link text when generating links to parent commits in commit
+view.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-tree-linenumbers?
+Flag which, when set to @samp{#t}, will make cgit generate linenumber links
+for plaintext blobs printed in the tree view.
+
+Defaults to @samp{#t}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean enable-git-config?
+Flag which, when set to @samp{#f}, will allow cgit to use Git config to set
+any repo specific settings.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object favicon
+URL used as link to a shortcut icon for cgit.
+
+Defaults to @samp{"/favicon.ico"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string footer
+The content of the file specified with this option will be included verbatim
+at the bottom of all pages (i.e. it replaces the standard "generated by..."
+message).
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string head-include
+The content of the file specified with this option will be included verbatim
+in the HTML HEAD section on all pages.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string header
+The content of the file specified with this option will be included verbatim
+at the top of all pages.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object include
+Name of a configfile to include before the rest of the current config- file
+is parsed.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string index-header
+The content of the file specified with this option will be included verbatim
+above the repository index.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string index-info
+The content of the file specified with this option will be included verbatim
+below the heading on the repository index page.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean local-time?
+Flag which, if set to @samp{#t}, makes cgit print commit and tag times in
+the servers timezone.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object logo
+URL which specifies the source of an image which will be used as a logo on
+all cgit pages.
+
+Defaults to @samp{"/share/cgit/cgit.png"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string logo-link
+URL loaded when clicking on the cgit logo image.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object owner-filter
+Command which will be invoked to format the Owner column of the main page.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer max-atom-items
+Number of items to display in atom feeds view.
+
+Defaults to @samp{10}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer max-commit-count
+Number of entries to list per page in "log" view.
+
+Defaults to @samp{50}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer max-message-length
+Number of commit message characters to display in "log" view.
+
+Defaults to @samp{80}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer max-repo-count
+Specifies the number of entries to list per page on the repository index
+page.
+
+Defaults to @samp{50}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer max-repodesc-length
+Specifies the maximum number of repo description characters to display on
+the repository index page.
+
+Defaults to @samp{80}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer max-blob-size
+Specifies the maximum size of a blob to display HTML for in KBytes.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string max-stats
+Maximum statistics period. Valid values are @samp{week},@samp{month},
+@samp{quarter} and @samp{year}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} mimetype-alist mimetype
+Mimetype for the specified filename extension.
+
+Defaults to @samp{((gif "image/gif") (html "text/html") (jpg "image/jpeg")
+(jpeg "image/jpeg") (pdf "application/pdf") (png "image/png") (svg
+"image/svg+xml"))}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object mimetype-file
+Specifies the file to use for automatic mimetype lookup.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string module-link
+Text which will be used as the formatstring for a hyperlink when a submodule
+is printed in a directory listing.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean nocache?
+If set to the value @samp{#t} caching will be disabled.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean noplainemail?
+If set to @samp{#t} showing full author email addresses will be disabled.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean noheader?
+Flag which, when set to @samp{#t}, will make cgit omit the standard header
+on all pages.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} list project-list
+A list of subdirectories inside of @code{repository-directory}, relative to
+it, that should loaded as Git repositories. An empty list means that all
+subdirectories will be loaded.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object readme
+Text which will be used as default value for @code{cgit-repo-readme}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean remove-suffix?
+If set to @code{#t} and @code{repository-directory} is enabled, if any
+repositories are found with a suffix of @code{.git}, this suffix will be
+removed for the URL and name.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer renamelimit
+Maximum number of files to consider when detecting renames.
+
+Defaults to @samp{-1}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string repository-sort
+The way in which repositories in each section are sorted.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} robots-list robots
+Text used as content for the @code{robots} meta-tag.
+
+Defaults to @samp{("noindex" "nofollow")}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string root-desc
+Text printed below the heading on the repository index page.
+
+Defaults to @samp{"a fast webinterface for the git dscm"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string root-readme
+The content of the file specified with this option will be included verbatim
+below thef "about" link on the repository index page.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string root-title
+Text printed as heading on the repository index page.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean scan-hidden-path
+If set to @samp{#t} and repository-directory is enabled,
+repository-directory will recurse into directories whose name starts with a
+period. Otherwise, repository-directory will stay away from such
+directories, considered as "hidden". Note that this does not apply to the
+".git" directory in non-bare repos.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} list snapshots
+Text which specifies the default set of snapshot formats that cgit generates
+links for.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} repository-directory repository-directory
+Name of the directory to scan for repositories (represents
+@code{scan-path}).
+
+Defaults to @samp{"/srv/git"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string section
+The name of the current repository section - all repositories defined after
+this option will inherit the current section name.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string section-sort
+Flag which, when set to @samp{1}, will sort the sections on the repository
+listing by name.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer section-from-path
+A number which, if defined prior to repository-directory, specifies how many
+path elements from each repo path to use as a default section name.
+
+Defaults to @samp{0}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} boolean side-by-side-diffs?
+If set to @samp{#t} shows side-by-side diffs instead of unidiffs per
+default.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} file-object source-filter
+Specifies a command which will be invoked to format plaintext blobs in the
+tree view.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer summary-branches
+Specifies the number of branches to display in the repository "summary"
+view.
+
+Defaults to @samp{10}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer summary-log
+Specifies the number of log entries to display in the repository "summary"
+view.
+
+Defaults to @samp{10}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} integer summary-tags
+Specifies the number of tags to display in the repository "summary" view.
+
+Defaults to @samp{10}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string strict-export
+Filename which, if specified, needs to be present within the repository for
+cgit to allow access to that repository.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} string virtual-root
+URL which, if specified, will be used as root for all cgit links.
+
+Defaults to @samp{"/"}.
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} repository-cgit-configuration-list repositories
+A list of @dfn{cgit-repo} records to use with config.
+
+Defaults to @samp{()}.
+
+Available @code{repository-cgit-configuration} fields are:
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-list snapshots
+A mask of snapshot formats for this repo that cgit generates links for,
+restricted by the global @code{snapshots} setting.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-file-object source-filter
+Override the default @code{source-filter}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string url
+The relative URL used to access the repository.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-file-object about-filter
+Override the default @code{about-filter}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string branch-sort
+Flag which, when set to @samp{age}, enables date ordering in the branch ref
+list, and when set to @samp{name} enables ordering by branch name.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-list clone-url
+A list of URLs which can be used to clone repo.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-file-object commit-filter
+Override the default @code{commit-filter}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string commit-sort
+Flag which, when set to @samp{date}, enables strict date ordering in the
+commit log, and when set to @samp{topo} enables strict topological ordering.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string defbranch
+The name of the default branch for this repository. If no such branch
+exists in the repository, the first branch name (when sorted) is used as
+default instead. By default branch pointed to by HEAD, or "master" if there
+is no suitable HEAD.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string desc
+The value to show as repository description.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string homepage
+The value to show as repository homepage.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-file-object email-filter
+Override the default @code{email-filter}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean enable-commit-graph?
+A flag which can be used to disable the global setting
+@code{enable-commit-graph?}.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean enable-log-filecount?
+A flag which can be used to disable the global setting
+@code{enable-log-filecount?}.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean enable-log-linecount?
+A flag which can be used to disable the global setting
+@code{enable-log-linecount?}.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean enable-remote-branches?
+Flag which, when set to @code{#t}, will make cgit display remote branches in
+the summary and refs views.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean enable-subject-links?
+A flag which can be used to override the global setting
+@code{enable-subject-links?}.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean enable-html-serving?
+A flag which can be used to override the global setting
+@code{enable-html-serving?}.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean hide?
+Flag which, when set to @code{#t}, hides the repository from the repository
+index.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-boolean ignore?
+Flag which, when set to @samp{#t}, ignores the repository.
+
+Defaults to @samp{#f}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-file-object logo
+URL which specifies the source of an image which will be used as a logo on
+this repo’s pages.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string logo-link
+URL loaded when clicking on the cgit logo image.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-file-object owner-filter
+Override the default @code{owner-filter}.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string module-link
+Text which will be used as the formatstring for a hyperlink when a submodule
+is printed in a directory listing. The arguments for the formatstring are
+the path and SHA1 of the submodule commit.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} module-link-path module-link-path
+Text which will be used as the formatstring for a hyperlink when a submodule
+with the specified subdirectory path is printed in a directory listing.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string max-stats
+Override the default maximum statistics period.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string name
+The value to show as repository name.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string owner
+A value used to identify the owner of the repository.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string path
+An absolute path to the repository directory.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string readme
+A path (relative to repo) which specifies a file to include verbatim as the
+"About" page for this repo.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-string section
+The name of the current repository section - all repositories defined after
+this option will inherit the current section name.
+
+Defaults to @samp{""}.
+
+@end deftypevr
+
+@deftypevr {@code{repository-cgit-configuration} parameter} repo-list extra-options
+Extra options will be appended to cgitrc file.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+@end deftypevr
+
+@deftypevr {@code{cgit-configuration} parameter} list extra-options
+Extra options will be appended to cgitrc file.
+
+Defaults to @samp{()}.
+
+@end deftypevr
+
+
+@c %end of fragment
+
+However, it could be that you just want to get a @code{cgitrc} up and
+running. In that case, you can pass an @code{opaque-cgit-configuration} as
+a record to @code{cgit-service-type}. As its name indicates, an opaque
+configuration does not have easy reflective capabilities.
+
+Available @code{opaque-cgit-configuration} fields are:
+
+@deftypevr {@code{opaque-cgit-configuration} parameter} package cgit
+The cgit package.
+@end deftypevr
+
+@deftypevr {@code{opaque-cgit-configuration} parameter} string string
+The contents of the @code{cgitrc}, as a string.
+@end deftypevr
+
+For example, if your @code{cgitrc} is just the empty string, you could
+instantiate a cgit service like this:
+
+@example
+(service cgit-service-type
+ (opaque-cgit-configuration
+ (cgitrc "")))
+@end example
+
+
+@node Game Services
+@subsubsection Game Services
+
+@subsubheading The Battle for Wesnoth Service
+@cindex wesnothd
+@uref{https://wesnoth.org, The Battle for Wesnoth} is a fantasy, turn based
+tactical strategy game, with several single player campaigns, and
+multiplayer games (both networked and local).
+
+@defvar {Scheme Variable} wesnothd-service-type
+Service type for the wesnothd service. Its value must be a
+@code{wesnothd-configuration} object. To run wesnothd in the default
+configuration, instantiate it as:
+
+@example
+(service wesnothd-service-type)
+@end example
+@end defvar
+
+@deftp {Data Type} wesnothd-configuration
+Data type representing the configuration of @command{wesnothd}.
+
+@table @asis
+@item @code{package} (default: @code{wesnoth-server})
+The wesnoth server package to use.
+
+@item @code{port} (default: @code{15000})
+The port to bind the server to.
+@end table
+@end deftp
+
+@node Miscellaneous Services
+@subsubsection Miscellaneous Services
+
+@cindex sysctl
+@subsubheading System Control Service
+
+The @code{(gnu services sysctl)} provides a service to configure kernel
+parameters at boot.
+
+@defvr {Scheme Variable} sysctl-service-type
+The service type for @command{sysctl}, which modifies kernel parameters
+under @file{/proc/sys/}. To enable IPv4 forwarding, it can be instantiated
+as:
+
+@example
+(service sysctl-service-type
+ (sysctl-configuration
+ (settings '(("net.ipv4.ip_forward" . "1")))))
+@end example
+@end defvr
+
+@deftp {Data Type} sysctl-configuration
+The data type representing the configuration of @command{sysctl}.
+
+@table @asis
+@item @code{sysctl} (default: @code{(file-append procps "/sbin/sysctl"})
+The @command{sysctl} executable to use.
+
+@item @code{settings} (default: @code{'()})
+An association list specifies kernel parameters and their values.
+@end table
+@end deftp
+
+@cindex lirc
+@subsubheading Lirc Service
+
+The @code{(gnu services lirc)} module provides the following service.
+
+@deffn {Scheme Procedure} lirc-service [#:lirc lirc] @
+ [#:device #f] [#:driver #f] [#:config-file #f] @ [#:extra-options '()]
+Return a service that runs @url{http://www.lirc.org,LIRC}, a daemon that
+decodes infrared signals from remote controls.
+
+Optionally, @var{device}, @var{driver} and @var{config-file} (configuration
+file name) may be specified. See @command{lircd} manual for details.
+
+Finally, @var{extra-options} is a list of additional command-line options
+passed to @command{lircd}.
+@end deffn
+
+@cindex spice
+@subsubheading Spice Service
+
+The @code{(gnu services spice)} module provides the following service.
+
+@deffn {Scheme Procedure} spice-vdagent-service [#:spice-vdagent]
+Returns a service that runs @url{http://www.spice-space.org,VDAGENT}, a
+daemon that enables sharing the clipboard with a vm and setting the guest
+display resolution when the graphical console window resizes.
+@end deffn
+
+@subsubsection Dictionary Services
+@cindex dictionary
+The @code{(gnu services dict)} module provides the following service:
+
+@deffn {Scheme Procedure} dicod-service [#:config (dicod-configuration)]
+Return a service that runs the @command{dicod} daemon, an implementation of
+DICT server (@pxref{Dicod,,, dico, GNU Dico Manual}).
+
+The optional @var{config} argument specifies the configuration for
+@command{dicod}, which should be a @code{<dicod-configuration>} object, by
+default it serves the GNU Collaborative International Dictonary of English.
+
+You can add @command{open localhost} to your @file{~/.dico} file to make
+@code{localhost} the default server for @command{dico} client
+(@pxref{Initialization File,,, dico, GNU Dico Manual}).
+@end deffn
+
+@deftp {Data Type} dicod-configuration
+Data type representing the configuration of dicod.
+
+@table @asis
+@item @code{dico} (default: @var{dico})
+Package object of the GNU Dico dictionary server.
+
+@item @code{interfaces} (default: @var{'("localhost")})
+This is the list of IP addresses and ports and possibly socket file names to
+listen to (@pxref{Server Settings, @code{listen} directive,, dico, GNU Dico
+Manual}).
+
+@item @code{handlers} (default: @var{'()})
+List of @code{<dicod-handler>} objects denoting handlers (module instances).
+
+@item @code{databases} (default: @var{(list %dicod-database:gcide)})
+List of @code{<dicod-database>} objects denoting dictionaries to be served.
+@end table
+@end deftp
+
+@deftp {Data Type} dicod-handler
+Data type representing a dictionary handler (module instance).
+
+@table @asis
+@item @code{name}
+Name of the handler (module instance).
+
+@item @code{module} (default: @var{#f})
+Name of the dicod module of the handler (instance). If it is @code{#f}, the
+module has the same name as the handler. (@pxref{Modules,,, dico, GNU Dico
+Manual}).
+
+@item @code{options}
+List of strings or gexps representing the arguments for the module handler
+@end table
+@end deftp
+
+@deftp {Data Type} dicod-database
+Data type representing a dictionary database.
+
+@table @asis
+@item @code{name}
+Name of the database, will be used in DICT commands.
+
+@item @code{handler}
+Name of the dicod handler (module instance) used by this database
+(@pxref{Handlers,,, dico, GNU Dico Manual}).
+
+@item @code{complex?} (default: @var{#f})
+Whether the database configuration complex. The complex configuration will
+need a corresponding @code{<dicod-handler>} object, otherwise not.
+
+@item @code{options}
+List of strings or gexps representing the arguments for the database
+(@pxref{Databases,,, dico, GNU Dico Manual}).
+@end table
+@end deftp
+
+@defvr {Scheme Variable} %dicod-database:gcide
+A @code{<dicod-database>} object serving the GNU Collaborative International
+Dictionary of English using the @code{gcide} package.
+@end defvr
+
+The following is an example @code{dicod-service} configuration.
+
+@example
+(dicod-service #:config
+ (dicod-configuration
+ (handlers (list (dicod-handler
+ (name "wordnet")
+ (module "dictorg")
+ (options
+ (list #~(string-append "dbdir=" #$wordnet))))))
+ (databases (list (dicod-database
+ (name "wordnet")
+ (complex? #t)
+ (handler "wordnet")
+ (options '("database=wn")))
+ %dicod-database:gcide))))
+@end example
+
+@node Programmes setuid
+@subsection Programmes setuid
+
+@cindex setuid programs
+Some programs need to run with ``root'' privileges, even when they are
+launched by unprivileged users. A notorious example is the @command{passwd}
+program, which users can run to change their password, and which needs to
+access the @file{/etc/passwd} and @file{/etc/shadow} files---something
+normally restricted to root, for obvious security reasons. To address that,
+these executables are @dfn{setuid-root}, meaning that they always run with
+root privileges (@pxref{How Change Persona,,, libc, The GNU C Library
+Reference Manual}, for more info about the setuid mechanism.)
+
+The store itself @emph{cannot} contain setuid programs: that would be a
+security issue since any user on the system can write derivations that
+populate the store (@pxref{Le dépôt}). Thus, a different mechanism is
+used: instead of changing the setuid bit directly on files that are in the
+store, we let the system administrator @emph{declare} which programs should
+be setuid root.
+
+The @code{setuid-programs} field of an @code{operating-system} declaration
+contains a list of G-expressions denoting the names of programs to be
+setuid-root (@pxref{Utiliser le système de configuration}). For instance, the
+@command{passwd} program, which is part of the Shadow package, can be
+designated by this G-expression (@pxref{G-Expressions}):
+
+@example
+#~(string-append #$shadow "/bin/passwd")
+@end example
+
+A default set of setuid programs is defined by the @code{%setuid-programs}
+variable of the @code{(gnu system)} module.
+
+@defvr {Scheme Variable} %setuid-programs
+A list of G-expressions denoting common programs that are setuid-root.
+
+The list includes commands such as @command{passwd}, @command{ping},
+@command{su}, and @command{sudo}.
+@end defvr
+
+Under the hood, the actual setuid programs are created in the
+@file{/run/setuid-programs} directory at system activation time. The files
+in this directory refer to the ``real'' binaries, which are in the store.
+
+@node Certificats X.509
+@subsection Certificats X.509
+
+@cindex HTTPS, certificates
+@cindex X.509 certificates
+@cindex TLS
+Web servers available over HTTPS (that is, HTTP over the transport-layer
+security mechanism, TLS) send client programs an @dfn{X.509 certificate}
+that the client can then use to @emph{authenticate} the server. To do that,
+clients verify that the server's certificate is signed by a so-called
+@dfn{certificate authority} (CA). But to verify the CA's signature, clients
+must have first acquired the CA's certificate.
+
+Web browsers such as GNU@tie{}IceCat include their own set of CA
+certificates, such that they are able to verify CA signatures
+out-of-the-box.
+
+However, most other programs that can talk HTTPS---@command{wget},
+@command{git}, @command{w3m}, etc.---need to be told where CA certificates
+can be found.
+
+@cindex @code{nss-certs}
+In GuixSD, this is done by adding a package that provides certificates to
+the @code{packages} field of the @code{operating-system} declaration
+(@pxref{Référence de système d'exploitation}). GuixSD includes one such package,
+@code{nss-certs}, which is a set of CA certificates provided as part of
+Mozilla's Network Security Services.
+
+Note that it is @emph{not} part of @var{%base-packages}, so you need to
+explicitly add it. The @file{/etc/ssl/certs} directory, which is where most
+applications and libraries look for certificates by default, points to the
+certificates installed globally.
+
+Unprivileged users, including users of Guix on a foreign distro, can also
+install their own certificate package in their profile. A number of
+environment variables need to be defined so that applications and libraries
+know where to find them. Namely, the OpenSSL library honors the
+@code{SSL_CERT_DIR} and @code{SSL_CERT_FILE} variables. Some applications
+add their own environment variables; for instance, the Git version control
+system honors the certificate bundle pointed to by the @code{GIT_SSL_CAINFO}
+environment variable. Thus, you would typically run something like:
+
+@example
+$ guix package -i nss-certs
+$ export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
+$ export SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
+$ export GIT_SSL_CAINFO="$SSL_CERT_FILE"
+@end example
+
+As another example, R requires the @code{CURL_CA_BUNDLE} environment
+variable to point to a certificate bundle, so you would have to run
+something like this:
+
+@example
+$ guix package -i nss-certs
+$ export CURL_CA_BUNDLE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
+@end example
+
+For other applications you may want to look up the required environment
+variable in the relevant documentation.
+
+
+@node Name Service Switch
+@subsection Name Service Switch
+
+@cindex name service switch
+@cindex NSS
+The @code{(gnu system nss)} module provides bindings to the configuration
+file of the libc @dfn{name service switch} or @dfn{NSS} (@pxref{NSS
+Configuration File,,, libc, The GNU C Library Reference Manual}). In a
+nutshell, the NSS is a mechanism that allows libc to be extended with new
+``name'' lookup methods for system databases, which includes host names,
+service names, user accounts, and more (@pxref{Name Service Switch, System
+Databases and Name Service Switch,, libc, The GNU C Library Reference
+Manual}).
+
+The NSS configuration specifies, for each system database, which lookup
+method is to be used, and how the various methods are chained together---for
+instance, under which circumstances NSS should try the next method in the
+list. The NSS configuration is given in the @code{name-service-switch}
+field of @code{operating-system} declarations (@pxref{Référence de système d'exploitation, @code{name-service-switch}}).
+
+@cindex nss-mdns
+@cindex .local, host name lookup
+As an example, the declaration below configures the NSS to use the
+@uref{http://0pointer.de/lennart/projects/nss-mdns/, @code{nss-mdns}
+back-end}, which supports host name lookups over multicast DNS (mDNS) for
+host names ending in @code{.local}:
+
+@example
+(name-service-switch
+ (hosts (list %files ;first, check /etc/hosts
+
+ ;; If the above did not succeed, try
+ ;; with 'mdns_minimal'.
+ (name-service
+ (name "mdns_minimal")
+
+ ;; 'mdns_minimal' is authoritative for
+ ;; '.local'. When it returns "not found",
+ ;; no need to try the next methods.
+ (reaction (lookup-specification
+ (not-found => return))))
+
+ ;; Then fall back to DNS.
+ (name-service
+ (name "dns"))
+
+ ;; Finally, try with the "full" 'mdns'.
+ (name-service
+ (name "mdns")))))
+@end example
+
+Do not worry: the @code{%mdns-host-lookup-nss} variable (see below)
+contains this configuration, so you will not have to type it if all you want
+is to have @code{.local} host lookup working.
+
+Note that, in this case, in addition to setting the
+@code{name-service-switch} of the @code{operating-system} declaration, you
+also need to use @code{avahi-service} (@pxref{Networking Services,
+@code{avahi-service}}), or @var{%desktop-services}, which includes it
+(@pxref{Desktop Services}). Doing this makes @code{nss-mdns} accessible to
+the name service cache daemon (@pxref{Services de base, @code{nscd-service}}).
+
+For convenience, the following variables provide typical NSS configurations.
+
+@defvr {Scheme Variable} %default-nss
+This is the default name service switch configuration, a
+@code{name-service-switch} object.
+@end defvr
+
+@defvr {Scheme Variable} %mdns-host-lookup-nss
+This is the name service switch configuration with support for host name
+lookup over multicast DNS (mDNS) for host names ending in @code{.local}.
+@end defvr
+
+The reference for name service switch configuration is given below. It is a
+direct mapping of the configuration file format of the C library , so please
+refer to the C library manual for more information (@pxref{NSS Configuration
+File,,, libc, The GNU C Library Reference Manual}). Compared to the
+configuration file format of libc NSS, it has the advantage not only of
+adding this warm parenthetic feel that we like, but also static checks: you
+will know about syntax errors and typos as soon as you run @command{guix
+system}.
+
+@deftp {Data Type} name-service-switch
+
+This is the data type representation the configuration of libc's name
+service switch (NSS). Each field below represents one of the supported
+system databases.
+
+@table @code
+@item aliases
+@itemx ethers
+@itemx group
+@itemx gshadow
+@itemx hosts
+@itemx initgroups
+@itemx netgroup
+@itemx networks
+@itemx password
+@itemx public-key
+@itemx rpc
+@itemx services
+@itemx shadow
+The system databases handled by the NSS. Each of these fields must be a
+list of @code{<name-service>} objects (see below).
+@end table
+@end deftp
+
+@deftp {Data Type} name-service
+
+This is the data type representing an actual name service and the associated
+lookup action.
+
+@table @code
+@item name
+A string denoting the name service (@pxref{Services in the NSS
+configuration,,, libc, The GNU C Library Reference Manual}).
+
+Note that name services listed here must be visible to nscd. This is
+achieved by passing the @code{#:name-services} argument to
+@code{nscd-service} the list of packages providing the needed name services
+(@pxref{Services de base, @code{nscd-service}}).
+
+@item reaction
+An action specified using the @code{lookup-specification} macro
+(@pxref{Actions in the NSS configuration,,, libc, The GNU C Library
+Reference Manual}). For example:
+
+@example
+(lookup-specification (unavailable => continue)
+ (success => return))
+@end example
+@end table
+@end deftp
+
+@node Disque de RAM initial
+@subsection Disque de RAM initial
+
+@cindex initrd
+@cindex initial RAM disk
+For bootstrapping purposes, the Linux-Libre kernel is passed an @dfn{initial
+RAM disk}, or @dfn{initrd}. An initrd contains a temporary root file system
+as well as an initialization script. The latter is responsible for mounting
+the real root file system, and for loading any kernel modules that may be
+needed to achieve that.
+
+The @code{initrd-modules} field of an @code{operating-system} declaration
+allows you to specify Linux-libre kernel modules that must be available in
+the initrd. In particular, this is where you would list modules needed to
+actually drive the hard disk where your root partition is---although the
+default value of @code{initrd-modules} should cover most use cases. For
+example, assuming you need the @code{megaraid_sas} module in addition to the
+default modules to be able to access your root file system, you would write:
+
+@example
+(operating-system
+ ;; @dots{}
+ (initrd-modules (cons "megaraid_sas" %base-initrd-modules)))
+@end example
+
+@defvr {Scheme Variable} %base-initrd-modules
+This is the list of kernel modules included in the initrd by default.
+@end defvr
+
+Furthermore, if you need lower-level customization, the @code{initrd} field
+of an @code{operating-system} declaration allows you to specify which initrd
+you would like to use. The @code{(gnu system linux-initrd)} module provides
+three ways to build an initrd: the high-level @code{base-initrd} procedure
+and the low-level @code{raw-initrd} and @code{expression->initrd}
+procedures.
+
+The @code{base-initrd} procedure is intended to cover most common uses. For
+example, if you want to add a bunch of kernel modules to be loaded at boot
+time, you can define the @code{initrd} field of the operating system
+declaration like this:
+
+@example
+(initrd (lambda (file-systems . rest)
+ ;; Create a standard initrd but set up networking
+ ;; with the parameters QEMU expects by default.
+ (apply base-initrd file-systems
+ #:qemu-networking? #t
+ rest)))
+@end example
+
+The @code{base-initrd} procedure also handles common use cases that involves
+using the system as a QEMU guest, or as a ``live'' system with volatile root
+file system.
+
+The @code{base-initrd} procedure is built from @code{raw-initrd} procedure.
+Unlike @code{base-initrd}, @code{raw-initrd} doesn't do anything high-level,
+such as trying to guess which kernel modules and packages should be included
+to the initrd. An example use of @code{raw-initrd} is when a user has a
+custom Linux kernel configuration and default kernel modules included by
+@code{base-initrd} are not available.
+
+The initial RAM disk produced by @code{base-initrd} or @code{raw-initrd}
+honors several options passed on the Linux kernel command line (that is,
+arguments passed @i{via} the @code{linux} command of GRUB, or the
+@code{-append} option of QEMU), notably:
+
+@table @code
+@item --load=@var{boot}
+Tell the initial RAM disk to load @var{boot}, a file containing a Scheme
+program, once it has mounted the root file system.
+
+GuixSD uses this option to yield control to a boot program that runs the
+service activation programs and then spawns the GNU@tie{}Shepherd, the
+initialization system.
+
+@item --root=@var{root}
+Mount @var{root} as the root file system. @var{root} can be a device name
+like @code{/dev/sda1}, a file system label, or a file system UUID.
+
+@item --system=@var{system}
+Have @file{/run/booted-system} and @file{/run/current-system} point to
+@var{system}.
+
+@item modprobe.blacklist=@var{modules}@dots{}
+@cindex module, black-listing
+@cindex black list, of kernel modules
+Instruct the initial RAM disk as well as the @command{modprobe} command
+(from the kmod package) to refuse to load @var{modules}. @var{modules} must
+be a comma-separated list of module names---e.g., @code{usbkbd,9pnet}.
+
+@item --repl
+Start a read-eval-print loop (REPL) from the initial RAM disk before it
+tries to load kernel modules and to mount the root file system. Our
+marketing team calls it @dfn{boot-to-Guile}. The Schemer in you will love
+it. @xref{Using Guile Interactively,,, guile, GNU Guile Reference Manual},
+for more information on Guile's REPL.
+
+@end table
+
+Now that you know all the features that initial RAM disks produced by
+@code{base-initrd} and @code{raw-initrd} provide, here is how to use it and
+customize it further.
+
+@cindex initrd
+@cindex initial RAM disk
+@deffn {Monadic Procedure} raw-initrd @var{file-systems} @
+ [#:linux-modules '()] [#:mapped-devices '()] @ [#:helper-packages '()]
+[#:qemu-networking? #f] [#:volatile-root? #f] Return a monadic derivation
+that builds a raw initrd. @var{file-systems} is a list of file systems to
+be mounted by the initrd, possibly in addition to the root file system
+specified on the kernel command line via @code{--root}. @var{linux-modules}
+is a list of kernel modules to be loaded at boot time. @var{mapped-devices}
+is a list of device mappings to realize before @var{file-systems} are
+mounted (@pxref{Périphériques mappés}). @var{helper-packages} is a list of
+packages to be copied in the initrd. It may include @code{e2fsck/static} or
+other packages needed by the initrd to check the root file system.
+
+When @var{qemu-networking?} is true, set up networking with the standard
+QEMU parameters. When @var{virtio?} is true, load additional modules so
+that the initrd can be used as a QEMU guest with para-virtualized I/O
+drivers.
+
+When @var{volatile-root?} is true, the root file system is writable but any
+changes to it are lost.
+@end deffn
+
+@deffn {Monadic Procedure} base-initrd @var{file-systems} @
+ [#:mapped-devices '()] [#:qemu-networking? #f] [#:volatile-root? #f]@
+[#:linux-modules '()] Return a monadic derivation that builds a generic
+initrd, with kernel modules taken from @var{linux}. @var{file-systems} is a
+list of file-systems to be mounted by the initrd, possibly in addition to
+the root file system specified on the kernel command line via
+@code{--root}. @var{mapped-devices} is a list of device mappings to realize
+before @var{file-systems} are mounted.
+
+@var{qemu-networking?} and @var{volatile-root?} behaves as in
+@code{raw-initrd}.
+
+The initrd is automatically populated with all the kernel modules necessary
+for @var{file-systems} and for the given options. Additional kernel modules
+can be listed in @var{linux-modules}. They will be added to the initrd, and
+loaded at boot time in the order in which they appear.
+@end deffn
+
+Needless to say, the initrds we produce and use embed a statically-linked
+Guile, and the initialization program is a Guile program. That gives a lot
+of flexibility. The @code{expression->initrd} procedure builds such an
+initrd, given the program to run in that initrd.
+
+@deffn {Monadic Procedure} expression->initrd @var{exp} @
+ [#:guile %guile-static-stripped] [#:name "guile-initrd"] Return a derivation
+that builds a Linux initrd (a gzipped cpio archive) containing @var{guile}
+and that evaluates @var{exp}, a G-expression, upon booting. All the
+derivations referenced by @var{exp} are automatically copied to the initrd.
+@end deffn
+
+@node Configuration du chargeur d'amorçage
+@subsection Configuration du chargeur d'amorçage
+
+@cindex bootloader
+@cindex boot loader
+
+The operating system supports multiple bootloaders. The bootloader is
+configured using @code{bootloader-configuration} declaration. All the
+fields of this structure are bootloader agnostic except for one field,
+@code{bootloader} that indicates the bootloader to be configured and
+installed.
+
+Some of the bootloaders do not honor every field of
+@code{bootloader-configuration}. For instance, the extlinux bootloader does
+not support themes and thus ignores the @code{theme} field.
+
+@deftp {Data Type} bootloader-configuration
+The type of a bootloader configuration declaration.
+
+@table @asis
+
+@item @code{bootloader}
+@cindex EFI, bootloader
+@cindex UEFI, bootloader
+@cindex BIOS, bootloader
+The bootloader to use, as a @code{bootloader} object. For now
+@code{grub-bootloader}, @code{grub-efi-bootloader},
+@code{extlinux-bootloader} and @code{u-boot-bootloader} are supported.
+@code{grub-efi-bootloader} allows to boot on modern systems using the
+@dfn{Unified Extensible Firmware Interface} (UEFI).
+
+Available bootloaders are described in @code{(gnu bootloader @dots{})}
+modules.
+
+@item @code{target}
+This is a string denoting the target onto which to install the bootloader.
+The exact interpretation depends on the bootloader in question; for
+@code{grub-bootloader}, for example, it should be a device name understood
+by the bootloader @command{installer} command, such as @code{/dev/sda} or
+@code{(hd0)} (for GRUB, @pxref{Invoking grub-install,,, grub, GNU GRUB
+Manual}). For @code{grub-efi-bootloader}, it should be the path to a
+mounted EFI file system.
+
+@item @code{menu-entries} (default: @code{()})
+A possibly empty list of @code{menu-entry} objects (see below), denoting
+entries to appear in the bootloader menu, in addition to the current system
+entry and the entry pointing to previous system generations.
+
+@item @code{default-entry} (default: @code{0})
+The index of the default boot menu entry. Index 0 is for the entry of the
+current system.
+
+@item @code{timeout} (default: @code{5})
+The number of seconds to wait for keyboard input before booting. Set to 0
+to boot immediately, and to -1 to wait indefinitely.
+
+@item @code{theme} (default: @var{#f})
+The bootloader theme object describing the theme to use. If no theme is
+provided, some bootloaders might use a default theme, that's true for GRUB.
+
+@item @code{terminal-outputs} (default: @code{'gfxterm})
+The output terminals used for the bootloader boot menu, as a list of
+symbols. GRUB accepts the values: @code{console}, @code{serial},
+@code{serial_@{0-3@}}, @code{gfxterm}, @code{vga_text}, @code{mda_text},
+@code{morse}, and @code{pkmodem}. This field corresponds to the GRUB
+variable GRUB_TERMINAL_OUTPUT (@pxref{Simple configuration,,, grub,GNU GRUB
+manual}).
+
+@item @code{terminal-inputs} (default: @code{'()})
+The input terminals used for the bootloader boot menu, as a list of
+symbols. For GRUB, the default is the native platform terminal as
+determined at run-time. GRUB accepts the values: @code{console},
+@code{serial}, @code{serial_@{0-3@}}, @code{at_keyboard}, and
+@code{usb_keyboard}. This field corresponds to the GRUB variable
+GRUB_TERMINAL_INPUT (@pxref{Simple configuration,,, grub,GNU GRUB manual}).
+
+@item @code{serial-unit} (default: @code{#f})
+The serial unit used by the bootloader, as an integer from 0 to 3. For
+GRUB, it is chosen at run-time; currently GRUB chooses 0, which corresponds
+to COM1 (@pxref{Serial terminal,,, grub,GNU GRUB manual}).
+
+@item @code{serial-speed} (default: @code{#f})
+The speed of the serial interface, as an integer. For GRUB, the default
+value is chosen at run-time; currently GRUB chooses 9600@tie{}bps
+(@pxref{Serial terminal,,, grub,GNU GRUB manual}).
+@end table
+
+@end deftp
+
+@cindex dual boot
+@cindex boot menu
+Should you want to list additional boot menu entries @i{via} the
+@code{menu-entries} field above, you will need to create them with the
+@code{menu-entry} form. For example, imagine you want to be able to boot
+another distro (hard to imagine!), you can define a menu entry along these
+lines:
+
+@example
+(menu-entry
+ (label "The Other Distro")
+ (linux "/boot/old/vmlinux-2.6.32")
+ (linux-arguments '("root=/dev/sda2"))
+ (initrd "/boot/old/initrd"))
+@end example
+
+Details below.
+
+@deftp {Data Type} menu-entry
+The type of an entry in the bootloader menu.
+
+@table @asis
+
+@item @code{label}
+The label to show in the menu---e.g., @code{"GNU"}.
+
+@item @code{linux}
+The Linux kernel image to boot, for example:
+
+@example
+(file-append linux-libre "/bzImage")
+@end example
+
+For GRUB, it is also possible to specify a device explicitly in the file
+path using GRUB's device naming convention (@pxref{Naming convention,,,
+grub, GNU GRUB manual}), for example:
+
+@example
+"(hd0,msdos1)/boot/vmlinuz"
+@end example
+
+If the device is specified explicitly as above, then the @code{device} field
+is ignored entirely.
+
+@item @code{linux-arguments} (default: @code{()})
+The list of extra Linux kernel command-line arguments---e.g.,
+@code{("console=ttyS0")}.
+
+@item @code{initrd}
+A G-Expression or string denoting the file name of the initial RAM disk to
+use (@pxref{G-Expressions}).
+@item @code{device} (default: @code{#f})
+The device where the kernel and initrd are to be found---i.e., for GRUB,
+@dfn{root} for this menu entry (@pxref{root,,, grub, GNU GRUB manual}).
+
+This may be a file system label (a string), a file system UUID (a
+bytevector, @pxref{Systèmes de fichiers}), or @code{#f}, in which case the
+bootloader will search the device containing the file specified by the
+@code{linux} field (@pxref{search,,, grub, GNU GRUB manual}). It must
+@emph{not} be an OS device name such as @file{/dev/sda1}.
+
+@end table
+@end deftp
+
+@c FIXME: Write documentation once it's stable.
+Fow now only GRUB has theme support. GRUB themes are created using the
+@code{grub-theme} form, which is not documented yet.
+
+@defvr {Scheme Variable} %default-theme
+This is the default GRUB theme used by the operating system if no
+@code{theme} field is specified in @code{bootloader-configuration} record.
+
+It comes with a fancy background image displaying the GNU and Guix logos.
+@end defvr
+
+
+@node Invoquer guix system
+@subsection Invoking @code{guix system}
+
+Once you have written an operating system declaration as seen in the
+previous section, it can be @dfn{instantiated} using the @command{guix
+system} command. The synopsis is:
+
+@example
+guix system @var{options}@dots{} @var{action} @var{file}
+@end example
+
+@var{file} must be the name of a file containing an @code{operating-system}
+declaration. @var{action} specifies how the operating system is
+instantiated. Currently the following values are supported:
+
+@table @code
+@item search
+Display available service type definitions that match the given regular
+expressions, sorted by relevance:
+
+@example
+$ guix system search console font
+name: console-fonts
+location: gnu/services/base.scm:729:2
+extends: shepherd-root
+description: Install the given fonts on the specified ttys (fonts are
++ per virtual console on GNU/Linux). The value of this service is a list
++ of tty/font pairs like:
++
++ '(("tty1" . "LatGrkCyr-8x16"))
+relevance: 20
+
+name: mingetty
+location: gnu/services/base.scm:1048:2
+extends: shepherd-root
+description: Provide console login using the `mingetty' program.
+relevance: 2
+
+name: login
+location: gnu/services/base.scm:775:2
+extends: pam
+description: Provide a console log-in service as specified by its
++ configuration value, a `login-configuration' object.
+relevance: 2
+
+@dots{}
+@end example
+
+As for @command{guix package --search}, the result is written in
+@code{recutils} format, which makes it easy to filter the output
+(@pxref{Top, GNU recutils databases,, recutils, GNU recutils manual}).
+
+@item reconfigure
+Build the operating system described in @var{file}, activate it, and switch
+to it@footnote{This action (and the related actions @code{switch-generation}
+and @code{roll-back}) are usable only on systems already running GuixSD.}.
+
+This effects all the configuration specified in @var{file}: user accounts,
+system services, global package list, setuid programs, etc. The command
+starts system services specified in @var{file} that are not currently
+running; if a service is currently running, it does not attempt to upgrade
+it since this would not be possible without stopping it first.
+
+This command creates a new generation whose number is one greater than the
+current generation (as reported by @command{guix system list-generations}).
+If that generation already exists, it will be overwritten. This behavior
+mirrors that of @command{guix package} (@pxref{Invoquer guix package}).
+
+It also adds a bootloader menu entry for the new OS configuration, ---unless
+@option{--no-bootloader} is passed. For GRUB, it moves entries for older
+configurations to a submenu, allowing you to choose an older system
+generation at boot time should you need it.
+
+@quotation Note
+@c The paragraph below refers to the problem discussed at
+@c <http://lists.gnu.org/archive/html/guix-devel/2014-08/msg00057.html>.
+It is highly recommended to run @command{guix pull} once before you run
+@command{guix system reconfigure} for the first time (@pxref{Invoquer guix pull}). Failing to do that you would see an older version of Guix once
+@command{reconfigure} has completed.
+@end quotation
+
+@item switch-generation
+@cindex generations
+Switch to an existing system generation. This action atomically switches
+the system profile to the specified system generation. It also rearranges
+the system's existing bootloader menu entries. It makes the menu entry for
+the specified system generation the default, and it moves the entries for
+the other generatiors to a submenu, if supported by the bootloader being
+used. The next time the system boots, it will use the specified system
+generation.
+
+The bootloader itself is not being reinstalled when using this command.
+Thus, the installed bootloader is used with an updated configuration file.
+
+The target generation can be specified explicitly by its generation number.
+For example, the following invocation would switch to system generation 7:
+
+@example
+guix system switch-generation 7
+@end example
+
+The target generation can also be specified relative to the current
+generation with the form @code{+N} or @code{-N}, where @code{+3} means ``3
+generations ahead of the current generation,'' and @code{-1} means ``1
+generation prior to the current generation.'' When specifying a negative
+value such as @code{-1}, you must precede it with @code{--} to prevent it
+from being parsed as an option. For example:
+
+@example
+guix system switch-generation -- -1
+@end example
+
+Currently, the effect of invoking this action is @emph{only} to switch the
+system profile to an existing generation and rearrange the bootloader menu
+entries. To actually start using the target system generation, you must
+reboot after running this action. In the future, it will be updated to do
+the same things as @command{reconfigure}, like activating and deactivating
+services.
+
+This action will fail if the specified generation does not exist.
+
+@item roll-back
+@cindex rolling back
+Switch to the preceding system generation. The next time the system boots,
+it will use the preceding system generation. This is the inverse of
+@command{reconfigure}, and it is exactly the same as invoking
+@command{switch-generation} with an argument of @code{-1}.
+
+Currently, as with @command{switch-generation}, you must reboot after
+running this action to actually start using the preceding system generation.
+
+@item build
+Build the derivation of the operating system, which includes all the
+configuration files and programs needed to boot and run the system. This
+action does not actually install anything.
+
+@item init
+Populate the given directory with all the files necessary to run the
+operating system specified in @var{file}. This is useful for first-time
+installations of GuixSD. For instance:
+
+@example
+guix system init my-os-config.scm /mnt
+@end example
+
+copies to @file{/mnt} all the store items required by the configuration
+specified in @file{my-os-config.scm}. This includes configuration files,
+packages, and so on. It also creates other essential files needed for the
+system to operate correctly---e.g., the @file{/etc}, @file{/var}, and
+@file{/run} directories, and the @file{/bin/sh} file.
+
+This command also installs bootloader on the target specified in
+@file{my-os-config}, unless the @option{--no-bootloader} option was passed.
+
+@item vm
+@cindex virtual machine
+@cindex VM
+@anchor{guix system vm}
+Build a virtual machine that contains the operating system declared in
+@var{file}, and return a script to run that virtual machine (VM). Arguments
+given to the script are passed to QEMU as in the example below, which
+enables networking and requests 1@tie{}GiB of RAM for the emulated machine:
+
+@example
+$ /gnu/store/@dots{}-run-vm.sh -m 1024 -net user
+@end example
+
+The VM shares its store with the host system.
+
+Additional file systems can be shared between the host and the VM using the
+@code{--share} and @code{--expose} command-line options: the former
+specifies a directory to be shared with write access, while the latter
+provides read-only access to the shared directory.
+
+The example below creates a VM in which the user's home directory is
+accessible read-only, and where the @file{/exchange} directory is a
+read-write mapping of @file{$HOME/tmp} on the host:
+
+@example
+guix system vm my-config.scm \
+ --expose=$HOME --share=$HOME/tmp=/exchange
+@end example
+
+On GNU/Linux, the default is to boot directly to the kernel; this has the
+advantage of requiring only a very tiny root disk image since the store of
+the host can then be mounted.
+
+The @code{--full-boot} option forces a complete boot sequence, starting with
+the bootloader. This requires more disk space since a root image containing
+at least the kernel, initrd, and bootloader data files must be created. The
+@code{--image-size} option can be used to specify the size of the image.
+
+@cindex System images, creation in various formats
+@cindex Creating system images in various formats
+@item vm-image
+@itemx disk-image
+@itemx docker-image
+Return a virtual machine, disk image, or Docker image of the operating
+system declared in @var{file} that stands alone. By default, @command{guix
+system} estimates the size of the image needed to store the system, but you
+can use the @option{--image-size} option to specify a value. Docker images
+are built to contain exactly what they need, so the @option{--image-size}
+option is ignored in the case of @code{docker-image}.
+
+You can specify the root file system type by using the
+@option{--file-system-type} option. It defaults to @code{ext4}.
+
+When using @code{vm-image}, the returned image is in qcow2 format, which the
+QEMU emulator can efficiently use. @xref{Lancer GuixSD dans une VM}, for more
+information on how to run the image in a virtual machine.
+
+When using @code{disk-image}, a raw disk image is produced; it can be copied
+as is to a USB stick, for instance. Assuming @code{/dev/sdc} is the device
+corresponding to a USB stick, one can copy the image to it using the
+following command:
+
+@example
+# dd if=$(guix system disk-image my-os.scm) of=/dev/sdc
+@end example
+
+When using @code{docker-image}, a Docker image is produced. Guix builds the
+image from scratch, not from a pre-existing Docker base image. As a result,
+it contains @emph{exactly} what you define in the operating system
+configuration file. You can then load the image and launch a Docker
+container using commands like the following:
+
+@example
+image_id="$(docker load < guixsd-docker-image.tar.gz)"
+docker run -e GUIX_NEW_SYSTEM=/var/guix/profiles/system \\
+ --entrypoint /var/guix/profiles/system/profile/bin/guile \\
+ $image_id /var/guix/profiles/system/boot
+@end example
+
+This command starts a new Docker container from the specified image. It
+will boot the GuixSD system in the usual manner, which means it will start
+any services you have defined in the operating system configuration.
+Depending on what you run in the Docker container, it may be necessary to
+give the container additional permissions. For example, if you intend to
+build software using Guix inside of the Docker container, you may need to
+pass the @option{--privileged} option to @code{docker run}.
+
+@item container
+Return a script to run the operating system declared in @var{file} within a
+container. Containers are a set of lightweight isolation mechanisms
+provided by the kernel Linux-libre. Containers are substantially less
+resource-demanding than full virtual machines since the kernel, shared
+objects, and other resources can be shared with the host system; this also
+means they provide thinner isolation.
+
+Currently, the script must be run as root in order to support more than a
+single user and group. The container shares its store with the host system.
+
+As with the @code{vm} action (@pxref{guix system vm}), additional file
+systems to be shared between the host and container can be specified using
+the @option{--share} and @option{--expose} options:
+
+@example
+guix system container my-config.scm \
+ --expose=$HOME --share=$HOME/tmp=/exchange
+@end example
+
+@quotation Note
+This option requires Linux-libre 3.19 or newer.
+@end quotation
+
+@end table
+
+@var{options} can contain any of the common build options (@pxref{Options de construction communes}). In addition, @var{options} can contain one of the
+following:
+
+@table @option
+@item --expression=@var{expr}
+@itemx -e @var{expr}
+Consider the operating-system @var{expr} evaluates to. This is an
+alternative to specifying a file which evaluates to an operating system.
+This is used to generate the GuixSD installer @pxref{Construire l'image d'installation}).
+
+@item --system=@var{system}
+@itemx -s @var{system}
+Attempt to build for @var{system} instead of the host system type. This
+works as per @command{guix build} (@pxref{Invoquer guix build}).
+
+@item --derivation
+@itemx -d
+Return the derivation file name of the given operating system without
+building anything.
+
+@item --file-system-type=@var{type}
+@itemx -t @var{type}
+For the @code{disk-image} action, create a file system of the given
+@var{type} on the image.
+
+When this option is omitted, @command{guix system} uses @code{ext4}.
+
+@cindex ISO-9660 format
+@cindex CD image format
+@cindex DVD image format
+@code{--file-system-type=iso9660} produces an ISO-9660 image, suitable for
+burning on CDs and DVDs.
+
+@item --image-size=@var{size}
+For the @code{vm-image} and @code{disk-image} actions, create an image of
+the given @var{size}. @var{size} may be a number of bytes, or it may
+include a unit as a suffix (@pxref{Block size, size specifications,,
+coreutils, GNU Coreutils}).
+
+When this option is omitted, @command{guix system} computes an estimate of
+the image size as a function of the size of the system declared in
+@var{file}.
+
+@item --root=@var{file}
+@itemx -r @var{file}
+Make @var{file} a symlink to the result, and register it as a garbage
+collector root.
+
+@item --skip-checks
+Skip pre-installation safety checks.
+
+By default, @command{guix system init} and @command{guix system reconfigure}
+perform safety checks: they make sure the file systems that appear in the
+@code{operating-system} declaration actually exist (@pxref{Systèmes de fichiers}),
+and that any Linux kernel modules that may be needed at boot time are listed
+in @code{initrd-modules} (@pxref{Disque de RAM initial}). Passing this option
+skips these tests altogether.
+
+@item --on-error=@var{strategy}
+Apply @var{strategy} when an error occurs when reading @var{file}.
+@var{strategy} may be one of the following:
+
+@table @code
+@item nothing-special
+Report the error concisely and exit. This is the default strategy.
+
+@item backtrace
+Likewise, but also display a backtrace.
+
+@item debug
+Report the error and enter Guile's debugger. From there, you can run
+commands such as @code{,bt} to get a backtrace, @code{,locals} to display
+local variable values, and more generally inspect the state of the program.
+@xref{Debug Commands,,, guile, GNU Guile Reference Manual}, for a list of
+available debugging commands.
+@end table
+@end table
+
+@quotation Note
+All the actions above, except @code{build} and @code{init}, can use KVM
+support in the Linux-libre kernel. Specifically, if the machine has
+hardware virtualization support, the corresponding KVM kernel module should
+be loaded, and the @file{/dev/kvm} device node must exist and be readable
+and writable by the user and by the build users of the daemon (@pxref{Réglages de l'environnement de construction}).
+@end quotation
+
+Once you have built, configured, re-configured, and re-re-configured your
+GuixSD installation, you may find it useful to list the operating system
+generations available on disk---and that you can choose from the bootloader
+boot menu:
+
+@table @code
+
+@item list-generations
+List a summary of each generation of the operating system available on disk,
+in a human-readable way. This is similar to the @option{--list-generations}
+option of @command{guix package} (@pxref{Invoquer guix package}).
+
+Optionally, one can specify a pattern, with the same syntax that is used in
+@command{guix package --list-generations}, to restrict the list of
+generations displayed. For instance, the following command displays
+generations that are up to 10 days old:
+
+@example
+$ guix system list-generations 10d
+@end example
+
+@end table
+
+The @command{guix system} command has even more to offer! The following
+sub-commands allow you to visualize how your system services relate to each
+other:
+
+@anchor{system-extension-graph}
+@table @code
+
+@item extension-graph
+Emit in Dot/Graphviz format to standard output the @dfn{service extension
+graph} of the operating system defined in @var{file} (@pxref{Composition de services}, for more information on service extensions.)
+
+The command:
+
+@example
+$ guix system extension-graph @var{file} | dot -Tpdf > services.pdf
+@end example
+
+produces a PDF file showing the extension relations among services.
+
+@anchor{system-shepherd-graph}
+@item shepherd-graph
+Emit in Dot/Graphviz format to standard output the @dfn{dependency graph} of
+shepherd services of the operating system defined in @var{file}.
+@xref{Services Shepherd}, for more information and for an example graph.
+
+@end table
+
+@node Lancer GuixSD dans une VM
+@subsection Running GuixSD in a Virtual Machine
+
+@cindex virtual machine
+To run GuixSD in a virtual machine (VM), one can either use the pre-built
+GuixSD VM image distributed at
+@indicateurl{ftp://alpha.gnu.org/guix/guixsd-vm-image-@value{VERSION}.@var{system}.tar.xz}
+, or build their own virtual machine image using @command{guix system
+vm-image} (@pxref{Invoquer guix system}). The returned image is in qcow2
+format, which the @uref{http://qemu.org/, QEMU emulator} can efficiently
+use.
+
+@cindex QEMU
+If you built your own image, you must copy it out of the store (@pxref{Le dépôt}) and give yourself permission to write to the copy before you can use
+it. When invoking QEMU, you must choose a system emulator that is suitable
+for your hardware platform. Here is a minimal QEMU invocation that will
+boot the result of @command{guix system vm-image} on x86_64 hardware:
+
+@example
+$ qemu-system-x86_64 \
+ -net user -net nic,model=virtio \
+ -enable-kvm -m 256 /tmp/qemu-image
+@end example
+
+Here is what each of these options means:
+
+@table @code
+@item qemu-system-x86_64
+This specifies the hardware platform to emulate. This should match the
+host.
+
+@item -net user
+Enable the unprivileged user-mode network stack. The guest OS can access
+the host but not vice versa. This is the simplest way to get the guest OS
+online.
+
+@item -net nic,model=virtio
+You must create a network interface of a given model. If you do not create
+a NIC, the boot will fail. Assuming your hardware platform is x86_64, you
+can get a list of available NIC models by running
+@command{qemu-system-x86_64 -net nic,model=help}.
+
+@item -enable-kvm
+If your system has hardware virtualization extensions, enabling the virtual
+machine support (KVM) of the Linux kernel will make things run faster.
+
+@item -m 256
+RAM available to the guest OS, in mebibytes. Defaults to 128@tie{}MiB,
+which may be insufficient for some operations.
+
+@item /tmp/qemu-image
+The file name of the qcow2 image.
+@end table
+
+The default @command{run-vm.sh} script that is returned by an invocation of
+@command{guix system vm} does not add a @command{-net user} flag by
+default. To get network access from within the vm add the
+@code{(dhcp-client-service)} to your system definition and start the VM
+using @command{`guix system vm config.scm` -net user}. An important caveat
+of using @command{-net user} for networking is that @command{ping} will not
+work, because it uses the ICMP protocol. You'll have to use a different
+command to check for network connectivity, for example @command{guix
+download}.
+
+@subsubsection Connecting Through SSH
+
+@cindex SSH
+@cindex SSH server
+To enable SSH inside a VM you need to add a SSH server like
+@code{(dropbear-service)} or @code{(lsh-service)} to your VM. The
+@code{(lsh-service}) doesn't currently boot unsupervised. It requires you
+to type some characters to initialize the randomness generator. In addition
+you need to forward the SSH port, 22 by default, to the host. You can do
+this with
+
+@example
+`guix system vm config.scm` -net user,hostfwd=tcp::10022-:22
+@end example
+
+To connect to the VM you can run
+
+@example
+ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 10022
+@end example
+
+The @command{-p} tells @command{ssh} the port you want to connect to.
+@command{-o UserKnownHostsFile=/dev/null} prevents @command{ssh} from
+complaining every time you modify your @command{config.scm} file and the
+@command{-o StrictHostKeyChecking=no} prevents you from having to allow a
+connection to an unknown host every time you connect.
+
+@subsubsection Using @command{virt-viewer} with Spice
+
+As an alternative to the default @command{qemu} graphical client you can use
+the @command{remote-viewer} from the @command{virt-viewer} package. To
+connect pass the @command{-spice port=5930,disable-ticketing} flag to
+@command{qemu}. See previous section for further information on how to do
+this.
+
+Spice also allows you to do some nice stuff like share your clipboard with
+your VM. To enable that you'll also have to pass the following flags to
+@command{qemu}:
+
+@example
+-device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x5
+-chardev spicevmc,name=vdagent,id=vdagent
+-device virtserialport,nr=1,bus=virtio-serial0.0,chardev=vdagent,
+name=com.redhat.spice.0
+@end example
+
+You'll also need to add the @pxref{Miscellaneous Services, Spice service}.
+
+@node Définir des services
+@subsection Définir des services
+
+The previous sections show the available services and how one can combine
+them in an @code{operating-system} declaration. But how do we define them
+in the first place? And what is a service anyway?
+
+@menu
+* Composition de services:: Le modèle de composition des services.
+* Types service et services:: Types et services.
+* Référence de service:: Référence de l'API.
+* Services Shepherd:: Un type de service particulier.
+@end menu
+
+@node Composition de services
+@subsubsection Composition de services
+
+@cindex services
+@cindex daemons
+Here we define a @dfn{service} as, broadly, something that extends the
+functionality of the operating system. Often a service is a process---a
+@dfn{daemon}---started when the system boots: a secure shell server, a Web
+server, the Guix build daemon, etc. Sometimes a service is a daemon whose
+execution can be triggered by another daemon---e.g., an FTP server started
+by @command{inetd} or a D-Bus service activated by @command{dbus-daemon}.
+Occasionally, a service does not map to a daemon. For instance, the
+``account'' service collects user accounts and makes sure they exist when
+the system runs; the ``udev'' service collects device management rules and
+makes them available to the eudev daemon; the @file{/etc} service populates
+the @file{/etc} directory of the system.
+
+@cindex service extensions
+GuixSD services are connected by @dfn{extensions}. For instance, the secure
+shell service @emph{extends} the Shepherd---the GuixSD initialization
+system, running as PID@tie{}1---by giving it the command lines to start and
+stop the secure shell daemon (@pxref{Networking Services,
+@code{lsh-service}}); the UPower service extends the D-Bus service by
+passing it its @file{.service} specification, and extends the udev service
+by passing it device management rules (@pxref{Desktop Services,
+@code{upower-service}}); the Guix daemon service extends the Shepherd by
+passing it the command lines to start and stop the daemon, and extends the
+account service by passing it a list of required build user accounts
+(@pxref{Services de base}).
+
+All in all, services and their ``extends'' relations form a directed acyclic
+graph (DAG). If we represent services as boxes and extensions as arrows, a
+typical system might provide something like this:
+
+@image{images/service-graph,,5in,Typical service extension graph.}
+
+@cindex system service
+At the bottom, we see the @dfn{system service}, which produces the directory
+containing everything to run and boot the system, as returned by the
+@command{guix system build} command. @xref{Référence de service}, to learn
+about the other service types shown here. @xref{system-extension-graph, the
+@command{guix system extension-graph} command}, for information on how to
+generate this representation for a particular operating system definition.
+
+@cindex service types
+Technically, developers can define @dfn{service types} to express these
+relations. There can be any number of services of a given type on the
+system---for instance, a system running two instances of the GNU secure
+shell server (lsh) has two instances of @var{lsh-service-type}, with
+different parameters.
+
+The following section describes the programming interface for service types
+and services.
+
+@node Types service et services
+@subsubsection Types service et services
+
+A @dfn{service type} is a node in the DAG described above. Let us start
+with a simple example, the service type for the Guix build daemon
+(@pxref{Invoquer guix-daemon}):
+
+@example
+(define guix-service-type
+ (service-type
+ (name 'guix)
+ (extensions
+ (list (service-extension shepherd-root-service-type guix-shepherd-service)
+ (service-extension account-service-type guix-accounts)
+ (service-extension activation-service-type guix-activation)))
+ (default-value (guix-configuration))))
+@end example
+
+@noindent
+It defines three things:
+
+@enumerate
+@item
+A name, whose sole purpose is to make inspection and debugging easier.
+
+@item
+A list of @dfn{service extensions}, where each extension designates the
+target service type and a procedure that, given the parameters of the
+service, returns a list of objects to extend the service of that type.
+
+Every service type has at least one service extension. The only exception
+is the @dfn{boot service type}, which is the ultimate service.
+
+@item
+Optionally, a default value for instances of this type.
+@end enumerate
+
+In this example, @var{guix-service-type} extends three services:
+
+@table @var
+@item shepherd-root-service-type
+The @var{guix-shepherd-service} procedure defines how the Shepherd service
+is extended. Namely, it returns a @code{<shepherd-service>} object that
+defines how @command{guix-daemon} is started and stopped (@pxref{Services Shepherd}).
+
+@item account-service-type
+This extension for this service is computed by @var{guix-accounts}, which
+returns a list of @code{user-group} and @code{user-account} objects
+representing the build user accounts (@pxref{Invoquer guix-daemon}).
+
+@item activation-service-type
+Here @var{guix-activation} is a procedure that returns a gexp, which is a
+code snippet to run at ``activation time''---e.g., when the service is
+booted.
+@end table
+
+A service of this type is instantiated like this:
+
+@example
+(service guix-service-type
+ (guix-configuration
+ (build-accounts 5)
+ (use-substitutes? #f)))
+@end example
+
+The second argument to the @code{service} form is a value representing the
+parameters of this specific service instance.
+@xref{guix-configuration-type, @code{guix-configuration}}, for information
+about the @code{guix-configuration} data type. When the value is omitted,
+the default value specified by @code{guix-service-type} is used:
+
+@example
+(service guix-service-type)
+@end example
+
+@var{guix-service-type} is quite simple because it extends other services
+but is not extensible itself.
+
+@c @subsubsubsection Extensible Service Types
+
+The service type for an @emph{extensible} service looks like this:
+
+@example
+(define udev-service-type
+ (service-type (name 'udev)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ udev-shepherd-service)))
+
+ (compose concatenate) ;concatenate the list of rules
+ (extend (lambda (config rules)
+ (match config
+ (($ <udev-configuration> udev initial-rules)
+ (udev-configuration
+ (udev udev) ;the udev package to use
+ (rules (append initial-rules rules)))))))))
+@end example
+
+This is the service type for the
+@uref{https://wiki.gentoo.org/wiki/Project:Eudev, eudev device management
+daemon}. Compared to the previous example, in addition to an extension of
+@var{shepherd-root-service-type}, we see two new fields:
+
+@table @code
+@item compose
+This is the procedure to @dfn{compose} the list of extensions to services of
+this type.
+
+Services can extend the udev service by passing it lists of rules; we
+compose those extensions simply by concatenating them.
+
+@item extend
+This procedure defines how the value of the service is @dfn{extended} with
+the composition of the extensions.
+
+Udev extensions are composed into a list of rules, but the udev service
+value is itself a @code{<udev-configuration>} record. So here, we extend
+that record by appending the list of rules it contains to the list of
+contributed rules.
+
+@item description
+This is a string giving an overview of the service type. The string can
+contain Texinfo markup (@pxref{Overview,,, texinfo, GNU Texinfo}). The
+@command{guix system search} command searches these strings and displays
+them (@pxref{Invoquer guix system}).
+@end table
+
+There can be only one instance of an extensible service type such as
+@var{udev-service-type}. If there were more, the @code{service-extension}
+specifications would be ambiguous.
+
+Still here? The next section provides a reference of the programming
+interface for services.
+
+@node Référence de service
+@subsubsection Référence de service
+
+We have seen an overview of service types (@pxref{Types service et services}). This section provides a reference on how to manipulate services
+and service types. This interface is provided by the @code{(gnu services)}
+module.
+
+@deffn {Scheme Procedure} service @var{type} [@var{value}]
+Return a new service of @var{type}, a @code{<service-type>} object (see
+below.) @var{value} can be any object; it represents the parameters of this
+particular service instance.
+
+When @var{value} is omitted, the default value specified by @var{type} is
+used; if @var{type} does not specify a default value, an error is raised.
+
+For instance, this:
+
+@example
+(service openssh-service-type)
+@end example
+
+@noindent
+is equivalent to this:
+
+@example
+(service openssh-service-type
+ (openssh-configuration))
+@end example
+
+In both cases the result is an instance of @code{openssh-service-type} with
+the default configuration.
+@end deffn
+
+@deffn {Scheme Procedure} service? @var{obj}
+Return true if @var{obj} is a service.
+@end deffn
+
+@deffn {Scheme Procedure} service-kind @var{service}
+Return the type of @var{service}---i.e., a @code{<service-type>} object.
+@end deffn
+
+@deffn {Scheme Procedure} service-value @var{service}
+Return the value associated with @var{service}. It represents its
+parameters.
+@end deffn
+
+Here is an example of how a service is created and manipulated:
+
+@example
+(define s
+ (service nginx-service-type
+ (nginx-configuration
+ (nginx nginx)
+ (log-directory log-directory)
+ (run-directory run-directory)
+ (file config-file))))
+
+(service? s)
+@result{} #t
+
+(eq? (service-kind s) nginx-service-type)
+@result{} #t
+@end example
+
+The @code{modify-services} form provides a handy way to change the
+parameters of some of the services of a list such as @var{%base-services}
+(@pxref{Services de base, @code{%base-services}}). It evaluates to a list of
+services. Of course, you could always use standard list combinators such as
+@code{map} and @code{fold} to do that (@pxref{SRFI-1, List Library,, guile,
+GNU Guile Reference Manual}); @code{modify-services} simply provides a more
+concise form for this common pattern.
+
+@deffn {Scheme Syntax} modify-services @var{services} @
+ (@var{type} @var{variable} => @var{body}) @dots{}
+
+Modify the services listed in @var{services} according to the given
+clauses. Each clause has the form:
+
+@example
+(@var{type} @var{variable} => @var{body})
+@end example
+
+where @var{type} is a service type---e.g., @code{guix-service-type}---and
+@var{variable} is an identifier that is bound within the @var{body} to the
+service parameters---e.g., a @code{guix-configuration} instance---of the
+original service of that @var{type}.
+
+The @var{body} should evaluate to the new service parameters, which will be
+used to configure the new service. This new service will replace the
+original in the resulting list. Because a service's service parameters are
+created using @code{define-record-type*}, you can write a succinct
+@var{body} that evaluates to the new service parameters by using the
+@code{inherit} feature that @code{define-record-type*} provides.
+
+@xref{Utiliser le système de configuration}, for example usage.
+
+@end deffn
+
+Next comes the programming interface for service types. This is something
+you want to know when writing new service definitions, but not necessarily
+when simply looking for ways to customize your @code{operating-system}
+declaration.
+
+@deftp {Data Type} service-type
+@cindex service type
+This is the representation of a @dfn{service type} (@pxref{Types service et services}).
+
+@table @asis
+@item @code{name}
+This is a symbol, used only to simplify inspection and debugging.
+
+@item @code{extensions}
+A non-empty list of @code{<service-extension>} objects (see below).
+
+@item @code{compose} (default: @code{#f})
+If this is @code{#f}, then the service type denotes services that cannot be
+extended---i.e., services that do not receive ``values'' from other
+services.
+
+Otherwise, it must be a one-argument procedure. The procedure is called by
+@code{fold-services} and is passed a list of values collected from
+extensions. It may return any single value.
+
+@item @code{extend} (default: @code{#f})
+If this is @code{#f}, services of this type cannot be extended.
+
+Otherwise, it must be a two-argument procedure: @code{fold-services} calls
+it, passing it the initial value of the service as the first argument and
+the result of applying @code{compose} to the extension values as the second
+argument. It must return a value that is a valid parameter value for the
+service instance.
+@end table
+
+@xref{Types service et services}, for examples.
+@end deftp
+
+@deffn {Scheme Procedure} service-extension @var{target-type} @
+ @var{compute} Return a new extension for services of type
+@var{target-type}. @var{compute} must be a one-argument procedure:
+@code{fold-services} calls it, passing it the value associated with the
+service that provides the extension; it must return a valid value for the
+target service.
+@end deffn
+
+@deffn {Scheme Procedure} service-extension? @var{obj}
+Return true if @var{obj} is a service extension.
+@end deffn
+
+Occasionally, you might want to simply extend an existing service. This
+involves creating a new service type and specifying the extension of
+interest, which can be verbose; the @code{simple-service} procedure provides
+a shorthand for this.
+
+@deffn {Scheme Procedure} simple-service @var{name} @var{target} @var{value}
+Return a service that extends @var{target} with @var{value}. This works by
+creating a singleton service type @var{name}, of which the returned service
+is an instance.
+
+For example, this extends mcron (@pxref{Scheduled Job Execution}) with an
+additional job:
+
+@example
+(simple-service 'my-mcron-job mcron-service-type
+ #~(job '(next-hour (3)) "guix gc -F 2G"))
+@end example
+@end deffn
+
+At the core of the service abstraction lies the @code{fold-services}
+procedure, which is responsible for ``compiling'' a list of services down to
+a single directory that contains everything needed to boot and run the
+system---the directory shown by the @command{guix system build} command
+(@pxref{Invoquer guix system}). In essence, it propagates service
+extensions down the service graph, updating each node parameters on the way,
+until it reaches the root node.
+
+@deffn {Scheme Procedure} fold-services @var{services} @
+ [#:target-type @var{system-service-type}] Fold @var{services} by propagating
+their extensions down to the root of type @var{target-type}; return the root
+service adjusted accordingly.
+@end deffn
+
+Lastly, the @code{(gnu services)} module also defines several essential
+service types, some of which are listed below.
+
+@defvr {Scheme Variable} system-service-type
+This is the root of the service graph. It produces the system directory as
+returned by the @command{guix system build} command.
+@end defvr
+
+@defvr {Scheme Variable} boot-service-type
+The type of the ``boot service'', which produces the @dfn{boot script}. The
+boot script is what the initial RAM disk runs when booting.
+@end defvr
+
+@defvr {Scheme Variable} etc-service-type
+The type of the @file{/etc} service. This service is used to create files
+under @file{/etc} and can be extended by passing it name/file tuples such
+as:
+
+@example
+(list `("issue" ,(plain-file "issue" "Welcome!\n")))
+@end example
+
+In this example, the effect would be to add an @file{/etc/issue} file
+pointing to the given file.
+@end defvr
+
+@defvr {Scheme Variable} setuid-program-service-type
+Type for the ``setuid-program service''. This service collects lists of
+executable file names, passed as gexps, and adds them to the set of
+setuid-root programs on the system (@pxref{Programmes setuid}).
+@end defvr
+
+@defvr {Scheme Variable} profile-service-type
+Type of the service that populates the @dfn{system profile}---i.e., the
+programs under @file{/run/current-system/profile}. Other services can
+extend it by passing it lists of packages to add to the system profile.
+@end defvr
+
+
+@node Services Shepherd
+@subsubsection Services Shepherd
+
+@cindex shepherd services
+@cindex PID 1
+@cindex init system
+The @code{(gnu services shepherd)} module provides a way to define services
+managed by the GNU@tie{}Shepherd, which is the GuixSD initialization
+system---the first process that is started when the system boots, also known
+as PID@tie{}1 (@pxref{Introduction,,, shepherd, The GNU Shepherd Manual}).
+
+Services in the Shepherd can depend on each other. For instance, the SSH
+daemon may need to be started after the syslog daemon has been started,
+which in turn can only happen once all the file systems have been mounted.
+The simple operating system defined earlier (@pxref{Utiliser le système de configuration}) results in a service graph like this:
+
+@image{images/shepherd-graph,,5in,Typical shepherd service graph.}
+
+You can actually generate such a graph for any operating system definition
+using the @command{guix system shepherd-graph} command
+(@pxref{system-shepherd-graph, @command{guix system shepherd-graph}}).
+
+The @var{%shepherd-root-service} is a service object representing
+PID@tie{}1, of type @var{shepherd-root-service-type}; it can be extended by
+passing it lists of @code{<shepherd-service>} objects.
+
+@deftp {Data Type} shepherd-service
+The data type representing a service managed by the Shepherd.
+
+@table @asis
+@item @code{provision}
+This is a list of symbols denoting what the service provides.
+
+These are the names that may be passed to @command{herd start},
+@command{herd status}, and similar commands (@pxref{Invoking herd,,,
+shepherd, The GNU Shepherd Manual}). @xref{Slots of services, the
+@code{provides} slot,, shepherd, The GNU Shepherd Manual}, for details.
+
+@item @code{requirements} (default: @code{'()})
+List of symbols denoting the Shepherd services this one depends on.
+
+@item @code{respawn?} (default: @code{#t})
+Whether to restart the service when it stops, for instance when the
+underlying process dies.
+
+@item @code{start}
+@itemx @code{stop} (default: @code{#~(const #f)})
+The @code{start} and @code{stop} fields refer to the Shepherd's facilities
+to start and stop processes (@pxref{Service De- and Constructors,,,
+shepherd, The GNU Shepherd Manual}). They are given as G-expressions that
+get expanded in the Shepherd configuration file (@pxref{G-Expressions}).
+
+@item @code{documentation}
+A documentation string, as shown when running:
+
+@example
+herd doc @var{service-name}
+@end example
+
+where @var{service-name} is one of the symbols in @var{provision}
+(@pxref{Invoking herd,,, shepherd, The GNU Shepherd Manual}).
+
+@item @code{modules} (default: @var{%default-modules})
+This is the list of modules that must be in scope when @code{start} and
+@code{stop} are evaluated.
+
+@end table
+@end deftp
+
+@defvr {Scheme Variable} shepherd-root-service-type
+The service type for the Shepherd ``root service''---i.e., PID@tie{}1.
+
+This is the service type that extensions target when they want to create
+shepherd services (@pxref{Types service et services}, for an example).
+Each extension must pass a list of @code{<shepherd-service>}.
+@end defvr
+
+@defvr {Scheme Variable} %shepherd-root-service
+This service represents PID@tie{}1.
+@end defvr
+
+
+@node Documentation
+@section Documentation
+
+@cindex documentation, searching for
+@cindex searching for documentation
+@cindex Info, documentation format
+@cindex man pages
+@cindex manual pages
+In most cases packages installed with Guix come with documentation. There
+are two main documentation formats: ``Info'', a browseable hypertext format
+used for GNU software, and ``manual pages'' (or ``man pages''), the linear
+documentation format traditionally found on Unix. Info manuals are accessed
+with the @command{info} command or with Emacs, and man pages are accessed
+using @command{man}.
+
+You can look for documentation of software installed on your system by
+keyword. For example, the following command searches for information about
+``TLS'' in Info manuals:
+
+@example
+$ info -k TLS
+"(emacs)Network Security" -- STARTTLS
+"(emacs)Network Security" -- TLS
+"(gnutls)Core TLS API" -- gnutls_certificate_set_verify_flags
+"(gnutls)Core TLS API" -- gnutls_certificate_set_verify_function
+@dots{}
+@end example
+
+@noindent
+The command below searches for the same keyword in man pages:
+
+@example
+$ man -k TLS
+SSL (7) - OpenSSL SSL/TLS library
+certtool (1) - GnuTLS certificate tool
+@dots {}
+@end example
+
+These searches are purely local to your computer so you have the guarantee
+that documentation you find corresponds to what you have actually installed,
+you can access it off-line, and your privacy is respected.
+
+Once you have these results, you can view the relevant documentation by
+running, say:
+
+@example
+$ info "(gnutls)Core TLS API"
+@end example
+
+@noindent
+or:
+
+@example
+$ man certtool
+@end example
+
+Info manuals contain sections and indices as well as hyperlinks like those
+found in Web pages. The @command{info} reader (@pxref{Top, Info reader,,
+info-stnd, Stand-alone GNU Info}) and its Emacs counterpart (@pxref{Misc
+Help,,, emacs, The GNU Emacs Manual}) provide intuitive key bindings to
+navigate manuals. @xref{Getting Started,,, info, Info: An Introduction},
+for an introduction to Info navigation.
+
+@node Installer les fichiers de débogage
+@section Installer les fichiers de débogage
+
+@cindex debugging files
+Program binaries, as produced by the GCC compilers for instance, are
+typically written in the ELF format, with a section containing
+@dfn{debugging information}. Debugging information is what allows the
+debugger, GDB, to map binary code to source code; it is required to debug a
+compiled program in good conditions.
+
+Le problème avec les informations de débogage est qu'elles prennent pas mal
+de place sur le disque. Par exemple, les informations de débogage de la
+bibliothèque C de GNU prend plus de 60 Mo. Ainsi, en tant qu'utilisateur,
+garder toutes les informations de débogage de tous les programmes installés
+n'est souvent pas une possibilité. Cependant, l'économie d'espace ne devrait
+pas empêcher le débogage — en particulier, dans le système GNU, qui devrait
+faciliter pour ses utilisateurs l'exercice de leurs libertés
+(@pxref{Distribution GNU}).
+
+Thankfully, the GNU Binary Utilities (Binutils) and GDB provide a mechanism
+that allows users to get the best of both worlds: debugging information can
+be stripped from the binaries and stored in separate files. GDB is then
+able to load debugging information from those files, when they are available
+(@pxref{Separate Debug Files,,, gdb, Debugging with GDB}).
+
+The GNU distribution takes advantage of this by storing debugging
+information in the @code{lib/debug} sub-directory of a separate package
+output unimaginatively called @code{debug} (@pxref{Des paquets avec plusieurs résultats}). Users can choose to install the @code{debug} output of a package
+when they need it. For instance, the following command installs the
+debugging information for the GNU C Library and for GNU Guile:
+
+@example
+guix package -i glibc:debug guile:debug
+@end example
+
+GDB must then be told to look for debug files in the user's profile, by
+setting the @code{debug-file-directory} variable (consider setting it from
+the @file{~/.gdbinit} file, @pxref{Startup,,, gdb, Debugging with GDB}):
+
+@example
+(gdb) set debug-file-directory ~/.guix-profile/lib/debug
+@end example
+
+From there on, GDB will pick up debugging information from the @code{.debug}
+files under @file{~/.guix-profile/lib/debug}.
+
+In addition, you will most likely want GDB to be able to show the source
+code being debugged. To do that, you will have to unpack the source code of
+the package of interest (obtained with @code{guix build --source},
+@pxref{Invoquer guix build}), and to point GDB to that source directory
+using the @code{directory} command (@pxref{Source Path, @code{directory},,
+gdb, Debugging with GDB}).
+
+@c XXX: keep me up-to-date
+The @code{debug} output mechanism in Guix is implemented by the
+@code{gnu-build-system} (@pxref{Systèmes de construction}). Currently, it is
+opt-in---debugging information is available only for the packages with
+definitions explicitly declaring a @code{debug} output. This may be changed
+to opt-out in the future if our build farm servers can handle the load. To
+check whether a package has a @code{debug} output, use @command{guix package
+--list-available} (@pxref{Invoquer guix package}).
+
+
+@node Mises à jour de sécurité
+@section Mises à jour de sécurité
+
+@cindex security updates
+@cindex security vulnerabilities
+Occasionally, important security vulnerabilities are discovered in software
+packages and must be patched. Guix developers try hard to keep track of
+known vulnerabilities and to apply fixes as soon as possible in the
+@code{master} branch of Guix (we do not yet provide a ``stable'' branch
+containing only security updates.) The @command{guix lint} tool helps
+developers find out about vulnerable versions of software packages in the
+distribution:
+
+@smallexample
+$ guix lint -c cve
+gnu/packages/base.scm:652:2: glibc@@2.21: probably vulnerable to CVE-2015-1781, CVE-2015-7547
+gnu/packages/gcc.scm:334:2: gcc@@4.9.3: probably vulnerable to CVE-2015-5276
+gnu/packages/image.scm:312:2: openjpeg@@2.1.0: probably vulnerable to CVE-2016-1923, CVE-2016-1924
+@dots{}
+@end smallexample
+
+@xref{Invoquer guix lint}, for more information.
+
+@quotation Note
+As of version @value{VERSION}, the feature described below is considered
+``beta''.
+@end quotation
+
+Guix suit une discipline de gestion de paquets fonctionnelle
+(@pxref{Introduction}), ce qui implique que lorsqu'un paquet change,
+@emph{tous les paquets qui en dépendent} doivent être reconstruits. Cela
+peut grandement ralentir le déploiement de corrections dans les paquets du
+cœur comme libc ou bash comme presque toute la distribution aurait besoin
+d'être reconstruite. Cela aide d'utiliser des binaires pré-construits
+(@pxref{Substituts}), mais le déploiement peut toujours prendre plus de
+temps de souhaité.
+
+@cindex grafts
+To address this, Guix implements @dfn{grafts}, a mechanism that allows for
+fast deployment of critical updates without the costs associated with a
+whole-distribution rebuild. The idea is to rebuild only the package that
+needs to be patched, and then to ``graft'' it onto packages explicitly
+installed by the user and that were previously referring to the original
+package. The cost of grafting is typically very low, and order of
+magnitudes lower than a full rebuild of the dependency chain.
+
+@cindex replacements of packages, for grafts
+For instance, suppose a security update needs to be applied to Bash. Guix
+developers will provide a package definition for the ``fixed'' Bash, say
+@var{bash-fixed}, in the usual way (@pxref{Définition des paquets}). Then, the
+original package definition is augmented with a @code{replacement} field
+pointing to the package containing the bug fix:
+
+@example
+(define bash
+ (package
+ (name "bash")
+ ;; @dots{}
+ (replacement bash-fixed)))
+@end example
+
+From there on, any package depending directly or indirectly on Bash---as
+reported by @command{guix gc --requisites} (@pxref{Invoquer guix gc})---that
+is installed is automatically ``rewritten'' to refer to @var{bash-fixed}
+instead of @var{bash}. This grafting process takes time proportional to the
+size of the package, usually less than a minute for an ``average'' package
+on a recent machine. Grafting is recursive: when an indirect dependency
+requires grafting, then grafting ``propagates'' up to the package that the
+user is installing.
+
+Currently, the length of the name and version of the graft and that of the
+package it replaces (@var{bash-fixed} and @var{bash} in the example above)
+must be equal. This restriction mostly comes from the fact that grafting
+works by patching files, including binary files, directly. Other
+restrictions may apply: for instance, when adding a graft to a package
+providing a shared library, the original shared library and its replacement
+must have the same @code{SONAME} and be binary-compatible.
+
+The @option{--no-grafts} command-line option allows you to forcefully avoid
+grafting (@pxref{Options de construction communes, @option{--no-grafts}}). Thus, the
+command:
+
+@example
+guix build bash --no-grafts
+@end example
+
+@noindent
+returns the store file name of the original Bash, whereas:
+
+@example
+guix build bash
+@end example
+
+@noindent
+returns the store file name of the ``fixed'', replacement Bash. This allows
+you to distinguish between the two variants of Bash.
+
+To verify which Bash your whole profile refers to, you can run
+(@pxref{Invoquer guix gc}):
+
+@example
+guix gc -R `readlink -f ~/.guix-profile` | grep bash
+@end example
+
+@noindent
+@dots{} and compare the store file names that you get with those above.
+Likewise for a complete GuixSD system generation:
+
+@example
+guix gc -R `guix system build my-config.scm` | grep bash
+@end example
+
+Lastly, to check which Bash running processes are using, you can use the
+@command{lsof} command:
+
+@example
+lsof | grep /gnu/store/.*bash
+@end example
+
+
+@node Modules de paquets
+@section Modules de paquets
+
+From a programming viewpoint, the package definitions of the GNU
+distribution are provided by Guile modules in the @code{(gnu packages
+@dots{})} name space@footnote{Note that packages under the @code{(gnu
+packages @dots{})} module name space are not necessarily ``GNU packages''.
+This module naming scheme follows the usual Guile module naming convention:
+@code{gnu} means that these modules are distributed as part of the GNU
+system, and @code{packages} identifies modules that define packages.}
+(@pxref{Modules, Guile modules,, guile, GNU Guile Reference Manual}). For
+instance, the @code{(gnu packages emacs)} module exports a variable named
+@code{emacs}, which is bound to a @code{<package>} object (@pxref{Définition des paquets}).
+
+The @code{(gnu packages @dots{})} module name space is automatically scanned
+for packages by the command-line tools. For instance, when running
+@code{guix package -i emacs}, all the @code{(gnu packages @dots{})} modules
+are scanned until one that exports a package object whose name is
+@code{emacs} is found. This package search facility is implemented in the
+@code{(gnu packages)} module.
+
+@cindex personnalisation, des paquets
+@cindex package module search path
+Users can store package definitions in modules with different names---e.g.,
+@code{(my-packages emacs)}@footnote{Note that the file name and module name
+must match. For instance, the @code{(my-packages emacs)} module must be
+stored in a @file{my-packages/emacs.scm} file relative to the load path
+specified with @option{--load-path} or @code{GUIX_PACKAGE_PATH}.
+@xref{Modules and the File System,,, guile, GNU Guile Reference Manual}, for
+details.}. These package definitions will not be visible by default. Users
+can invoke commands such as @command{guix package} and @command{guix build}
+with the @code{-e} option so that they know where to find the package.
+Better yet, they can use the @code{-L} option of these commands to make
+those modules visible (@pxref{Invoquer guix build, @code{--load-path}}), or
+define the @code{GUIX_PACKAGE_PATH} environment variable. This environment
+variable makes it easy to extend or customize the distribution and is
+honored by all the user interfaces.
+
+@defvr {Environment Variable} GUIX_PACKAGE_PATH
+This is a colon-separated list of directories to search for additional
+package modules. Directories listed in this variable take precedence over
+the own modules of the distribution.
+@end defvr
+
+The distribution is fully @dfn{bootstrapped} and @dfn{self-contained}: each
+package is built based solely on other packages in the distribution. The
+root of this dependency graph is a small set of @dfn{bootstrap binaries},
+provided by the @code{(gnu packages bootstrap)} module. For more
+information on bootstrapping, @pxref{Bootstrapping}.
+
+@node Consignes d'empaquetage
+@section Consignes d'empaquetage
+
+@cindex packages, creating
+The GNU distribution is nascent and may well lack some of your favorite
+packages. This section describes how you can help make the distribution
+grow. @xref{Contribuer}, for additional information on how you can help.
+
+Free software packages are usually distributed in the form of @dfn{source
+code tarballs}---typically @file{tar.gz} files that contain all the source
+files. Adding a package to the distribution means essentially two things:
+adding a @dfn{recipe} that describes how to build the package, including a
+list of other packages required to build it, and adding @dfn{package
+metadata} along with that recipe, such as a description and licensing
+information.
+
+In Guix all this information is embodied in @dfn{package definitions}.
+Package definitions provide a high-level view of the package. They are
+written using the syntax of the Scheme programming language; in fact, for
+each package we define a variable bound to the package definition, and
+export that variable from a module (@pxref{Modules de paquets}). However,
+in-depth Scheme knowledge is @emph{not} a prerequisite for creating
+packages. For more information on package definitions, @pxref{Définition des paquets}.
+
+Once a package definition is in place, stored in a file in the Guix source
+tree, it can be tested using the @command{guix build} command
+(@pxref{Invoquer guix build}). For example, assuming the new package is
+called @code{gnew}, you may run this command from the Guix build tree
+(@pxref{Lancer Guix avant qu'il ne soit installé}):
+
+@example
+./pre-inst-env guix build gnew --keep-failed
+@end example
+
+Using @code{--keep-failed} makes it easier to debug build failures since it
+provides access to the failed build tree. Another useful command-line
+option when debugging is @code{--log-file}, to access the build log.
+
+If the package is unknown to the @command{guix} command, it may be that the
+source file contains a syntax error, or lacks a @code{define-public} clause
+to export the package variable. To figure it out, you may load the module
+from Guile to get more information about the actual error:
+
+@example
+./pre-inst-env guile -c '(use-modules (gnu packages gnew))'
+@end example
+
+Once your package builds correctly, please send us a patch
+(@pxref{Contribuer}). Well, if you need help, we will be happy to help
+you too. Once the patch is committed in the Guix repository, the new
+package automatically gets built on the supported platforms by
+@url{http://hydra.gnu.org/jobset/gnu/master, our continuous integration
+system}.
+
+@cindex substituter
+On peut obtenir la nouvelle définition du paquet simplement en lançant
+@command{guix pull} (@pxref{Invoquer guix pull}). Lorsque
+@code{hydra.gnu.org} a fini de construire le paquet, l'installation du
+paquet y télécharge automatiquement les binaires (@pxref{Substituts}). La
+seule intervention humaine requise est pendant la revue et l'application du
+correctif.
+
+
+@menu
+* Liberté logiciel:: Ce que la distribution peut contenir.
+* Conventions de nommage:: Qu'est-ce qu'un bon nom ?
+* Numéros de version:: Lorsque le nom n'est pas suffisant.
+* Synopsis et descriptions:: Aider les utilisateurs à trouver le bon
+ paquet.
+* Modules python:: Un peu de comédie anglaise.
+* Modules perl:: Petites perles.
+* Paquets java:: Pause café.
+* Polices de caractères:: Fond of fonts.
+@end menu
+
+@node Liberté logiciel
+@subsection Liberté logiciel
+
+@c Adapted from http://www.gnu.org/philosophy/philosophy.html.
+@cindex free software
+The GNU operating system has been developed so that users can have freedom
+in their computing. GNU is @dfn{free software}, meaning that users have the
+@url{http://www.gnu.org/philosophy/free-sw.html,four essential freedoms}: to
+run the program, to study and change the program in source code form, to
+redistribute exact copies, and to distribute modified versions. Packages
+found in the GNU distribution provide only software that conveys these four
+freedoms.
+
+In addition, the GNU distribution follow the
+@url{http://www.gnu.org/distros/free-system-distribution-guidelines.html,free
+software distribution guidelines}. Among other things, these guidelines
+reject non-free firmware, recommendations of non-free software, and discuss
+ways to deal with trademarks and patents.
+
+Some otherwise free upstream package sources contain a small and optional
+subset that violates the above guidelines, for instance because this subset
+is itself non-free code. When that happens, the offending items are removed
+with appropriate patches or code snippets in the @code{origin} form of the
+package (@pxref{Définition des paquets}). This way, @code{guix build --source}
+returns the ``freed'' source rather than the unmodified upstream source.
+
+
+@node Conventions de nommage
+@subsection Conventions de nommage
+
+@cindex package name
+A package has actually two names associated with it: First, there is the
+name of the @emph{Scheme variable}, the one following @code{define-public}.
+By this name, the package can be made known in the Scheme code, for instance
+as input to another package. Second, there is the string in the @code{name}
+field of a package definition. This name is used by package management
+commands such as @command{guix package} and @command{guix build}.
+
+Both are usually the same and correspond to the lowercase conversion of the
+project name chosen upstream, with underscores replaced with hyphens. For
+instance, GNUnet is available as @code{gnunet}, and SDL_net as
+@code{sdl-net}.
+
+We do not add @code{lib} prefixes for library packages, unless these are
+already part of the official project name. But @pxref{Modules python} and
+@ref{Modules perl} for special rules concerning modules for the Python and
+Perl languages.
+
+Font package names are handled differently, @pxref{Polices de caractères}.
+
+
+@node Numéros de version
+@subsection Numéros de version
+
+@cindex package version
+We usually package only the latest version of a given free software
+project. But sometimes, for instance for incompatible library versions, two
+(or more) versions of the same package are needed. These require different
+Scheme variable names. We use the name as defined in @ref{Conventions de nommage}
+for the most recent version; previous versions use the same name, suffixed
+by @code{-} and the smallest prefix of the version number that may
+distinguish the two versions.
+
+The name inside the package definition is the same for all versions of a
+package and does not contain any version number.
+
+For instance, the versions 2.24.20 and 3.9.12 of GTK+ may be packaged as
+follows:
+
+@example
+(define-public gtk+
+ (package
+ (name "gtk+")
+ (version "3.9.12")
+ ...))
+(define-public gtk+-2
+ (package
+ (name "gtk+")
+ (version "2.24.20")
+ ...))
+@end example
+If we also wanted GTK+ 3.8.2, this would be packaged as
+@example
+(define-public gtk+-3.8
+ (package
+ (name "gtk+")
+ (version "3.8.2")
+ ...))
+@end example
+
+@c See <https://lists.gnu.org/archive/html/guix-devel/2016-01/msg00425.html>,
+@c for a discussion of what follows.
+@cindex version number, for VCS snapshots
+Occasionally, we package snapshots of upstream's version control system
+(VCS) instead of formal releases. This should remain exceptional, because
+it is up to upstream developers to clarify what the stable release is. Yet,
+it is sometimes necessary. So, what should we put in the @code{version}
+field?
+
+Clearly, we need to make the commit identifier of the VCS snapshot visible
+in the version string, but we also need to make sure that the version string
+is monotonically increasing so that @command{guix package --upgrade} can
+determine which version is newer. Since commit identifiers, notably with
+Git, are not monotonically increasing, we add a revision number that we
+increase each time we upgrade to a newer snapshot. The resulting version
+string looks like this:
+
+@example
+2.0.11-3.cabba9e
+ ^ ^ ^
+ | | `-- upstream commit ID
+ | |
+ | `--- Guix package revision
+ |
+latest upstream version
+@end example
+
+It is a good idea to strip commit identifiers in the @code{version} field
+to, say, 7 digits. It avoids an aesthetic annoyance (assuming aesthetics
+have a role to play here) as well as problems related to OS limits such as
+the maximum shebang length (127 bytes for the Linux kernel.) It is best to
+use the full commit identifiers in @code{origin}s, though, to avoid
+ambiguities. A typical package definition may look like this:
+
+@example
+(define my-package
+ (let ((commit "c3f29bc928d5900971f65965feaae59e1272a3f7")
+ (revision "1")) ;Guix package revision
+ (package
+ (version (git-version "0.9" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "git://example.org/my-package.git")
+ (commit commit)))
+ (sha256 (base32 "1mbikn@dots{}"))
+ (file-name (git-file-name name version))))
+ ;; @dots{}
+ )))
+@end example
+
+@node Synopsis et descriptions
+@subsection Synopsis et descriptions
+
+@cindex package description
+@cindex package synopsis
+As we have seen before, each package in GNU@tie{}Guix includes a synopsis
+and a description (@pxref{Définition des paquets}). Synopses and descriptions
+are important: They are what @command{guix package --search} searches, and a
+crucial piece of information to help users determine whether a given package
+suits their needs. Consequently, packagers should pay attention to what
+goes into them.
+
+Synopses must start with a capital letter and must not end with a period.
+They must not start with ``a'' or ``the'', which usually does not bring
+anything; for instance, prefer ``File-frobbing tool'' over ``A tool that
+frobs files''. The synopsis should say what the package is---e.g., ``Core
+GNU utilities (file, text, shell)''---or what it is used for---e.g., the
+synopsis for GNU@tie{}grep is ``Print lines matching a pattern''.
+
+Keep in mind that the synopsis must be meaningful for a very wide audience.
+For example, ``Manipulate alignments in the SAM format'' might make sense
+for a seasoned bioinformatics researcher, but might be fairly unhelpful or
+even misleading to a non-specialized audience. It is a good idea to come up
+with a synopsis that gives an idea of the application domain of the
+package. In this example, this might give something like ``Manipulate
+nucleotide sequence alignments'', which hopefully gives the user a better
+idea of whether this is what they are looking for.
+
+Descriptions should take between five and ten lines. Use full sentences,
+and avoid using acronyms without first introducing them. Please avoid
+marketing phrases such as ``world-leading'', ``industrial-strength'', and
+``next-generation'', and avoid superlatives like ``the most
+advanced''---they are not helpful to users looking for a package and may
+even sound suspicious. Instead, try to be factual, mentioning use cases and
+features.
+
+@cindex Texinfo markup, in package descriptions
+Descriptions can include Texinfo markup, which is useful to introduce
+ornaments such as @code{@@code} or @code{@@dfn}, bullet lists, or hyperlinks
+(@pxref{Overview,,, texinfo, GNU Texinfo}). However you should be careful
+when using some characters for example @samp{@@} and curly braces which are
+the basic special characters in Texinfo (@pxref{Special Characters,,,
+texinfo, GNU Texinfo}). User interfaces such as @command{guix package
+--show} take care of rendering it appropriately.
+
+Synopses and descriptions are translated by volunteers
+@uref{http://translationproject.org/domain/guix-packages.html, at the
+Translation Project} so that as many users as possible can read them in
+their native language. User interfaces search them and display them in the
+language specified by the current locale.
+
+To allow @command{xgettext} to extract them as translatable strings,
+synopses and descriptions @emph{must be literal strings}. This means that
+you cannot use @code{string-append} or @code{format} to construct these
+strings:
+
+@lisp
+(package
+ ;; @dots{}
+ (synopsis "This is translatable")
+ (description (string-append "This is " "*not*" " translatable.")))
+@end lisp
+
+Translation is a lot of work so, as a packager, please pay even more
+attention to your synopses and descriptions as every change may entail
+additional work for translators. In order to help them, it is possible to
+make recommendations or instructions visible to them by inserting special
+comments like this (@pxref{xgettext Invocation,,, gettext, GNU Gettext}):
+
+@example
+;; TRANSLATORS: "X11 resize-and-rotate" should not be translated.
+(description "ARandR is designed to provide a simple visual front end
+for the X11 resize-and-rotate (RandR) extension. @dots{}")
+@end example
+
+
+@node Modules python
+@subsection Modules python
+
+@cindex python
+We currently package Python 2 and Python 3, under the Scheme variable names
+@code{python-2} and @code{python} as explained in @ref{Numéros de version}. To
+avoid confusion and naming clashes with other programming languages, it
+seems desirable that the name of a package for a Python module contains the
+word @code{python}.
+
+Some modules are compatible with only one version of Python, others with
+both. If the package Foo compiles only with Python 3, we name it
+@code{python-foo}; if it compiles only with Python 2, we name it
+@code{python2-foo}. If it is compatible with both versions, we create two
+packages with the corresponding names.
+
+If a project already contains the word @code{python}, we drop this; for
+instance, the module python-dateutil is packaged under the names
+@code{python-dateutil} and @code{python2-dateutil}. If the project name
+starts with @code{py} (e.g. @code{pytz}), we keep it and prefix it as
+described above.
+
+@subsubsection Specifying Dependencies
+@cindex inputs, for Python packages
+
+Dependency information for Python packages is usually available in the
+package source tree, with varying degrees of accuracy: in the
+@file{setup.py} file, in @file{requirements.txt}, or in @file{tox.ini}.
+
+Your mission, when writing a recipe for a Python package, is to map these
+dependencies to the appropriate type of ``input'' (@pxref{Référence de paquet,
+inputs}). Although the @code{pypi} importer normally does a good job
+(@pxref{Invoquer guix import}), you may want to check the following check
+list to determine which dependency goes where.
+
+@itemize
+
+@item
+We currently package Python 2 with @code{setuptools} and @code{pip}
+installed like Python 3.4 has per default. Thus you don't need to specify
+either of these as an input. @command{guix lint} will warn you if you do.
+
+@item
+Python dependencies required at run time go into @code{propagated-inputs}.
+They are typically defined with the @code{install_requires} keyword in
+@file{setup.py}, or in the @file{requirements.txt} file.
+
+@item
+Python packages required only at build time---e.g., those listed with the
+@code{setup_requires} keyword in @file{setup.py}---or only for
+testing---e.g., those in @code{tests_require}---go into
+@code{native-inputs}. The rationale is that (1) they do not need to be
+propagated because they are not needed at run time, and (2) in a
+cross-compilation context, it's the ``native'' input that we'd want.
+
+Examples are the @code{pytest}, @code{mock}, and @code{nose} test
+frameworks. Of course if any of these packages is also required at
+run-time, it needs to go to @code{propagated-inputs}.
+
+@item
+Anything that does not fall in the previous categories goes to
+@code{inputs}, for example programs or C libraries required for building
+Python packages containing C extensions.
+
+@item
+If a Python package has optional dependencies (@code{extras_require}), it is
+up to you to decide whether to add them or not, based on their
+usefulness/overhead ratio (@pxref{Envoyer des correctifs, @command{guix size}}).
+
+@end itemize
+
+
+@node Modules perl
+@subsection Modules perl
+
+@cindex perl
+Perl programs standing for themselves are named as any other package, using
+the lowercase upstream name. For Perl packages containing a single class,
+we use the lowercase class name, replace all occurrences of @code{::} by
+dashes and prepend the prefix @code{perl-}. So the class @code{XML::Parser}
+becomes @code{perl-xml-parser}. Modules containing several classes keep
+their lowercase upstream name and are also prepended by @code{perl-}. Such
+modules tend to have the word @code{perl} somewhere in their name, which
+gets dropped in favor of the prefix. For instance, @code{libwww-perl}
+becomes @code{perl-libwww}.
+
+
+@node Paquets java
+@subsection Paquets java
+
+@cindex java
+Java programs standing for themselves are named as any other package, using
+the lowercase upstream name.
+
+To avoid confusion and naming clashes with other programming languages, it
+is desirable that the name of a package for a Java package is prefixed with
+@code{java-}. If a project already contains the word @code{java}, we drop
+this; for instance, the package @code{ngsjava} is packaged under the name
+@code{java-ngs}.
+
+For Java packages containing a single class or a small class hierarchy, we
+use the lowercase class name, replace all occurrences of @code{.} by dashes
+and prepend the prefix @code{java-}. So the class @code{apache.commons.cli}
+becomes package @code{java-apache-commons-cli}.
+
+
+@node Polices de caractères
+@subsection Polices de caractères
+
+@cindex fonts
+For fonts that are in general not installed by a user for typesetting
+purposes, or that are distributed as part of a larger software package, we
+rely on the general packaging rules for software; for instance, this applies
+to the fonts delivered as part of the X.Org system or fonts that are part of
+TeX Live.
+
+To make it easier for a user to search for fonts, names for other packages
+containing only fonts are constructed as follows, independently of the
+upstream package name.
+
+The name of a package containing only one font family starts with
+@code{font-}; it is followed by the foundry name and a dash @code{-} if the
+foundry is known, and the font family name, in which spaces are replaced by
+dashes (and as usual, all upper case letters are transformed to lower
+case). For example, the Gentium font family by SIL is packaged under the
+name @code{font-sil-gentium}.
+
+For a package containing several font families, the name of the collection
+is used in the place of the font family name. For instance, the Liberation
+fonts consist of three families, Liberation Sans, Liberation Serif and
+Liberation Mono. These could be packaged separately under the names
+@code{font-liberation-sans} and so on; but as they are distributed together
+under a common name, we prefer to package them together as
+@code{font-liberation}.
+
+In the case where several formats of the same font family or font collection
+are packaged separately, a short form of the format, prepended by a dash, is
+added to the package name. We use @code{-ttf} for TrueType fonts,
+@code{-otf} for OpenType fonts and @code{-type1} for PostScript Type 1
+fonts.
+
+
+
+@node Bootstrapping
+@section Bootstrapping
+
+@c Adapted from the ELS 2013 paper.
+
+@cindex bootstrapping
+
+Bootstrapping in our context refers to how the distribution gets built
+``from nothing''. Remember that the build environment of a derivation
+contains nothing but its declared inputs (@pxref{Introduction}). So there's
+an obvious chicken-and-egg problem: how does the first package get built?
+How does the first compiler get compiled? Note that this is a question of
+interest only to the curious hacker, not to the regular user, so you can
+shamelessly skip this section if you consider yourself a ``regular user''.
+
+@cindex bootstrap binaries
+The GNU system is primarily made of C code, with libc at its core. The GNU
+build system itself assumes the availability of a Bourne shell and
+command-line tools provided by GNU Coreutils, Awk, Findutils, `sed', and
+`grep'. Furthermore, build programs---programs that run @code{./configure},
+@code{make}, etc.---are written in Guile Scheme (@pxref{Dérivations}).
+Consequently, to be able to build anything at all, from scratch, Guix relies
+on pre-built binaries of Guile, GCC, Binutils, libc, and the other packages
+mentioned above---the @dfn{bootstrap binaries}.
+
+These bootstrap binaries are ``taken for granted'', though we can also
+re-create them if needed (more on that later).
+
+@unnumberedsubsec Preparing to Use the Bootstrap Binaries
+
+@c As of Emacs 24.3, Info-mode displays the image, but since it's a
+@c large image, it's hard to scroll. Oh well.
+@image{images/bootstrap-graph,6in,,Dependency graph of the early bootstrap
+derivations}
+
+The figure above shows the very beginning of the dependency graph of the
+distribution, corresponding to the package definitions of the @code{(gnu
+packages bootstrap)} module. A similar figure can be generated with
+@command{guix graph} (@pxref{Invoquer guix graph}), along the lines of:
+
+@example
+guix graph -t derivation \
+ -e '(@@@@ (gnu packages bootstrap) %bootstrap-gcc)' \
+ | dot -Tps > t.ps
+@end example
+
+At this level of detail, things are slightly complex. First, Guile itself
+consists of an ELF executable, along with many source and compiled Scheme
+files that are dynamically loaded when it runs. This gets stored in the
+@file{guile-2.0.7.tar.xz} tarball shown in this graph. This tarball is part
+of Guix's ``source'' distribution, and gets inserted into the store with
+@code{add-to-store} (@pxref{Le dépôt}).
+
+But how do we write a derivation that unpacks this tarball and adds it to
+the store? To solve this problem, the @code{guile-bootstrap-2.0.drv}
+derivation---the first one that gets built---uses @code{bash} as its
+builder, which runs @code{build-bootstrap-guile.sh}, which in turn calls
+@code{tar} to unpack the tarball. Thus, @file{bash}, @file{tar}, @file{xz},
+and @file{mkdir} are statically-linked binaries, also part of the Guix
+source distribution, whose sole purpose is to allow the Guile tarball to be
+unpacked.
+
+Once @code{guile-bootstrap-2.0.drv} is built, we have a functioning Guile
+that can be used to run subsequent build programs. Its first task is to
+download tarballs containing the other pre-built binaries---this is what the
+@code{.tar.xz.drv} derivations do. Guix modules such as
+@code{ftp-client.scm} are used for this purpose. The
+@code{module-import.drv} derivations import those modules in a directory in
+the store, using the original layout. The @code{module-import-compiled.drv}
+derivations compile those modules, and write them in an output directory
+with the right layout. This corresponds to the @code{#:modules} argument of
+@code{build-expression->derivation} (@pxref{Dérivations}).
+
+Finally, the various tarballs are unpacked by the derivations
+@code{gcc-bootstrap-0.drv}, @code{glibc-bootstrap-0.drv}, etc., at which
+point we have a working C tool chain.
+
+
+@unnumberedsubsec Building the Build Tools
+
+Bootstrapping is complete when we have a full tool chain that does not
+depend on the pre-built bootstrap tools discussed above. This no-dependency
+requirement is verified by checking whether the files of the final tool
+chain contain references to the @file{/gnu/store} directories of the
+bootstrap inputs. The process that leads to this ``final'' tool chain is
+described by the package definitions found in the @code{(gnu packages
+commencement)} module.
+
+The @command{guix graph} command allows us to ``zoom out'' compared to the
+graph above, by looking at the level of package objects instead of
+individual derivations---remember that a package may translate to several
+derivations, typically one derivation to download its source, one to build
+the Guile modules it needs, and one to actually build the package from
+source. The command:
+
+@example
+guix graph -t bag \
+ -e '(@@@@ (gnu packages commencement)
+ glibc-final-with-bootstrap-bash)' | dot -Tps > t.ps
+@end example
+
+@noindent
+produces the dependency graph leading to the ``final'' C
+library@footnote{You may notice the @code{glibc-intermediate} label,
+suggesting that it is not @emph{quite} final, but as a good approximation,
+we will consider it final.}, depicted below.
+
+@image{images/bootstrap-packages,6in,,Dependency graph of the early
+packages}
+
+@c See <http://lists.gnu.org/archive/html/gnu-system-discuss/2012-10/msg00000.html>.
+The first tool that gets built with the bootstrap binaries is
+GNU@tie{}Make---noted @code{make-boot0} above---which is a prerequisite for
+all the following packages. From there Findutils and Diffutils get built.
+
+Then come the first-stage Binutils and GCC, built as pseudo cross
+tools---i.e., with @code{--target} equal to @code{--host}. They are used to
+build libc. Thanks to this cross-build trick, this libc is guaranteed not
+to hold any reference to the initial tool chain.
+
+From there the final Binutils and GCC (not shown above) are built. GCC uses
+@code{ld} from the final Binutils, and links programs against the just-built
+libc. This tool chain is used to build the other packages used by Guix and
+by the GNU Build System: Guile, Bash, Coreutils, etc.
+
+And voilà! At this point we have the complete set of build tools that the
+GNU Build System expects. These are in the @code{%final-inputs} variable of
+the @code{(gnu packages commencement)} module, and are implicitly used by
+any package that uses @code{gnu-build-system} (@pxref{Systèmes de construction,
+@code{gnu-build-system}}).
+
+
+@unnumberedsubsec Building the Bootstrap Binaries
+
+@cindex bootstrap binaries
+Because the final tool chain does not depend on the bootstrap binaries,
+those rarely need to be updated. Nevertheless, it is useful to have an
+automated way to produce them, should an update occur, and this is what the
+@code{(gnu packages make-bootstrap)} module provides.
+
+The following command builds the tarballs containing the bootstrap binaries
+(Guile, Binutils, GCC, libc, and a tarball containing a mixture of Coreutils
+and other basic command-line tools):
+
+@example
+guix build bootstrap-tarballs
+@end example
+
+The generated tarballs are those that should be referred to in the
+@code{(gnu packages bootstrap)} module mentioned at the beginning of this
+section.
+
+Still here? Then perhaps by now you've started to wonder: when do we reach a
+fixed point? That is an interesting question! The answer is unknown, but if
+you would like to investigate further (and have significant computational
+and storage resources to do so), then let us know.
+
+@unnumberedsubsec Reducing the Set of Bootstrap Binaries
+
+Our bootstrap binaries currently include GCC, Guile, etc. That's a lot of
+binary code! Why is that a problem? It's a problem because these big chunks
+of binary code are practically non-auditable, which makes it hard to
+establish what source code produced them. Every unauditable binary also
+leaves us vulnerable to compiler backdoors as described by Ken Thompson in
+the 1984 paper @emph{Reflections on Trusting Trust}.
+
+This is mitigated by the fact that our bootstrap binaries were generated
+from an earlier Guix revision. Nevertheless it lacks the level of
+transparency that we get in the rest of the package dependency graph, where
+Guix always gives us a source-to-binary mapping. Thus, our goal is to
+reduce the set of bootstrap binaries to the bare minimum.
+
+The @uref{http://bootstrappable.org, Bootstrappable.org web site} lists
+on-going projects to do that. One of these is about replacing the bootstrap
+GCC with a sequence of assemblers, interpreters, and compilers of increasing
+complexity, which could be built from source starting from a simple and
+auditable assembler. Your help is welcome!
+
+
+@node Porter
+@section Porting to a New Platform
+
+As discussed above, the GNU distribution is self-contained, and
+self-containment is achieved by relying on pre-built ``bootstrap binaries''
+(@pxref{Bootstrapping}). These binaries are specific to an operating system
+kernel, CPU architecture, and application binary interface (ABI). Thus, to
+port the distribution to a platform that is not yet supported, one must
+build those bootstrap binaries, and update the @code{(gnu packages
+bootstrap)} module to use them on that platform.
+
+Fortunately, Guix can @emph{cross compile} those bootstrap binaries. When
+everything goes well, and assuming the GNU tool chain supports the target
+platform, this can be as simple as running a command like this one:
+
+@example
+guix build --target=armv5tel-linux-gnueabi bootstrap-tarballs
+@end example
+
+For this to work, the @code{glibc-dynamic-linker} procedure in @code{(gnu
+packages bootstrap)} must be augmented to return the right file name for
+libc's dynamic linker on that platform; likewise,
+@code{system->linux-architecture} in @code{(gnu packages linux)} must be
+taught about the new platform.
+
+Once these are built, the @code{(gnu packages bootstrap)} module needs to be
+updated to refer to these binaries on the target platform. That is, the
+hashes and URLs of the bootstrap tarballs for the new platform must be added
+alongside those of the currently supported platforms. The bootstrap Guile
+tarball is treated specially: it is expected to be available locally, and
+@file{gnu/local.mk} has rules do download it for the supported
+architectures; a rule for the new platform must be added as well.
+
+In practice, there may be some complications. First, it may be that the
+extended GNU triplet that specifies an ABI (like the @code{eabi} suffix
+above) is not recognized by all the GNU tools. Typically, glibc recognizes
+some of these, whereas GCC uses an extra @code{--with-abi} configure flag
+(see @code{gcc.scm} for examples of how to handle this). Second, some of
+the required packages could fail to build for that platform. Lastly, the
+generated binaries could be broken for some reason.
+
+@c *********************************************************************
+@include contributing.fr.texi
+
+@c *********************************************************************
+@node Remerciements
+@chapter Remerciements
+
+Guix is based on the @uref{http://nixos.org/nix/, Nix package manager},
+which was designed and implemented by Eelco Dolstra, with contributions from
+other people (see the @file{nix/AUTHORS} file in Guix.) Nix pioneered
+functional package management, and promoted unprecedented features, such as
+transactional package upgrades and rollbacks, per-user profiles, and
+referentially transparent build processes. Without this work, Guix would
+not exist.
+
+The Nix-based software distributions, Nixpkgs and NixOS, have also been an
+inspiration for Guix.
+
+GNU@tie{}Guix itself is a collective work with contributions from a number
+of people. See the @file{AUTHORS} file in Guix for more information on
+these fine people. The @file{THANKS} file lists people who have helped by
+reporting bugs, taking care of the infrastructure, providing artwork and
+themes, making suggestions, and more---thank you!
+
+
+@c *********************************************************************
+@node La licence GNU Free Documentation
+@appendix La licence GNU Free Documentation
+@cindex license, GNU Free Documentation License
+@include fdl-1.3.texi
+
+@c *********************************************************************
+@node Index des concepts
+@unnumbered Index des concepts
+@printindex cp
+
+@node Index de programmation
+@unnumbered Index de programmation
+@syncodeindex tp fn
+@syncodeindex vr fn
+@printindex fn
+
+@bye
+
+@c Local Variables:
+@c ispell-local-dictionary: "american";
+@c End:
diff --git a/doc/local.mk b/doc/local.mk
index 79dd7e22dc..64d18e121a 100644
--- a/doc/local.mk
+++ b/doc/local.mk
@@ -21,7 +21,8 @@
# You should have received a copy of the GNU General Public License
# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
-info_TEXINFOS = %D%/guix.texi
+info_TEXINFOS = %D%/guix.texi \
+ %D%/guix.fr.texi
%C%_guix_TEXINFOS = \
%D%/contributing.texi \
@@ -52,7 +53,9 @@ OS_CONFIG_EXAMPLES_TEXI = \
%D%/os-config-desktop.texi \
%D%/os-config-lightweight-desktop.texi
-TRANSLATED_INFO =
+TRANSLATED_INFO = \
+ %D%/guix.fr.texi \
+ %D%/contributing.fr.texi
# Bundle this file so that makeinfo finds it in out-of-source-tree builds.
BUILT_SOURCES += $(OS_CONFIG_EXAMPLES_TEXI) $(TRANSLATED_INFO)
diff --git a/po/doc/contributing.fr.po b/po/doc/contributing.fr.po
new file mode 100644
index 0000000000..610013ed5c
--- /dev/null
+++ b/po/doc/contributing.fr.po
@@ -0,0 +1,1220 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2018-04-10 21:34+0200\n"
+"PO-Revision-Date: 2018-04-19 18:50+0200\n"
+"Last-Translator: Julien Lepiller <julien@lepiller.eu>\n"
+"Language-Team: \n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.0.6\n"
+
+#. type: chapter
+#: doc/contributing.texi:1 doc/contributing.texi:2
+#, no-wrap
+msgid "Contributing"
+msgstr "Contribuer"
+
+#. type: Plain text
+#: doc/contributing.texi:9
+msgid ""
+"This project is a cooperative effort, and we need your help to make it grow! "
+"Please get in touch with us on @email{guix-devel@@gnu.org} and @code{#guix} on "
+"the Freenode IRC network. We welcome ideas, bug reports, patches, and "
+"anything that may be helpful to the project. We particularly welcome help on "
+"packaging (@pxref{Packaging Guidelines})."
+msgstr ""
+"Ce projet est un effort coopératif et nous avons besoin de votre aide pour le "
+"faire grandir ! Contactez-nous sur @email{guix-devel@@gnu.org} et @code{#guix} "
+"sur le réseau IRC Freenode. Nous accueillons les idées, les rapports de "
+"bogues, les correctifs et tout ce qui pourrait aider le projet. Nous "
+"apprécions particulièrement toute aide sur la création de paquets "
+"(@pxref{Consignes d'empaquetage})."
+
+#. type: cindex
+#: doc/contributing.texi:10
+#, no-wrap
+msgid "code of conduct, of contributors"
+msgstr "code de conduite, des contributeurs"
+
+#. type: cindex
+#: doc/contributing.texi:11
+#, no-wrap
+msgid "contributor covenant"
+msgstr "convention de contribution"
+
+#. type: Plain text
+#: doc/contributing.texi:17
+msgid ""
+"We want to provide a warm, friendly, and harassment-free environment, so that "
+"anyone can contribute to the best of their abilities. To this end our project "
+"uses a ``Contributor Covenant'', which was adapted from @url{http://"
+"contributor-covenant.org/}. You can find a local version in the @file{CODE-OF-"
+"CONDUCT} file in the source tree."
+msgstr ""
+"Nous souhaitons fournir un environnement chaleureux, amical et sans "
+"harcèlement pour que tout le monde puisse contribuer au mieux de ses "
+"capacités. Pour cela notre projet a une « Convention de contribution » adaptée "
+"de @url{http://contributor-covenant.org/}. Vous pouvez trouver une version "
+"locale dans le fichier @file{CODE-OF-CONDUCT} dans l'arborescence des sources."
+
+#. type: Plain text
+#: doc/contributing.texi:21
+msgid ""
+"Contributors are not required to use their legal name in patches and on-line "
+"communication; they can use any name or pseudonym of their choice."
+msgstr ""
+"Les contributeurs n'ont pas besoin d'utiliser leur nom légal dans leurs "
+"correctifs et leurs communications en ligne ; ils peuvent utiliser n'importe "
+"quel nom ou pseudonyme de leur choix."
+
+#. type: section
+#: doc/contributing.texi:28 doc/contributing.texi:30 doc/contributing.texi:31
+#, no-wrap
+msgid "Building from Git"
+msgstr "Construire depuis Git"
+
+#. type: menuentry
+#: doc/contributing.texi:28
+msgid "The latest and greatest."
+msgstr ""
+
+#. type: section
+#: doc/contributing.texi:28 doc/contributing.texi:102 doc/contributing.texi:103
+#, no-wrap
+msgid "Running Guix Before It Is Installed"
+msgstr "Lancer Guix avant qu'il ne soit installé"
+
+#. type: menuentry
+#: doc/contributing.texi:28
+msgid "Hacker tricks."
+msgstr "Astuces pour les hackers."
+
+#. type: section
+#: doc/contributing.texi:28 doc/contributing.texi:169 doc/contributing.texi:170
+#, no-wrap
+msgid "The Perfect Setup"
+msgstr "La configuration parfaite"
+
+#. type: menuentry
+#: doc/contributing.texi:28
+msgid "The right tools."
+msgstr "Les bons outils."
+
+#. type: section
+#: doc/contributing.texi:28 doc/contributing.texi:228 doc/contributing.texi:229
+#, no-wrap
+msgid "Coding Style"
+msgstr "Style de code"
+
+#. type: menuentry
+#: doc/contributing.texi:28
+msgid "Hygiene of the contributor."
+msgstr "Hygiène du contributeur."
+
+#. type: section
+#: doc/contributing.texi:28 doc/contributing.texi:319 doc/contributing.texi:320
+#, no-wrap
+msgid "Submitting Patches"
+msgstr "Envoyer des correctifs"
+
+#. type: menuentry
+#: doc/contributing.texi:28
+msgid "Share your work."
+msgstr "Partager votre travail."
+
+#. type: Plain text
+#: doc/contributing.texi:35
+msgid ""
+"If you want to hack Guix itself, it is recommended to use the latest version "
+"from the Git repository:"
+msgstr ""
+"Si vous souhaitez travailler sur Guix lui-même, il est recommandé d'utiliser "
+"la dernière version du dépôt Git :"
+
+#. type: example
+#: doc/contributing.texi:38
+#, no-wrap
+msgid "git clone https://git.savannah.gnu.org/git/guix.git\n"
+msgstr "git clone https://git.savannah.gnu.org/git/guix.git\n"
+
+#. type: Plain text
+#: doc/contributing.texi:43
+msgid ""
+"When building Guix from a checkout, the following packages are required in "
+"addition to those mentioned in the installation instructions "
+"(@pxref{Requirements})."
+msgstr ""
+"Lors de la construction de Guix depuis un extrait, les paquets suivants sont "
+"requis en plus de ceux mentionnés dans les instructions d'installation "
+"(@pxref{Prérequis})."
+
+#. type: item
+#: doc/contributing.texi:45
+#, no-wrap
+msgid "@url{http://gnu.org/software/autoconf/, GNU Autoconf};"
+msgstr "@url{http://gnu.org/software/autoconf/, GNU Autoconf};"
+
+#. type: item
+#: doc/contributing.texi:46
+#, no-wrap
+msgid "@url{http://gnu.org/software/automake/, GNU Automake};"
+msgstr "@url{http://gnu.org/software/automake/, GNU Automake};"
+
+#. type: item
+#: doc/contributing.texi:47
+#, no-wrap
+msgid "@url{http://gnu.org/software/gettext/, GNU Gettext};"
+msgstr "@url{http://gnu.org/software/gettext/, GNU Gettext};"
+
+#. type: item
+#: doc/contributing.texi:48
+#, no-wrap
+msgid "@url{http://gnu.org/software/texinfo/, GNU Texinfo};"
+msgstr "@url{http://gnu.org/software/texinfo/, GNU Texinfo};"
+
+#. type: item
+#: doc/contributing.texi:49
+#, no-wrap
+msgid "@url{http://www.graphviz.org/, Graphviz};"
+msgstr "@url{http://www.graphviz.org/, Graphviz};"
+
+#. type: item
+#: doc/contributing.texi:50
+#, no-wrap
+msgid "@url{http://www.gnu.org/software/help2man/, GNU Help2man (optional)}."
+msgstr "@url{http://www.gnu.org/software/help2man/, GNU Help2man (facultatif)}."
+
+#. type: Plain text
+#: doc/contributing.texi:57
+msgid ""
+"The easiest way to set up a development environment for Guix is, of course, by "
+"using Guix! The following command starts a new shell where all the "
+"dependencies and appropriate environment variables are set up to hack on Guix:"
+msgstr ""
+"La manière la plus simple de configurer un environnement de développement pour "
+"Guix est, bien sûr, d'utiliser Guix ! La commande suivante démarre un nouveau "
+"shell où toutes les dépendances et les variables d'environnements appropriées "
+"sont configurés pour travailler sur Guix :"
+
+#. type: example
+#: doc/contributing.texi:60
+#, no-wrap
+msgid "guix environment guix\n"
+msgstr "guix environment guix\n"
+
+#. type: Plain text
+#: doc/contributing.texi:64
+msgid ""
+"@xref{Invoking guix environment}, for more information on that command. Extra "
+"dependencies can be added with @option{--ad-hoc}:"
+msgstr ""
+"@xref{Invoquer guix environment}, pour plus d'information sur cette commande. "
+"On peut ajouter des dépendances supplémentaires avec @option{--ad-hoc} :"
+
+#. type: example
+#: doc/contributing.texi:67
+#, no-wrap
+msgid "guix environment guix --ad-hoc help2man git strace\n"
+msgstr "guix environment guix --ad-hoc help2man git strace\n"
+
+#. type: Plain text
+#: doc/contributing.texi:71
+msgid ""
+"Run @command{./bootstrap} to generate the build system infrastructure using "
+"Autoconf and Automake. If you get an error like this one:"
+msgstr ""
+"Lancez @command{./bootstrap} pour générer l'infrastructure du système de "
+"construction avec Autoconf et Automake. Si vous avez une erreur comme :"
+
+#. type: example
+#: doc/contributing.texi:74
+#, no-wrap
+msgid "configure.ac:46: error: possibly undefined macro: PKG_CHECK_MODULES\n"
+msgstr "configure.ac:46: error: possibly undefined macro: PKG_CHECK_MODULES\n"
+
+#. type: Plain text
+#: doc/contributing.texi:83
+msgid ""
+"it probably means that Autoconf couldn’t find @file{pkg.m4}, which is provided "
+"by pkg-config. Make sure that @file{pkg.m4} is available. The same holds for "
+"the @file{guile.m4} set of macros provided by Guile. For instance, if you "
+"installed Automake in @file{/usr/local}, it wouldn’t look for @file{.m4} files "
+"in @file{/usr/share}. In that case, you have to invoke the following command:"
+msgstr ""
+"cela signifie probablement qu'Autoconf n'a pas pu trouver @file{pkg.m4} qui "
+"est fournit par pkg-config. Assurez-vous que @file{pkg.m4} est disponible. "
+"C'est aussi vrai pour l'ensemble de macros de @file{guile.m4} fournies par "
+"Guile. Par exemple, si vous avez installé Automake dans @file{/usr/local}, il "
+"ne cherchera pas les fichiers @file{.m4} dans @file{/usr/share}. Dans ce case "
+"vous devez invoquer la commande suivante :"
+
+#. type: example
+#: doc/contributing.texi:86
+#, no-wrap
+msgid "export ACLOCAL_PATH=/usr/share/aclocal\n"
+msgstr "export ACLOCAL_PATH=/usr/share/aclocal\n"
+
+#. type: Plain text
+#: doc/contributing.texi:90
+msgid ""
+"@xref{Macro Search Path,,, automake, The GNU Automake Manual}, for more "
+"information."
+msgstr ""
+"@xref{Macro Search Path,,, automake, The GNU Automake Manual}, pour plus "
+"d'information."
+
+#. type: Plain text
+#: doc/contributing.texi:95
+msgid ""
+"Then, run @command{./configure} as usual. Make sure to pass @code{--"
+"localstatedir=@var{directory}} where @var{directory} is the "
+"@code{localstatedir} value used by your current installation (@pxref{The "
+"Store}, for information about this)."
+msgstr ""
+"Ensuite, lancez @command{./configure} comme d'habitude. Assurez-vous de passer "
+"@code{--localstatedir=@var{directory}} où @var{directory} est la valeur "
+"@code{localstatedir} utilisée par votre installation actuelle (@pxref{Le "
+"dépôt} pour plus d'informations à ce propos)."
+
+#. type: Plain text
+#: doc/contributing.texi:100
+msgid ""
+"Finally, you have to invoke @code{make check} to run tests (@pxref{Running the "
+"Test Suite}). If anything fails, take a look at installation instructions "
+"(@pxref{Installation}) or send a message to the @email{guix-devel@@gnu.org, "
+"mailing list}."
+msgstr ""
+"Finalement, vous devez invoquer @code{make check} pour lancer les tests "
+"(@pxref{Lancer la suite de tests}). Si quelque chose échoue, jetez un œil aux "
+"instructions d'installation (@pxref{Installation}) ou envoyez un message à la "
+"list @email{guix-devel@@gnu.org}."
+
+#. type: Plain text
+#: doc/contributing.texi:109
+msgid ""
+"In order to keep a sane working environment, you will find it useful to test "
+"the changes made in your local source tree checkout without actually "
+"installing them. So that you can distinguish between your ``end-user'' hat "
+"and your ``motley'' costume."
+msgstr ""
+"Pour garder un environnement de travail sain, il est utile de tester les "
+"changement localement sans les installer pour de vrai. Pour pouvoir distinguer "
+"votre rôle « d'utilisateur final » de celui parfois haut en couleur de « "
+"développeur »."
+
+#. type: Plain text
+#: doc/contributing.texi:117
+msgid ""
+"To that end, all the command-line tools can be used even if you have not run "
+"@code{make install}. To do that, prefix each command with @command{./pre-inst-"
+"env} (the @file{pre-inst-env} script lives in the top build tree of Guix), as "
+"in@footnote{The @option{-E} flag to @command{sudo} guarantees that "
+"@code{GUILE_LOAD_PATH} is correctly set such that @command{guix-daemon} and "
+"the tools it uses can find the Guile modules they need.}:"
+msgstr ""
+"Pour cela, tous les outils en ligne de commande sont utilisables même sans "
+"avoir lancé @code{make install}. Vous devez pour cela préfixer chaque commande "
+"par @command{./pre-inst-env} (le script @file{pre-inst-env} se trouve dans le "
+"répertoire de plus haut niveau de l'arborescence des sources de Guix) comme "
+"cela@footnote{L'option @option{-E} de @command{sudo} garantie que "
+"@code{GUILE_LOAD_PATH} est bien paramétré pour @command{guix-daemon} et les "
+"outils qu'il utilise puissent trouver les modules Guile dont ils ont besoin.} :"
+
+#. type: example
+#: doc/contributing.texi:121
+#, no-wrap
+msgid ""
+"$ sudo -E ./pre-inst-env guix-daemon --build-users-group=guixbuild\n"
+"$ ./pre-inst-env guix build hello\n"
+msgstr ""
+"$ sudo -E ./pre-inst-env guix-daemon --build-users-group=guixbuild\n"
+"$ ./pre-inst-env guix build hello\n"
+
+#. type: Plain text
+#: doc/contributing.texi:125
+msgid "Similarly, for a Guile session using the Guix modules:"
+msgstr "De même, pour une session Guile qui utilise les modules Guix :"
+
+#. type: example
+#: doc/contributing.texi:128
+#, no-wrap
+msgid ""
+"$ ./pre-inst-env guile -c '(use-modules (guix utils)) (pk (%current-system))'\n"
+"\n"
+msgstr ""
+"$ ./pre-inst-env guile -c '(use-modules (guix utils)) (pk (%current-system))'\n"
+"\n"
+
+#. type: example
+#: doc/contributing.texi:130
+#, no-wrap
+msgid ";;; (\"x86_64-linux\")\n"
+msgstr ";;; (\"x86_64-linux\")\n"
+
+#. type: cindex
+#: doc/contributing.texi:133
+#, no-wrap
+msgid "REPL"
+msgstr "REPL"
+
+#. type: cindex
+#: doc/contributing.texi:134
+#, no-wrap
+msgid "read-eval-print loop"
+msgstr "read-eval-print loop"
+
+#. type: Plain text
+#: doc/contributing.texi:137
+msgid ""
+"@dots{} and for a REPL (@pxref{Using Guile Interactively,,, guile, Guile "
+"Reference Manual}):"
+msgstr ""
+"@dots{} et pour un REPL (@pxref{Using Guile Interactively,,, guile, Guile "
+"Reference Manual})"
+
+#. type: example
+#: doc/contributing.texi:152
+#, no-wrap
+msgid ""
+"$ ./pre-inst-env guile\n"
+"scheme@@(guile-user)> ,use(guix)\n"
+"scheme@@(guile-user)> ,use(gnu)\n"
+"scheme@@(guile-user)> (define snakes\n"
+" (fold-packages\n"
+" (lambda (package lst)\n"
+" (if (string-prefix? \"python\"\n"
+" (package-name package))\n"
+" (cons package lst)\n"
+" lst))\n"
+" '()))\n"
+"scheme@@(guile-user)> (length snakes)\n"
+"$1 = 361\n"
+msgstr ""
+"$ ./pre-inst-env guile\n"
+"scheme@@(guile-user)> ,use(guix)\n"
+"scheme@@(guile-user)> ,use(gnu)\n"
+"scheme@@(guile-user)> (define snakes\n"
+" (fold-packages\n"
+" (lambda (package lst)\n"
+" (if (string-prefix? \"python\"\n"
+" (package-name package))\n"
+" (cons package lst)\n"
+" lst))\n"
+" '()))\n"
+"scheme@@(guile-user)> (length snakes)\n"
+"$1 = 361\n"
+
+#. type: Plain text
+#: doc/contributing.texi:156
+msgid ""
+"The @command{pre-inst-env} script sets up all the environment variables "
+"necessary to support this, including @env{PATH} and @env{GUILE_LOAD_PATH}."
+msgstr ""
+"Le script @command{pre-inst-env} paramètre toutes les variables "
+"d'environnement nécessaires, dont @env{PATH} et @env{GUILE_LOAD_PATH}."
+
+#. type: Plain text
+#: doc/contributing.texi:167
+msgid ""
+"Note that @command{./pre-inst-env guix pull} does @emph{not} upgrade the local "
+"source tree; it simply updates the @file{~/.config/guix/latest} symlink "
+"(@pxref{Invoking guix pull}). Run @command{git pull} instead if you want to "
+"upgrade your local source tree.@footnote{If you would like to set up "
+"@command{guix} to use your Git checkout, you can point the @file{~/.config/"
+"guix/latest} symlink to your Git checkout directory. If you are the sole user "
+"of your system, you may also consider pointing the @file{/root/.config/guix/"
+"latest} symlink to point to @file{~/.config/guix/latest}; this way it will "
+"always use the same @command{guix} as your user does.}"
+msgstr ""
+"Remarquez que @command{./pre-inst-env guix pull} ne met @emph{pas} à jour "
+"l'arborescence des sources locale ; il met seulement à jour le lien symbolique "
+"@file{~/.config/guix/latest} (@pxref{Invoquer guix pull}). Lancez @command{git "
+"pull} à la place si vous voulez mettre à jour votre arborescence des sources "
+"locale@footnote{Si vous voulez paramétrer @command{guix} pour qu'il utilise "
+"votre dépôt Git, vous pouvez faire pointer le lien symbolique @file{~/.config/"
+"guix/latest} vers le répertoire contenant ce dépôt. Si vous le seul "
+"utilisateur du système, vous pouvez aussi considérer faire pointer le lien "
+"symbolique @file{/root/.config/guix/latest} vers @file{~/.config/guix/"
+"latest} ; comme ça root aura toujours la même commande @command{guix} que "
+"votre utilisateur}."
+
+#. type: Plain text
+#: doc/contributing.texi:177
+msgid ""
+"The Perfect Setup to hack on Guix is basically the perfect setup used for "
+"Guile hacking (@pxref{Using Guile in Emacs,,, guile, Guile Reference "
+"Manual}). First, you need more than an editor, you need @url{http://www.gnu."
+"org/software/emacs, Emacs}, empowered by the wonderful @url{http://nongnu.org/"
+"geiser/, Geiser}."
+msgstr ""
+"La configuration parfaite pour travailler sur Guix est simplement la "
+"configuration parfaite pour travailler en Guile (@pxref{Using Guile in "
+"Emacs,,, guile, Guile Reference Manual}). Tout d'abord, vous avez besoin de "
+"mieux qu'un éditeur de texte, vous avez besoin de @url{http://www.gnu.org/"
+"software/emacs, Emacs}, amélioré par le superbe @url{http://nongnu.org/"
+"geiser/, Geiser}."
+
+#. type: Plain text
+#: doc/contributing.texi:185
+msgid ""
+"Geiser allows for interactive and incremental development from within Emacs: "
+"code compilation and evaluation from within buffers, access to on-line "
+"documentation (docstrings), context-sensitive completion, @kbd{M-.} to jump to "
+"an object definition, a REPL to try out your code, and more "
+"(@pxref{Introduction,,, geiser, Geiser User Manual}). For convenient Guix "
+"development, make sure to augment Guile’s load path so that it finds source "
+"files from your checkout:"
+msgstr ""
+"Geiser permet le développement interactif et incrémental depuis Emacs : la "
+"compilation du code et son évaluation depuis les buffers, l'accès à la "
+"documentation en ligne (docstrings), la complétion sensible au contexte, "
+"@kbd{M-.} pour sauter à la définition d'un objet, un REPL pour tester votre "
+"code, et bien plus (@pxref{Introduction,,, geiser, Geiser User Manual}). Pour "
+"travailler confortablement sur Guix, assurez-vous de modifier le chemin de "
+"chargement de Guile pour qu'il trouve les fichiers source de votre dépôt :"
+
+#. type: lisp
+#: doc/contributing.texi:190
+#, no-wrap
+msgid ""
+";; @r{Assuming the Guix checkout is in ~/src/guix.}\n"
+"(with-eval-after-load 'geiser-guile\n"
+" (add-to-list 'geiser-guile-load-path \"~/src/guix\"))\n"
+msgstr ""
+";; @r{Si l'extrait est dans ~/src/guix.}\n"
+"(with-eval-after-load 'geiser-guile\n"
+" (add-to-list 'geiser-guile-load-path \"~/src/guix\"))\n"
+
+#. type: Plain text
+#: doc/contributing.texi:198
+msgid ""
+"To actually edit the code, Emacs already has a neat Scheme mode. But in "
+"addition to that, you must not miss @url{http://www.emacswiki.org/emacs/"
+"ParEdit, Paredit}. It provides facilities to directly operate on the syntax "
+"tree, such as raising an s-expression or wrapping it, swallowing or rejecting "
+"the following s-expression, etc."
+msgstr ""
+
+#. type: cindex
+#: doc/contributing.texi:199
+#, no-wrap
+msgid "code snippets"
+msgstr "extraits de code"
+
+#. type: cindex
+#: doc/contributing.texi:200
+#, no-wrap
+msgid "templates"
+msgstr "modèles"
+
+#. type: cindex
+#: doc/contributing.texi:201
+#, no-wrap
+msgid "reducing boilerplate"
+msgstr "réduire la quantité de code commun"
+
+#. type: Plain text
+#: doc/contributing.texi:208
+msgid ""
+"We also provide templates for common git commit messages and package "
+"definitions in the @file{etc/snippets} directory. These templates can be used "
+"with @url{http://joaotavora.github.io/yasnippet/, YASnippet} to expand short "
+"trigger strings to interactive text snippets. You may want to add the "
+"snippets directory to the @var{yas-snippet-dirs} variable in Emacs."
+msgstr ""
+"Nous fournissons aussi des modèles pour les messages de commit git communs et "
+"les définitions de paquets dans le répertoire @file{etc/snippets}. Ces modèles "
+"s'utilisent avec @url{http://joaotavora.github.io/yasnippet/, YASnippet} pour "
+"développer des chaînes courtes de déclenchement en extraits de texte "
+"interactifs. Vous pouvez ajouter le répertoire des modèles dans la variables "
+"@var{yas-snippet-dirs} d'Emacs."
+
+#. type: lisp
+#: doc/contributing.texi:213
+#, no-wrap
+msgid ""
+";; @r{Assuming the Guix checkout is in ~/src/guix.}\n"
+"(with-eval-after-load 'yasnippet\n"
+" (add-to-list 'yas-snippet-dirs \"~/src/guix/etc/snippets\"))\n"
+msgstr ""
+";; @r{Si l'extrait est dans ~/src/guix.}\n"
+"(with-eval-after-load 'yasnippet\n"
+" (add-to-list 'yas-snippet-dirs \"~/src/guix/etc/snippets\"))\n"
+
+#. type: Plain text
+#: doc/contributing.texi:220
+msgid ""
+"The commit message snippets depend on @url{https://magit.vc/, Magit} to "
+"display staged files. When editing a commit message type @code{add} followed "
+"by @kbd{TAB} to insert a commit message template for adding a package; type "
+"@code{update} followed by @kbd{TAB} to insert a template for updating a "
+"package."
+msgstr ""
+"Les extraits de messages de commit dépendent de @url{https://magit.vc/, Magit} "
+"pour afficher les fichiers sélectionnés. Lors de la modification d'un message "
+"de commit, tapez @code{add} suivi de @kbd{TAB} pour insérer un modèle de "
+"message de commit pour ajouter un paquet ; tapez @code{update} suivi de "
+"@kbd{TAB} pour insérer un modèle pour la mise à jour d'un paquet."
+
+#. type: Plain text
+#: doc/contributing.texi:226
+msgid ""
+"The main snippet for @code{scheme-mode} is triggered by typing "
+"@code{package...} followed by @kbd{TAB}. This snippet also inserts the "
+"trigger string @code{origin...}, which can be expanded further. The "
+"@code{origin} snippet in turn may insert other trigger strings ending on "
+"@code{...}, which also can be expanded further."
+msgstr ""
+"L'extrait principal pour @code{scheme-mode} est lancé en tapant "
+"@code{package…} suivi par @kbd{TAB}. Cet extrait insère aussi la chaîne de "
+"déclenchement @code{origin…}, qui peut aussi être étendue. L'extrait "
+"@code{origin} lui-même peut aussi insérer des chaînes de déclenchement qui "
+"finissent sur @code{…}, qui peuvent aussi être étendues."
+
+#. type: Plain text
+#: doc/contributing.texi:234
+msgid ""
+"In general our code follows the GNU Coding Standards (@pxref{Top,,, standards, "
+"GNU Coding Standards}). However, they do not say much about Scheme, so here "
+"are some additional rules."
+msgstr ""
+"En général notre code suit le Standard de Code GNU (@pxref{Top,,, standards, "
+"GNU Coding Standards}). Cependant, il ne parle pas beaucoup de Scheme, donc "
+"voici quelques règles supplémentaires."
+
+#. type: subsection
+#: doc/contributing.texi:240 doc/contributing.texi:242 doc/contributing.texi:243
+#, no-wrap
+msgid "Programming Paradigm"
+msgstr "Paradigme de programmation"
+
+#. type: menuentry
+#: doc/contributing.texi:240
+msgid "How to compose your elements."
+msgstr "Comment composer vos éléments."
+
+#. type: subsection
+#: doc/contributing.texi:240 doc/contributing.texi:249 doc/contributing.texi:250
+#, no-wrap
+msgid "Modules"
+msgstr "Modules"
+
+#. type: menuentry
+#: doc/contributing.texi:240
+msgid "Where to store your code?"
+msgstr "Où stocker votre code ?"
+
+#. type: subsection
+#: doc/contributing.texi:240 doc/contributing.texi:260 doc/contributing.texi:261
+#, no-wrap
+msgid "Data Types and Pattern Matching"
+msgstr "Types de données et reconnaissance de motif"
+
+#. type: menuentry
+#: doc/contributing.texi:240
+msgid "Implementing data structures."
+msgstr "Implémenter des structures de données."
+
+#. type: subsection
+#: doc/contributing.texi:240 doc/contributing.texi:274 doc/contributing.texi:275
+#, no-wrap
+msgid "Formatting Code"
+msgstr "Formatage du code"
+
+#. type: menuentry
+#: doc/contributing.texi:240
+msgid "Writing conventions."
+msgstr "Conventions d'écriture."
+
+#. type: Plain text
+#: doc/contributing.texi:248
+msgid ""
+"Scheme code in Guix is written in a purely functional style. One exception is "
+"code that involves input/output, and procedures that implement low-level "
+"concepts, such as the @code{memoize} procedure."
+msgstr ""
+"Le code Scheme dans Guix est écrit dans un style purement fonctionnel. Le code "
+"qui s'occupe des entrées-sorties est une exception ainsi que les procédures "
+"qui implémentent des concepts bas-niveau comme la procédure @code{memoize}."
+
+#. type: Plain text
+#: doc/contributing.texi:256
+msgid ""
+"Guile modules that are meant to be used on the builder side must live in the "
+"@code{(guix build @dots{})} name space. They must not refer to other Guix or "
+"GNU modules. However, it is OK for a ``host-side'' module to use a build-side "
+"module."
+msgstr ""
+"Les modules Guile qui sont sensés être utilisés du côté de la construction "
+"doivent se trouver dans l'espace de nom @code{(guix build @dots{})}. Ils ne "
+"doivent pas se référer à d'autres modules Guix ou GNU. Cependant il est "
+"correct pour un module « côté hôte » de dépendre d'un module coté construction."
+
+#. type: Plain text
+#: doc/contributing.texi:259
+msgid ""
+"Modules that deal with the broader GNU system should be in the @code{(gnu "
+"@dots{})} name space rather than @code{(guix @dots{})}."
+msgstr ""
+"Les modules qui s'occupent du système GNU général devraient se trouver dans "
+"l'espace de nom @code{(gnu @dots{})} plutôt que @code{(guix @dots{})}."
+
+#. type: Plain text
+#: doc/contributing.texi:268
+msgid ""
+"The tendency in classical Lisp is to use lists to represent everything, and "
+"then to browse them ``by hand'' using @code{car}, @code{cdr}, @code{cadr}, and "
+"co. There are several problems with that style, notably the fact that it is "
+"hard to read, error-prone, and a hindrance to proper type error reports."
+msgstr ""
+"La tendance en Lisp classique est d'utiliser des listes pour tout représenter "
+"et de naviguer dedans « à la main ( avec @code{car}, @code{cdr}, @code{cadr} "
+"et compagnie. Il y a plusieurs problèmes avec ce style, notamment le fait "
+"qu'il soit dur à lire, source d'erreur et un obstacle aux rapports d'erreur "
+"bien typés."
+
+#. type: Plain text
+#: doc/contributing.texi:273
+msgid ""
+"Guix code should define appropriate data types (for instance, using "
+"@code{define-record-type*}) rather than abuse lists. In addition, it should "
+"use pattern matching, via Guile’s @code{(ice-9 match)} module, especially when "
+"matching lists."
+msgstr ""
+"Le code de Guix devrait définir des types de données appropriées (par exemple, "
+"avec @code{define-record-type*}) plutôt que d'abuser des listes. En plus, il "
+"devrait utiliser la recherche de motifs, via le module Guile @code{(ice-9 "
+"match)}, surtout pour rechercher dans des listes."
+
+#. type: cindex
+#: doc/contributing.texi:277
+#, no-wrap
+msgid "formatting code"
+msgstr "formater le code"
+
+#. type: cindex
+#: doc/contributing.texi:278
+#, no-wrap
+msgid "coding style"
+msgstr "style de code"
+
+#. type: Plain text
+#: doc/contributing.texi:285
+msgid ""
+"When writing Scheme code, we follow common wisdom among Scheme programmers. "
+"In general, we follow the @url{http://mumble.net/~campbell/scheme/style.txt, "
+"Riastradh's Lisp Style Rules}. This document happens to describe the "
+"conventions mostly used in Guile’s code too. It is very thoughtful and well "
+"written, so please do read it."
+msgstr ""
+"Lorsque nous écrivons du code Scheme, nous suivons la sagesse commune aux "
+"programmeurs Scheme. En général, nous suivons les @url{http://mumble.net/"
+"~campbell/scheme/style.txt, règles de style de Riastradh}. Ce document décrit "
+"aussi les conventions utilisées dans le code de Guile. Il est bien pensé et "
+"bien écrit, alors n'hésitez pas à le lire."
+
+#. type: Plain text
+#: doc/contributing.texi:292
+msgid ""
+"Some special forms introduced in Guix, such as the @code{substitute*} macro, "
+"have special indentation rules. These are defined in the @file{.dir-locals."
+"el} file, which Emacs automatically uses. Also note that Emacs-Guix provides "
+"@code{guix-devel-mode} mode that indents and highlights Guix code properly "
+"(@pxref{Development,,, emacs-guix, The Emacs-Guix Reference Manual})."
+msgstr ""
+"Certaines formes spéciales introduites dans Guix comme la macro "
+"@code{substitute*} ont des règles d'indentation spécifiques. Elles sont "
+"définies dans le fichier @file{.dir-locals.el} qu'Emacs utilise "
+"automatiquement. Remarquez aussi qu'Emacs-Guix fournit le mode @code{guix-"
+"devel-mode} qui indente et colore le code Guix correctement "
+"(@pxref{Development,,, emacs-guix, The Emacs-Guix Reference Manual})."
+
+#. type: cindex
+#: doc/contributing.texi:293
+#, no-wrap
+msgid "indentation, of code"
+msgstr "indentation, du code"
+
+#. type: cindex
+#: doc/contributing.texi:294
+#, no-wrap
+msgid "formatting, of code"
+msgstr "formatage, du code"
+
+#. type: Plain text
+#: doc/contributing.texi:297
+msgid ""
+"If you do not use Emacs, please make sure to let your editor knows these "
+"rules. To automatically indent a package definition, you can also run:"
+msgstr ""
+"Si vous n'utilisez pas Emacs, assurez-vous que votre éditeur connaisse ces "
+"règles. Pour indenter automatiquement une définition de paquet, vous pouvez "
+"aussi lancer :"
+
+#. type: example
+#: doc/contributing.texi:300
+#, no-wrap
+msgid "./etc/indent-code.el gnu/packages/@var{file}.scm @var{package}\n"
+msgstr "./etc/indent-code.el gnu/packages/@var{file}.scm @var{package}\n"
+
+#. type: Plain text
+#: doc/contributing.texi:306
+msgid ""
+"This automatically indents the definition of @var{package} in @file{gnu/"
+"packages/@var{file}.scm} by running Emacs in batch mode. To indent a whole "
+"file, omit the second argument:"
+msgstr ""
+"Cela indente automatiquement la définition de @var{package} dans @file{gnu/"
+"packages/@var{file}.scm} en lançant Emacs en mode commande. Pour indenter un "
+"fichier complet, n'indiquez pas de second argument :"
+
+#. type: example
+#: doc/contributing.texi:309
+#, no-wrap
+msgid "./etc/indent-code.el gnu/services/@var{file}.scm\n"
+msgstr "./etc/indent-code.el gnu/services/@var{file}.scm\n"
+
+#. type: Plain text
+#: doc/contributing.texi:314
+msgid ""
+"We require all top-level procedures to carry a docstring. This requirement "
+"can be relaxed for simple private procedures in the @code{(guix build "
+"@dots{})} name space, though."
+msgstr ""
+"Nous demandons que toutes les procédure de premier niveau contiennent une "
+"chaîne de documentation. Ce pré-requis peut être relâché pour les procédures "
+"privées simples dans l'espace de nom @code{(guix build @dots{})} cependant."
+
+#. type: Plain text
+#: doc/contributing.texi:317
+msgid ""
+"Procedures should not have more than four positional parameters. Use keyword "
+"parameters for procedures that take more than four parameters."
+msgstr ""
+"Les procédures ne devraient pas avoir plus de quatre paramètres positionnés. "
+"Utilisez des paramètres par mot-clefs pour les procédures qui prennent plus de "
+"quatre paramètres."
+
+#. type: Plain text
+#: doc/contributing.texi:326
+msgid ""
+"Development is done using the Git distributed version control system. Thus, "
+"access to the repository is not strictly necessary. We welcome contributions "
+"in the form of patches as produced by @code{git format-patch} sent to the "
+"@email{guix-patches@@gnu.org} mailing list."
+msgstr ""
+"Le développement se fait avec le système de contrôle de version Git. Ainsi, "
+"l'accès au dépôt n'est pas strictement nécessaire. Nous accueillons les "
+"contributions sous forme de correctifs produits par @code{git format-patch} "
+"envoyés sur la liste de diffusion @email{guix-patches@@gnu.org}."
+
+#. type: Plain text
+#: doc/contributing.texi:333
+msgid ""
+"This mailing list is backed by a Debbugs instance accessible at @uref{https://"
+"bugs.gnu.org/guix-patches}, which allows us to keep track of submissions. "
+"Each message sent to that mailing list gets a new tracking number assigned; "
+"people can then follow up on the submission by sending email to @code{@var{NNN}"
+"@@debbugs.gnu.org}, where @var{NNN} is the tracking number (@pxref{Sending a "
+"Patch Series})."
+msgstr ""
+"Cette liste de diffusion est gérée par une instance Debbugs accessible à "
+"l'adresse @uref{https://bugs.gnu.org/guix-patches}, qui nous permet de suivre "
+"les soumissions. Chaque message envoyé à cette liste se voit attribuer un "
+"numéro de suivi ; les gens peuvent ensuite répondre à cette soumission en "
+"envoyant un courriel à @code{@var{NNN}@@debbugs.gnu.org}, où @var{NNN} est le "
+"numéro de suivi (@pxref{Envoyer une série de correctifs})."
+
+#. type: Plain text
+#: doc/contributing.texi:337
+msgid ""
+"Please write commit logs in the ChangeLog format (@pxref{Change Logs,,, "
+"standards, GNU Coding Standards}); you can check the commit history for "
+"examples."
+msgstr ""
+"Veuillez écrire les messages de commit dans le format ChangeLog (@pxref{Change "
+"Logs,,, standards, GNU Coding Standards}) ; vous pouvez regarder l'historique "
+"des commits pour trouver des exemples."
+
+#. type: Plain text
+#: doc/contributing.texi:340
+msgid ""
+"Before submitting a patch that adds or modifies a package definition, please "
+"run through this check list:"
+msgstr ""
+"Avant de soumettre un correctif qui ajoute ou modifie la définition d'un "
+"paquet, veuillez vérifier cette check-list :"
+
+#. type: enumerate
+#: doc/contributing.texi:347
+msgid ""
+"If the authors of the packaged software provide a cryptographic signature for "
+"the release tarball, make an effort to verify the authenticity of the "
+"archive. For a detached GPG signature file this would be done with the "
+"@code{gpg --verify} command."
+msgstr ""
+"Si les auteurs du paquet logiciel fournissent une signature cryptographique "
+"pour l'archive, faîtes un effort pour vérifier l'authenticité de l'archive. "
+"Pour un fichier de signature GPG détaché, cela se fait avec la commande "
+"@code{gpg --verify}."
+
+#. type: enumerate
+#: doc/contributing.texi:351
+msgid ""
+"Take some time to provide an adequate synopsis and description for the "
+"package. @xref{Synopses and Descriptions}, for some guidelines."
+msgstr ""
+"Prenez un peu de temps pour fournir un synopsis et une description adéquats "
+"pour le paquet. Voir @xref{Synopsis et descriptions} pour quelques lignes "
+"directrices."
+
+#. type: enumerate
+#: doc/contributing.texi:356
+msgid ""
+"Run @code{guix lint @var{package}}, where @var{package} is the name of the new "
+"or modified package, and fix any errors it reports (@pxref{Invoking guix "
+"lint})."
+msgstr ""
+"Lancez @code{guix lint @var{paquet}}, où @var{paquet} est le nom du nouveau "
+"paquet ou du paquet modifié, et corrigez les erreurs qu'il rapporte "
+"(@pxref{Invoquer guix lint})."
+
+#. type: enumerate
+#: doc/contributing.texi:360
+msgid ""
+"Make sure the package builds on your platform, using @code{guix build "
+"@var{package}}."
+msgstr ""
+"Assurez-vous que le paquet se construise sur votre plate-forme avec @code{guix "
+"build @var{paquet}}."
+
+#. type: cindex
+#: doc/contributing.texi:362
+#, no-wrap
+msgid "bundling"
+msgstr "construction groupée"
+
+#. type: enumerate
+#: doc/contributing.texi:365
+msgid ""
+"Make sure the package does not use bundled copies of software already "
+"available as separate packages."
+msgstr ""
+"Assurez-vous que le paquet n'utilise pas de copie groupée d'un logiciel déjà "
+"disponible dans un paquet séparé."
+
+#. type: enumerate
+#: doc/contributing.texi:374
+msgid ""
+"Sometimes, packages include copies of the source code of their dependencies as "
+"a convenience for users. However, as a distribution, we want to make sure "
+"that such packages end up using the copy we already have in the distribution, "
+"if there is one. This improves resource usage (the dependency is built and "
+"stored only once), and allows the distribution to make transverse changes such "
+"as applying security updates for a given software package in a single place "
+"and have them affect the whole system---something that bundled copies prevent."
+msgstr ""
+"Parfois, les paquets incluent des copie du code source de leurs dépendances "
+"pour le confort de leurs utilisateurs. Cependant, en tant que distribution, "
+"nous voulons nous assurer que ces paquets utilisent bien les copient que nous "
+"avons déjà dans la distribution si elles existent. Cela améliore l'utilisation "
+"des ressources (la dépendance n'est construite et stockée qu'une seule fois) "
+"et permet à la distribution de faire des changements transversaux comme "
+"appliquer des correctifs de sécurité pour un paquet donné depuis un unique "
+"emplacement et qu'ils affectent tout le système, ce qu'empêchent les copies "
+"groupées."
+
+#. type: enumerate
+#: doc/contributing.texi:381
+msgid ""
+"Take a look at the profile reported by @command{guix size} (@pxref{Invoking "
+"guix size}). This will allow you to notice references to other packages "
+"unwillingly retained. It may also help determine whether to split the package "
+"(@pxref{Packages with Multiple Outputs}), and which optional dependencies "
+"should be used."
+msgstr ""
+"Regardez le profile rapporté par @command{guix size} (@pxref{Invoking guix "
+"size}). Cela vous permettra de remarquer des références à d'autres paquets qui "
+"ont été retenus. Il peut aussi aider à déterminer s'il faut découper le paquet "
+"(@pxref{Des paquets avec plusieurs résultats}) et quelle dépendance facultative "
+"utiliser."
+
+#. type: enumerate
+#: doc/contributing.texi:386
+msgid ""
+"For important changes, check that dependent package (if applicable) are not "
+"affected by the change; @code{guix refresh --list-dependent @var{package}} "
+"will help you do that (@pxref{Invoking guix refresh})."
+msgstr ""
+"Pour les changements important, vérifiez que les paquets qui en dépendent "
+"(s'ils existent) ne sont pas affectés par le changement ; @code{guix refresh --"
+"list-dependant @var{paquet}} vous aidera (@pxref{Invoquer guix refresh})."
+
+#. type: cindex
+#: doc/contributing.texi:388
+#, no-wrap
+msgid "branching strategy"
+msgstr "stratégie de branche"
+
+#. type: cindex
+#: doc/contributing.texi:389
+#, no-wrap
+msgid "rebuild scheduling strategy"
+msgstr "stratégie de planification des reconstructions"
+
+#. type: enumerate
+#: doc/contributing.texi:392
+msgid ""
+"Depending on the number of dependent packages and thus the amount of "
+"rebuilding induced, commits go to different branches, along these lines:"
+msgstr ""
+"Suivant le nombre de paquets dépendants et donc le nombre de reconstruction "
+"induites, les commits vont vers des branches différentes, suivant ces "
+"principes :"
+
+#. type: item
+#: doc/contributing.texi:394
+#, no-wrap
+msgid "300 dependent packages or less"
+msgstr "300 paquets dépendants ou moins"
+
+#. type: table
+#: doc/contributing.texi:396
+msgid "@code{master} branch (non-disruptive changes)."
+msgstr "branche @code{master} (changements non-disruptifs)."
+
+#. type: item
+#: doc/contributing.texi:397
+#, no-wrap
+msgid "between 300 and 1,200 dependent packages"
+msgstr "entre 300 et 1 200 paquets dépendants"
+
+#. type: table
+#: doc/contributing.texi:402
+msgid ""
+"@code{staging} branch (non-disruptive changes). This branch is intended to be "
+"merged in @code{master} every 3 weeks or so. Topical changes (e.g., an update "
+"of the GNOME stack) can instead go to a specific branch (say, @code{gnome-"
+"updates})."
+msgstr ""
+"branche @code{staging} (changemets non-disruptifs). Cette branche devrait être "
+"fusionnées dans @code{master} tous les 3 semaines. Les changements par thèmes "
+"(par exemple une mise à jour de la pile GNOME) peuvent aller dans une branche "
+"spécifique (disons, @code{gnome-updates})."
+
+#. type: item
+#: doc/contributing.texi:403
+#, no-wrap
+msgid "more than 1,200 dependent packages"
+msgstr "plus de 1 200 paquets dépendants"
+
+#. type: table
+#: doc/contributing.texi:407
+msgid ""
+"@code{core-updates} branch (may include major and potentially disruptive "
+"changes). This branch is intended to be merged in @code{master} every 2.5 "
+"months or so."
+msgstr ""
+"branche @code{core-updates} (peut inclure des changements majeurs et "
+"potentiellement disruptifs). Cette branche devrait être fusionnée dans "
+"@code{master} tous les 2,5 mois environ."
+
+#. type: enumerate
+#: doc/contributing.texi:414
+msgid ""
+"All these branches are tracked by our build farm and merged into @code{master} "
+"once everything has been successfully built. This allows us to fix issues "
+"before they hit users, and to reduce the window during which pre-built "
+"binaries are not available."
+msgstr ""
+"Toutes ces branches sont gérées par notre ferme de construction et fusionnées "
+"dans @code{master} une fois que tout a été construit correctement. Cela nous "
+"permet de corriger des problèmes avant qu'ils n'atteignent les utilisateurs et "
+"réduit la fenêtre pendant laquelle les binaires pré-construits ne sont pas "
+"disponibles."
+
+#. type: cindex
+#: doc/contributing.texi:416
+#, no-wrap
+msgid "determinism, of build processes"
+msgstr "déterminisme, du processus de construction"
+
+#. type: cindex
+#: doc/contributing.texi:417
+#, no-wrap
+msgid "reproducible builds, checking"
+msgstr "construction reproductibles, vérification"
+
+#. type: enumerate
+#: doc/contributing.texi:421
+msgid ""
+"Check whether the package's build process is deterministic. This typically "
+"means checking whether an independent build of the package yields the exact "
+"same result that you obtained, bit for bit."
+msgstr ""
+"Vérifiez si le processus de construction du paquet est déterministe. Cela "
+"signifie typiquement vérifier qu'une construction indépendante du paquet "
+"renvoie exactement le même résultat que vous avez obtenu, bit à bit."
+
+#. type: enumerate
+#: doc/contributing.texi:424
+msgid ""
+"A simple way to do that is by building the same package several times in a row "
+"on your machine (@pxref{Invoking guix build}):"
+msgstr ""
+"Une manière simple de le faire est de reconstruire le paquet plusieurs fois à "
+"la suite sur votre machine (@pxref{Invoquer guix build}) :"
+
+#. type: example
+#: doc/contributing.texi:427
+#, no-wrap
+msgid "guix build --rounds=2 my-package\n"
+msgstr "guix build --rounds=2 mon-paquet\n"
+
+#. type: enumerate
+#: doc/contributing.texi:431
+msgid ""
+"This is enough to catch a class of common non-determinism issues, such as "
+"timestamps or randomly-generated output in the build result."
+msgstr ""
+"Cela est suffisant pour trouver une classe de non-déterminisme commune, comme "
+"l'horodatage ou des sorties générées aléatoirement dans le résultat de la "
+"construction."
+
+#. type: enumerate
+#: doc/contributing.texi:441
+msgid ""
+"Another option is to use @command{guix challenge} (@pxref{Invoking guix "
+"challenge}). You may run it once the package has been committed and built by "
+"@code{hydra.gnu.org} to check whether it obtains the same result as you did. "
+"Better yet: Find another machine that can build it and run @command{guix "
+"publish}. Since the remote build machine is likely different from yours, this "
+"can catch non-determinism issues related to the hardware---e.g., use of "
+"different instruction set extensions---or to the operating system kernel---e."
+"g., reliance on @code{uname} or @file{/proc} files."
+msgstr ""
+"Une autre option consiste à utiliser @command{guix challenge} (@pxref{Invoquer "
+"guix challenge}). Vous pouvez lancer la commande une fois que les paquets ont "
+"été commités et construits par @code{hydra.gnu.org} pour vérifier s'il obtient "
+"le même résultat que vous. Mieux encore : trouvez une autre machine qui peut "
+"le construire et lancez @command{guix publish}. Puis la machine distante est "
+"sûrement différente de la vôtre, cela peut trouver des problèmes de non-"
+"déterminisme liés au matériel — par exemple utiliser une extension du jeu "
+"d'instruction — ou du noyau du système d'exploitation — par exemple se reposer "
+"sur @code{uname} ou les fichiers de @file{/proc}."
+
+#. type: enumerate
+#: doc/contributing.texi:447
+msgid ""
+"When writing documentation, please use gender-neutral wording when referring "
+"to people, such as @uref{https://en.wikipedia.org/wiki/Singular_they, singular "
+"``they''@comma{} ``their''@comma{} ``them''}, and so forth."
+msgstr ""
+"Lorsque vous écrivez de la documentation, utilisez une formulation au genre "
+"neutre lorsque vous vous référez à des personnes, comme le @uref{https://fr."
+"wikipedia.org/wiki/They_singulier, ``they''@comma{} ``their''@comma{} ``them'' "
+"singulier} (en anglais)."
+
+#. type: enumerate
+#: doc/contributing.texi:451
+msgid ""
+"Verify that your patch contains only one set of related changes. Bundling "
+"unrelated changes together makes reviewing harder and slower."
+msgstr ""
+"Vérifiez que votre correctif contienne seulement un ensemble de changements "
+"liés. Grouper des changements non liés ensemble rend la revue plus difficile "
+"et plus lente."
+
+#. type: enumerate
+#: doc/contributing.texi:454
+msgid ""
+"Examples of unrelated changes include the addition of several packages, or a "
+"package update along with fixes to that package."
+msgstr ""
+"Ajouter plusieurs paquet ou une mise à jour d'un paquet avec des corrections "
+"dans ce paquet sont des exemples de changements sans rapport."
+
+#. type: enumerate
+#: doc/contributing.texi:459
+msgid ""
+"Please follow our code formatting rules, possibly running the @command{etc/"
+"indent-code.el} script to do that automatically for you (@pxref{Formatting "
+"Code})."
+msgstr ""
+"Suivez nos règles de formatage de code, éventuellement en lançant le script "
+"@command{et/indent-code.el} pour le faire automatiquement (@pxref{Formatage du "
+"code})."
+
+#. type: Plain text
+#: doc/contributing.texi:469
+msgid ""
+"When posting a patch to the mailing list, use @samp{[PATCH] @dots{}} as a "
+"subject. You may use your email client or the @command{git send-email} "
+"command (@pxref{Sending a Patch Series}). We prefer to get patches in plain "
+"text messages, either inline or as MIME attachments. You are advised to pay "
+"attention if your email client changes anything like line breaks or "
+"indentation which could potentially break the patches."
+msgstr ""
+"Lorsque vous envoyez un correctif à la liste de diffusion, utilisez "
+"@samp{[PATCH] @dots{}} comme sujet. Vous pouvez utiliser votre client de "
+"courriel ou la commande @command{git send-email} (@pxref{Envoyer une série de "
+"correctifs}). Nous préférons recevoir des correctifs en texte brut, soit en "
+"ligne, soit en pièce-jointe MIME. Nous vous conseillons de faire attention si "
+"votre client de courriel change par exemple les retours à la ligne ou "
+"l'indentation, ce qui peut casser les correctifs."
+
+#. type: Plain text
+#: doc/contributing.texi:472
+msgid ""
+"When a bug is resolved, please close the thread by sending an email to "
+"@email{@var{NNN}-done@@debbugs.gnu.org}."
+msgstr ""
+"Lorsqu'un bogue est résolu, veuillez fermer le fil en envoyant un courriel à "
+"@email{@var{NNN}-done@@debbugs.gnu.org}."
+
+#. type: anchor{#1}
+#: doc/contributing.texi:473 doc/contributing.texi:475
+#, no-wrap
+msgid "Sending a Patch Series"
+msgstr "Envoyer une série de correctifs"
+
+#. type: cindex
+#: doc/contributing.texi:475
+#, no-wrap
+msgid "patch series"
+msgstr "série de correctifs"
+
+#. type: code{#1}
+#: doc/contributing.texi:476
+#, no-wrap
+msgid "git send-email"
+msgstr "git send-email"
+
+#. type: code{#1}
+#: doc/contributing.texi:477
+#, no-wrap
+msgid "git-send-email"
+msgstr "git-send-email"
+
+#. type: Plain text
+#: doc/contributing.texi:485
+msgid ""
+"When sending a patch series (e.g., using @code{git send-email}), please first "
+"send one message to @email{guix-patches@@gnu.org}, and then send subsequent "
+"patches to @email{@var{NNN}@@debbugs.gnu.org} to make sure they are kept "
+"together. See @uref{https://debbugs.gnu.org/Advanced.html, the Debbugs "
+"documentation} for more information."
+msgstr ""
+"Lorsque vous envoyez une série de correctifs (p.e. avec @code{git send-"
+"email}), envoyez d'abord une premier message à @email{guix-patches@@gnu.org} "
+"puis envoyez le reste des correctifs à @email{@var{NNN}@@debbugs.gnu.org} pour "
+"vous assurer qu'ils seront groupés ensemble. Voyez @uref{https://debbugs.gnu."
+"org/Advanced.html, la documentation de Debbugs} pour plus d'informations."
diff --git a/po/doc/guix.fr.po b/po/doc/guix.fr.po
new file mode 100644
index 0000000000..c6795833c2
--- /dev/null
+++ b/po/doc/guix.fr.po
@@ -0,0 +1,42145 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"POT-Creation-Date: 2018-04-10 21:34+0200\n"
+"PO-Revision-Date: 2018-04-13 22:46+0200\n"
+"Last-Translator: Julien Lepiller <julien@lepiller.eu>\n"
+"Language-Team: \n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Poedit 2.0.6\n"
+
+#. type: Plain text
+#: doc/guix.texi:7
+msgid "@documentencoding UTF-8"
+msgstr ""
+"@documentencoding UTF-8\n"
+"@documentlanguage fr"
+
+#. type: title
+#: doc/guix.texi:7 doc/guix.texi:77
+#, no-wrap
+msgid "GNU Guix Reference Manual"
+msgstr "Manuel de référence de GNU Guix"
+
+#. type: include
+#: doc/guix.texi:10
+#, no-wrap
+msgid "version.texi"
+msgstr "version-fr.texi"
+
+#. type: copying
+#: doc/guix.texi:51
+msgid ""
+"Copyright @copyright{} 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas "
+"Enge@* Copyright @copyright{} 2013 Nikita Karetnikov@* Copyright @copyright{} 2014, 2015, 2016 Alex Kost@* Copyright @copyright{} "
+"2015, 2016 Mathieu Lirzin@* Copyright @copyright{} 2014 Pierre-Antoine Rault@* Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/"
+"Kammer@* Copyright @copyright{} 2015, 2016, 2017 Leo Famulari@* Copyright @copyright{} 2015, 2016, 2017, 2018 Ricardo Wurmus@* "
+"Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017, 2018 Chris Marusich@* Copyright @copyright{} 2016, "
+"2017, 2018 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nils Gillmann@* "
+"Copyright @copyright{} 2016, 2017 Jan Nieuwenhuizen@* Copyright @copyright{} 2016 Julien Lepiller@* Copyright @copyright{} 2016 Alex "
+"ter Weele@* Copyright @copyright{} 2017, 2018 Clément Lassieur@* Copyright @copyright{} 2017 Mathieu Othacehe@* Copyright "
+"@copyright{} 2017 Federico Beffa@* Copyright @copyright{} 2017 Carlo Zancanaro@* Copyright @copyright{} 2017 Thomas Danckaert@* "
+"Copyright @copyright{} 2017 humanitiesNerd@* Copyright @copyright{} 2017 Christopher Allan Webber@* Copyright @copyright{} 2017 "
+"Marius Bakke@* Copyright @copyright{} 2017 Hartmut Goebel@* Copyright @copyright{} 2017 Maxim Cournoyer@* Copyright @copyright{} "
+"2017, 2018 Tobias Geerinckx-Rice@* Copyright @copyright{} 2017 George Clemmer@* Copyright @copyright{} 2017 Andy Wingo@* Copyright "
+"@copyright{} 2017, 2018 Arun Isaac@* Copyright @copyright{} 2017 nee@* Copyright @copyright{} 2018 Rutger Helling@* Copyright "
+"@copyright{} 2018 Oleg Pykhalov@* Copyright @copyright{} 2018 Mike Gerwitz"
+msgstr ""
+"Copyright @copyright{} 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas "
+"Enge@* Copyright @copyright{} 2013 Nikita Karetnikov@* Copyright @copyright{} 2014, 2015, 2016 Alex Kost@* Copyright @copyright{} "
+"2015, 2016 Mathieu Lirzin@* Copyright @copyright{} 2014 Pierre-Antoine Rault@* Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/"
+"Kammer@* Copyright @copyright{} 2015, 2016, 2017 Leo Famulari@* Copyright @copyright{} 2015, 2016, 2017, 2018 Ricardo Wurmus@* "
+"Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017, 2018 Chris Marusich@* Copyright @copyright{} 2016, "
+"2017, 2018 Efraim Flashner@* Copyright @copyright{} 2016 John Darrington@* Copyright @copyright{} 2016, 2017 Nils Gillmann@* "
+"Copyright @copyright{} 2016, 2017 Jan Nieuwenhuizen@* Copyright @copyright{} 2016 Julien Lepiller@* Copyright @copyright{} 2016 Alex "
+"ter Weele@* Copyright @copyright{} 2017, 2018 Clément Lassieur@* Copyright @copyright{} 2017 Mathieu Othacehe@* Copyright "
+"@copyright{} 2017 Federico Beffa@* Copyright @copyright{} 2017 Carlo Zancanaro@* Copyright @copyright{} 2017 Thomas Danckaert@* "
+"Copyright @copyright{} 2017 humanitiesNerd@* Copyright @copyright{} 2017 Christopher Allan Webber@* Copyright @copyright{} 2017 "
+"Marius Bakke@* Copyright @copyright{} 2017 Hartmut Goebel@* Copyright @copyright{} 2017 Maxim Cournoyer@* Copyright @copyright{} "
+"2017, 2018 Tobias Geerinckx-Rice@* Copyright @copyright{} 2017 George Clemmer@* Copyright @copyright{} 2017 Andy Wingo@* Copyright "
+"@copyright{} 2017, 2018 Arun Isaac@* Copyright @copyright{} 2017 nee@* Copyright @copyright{} 2018 Rutger Helling@* Copyright "
+"@copyright{} 2018 Oleg Pykhalov@* Copyright @copyright{} 2018 Mike Gerwitz"
+
+#. type: copying
+#: doc/guix.texi:58
+msgid ""
+"Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version "
+"1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-"
+"Cover Texts. A copy of the license is included in the section entitled ``GNU Free Documentation License''."
+msgstr ""
+"Vous avez la permission de copier, distribuer ou modifier ce document sous les termes de la Licence GNU Free Documentation, version "
+"1.3 ou toute version ultérieure publiée par la Free Software Foundation ; sans section invariante, texte de couverture et sans texte "
+"de quatrième de couverture. Une copie de la licence est incluse dans la section intitulée « GNU Free Documentation License »."
+
+#. type: dircategory
+#: doc/guix.texi:60
+#, no-wrap
+msgid "System administration"
+msgstr "Administration système"
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "Guix: (guix)"
+msgstr "Guix: (guix)"
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "Manage installed software and system configuration."
+msgstr "Gérer les logiciels installés et la configuration du système."
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "guix package: (guix)Invoking guix package"
+msgstr "guix package : (guix)Invoquer guix package"
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "Installing, removing, and upgrading packages."
+msgstr "Intaller, supprimer et mettre à jour des paquets."
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "guix gc: (guix)Invoking guix gc"
+msgstr "guix gc : (guix)Invoquer guix gc"
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "Reclaiming unused disk space."
+msgstr "Récupérer de l'espace disque inutilisé."
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "guix pull: (guix)Invoking guix pull"
+msgstr "guix pull : (guix)Invoquer guix pull"
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "Update the list of available packages."
+msgstr "Mettre à jour la liste des paquets disponibles."
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "guix system: (guix)Invoking guix system"
+msgstr "guix system : (guix)Invoquer guix system"
+
+#. type: menuentry
+#: doc/guix.texi:67
+msgid "Manage the operating system configuration."
+msgstr "Gérer la configuration du système d'exploitation."
+
+#. type: dircategory
+#: doc/guix.texi:69
+#, no-wrap
+msgid "Software development"
+msgstr "Développement logiciel"
+
+#. type: menuentry
+#: doc/guix.texi:74
+msgid "guix environment: (guix)Invoking guix environment"
+msgstr "guix environment : (guix)Invoquer guix environment"
+
+#. type: menuentry
+#: doc/guix.texi:74
+msgid "Building development environments with Guix."
+msgstr "Construire des environnements de construction avec Guix."
+
+#. type: menuentry
+#: doc/guix.texi:74
+msgid "guix build: (guix)Invoking guix build"
+msgstr "guix build : (guix)Invoquer guix build"
+
+#. type: menuentry
+#: doc/guix.texi:74
+msgid "Building packages."
+msgstr "Construire des paquets."
+
+#. type: menuentry
+#: doc/guix.texi:74
+msgid "guix pack: (guix)Invoking guix pack"
+msgstr "guix pack : (guix) Invoquer guix pack"
+
+#. type: menuentry
+#: doc/guix.texi:74
+msgid "Creating binary bundles."
+msgstr "Créer des lots binaires."
+
+#. type: subtitle
+#: doc/guix.texi:78
+#, no-wrap
+msgid "Using the GNU Guix Functional Package Manager"
+msgstr "Utiliser le gestionnaire de paquet fonctionnel GNU Guix"
+
+#. type: author
+#: doc/guix.texi:79
+#, no-wrap
+msgid "The GNU Guix Developers"
+msgstr "Les développeurs de GNU Guix"
+
+#. type: titlepage
+#: doc/guix.texi:85
+msgid "Edition @value{EDITION} @* @value{UPDATED} @*"
+msgstr "Édition @value{EDITION} @* @value{UPDATED} @*"
+
+#. type: node
+#: doc/guix.texi:92
+#, no-wrap
+msgid "Top"
+msgstr "Top"
+
+#. type: top
+#: doc/guix.texi:93
+#, no-wrap
+msgid "GNU Guix"
+msgstr "GNU Guix"
+
+#. type: Plain text
+#: doc/guix.texi:97
+msgid "This document describes GNU Guix version @value{VERSION}, a functional package management tool written for the GNU system."
+msgstr ""
+"Cette documentation décrit GNU Guix version @value{VERSION}, un outils de gestion de paquets fonctionnel écrit pour le système GNU."
+
+#. type: chapter
+#: doc/guix.texi:106 doc/guix.texi:294 doc/guix.texi:295
+#, no-wrap
+msgid "Introduction"
+msgstr "Introduction"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "What is Guix about?"
+msgstr "Qu'est-ce que Guix ?"
+
+#. type: chapter
+#: doc/guix.texi:106 doc/guix.texi:116 doc/guix.texi:367 doc/guix.texi:368
+#, no-wrap
+msgid "Installation"
+msgstr "Installation"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "Installing Guix."
+msgstr "Installer Guix."
+
+#. type: chapter
+#: doc/guix.texi:106 doc/guix.texi:131 doc/guix.texi:1652 doc/guix.texi:1653
+#, no-wrap
+msgid "Package Management"
+msgstr "Gestion de paquets"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "Package installation, upgrade, etc."
+msgstr "Installation des paquets, mises à jour, etc."
+
+#. type: chapter
+#: doc/guix.texi:106 doc/guix.texi:151 doc/guix.texi:3106 doc/guix.texi:3107
+#, no-wrap
+msgid "Programming Interface"
+msgstr "Interface de programmation"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "Using Guix in Scheme."
+msgstr "Utiliser Guix en Scheme."
+
+#. type: chapter
+#: doc/guix.texi:106 doc/guix.texi:165 doc/guix.texi:5358 doc/guix.texi:5359
+#, no-wrap
+msgid "Utilities"
+msgstr "Utilitaires"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "Package management commands."
+msgstr "Commandes de gestion de paquets."
+
+#. type: chapter
+#: doc/guix.texi:106 doc/guix.texi:190 doc/guix.texi:7977 doc/guix.texi:7978
+#, no-wrap
+msgid "GNU Distribution"
+msgstr "Distribution GNU"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "Software for your friendly GNU system."
+msgstr "Des logiciels pour un système GNU convivial."
+
+#. type: menuentry
+#: doc/guix.texi:106 doc/guix.texi:276
+msgid "Contributing"
+msgstr "Contribuer"
+
+#. type: menuentry
+#: doc/guix.texi:106
+msgid "Your help needed!"
+msgstr "Nous avons besoin de votre aide !"
+
+#. type: chapter
+#: doc/guix.texi:111 doc/guix.texi:22276 doc/guix.texi:22277
+#, no-wrap
+msgid "Acknowledgments"
+msgstr "Remerciements"
+
+#. type: menuentry
+#: doc/guix.texi:111
+msgid "Thanks!"
+msgstr "Merci !"
+
+#. type: appendix
+#: doc/guix.texi:111 doc/guix.texi:22298 doc/guix.texi:22299
+#, no-wrap
+msgid "GNU Free Documentation License"
+msgstr "La licence GNU Free Documentation"
+
+#. type: menuentry
+#: doc/guix.texi:111
+msgid "The license of this manual."
+msgstr "La licence de ce manuel."
+
+#. type: unnumbered
+#: doc/guix.texi:111 doc/guix.texi:22304 doc/guix.texi:22305
+#, no-wrap
+msgid "Concept Index"
+msgstr "Index des concepts"
+
+#. type: menuentry
+#: doc/guix.texi:111
+msgid "Concepts."
+msgstr "Les concepts."
+
+#. type: unnumbered
+#: doc/guix.texi:111 doc/guix.texi:22308 doc/guix.texi:22309
+#, no-wrap
+msgid "Programming Index"
+msgstr "Index de programmation"
+
+#. type: menuentry
+#: doc/guix.texi:111
+msgid "Data types, functions, and variables."
+msgstr "Types de données, fonctions et variables."
+
+#. type: menuentry
+#: doc/guix.texi:114
+msgid "--- The Detailed Node Listing ---"
+msgstr "--- Liste détaillée des nœuds ---"
+
+#. type: section
+#: doc/guix.texi:123 doc/guix.texi:398 doc/guix.texi:400 doc/guix.texi:401
+#, no-wrap
+msgid "Binary Installation"
+msgstr "Installation binaire"
+
+#. type: menuentry
+#: doc/guix.texi:123 doc/guix.texi:398
+msgid "Getting Guix running in no time!"
+msgstr "Commencer à utiliser Guix en un rien de temps !"
+
+#. type: section
+#: doc/guix.texi:123 doc/guix.texi:398 doc/guix.texi:596 doc/guix.texi:597
+#, no-wrap
+msgid "Requirements"
+msgstr "Prérequis"
+
+#. type: menuentry
+#: doc/guix.texi:123 doc/guix.texi:398
+msgid "Software needed to build and run Guix."
+msgstr "Logiciels requis pour construire et lancer Guix."
+
+#. type: section
+#: doc/guix.texi:123 doc/guix.texi:398 doc/guix.texi:678 doc/guix.texi:679
+#, no-wrap
+msgid "Running the Test Suite"
+msgstr "Lancer la suite de tests"
+
+#. type: menuentry
+#: doc/guix.texi:123 doc/guix.texi:398
+msgid "Testing Guix."
+msgstr "Tester Guix."
+
+#. type: section
+#: doc/guix.texi:123 doc/guix.texi:125 doc/guix.texi:398 doc/guix.texi:743 doc/guix.texi:744
+#, no-wrap
+msgid "Setting Up the Daemon"
+msgstr "Paramétrer le démon"
+
+#. type: menuentry
+#: doc/guix.texi:123 doc/guix.texi:398
+msgid "Preparing the build daemon's environment."
+msgstr "Préparer l'environnement du démon de construction."
+
+#. type: node
+#: doc/guix.texi:123 doc/guix.texi:398 doc/guix.texi:1176
+#, no-wrap
+msgid "Invoking guix-daemon"
+msgstr "Invoquer guix-daemon"
+
+#. type: menuentry
+#: doc/guix.texi:123 doc/guix.texi:398
+msgid "Running the build daemon."
+msgstr "Lancer le démon de construction."
+
+#. type: section
+#: doc/guix.texi:123 doc/guix.texi:398 doc/guix.texi:1441 doc/guix.texi:1442
+#, no-wrap
+msgid "Application Setup"
+msgstr "Réglages applicatifs"
+
+#. type: menuentry
+#: doc/guix.texi:123 doc/guix.texi:398
+msgid "Application-specific setup."
+msgstr "Réglages spécifiques pour les application."
+
+#. type: subsection
+#: doc/guix.texi:129 doc/guix.texi:763 doc/guix.texi:765 doc/guix.texi:766
+#, no-wrap
+msgid "Build Environment Setup"
+msgstr "Réglages de l'environnement de construction"
+
+#. type: menuentry
+#: doc/guix.texi:129 doc/guix.texi:763
+msgid "Preparing the isolated build environment."
+msgstr "Préparer l'environnement de construction isolé."
+
+#. type: node
+#: doc/guix.texi:129 doc/guix.texi:763 doc/guix.texi:882
+#, no-wrap
+msgid "Daemon Offload Setup"
+msgstr "Réglages du délestage du démon"
+
+#. type: menuentry
+#: doc/guix.texi:129 doc/guix.texi:763
+msgid "Offloading builds to remote machines."
+msgstr "Envoyer des constructions à des machines distantes."
+
+#. type: subsection
+#: doc/guix.texi:129 doc/guix.texi:763 doc/guix.texi:1090 doc/guix.texi:1091
+#, no-wrap
+msgid "SELinux Support"
+msgstr "Support de SELinux"
+
+#. type: menuentry
+#: doc/guix.texi:129 doc/guix.texi:763
+msgid "Using an SELinux policy for the daemon."
+msgstr "Utiliser une politique SELinux pour le démon."
+
+#. type: section
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:1684 doc/guix.texi:1685
+#, no-wrap
+msgid "Features"
+msgstr "Fonctionnalités"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "How Guix will make your life brighter."
+msgstr "Comment Guix va rendre votre vie plus heureuse."
+
+#. type: node
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:1761
+#, no-wrap
+msgid "Invoking guix package"
+msgstr "Invoquer guix package"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Package installation, removal, etc."
+msgstr "Installation, suppression, etc. de paquets."
+
+#. type: section
+#: doc/guix.texi:140 doc/guix.texi:142 doc/guix.texi:1682 doc/guix.texi:2245 doc/guix.texi:2246
+#, no-wrap
+msgid "Substitutes"
+msgstr "Substituts"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Downloading pre-built binaries."
+msgstr "Télécharger des binaire déjà construits."
+
+#. type: section
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:2478 doc/guix.texi:2479
+#, no-wrap
+msgid "Packages with Multiple Outputs"
+msgstr "Des paquets avec plusieurs résultats"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Single source package, multiple outputs."
+msgstr "Un seul paquet source, plusieurs résultats."
+
+#. type: node
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:2532
+#, no-wrap
+msgid "Invoking guix gc"
+msgstr "Invoquer guix gc"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Running the garbage collector."
+msgstr "Lancer le ramasse-miettes."
+
+#. type: node
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:2720
+#, no-wrap
+msgid "Invoking guix pull"
+msgstr "Invoquer guix pull"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Fetching the latest Guix and distribution."
+msgstr "Récupérer la dernière version de Guix et de la distribution."
+
+#. type: node
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:2781
+#, no-wrap
+msgid "Invoking guix pack"
+msgstr "Invoquer guix pack"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Creating software bundles."
+msgstr "Créer des lots de logiciels."
+
+#. type: node
+#: doc/guix.texi:140 doc/guix.texi:1682 doc/guix.texi:2941
+#, no-wrap
+msgid "Invoking guix archive"
+msgstr "Invoquer guix archive"
+
+#. type: menuentry
+#: doc/guix.texi:140 doc/guix.texi:1682
+msgid "Exporting and importing store files."
+msgstr "Exporter et importer des fichiers du dépôt."
+
+#. type: subsection
+#: doc/guix.texi:149 doc/guix.texi:2268 doc/guix.texi:2270 doc/guix.texi:2271
+#, no-wrap
+msgid "Official Substitute Server"
+msgstr "Serveur de substituts officiel"
+
+#. type: menuentry
+#: doc/guix.texi:149 doc/guix.texi:2268
+msgid "One particular source of substitutes."
+msgstr "Une source particulière de substituts."
+
+#. type: subsection
+#: doc/guix.texi:149 doc/guix.texi:2268 doc/guix.texi:2300 doc/guix.texi:2301
+#, no-wrap
+msgid "Substitute Server Authorization"
+msgstr "Autoriser un serveur de substituts"
+
+#. type: menuentry
+#: doc/guix.texi:149 doc/guix.texi:2268
+msgid "How to enable or disable substitutes."
+msgstr "Comment activer ou désactiver les substituts."
+
+#. type: subsection
+#: doc/guix.texi:149 doc/guix.texi:2268 doc/guix.texi:2373 doc/guix.texi:2374
+#, no-wrap
+msgid "Substitute Authentication"
+msgstr "Authentification des substituts"
+
+#. type: menuentry
+#: doc/guix.texi:149 doc/guix.texi:2268
+msgid "How Guix verifies substitutes."
+msgstr "Coment Guix vérifie les substituts."
+
+#. type: subsection
+#: doc/guix.texi:149 doc/guix.texi:2268 doc/guix.texi:2408 doc/guix.texi:2409
+#, no-wrap
+msgid "Proxy Settings"
+msgstr "Paramètres de serveur mandataire"
+
+#. type: menuentry
+#: doc/guix.texi:149 doc/guix.texi:2268
+msgid "How to get substitutes via proxy."
+msgstr "Comment récupérer des substituts à travers un serveur mandataire."
+
+#. type: subsection
+#: doc/guix.texi:149 doc/guix.texi:2268 doc/guix.texi:2420 doc/guix.texi:2421
+#, no-wrap
+msgid "Substitution Failure"
+msgstr "Échec de substitution"
+
+#. type: menuentry
+#: doc/guix.texi:149 doc/guix.texi:2268
+msgid "What happens when substitution fails."
+msgstr "Qu'arrive-t-il quand la substitution échoue."
+
+#. type: subsection
+#: doc/guix.texi:149 doc/guix.texi:2268 doc/guix.texi:2448 doc/guix.texi:2449
+#, no-wrap
+msgid "On Trusting Binaries"
+msgstr "De la confiance en des binaires"
+
+#. type: menuentry
+#: doc/guix.texi:149 doc/guix.texi:2268
+msgid "How can you trust that binary blob?"
+msgstr "Comment pouvez-vous avoir confiance en un paquet binaire ?"
+
+#. type: section
+#: doc/guix.texi:158 doc/guix.texi:160 doc/guix.texi:3141 doc/guix.texi:3143 doc/guix.texi:3144
+#, no-wrap
+msgid "Defining Packages"
+msgstr "Définition des paquets"
+
+#. type: menuentry
+#: doc/guix.texi:158 doc/guix.texi:3141
+msgid "Defining new packages."
+msgstr "Définir de nouveaux paquets."
+
+#. type: section
+#: doc/guix.texi:158 doc/guix.texi:3141 doc/guix.texi:3607 doc/guix.texi:3608
+#, no-wrap
+msgid "Build Systems"
+msgstr "Systèmes de construction"
+
+#. type: menuentry
+#: doc/guix.texi:158 doc/guix.texi:3141
+msgid "Specifying how packages are built."
+msgstr "Spécifier comment construire les paquets."
+
+#. type: section
+#: doc/guix.texi:158 doc/guix.texi:3141 doc/guix.texi:4183 doc/guix.texi:4184
+#, no-wrap
+msgid "The Store"
+msgstr "Le dépôt"
+
+#. type: menuentry
+#: doc/guix.texi:158 doc/guix.texi:3141
+msgid "Manipulating the package store."
+msgstr "Manipuler le dépôt de paquets."
+
+#. type: section
+#: doc/guix.texi:158 doc/guix.texi:3141 doc/guix.texi:4333 doc/guix.texi:4334
+#, no-wrap
+msgid "Derivations"
+msgstr "Dérivations"
+
+#. type: menuentry
+#: doc/guix.texi:158 doc/guix.texi:3141
+msgid "Low-level interface to package derivations."
+msgstr "Interface de bas-niveau avec les dérivations de paquets."
+
+#. type: section
+#: doc/guix.texi:158 doc/guix.texi:3141 doc/guix.texi:4511 doc/guix.texi:4512
+#, no-wrap
+msgid "The Store Monad"
+msgstr "La monad du dépôt"
+
+#. type: menuentry
+#: doc/guix.texi:158 doc/guix.texi:3141
+msgid "Purely functional interface to the store."
+msgstr "Interface purement fonctionnelle avec le dépôt."
+
+#. type: section
+#: doc/guix.texi:158 doc/guix.texi:3141 doc/guix.texi:4820 doc/guix.texi:4821
+#, no-wrap
+msgid "G-Expressions"
+msgstr "G-Expressions"
+
+#. type: menuentry
+#: doc/guix.texi:158 doc/guix.texi:3141
+msgid "Manipulating build expressions."
+msgstr "Manipuler les expressions de construction."
+
+#. type: node
+#: doc/guix.texi:163 doc/guix.texi:3389 doc/guix.texi:3392
+#, no-wrap
+msgid "package Reference"
+msgstr "Référence de paquet"
+
+#. type: menuentry
+#: doc/guix.texi:163 doc/guix.texi:3389
+msgid "The package data type."
+msgstr "Le type de donnée des paquets."
+
+#. type: node
+#: doc/guix.texi:163 doc/guix.texi:3389 doc/guix.texi:3519
+#, no-wrap
+msgid "origin Reference"
+msgstr "Référence d'origine"
+
+#. type: menuentry
+#: doc/guix.texi:163 doc/guix.texi:3389
+msgid "The origin data type."
+msgstr "Le type de données d'origine."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:5384
+#, no-wrap
+msgid "Invoking guix build"
+msgstr "Invoquer guix build"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Building packages from the command line."
+msgstr "Construire des paquets depuis la ligne de commande."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:5964
+#, no-wrap
+msgid "Invoking guix edit"
+msgstr "Invoquer guix edit"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Editing package definitions."
+msgstr "Modifier les définitions de paquets."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:5990
+#, no-wrap
+msgid "Invoking guix download"
+msgstr "Invoquer guix download"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Downloading a file and printing its hash."
+msgstr "Télécharger un fichier et afficher son hash."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:6043
+#, no-wrap
+msgid "Invoking guix hash"
+msgstr "Invoquer guix hash"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Computing the cryptographic hash of a file."
+msgstr "Calculer le hash cryptographique d'un fichier."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:6105
+#, no-wrap
+msgid "Invoking guix import"
+msgstr "Invoquer guix import"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Importing package definitions."
+msgstr "Importer des définitions de paquets."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:6472
+#, no-wrap
+msgid "Invoking guix refresh"
+msgstr "Invoquer guix refresh"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Updating package definitions."
+msgstr "Mettre à jour les définitions de paquets."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:6719
+#, no-wrap
+msgid "Invoking guix lint"
+msgstr "Invoquer guix lint"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Finding errors in package definitions."
+msgstr "Trouver des erreurs dans les définitions de paquets."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:6810
+#, no-wrap
+msgid "Invoking guix size"
+msgstr "Invoquer guix size"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Profiling disk usage."
+msgstr "Profiler l'utilisation du disque."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:6926
+#, no-wrap
+msgid "Invoking guix graph"
+msgstr "Invoquer guix graph"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Visualizing the graph of packages."
+msgstr "Visualiser le graphe des paquets."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:7105
+#, no-wrap
+msgid "Invoking guix environment"
+msgstr "Invoquer guix environment"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Setting up development environments."
+msgstr "Mettre en place des environnements de développement."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:7424
+#, no-wrap
+msgid "Invoking guix publish"
+msgstr "Invoquer guix publish"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Sharing substitutes."
+msgstr "Partager des substituts."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:7641
+#, no-wrap
+msgid "Invoking guix challenge"
+msgstr "Invoquer guix challenge"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Challenging substitute servers."
+msgstr "Défier les serveurs de substituts."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:7780
+#, no-wrap
+msgid "Invoking guix copy"
+msgstr "Invoquer guix copy"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Copying to and from a remote store."
+msgstr "Copier vers et depuis un dépôt distant."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:7843
+#, no-wrap
+msgid "Invoking guix container"
+msgstr "Invoquer guix container"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Process isolation."
+msgstr "Isolation de processus."
+
+#. type: node
+#: doc/guix.texi:181 doc/guix.texi:5382 doc/guix.texi:7897
+#, no-wrap
+msgid "Invoking guix weather"
+msgstr "Invoquer guix weather"
+
+#. type: menuentry
+#: doc/guix.texi:181 doc/guix.texi:5382
+msgid "Assessing substitute availability."
+msgstr "Mesurer la disponibilité des substituts."
+
+#. type: section
+#: doc/guix.texi:183 doc/guix.texi:5385
+#, no-wrap
+msgid "Invoking @command{guix build}"
+msgstr "Invoquer @command{guix build}"
+
+#. type: subsection
+#: doc/guix.texi:188 doc/guix.texi:5436 doc/guix.texi:5438 doc/guix.texi:5439
+#, no-wrap
+msgid "Common Build Options"
+msgstr "Options de construction communes"
+
+#. type: menuentry
+#: doc/guix.texi:188 doc/guix.texi:5436
+msgid "Build options for most commands."
+msgstr "Options de construction pour la plupart des commandes."
+
+#. type: subsection
+#: doc/guix.texi:188 doc/guix.texi:5436 doc/guix.texi:5580 doc/guix.texi:5581
+#, no-wrap
+msgid "Package Transformation Options"
+msgstr "Options de transformation de paquets"
+
+#. type: menuentry
+#: doc/guix.texi:188 doc/guix.texi:5436
+msgid "Creating variants of packages."
+msgstr "Créer des variantes de paquets."
+
+#. type: subsection
+#: doc/guix.texi:188 doc/guix.texi:5436 doc/guix.texi:5680 doc/guix.texi:5681
+#, no-wrap
+msgid "Additional Build Options"
+msgstr "Options de construction supplémentaires"
+
+#. type: menuentry
+#: doc/guix.texi:188 doc/guix.texi:5436
+msgid "Options specific to 'guix build'."
+msgstr "Options spécifiques à « guix build »."
+
+#. type: subsection
+#: doc/guix.texi:188 doc/guix.texi:5436 doc/guix.texi:5884 doc/guix.texi:5885
+#, no-wrap
+msgid "Debugging Build Failures"
+msgstr "Débogage des échecs de construction"
+
+#. type: menuentry
+#: doc/guix.texi:188 doc/guix.texi:5436
+msgid "Real life packaging experience."
+msgstr "La vie d'un empaqueteur."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:202 doc/guix.texi:8049 doc/guix.texi:8054 doc/guix.texi:8055
+#, no-wrap
+msgid "System Installation"
+msgstr "Installation du système"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Installing the whole operating system."
+msgstr "Installer le système d'exploitation complet."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:212 doc/guix.texi:8049 doc/guix.texi:8670 doc/guix.texi:8671
+#, no-wrap
+msgid "System Configuration"
+msgstr "Configuration système"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Configuring the operating system."
+msgstr "Configurer le système d'exploitation."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:8049 doc/guix.texi:21289 doc/guix.texi:21290
+#, no-wrap
+msgid "Documentation"
+msgstr "Documentation"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Browsing software user manuals."
+msgstr "Visualiser les manuels d'utilisateur des logiciels."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:8049 doc/guix.texi:21353 doc/guix.texi:21354
+#, no-wrap
+msgid "Installing Debugging Files"
+msgstr "Installer les fichiers de débogage"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Feeding the debugger."
+msgstr "Nourrir le débogueur."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:8049 doc/guix.texi:21419 doc/guix.texi:21420
+#, no-wrap
+msgid "Security Updates"
+msgstr "Mises à jour de sécurité"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Deploying security fixes quickly."
+msgstr "Déployer des correctifs de sécurité rapidement."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:8049 doc/guix.texi:21539 doc/guix.texi:21540
+#, no-wrap
+msgid "Package Modules"
+msgstr "Modules de paquets"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Packages from the programmer's viewpoint."
+msgstr "Les paquets du point de vu du programmeur."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:265 doc/guix.texi:8049 doc/guix.texi:21593 doc/guix.texi:21594
+#, no-wrap
+msgid "Packaging Guidelines"
+msgstr "Consignes d'empaquetage"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Growing the distribution."
+msgstr "Faire grandir la distribution."
+
+#. type: section
+#: doc/guix.texi:200 doc/guix.texi:8049 doc/guix.texi:22044 doc/guix.texi:22045
+#, no-wrap
+msgid "Bootstrapping"
+msgstr "Bootstrapping"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "GNU/Linux built from scratch."
+msgstr "GNU/Linux depuis zéro."
+
+#. type: node
+#: doc/guix.texi:200 doc/guix.texi:8049 doc/guix.texi:22228
+#, no-wrap
+msgid "Porting"
+msgstr "Porter"
+
+#. type: menuentry
+#: doc/guix.texi:200 doc/guix.texi:8049
+msgid "Targeting another platform or kernel."
+msgstr "Cibler une autre plateforme ou un autre noyau."
+
+#. type: subsection
+#: doc/guix.texi:210 doc/guix.texi:1126 doc/guix.texi:8086 doc/guix.texi:8088 doc/guix.texi:8089
+#, no-wrap
+msgid "Limitations"
+msgstr "Limitations"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "What you can expect."
+msgstr "Ce à quoi vous attendre."
+
+#. type: subsection
+#: doc/guix.texi:210 doc/guix.texi:8086 doc/guix.texi:8132 doc/guix.texi:8133
+#, no-wrap
+msgid "Hardware Considerations"
+msgstr "Considérations matérielles"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "Supported hardware."
+msgstr "Matériel supporté."
+
+#. type: subsection
+#: doc/guix.texi:210 doc/guix.texi:8086 doc/guix.texi:8167 doc/guix.texi:8168
+#, no-wrap
+msgid "USB Stick and DVD Installation"
+msgstr "Installation depuis une clef USB ou un DVD"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "Preparing the installation medium."
+msgstr "Préparer le média d'installation."
+
+#. type: subsection
+#: doc/guix.texi:210 doc/guix.texi:8086 doc/guix.texi:8265 doc/guix.texi:8266
+#, no-wrap
+msgid "Preparing for Installation"
+msgstr "Préparer l'installation"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "Networking, partitioning, etc."
+msgstr "Réseau, partitionnement, etc."
+
+#. type: subsection
+#: doc/guix.texi:210 doc/guix.texi:8086 doc/guix.texi:8504 doc/guix.texi:8505
+#, no-wrap
+msgid "Proceeding with the Installation"
+msgstr "Effectuer l'installation"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "The real thing."
+msgstr "Pour de vrai."
+
+#. type: node
+#: doc/guix.texi:210 doc/guix.texi:8086 doc/guix.texi:8601
+#, no-wrap
+msgid "Installing GuixSD in a VM"
+msgstr "Installer GuixSD dans une VM"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "GuixSD playground."
+msgstr "Jouer avec GuixSD."
+
+#. type: subsection
+#: doc/guix.texi:210 doc/guix.texi:8086 doc/guix.texi:8655 doc/guix.texi:8656
+#, no-wrap
+msgid "Building the Installation Image"
+msgstr "Construire l'image d'installation"
+
+#. type: menuentry
+#: doc/guix.texi:210 doc/guix.texi:8086
+msgid "How this comes to be."
+msgstr "D'où vient tout cela."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:8713 doc/guix.texi:8714
+#, no-wrap
+msgid "Using the Configuration System"
+msgstr "Utiliser le système de configuration"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Customizing your GNU system."
+msgstr "Personnaliser votre système GNU."
+
+#. type: node
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:8929
+#, no-wrap
+msgid "operating-system Reference"
+msgstr "Référence de système d'exploitation"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Detail of operating-system declarations."
+msgstr "Détail sur la déclaration de système d'exploitation."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:9083 doc/guix.texi:9084
+#, no-wrap
+msgid "File Systems"
+msgstr "Systèmes de fichiers"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Configuring file system mounts."
+msgstr "Configurer les montages de systèmes de fichiers."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:9246 doc/guix.texi:9247
+#, no-wrap
+msgid "Mapped Devices"
+msgstr "Périphériques mappés"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Block device extra processing."
+msgstr "Gestion des périphériques de bloc."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:9367 doc/guix.texi:9368
+#, no-wrap
+msgid "User Accounts"
+msgstr "Comptes utilisateurs"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Specifying user accounts."
+msgstr "Spécifier des comptes utilisateurs."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:1449 doc/guix.texi:8711 doc/guix.texi:9502 doc/guix.texi:9503
+#, no-wrap
+msgid "Locales"
+msgstr "Régionalisation"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Language and cultural convention settings."
+msgstr "Paramétrer la langue et les conventions culturelles."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:230 doc/guix.texi:8711 doc/guix.texi:9642 doc/guix.texi:9643
+#, no-wrap
+msgid "Services"
+msgstr "Services"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Specifying system services."
+msgstr "Spécifier les services du système."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:19658 doc/guix.texi:19659
+#, no-wrap
+msgid "Setuid Programs"
+msgstr "Programmes setuid"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Programs running with root privileges."
+msgstr "Programmes tournant avec les privilèges root."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:1594 doc/guix.texi:8711 doc/guix.texi:19704 doc/guix.texi:19705
+#, no-wrap
+msgid "X.509 Certificates"
+msgstr "Certificats X.509"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Authenticating HTTPS servers."
+msgstr "Authentifier les serveurs HTTPS."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:1492 doc/guix.texi:8711 doc/guix.texi:19767 doc/guix.texi:19768
+#, no-wrap
+msgid "Name Service Switch"
+msgstr "Name Service Switch"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Configuring libc's name service switch."
+msgstr "Configurer le « name service switch » de la libc."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:19905 doc/guix.texi:19906
+#, no-wrap
+msgid "Initial RAM Disk"
+msgstr "Disque de RAM initial"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Linux-Libre bootstrapping."
+msgstr "Démarrage de Linux-Libre."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:20065 doc/guix.texi:20066
+#, no-wrap
+msgid "Bootloader Configuration"
+msgstr "Configuration du chargeur d'amorçage"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Configuring the boot loader."
+msgstr "Configurer le chargeur d'amorçage."
+
+#. type: node
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:20236
+#, no-wrap
+msgid "Invoking guix system"
+msgstr "Invoquer guix system"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Instantiating a system configuration."
+msgstr "Instantier une configuration du système."
+
+#. type: node
+#: doc/guix.texi:228 doc/guix.texi:8711 doc/guix.texi:20661
+#, no-wrap
+msgid "Running GuixSD in a VM"
+msgstr "Lancer GuixSD dans une VM"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "How to run GuixSD in a virtual machine."
+msgstr "Comment lancer GuixSD dans une machine virtuelle."
+
+#. type: subsection
+#: doc/guix.texi:228 doc/guix.texi:258 doc/guix.texi:8711 doc/guix.texi:20772 doc/guix.texi:20773
+#, no-wrap
+msgid "Defining Services"
+msgstr "Définir des services"
+
+#. type: menuentry
+#: doc/guix.texi:228 doc/guix.texi:8711
+msgid "Adding new service definitions."
+msgstr "Ajouter de nouvelles définitions de services."
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:9716 doc/guix.texi:9717
+#, no-wrap
+msgid "Base Services"
+msgstr "Services de base"
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Essential system services."
+msgstr "Services systèmes essentiels."
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:10484 doc/guix.texi:10485
+#, no-wrap
+msgid "Scheduled Job Execution"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "The mcron service."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:10579 doc/guix.texi:10580
+#, no-wrap
+msgid "Log Rotation"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "The rottlog service."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:10681 doc/guix.texi:10682
+#, no-wrap
+msgid "Networking Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Network setup, SSH daemon, etc."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:11382 doc/guix.texi:11383
+#, no-wrap
+msgid "X Window"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Graphical display."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:11628 doc/guix.texi:11629
+#, no-wrap
+msgid "Printing Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Local and remote printer support."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:12465 doc/guix.texi:12466
+#, no-wrap
+msgid "Desktop Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "D-Bus and desktop services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:12758 doc/guix.texi:12759
+#, no-wrap
+msgid "Database Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "SQL databases, key-value stores, etc."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:12882 doc/guix.texi:12883
+#, no-wrap
+msgid "Mail Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "IMAP, POP3, SMTP, and all that."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:14334 doc/guix.texi:14335
+#, no-wrap
+msgid "Messaging Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Messaging services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:14802 doc/guix.texi:14803
+#, no-wrap
+msgid "Telephony Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Telephony services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:15007 doc/guix.texi:15008
+#, no-wrap
+msgid "Monitoring Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Monitoring services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:15160 doc/guix.texi:15161
+#, no-wrap
+msgid "Kerberos Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Kerberos services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:15286 doc/guix.texi:15287
+#, no-wrap
+msgid "Web Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Web servers."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:15895 doc/guix.texi:15896
+#, no-wrap
+msgid "Certificate Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "TLS certificates via Let's Encrypt."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:16041 doc/guix.texi:16042
+#, no-wrap
+msgid "DNS Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "DNS daemons."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:16445 doc/guix.texi:16446
+#, no-wrap
+msgid "VPN Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "VPN daemons."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:16803 doc/guix.texi:16804
+#, no-wrap
+msgid "Network File System"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "NFS related services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:16918 doc/guix.texi:16919
+#, no-wrap
+msgid "Continuous Integration"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "The Cuirass service."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:17014 doc/guix.texi:17015
+#, no-wrap
+msgid "Power management Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "The TLP tool."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:17542 doc/guix.texi:17543
+#, no-wrap
+msgid "Audio Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "The MPD."
+msgstr ""
+
+#. type: node
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:17592
+#, no-wrap
+msgid "Virtualization Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Virtualization services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:18385 doc/guix.texi:18386
+#, no-wrap
+msgid "Version Control Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Providing remote access to Git repositories."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:19466 doc/guix.texi:19467
+#, no-wrap
+msgid "Game Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Game servers."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:256 doc/guix.texi:9714 doc/guix.texi:19497 doc/guix.texi:19498
+#, no-wrap
+msgid "Miscellaneous Services"
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:256 doc/guix.texi:9714
+msgid "Other services."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:263 doc/guix.texi:20784 doc/guix.texi:20786 doc/guix.texi:20787
+#, no-wrap
+msgid "Service Composition"
+msgstr "Composition de services"
+
+#. type: menuentry
+#: doc/guix.texi:263 doc/guix.texi:20784
+msgid "The model for composing services."
+msgstr "Le modèle de composition des services."
+
+#. type: subsubsection
+#: doc/guix.texi:263 doc/guix.texi:20784 doc/guix.texi:20842 doc/guix.texi:20843
+#, no-wrap
+msgid "Service Types and Services"
+msgstr "Types service et services"
+
+#. type: menuentry
+#: doc/guix.texi:263 doc/guix.texi:20784
+msgid "Types and services."
+msgstr "Types et services."
+
+#. type: subsubsection
+#: doc/guix.texi:263 doc/guix.texi:20784 doc/guix.texi:20979 doc/guix.texi:20980
+#, no-wrap
+msgid "Service Reference"
+msgstr "Référence de service"
+
+#. type: menuentry
+#: doc/guix.texi:263 doc/guix.texi:20784
+msgid "API reference."
+msgstr "Référence de l'API."
+
+#. type: subsubsection
+#: doc/guix.texi:263 doc/guix.texi:20784 doc/guix.texi:21204 doc/guix.texi:21205
+#, no-wrap
+msgid "Shepherd Services"
+msgstr "Services Shepherd"
+
+#. type: menuentry
+#: doc/guix.texi:263 doc/guix.texi:20784
+msgid "A particular type of service."
+msgstr "Un type de service particulier."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21670 doc/guix.texi:21671
+#, no-wrap
+msgid "Software Freedom"
+msgstr "Liberté logiciel"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "What may go into the distribution."
+msgstr "Ce que la distribution peut contenir."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21698 doc/guix.texi:21699
+#, no-wrap
+msgid "Package Naming"
+msgstr "Conventions de nommage"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "What's in a name?"
+msgstr "Qu'est-ce qu'un bon nom ?"
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21723 doc/guix.texi:21724
+#, no-wrap
+msgid "Version Numbers"
+msgstr "Numéros de version"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "When the name is not enough."
+msgstr "Lorsque le nom n'est pas suffisant."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21814 doc/guix.texi:21815
+#, no-wrap
+msgid "Synopses and Descriptions"
+msgstr "Synopsis et descriptions"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "Helping users find the right package."
+msgstr "Aider les utilisateurs à trouver le bon paquet."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21894 doc/guix.texi:21895
+#, no-wrap
+msgid "Python Modules"
+msgstr "Modules python"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "A touch of British comedy."
+msgstr "Un peu de comédie anglaise."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21969 doc/guix.texi:21970
+#, no-wrap
+msgid "Perl Modules"
+msgstr "Modules perl"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "Little pearls."
+msgstr "Petites perles."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:21985 doc/guix.texi:21986
+#, no-wrap
+msgid "Java Packages"
+msgstr "Paquets java"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "Coffee break."
+msgstr "Pause café."
+
+#. type: subsection
+#: doc/guix.texi:274 doc/guix.texi:21668 doc/guix.texi:22005 doc/guix.texi:22006
+#, no-wrap
+msgid "Fonts"
+msgstr "Polices de caractères"
+
+#. type: menuentry
+#: doc/guix.texi:274 doc/guix.texi:21668
+msgid "Fond of fonts."
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "Building from Git"
+msgstr "Construire depuis Git"
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "The latest and greatest."
+msgstr ""
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "Running Guix Before It Is Installed"
+msgstr "Lancer Guix avant qu'il ne soit installé"
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "Hacker tricks."
+msgstr "Astuces pour les hackers."
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "The Perfect Setup"
+msgstr "La configuration parfaite"
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "The right tools."
+msgstr "Les bons outils."
+
+#. type: menuentry
+#: doc/guix.texi:282 doc/guix.texi:284
+msgid "Coding Style"
+msgstr "Style de code"
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "Hygiene of the contributor."
+msgstr "Hygiène du contributeur."
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "Submitting Patches"
+msgstr "Envoyer des correctifs"
+
+#. type: menuentry
+#: doc/guix.texi:282
+msgid "Share your work."
+msgstr "Partager votre travail."
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Programming Paradigm"
+msgstr "Paradigme de programmation"
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "How to compose your elements."
+msgstr "Comment composer vos éléments."
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Modules"
+msgstr "Modules"
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Where to store your code?"
+msgstr "Où stocker votre code ?"
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Data Types and Pattern Matching"
+msgstr "Types de données et reconnaissance de motif"
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Implementing data structures."
+msgstr "Implémenter des structures de données."
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Formatting Code"
+msgstr "Formatage du code"
+
+#. type: menuentry
+#: doc/guix.texi:289
+msgid "Writing conventions."
+msgstr "Conventions d'écriture."
+
+#. type: cindex
+#: doc/guix.texi:297
+#, no-wrap
+msgid "purpose"
+msgstr "but"
+
+#. type: Plain text
+#: doc/guix.texi:304
+msgid ""
+"GNU Guix@footnote{``Guix'' is pronounced like ``geeks'', or ``ɡiːks'' using the international phonetic alphabet (IPA).} is a package "
+"management tool for the GNU system. Guix makes it easy for unprivileged users to install, upgrade, or remove packages, to roll back "
+"to a previous package set, to build packages from source, and generally assists with the creation and maintenance of software "
+"environments."
+msgstr ""
+"GNU Guix@footnote{« Guix » se prononce comme « geeks » (en prononçant le « s »), ou « ɡiːks » dans l'alphabet phonétique "
+"international (API).} est un outil de gestion de paquets pour le système GNU. Guix facilite pour les utilisateurs non privilégiés "
+"l'installation, la mise à jour et la suppression de paquets, la restauration à un ensemble de paquets précédent, la construction de "
+"paquets depuis les sources et plus généralement aide à la création et à la maintenance d'environnements logiciels."
+
+#. type: cindex
+#: doc/guix.texi:305
+#, no-wrap
+msgid "user interfaces"
+msgstr "interfaces utilisateurs"
+
+#. type: Plain text
+#: doc/guix.texi:310
+msgid ""
+"Guix provides a command-line package management interface (@pxref{Invoking guix package}), a set of command-line utilities "
+"(@pxref{Utilities}), as well as Scheme programming interfaces (@pxref{Programming Interface})."
+msgstr ""
+"Guix fournit une interface de gestion des paquets par la ligne de commande (@pxref{Invoquer guix package}), un ensemble "
+"d'utilitaires en ligne de commande (@pxref{Utilitaires}) ainsi que des interfaces de programmation Scheme (@pxref{Interface de "
+"programmation})."
+
+#. type: cindex
+#: doc/guix.texi:310
+#, no-wrap
+msgid "build daemon"
+msgstr "démon de construction"
+
+#. type: Plain text
+#: doc/guix.texi:314
+msgid ""
+"Its @dfn{build daemon} is responsible for building packages on behalf of users (@pxref{Setting Up the Daemon}) and for downloading "
+"pre-built binaries from authorized sources (@pxref{Substitutes})."
+msgstr ""
+"Son @dfn{démon de construction} est responsable de la construction des paquets pour les utilisateurs (@pxref{Paramétrer le démon}) "
+"et du téléchargement des binaires pré-construits depuis les sources autorisées (@pxref{Substituts})."
+
+#. type: cindex
+#: doc/guix.texi:315
+#, no-wrap
+msgid "extensibility of the distribution"
+msgstr "extensibilité de la distribution"
+
+#. type: cindex
+#: doc/guix.texi:316 doc/guix.texi:21561
+#, no-wrap
+msgid "customization, of packages"
+msgstr "personnalisation, des paquets"
+
+#. type: Plain text
+#: doc/guix.texi:325
+msgid ""
+"Guix includes package definitions for many GNU and non-GNU packages, all of which @uref{https://www.gnu.org/philosophy/free-sw.html, "
+"respect the user's computing freedom}. It is @emph{extensible}: users can write their own package definitions (@pxref{Defining "
+"Packages}) and make them available as independent package modules (@pxref{Package Modules}). It is also @emph{customizable}: users "
+"can @emph{derive} specialized package definitions from existing ones, including from the command line (@pxref{Package Transformation "
+"Options})."
+msgstr ""
+"Guix contient de nombreuses définitions de paquet GNU et non-GNU qui respectent tous les @uref{https://www.gnu.org/philosophy/free-"
+"sw.fr.html, libertés de l'utilisateur}. Il est @emph{extensible} : les utilisateurs peuvent écrire leurs propres définitions de "
+"paquets (@pxref{Defining Packages}) et les rendre disponibles dans des modules de paquets indépendants (@pxref{Package Modules}). Il "
+"est aussi @emph{personnalisable} : les utilisateurs peuvent @emph{dériver} des définitions de paquets spécialisées à partir de "
+"définitions existantes, même depuis la ligne de commande (@pxref{Package Transformation Options})."
+
+#. type: cindex
+#: doc/guix.texi:326 doc/guix.texi:7980 doc/guix.texi:8058
+#, no-wrap
+msgid "Guix System Distribution"
+msgstr "Distribution Système Guix"
+
+#. type: cindex
+#: doc/guix.texi:327 doc/guix.texi:7981
+#, no-wrap
+msgid "GuixSD"
+msgstr "GuixSD"
+
+#. type: Plain text
+#: doc/guix.texi:336
+msgid ""
+"You can install GNU@tie{}Guix on top of an existing GNU/Linux system where it complements the available tools without interference "
+"(@pxref{Installation}), or you can use it as part of the standalone @dfn{Guix System Distribution} or GuixSD (@pxref{GNU "
+"Distribution}). With GNU@tie{}GuixSD, you @emph{declare} all aspects of the operating system configuration and Guix takes care of "
+"instantiating the configuration in a transactional, reproducible, and stateless fashion (@pxref{System Configuration})."
+msgstr ""
+"Vous pouvez installer GNU@tie{}Guix sur un système GNU/Linux existant pour compléter les outils disponibles sans interférence "
+"(@pxref{Installation}) ou vous pouvez l'utiliser à travers la @dfn{Distribution Système Guix} ou GuixSD (@pxref{Distribution GNU}) "
+"distincte. Avec GNU@tie{}GuixSD, vous @emph{déclarez} tous les aspects de la configuration du système d'exploitation et Guix "
+"s'occupe de créer la configuration d'une manière transactionnelle, reproductible et sans état (@pxref{Configuration système})."
+
+#. type: cindex
+#: doc/guix.texi:337
+#, no-wrap
+msgid "functional package management"
+msgstr "gestion de paquet fonctionnelle"
+
+#. type: Plain text
+#: doc/guix.texi:352
+msgid ""
+"Under the hood, Guix implements the @dfn{functional package management} discipline pioneered by Nix (@pxref{Acknowledgments}). In "
+"Guix, the package build and installation process is seen as a @emph{function}, in the mathematical sense. That function takes "
+"inputs, such as build scripts, a compiler, and libraries, and returns an installed package. As a pure function, its result depends "
+"solely on its inputs---for instance, it cannot refer to software or scripts that were not explicitly passed as inputs. A build "
+"function always produces the same result when passed a given set of inputs. It cannot alter the environment of the running system "
+"in any way; for instance, it cannot create, modify, or delete files outside of its build and installation directories. This is "
+"achieved by running build processes in isolated environments (or @dfn{containers}), where only their explicit inputs are visible."
+msgstr ""
+"Sous le capot, Guix implémente la discipline de @dfn{gestion de paquet fonctionnel} inventé par Nix (@pxref{Remerciements}). Dans "
+"Guix le processus de construction et d'installation des paquets est vu comme une @emph{fonction} dans le sens mathématique du terme. "
+"Cette fonction a des entrées (comme des scripts de construction, un compilateur et des bibliothèques) et renvoie un paquet installé. "
+"En tant que fonction pure, son résultat ne dépend que de ses entrées. Par exemple, il ne peut pas faire référence à des logiciels ou "
+"des scripts qui n'ont pas été explicitement passés en entrée. Une fonction de construction produit toujours le même résultat quand "
+"on lui donne le même ensemble d'entrée. Elle ne peut pas modifier l'environnement du système en cours d'exécution d'aucune manière ; "
+"par exemple elle ne peut pas créer, modifier ou supprimer des fichiers en dehors de ses répertoires de construction et "
+"d'installation. Ce résultat s'obtient en lançant les processus de construction dans des environnements isolés (ou des "
+"@dfn{conteneurs}) où seules les entrées explicites sont visibles."
+
+#. type: cindex
+#: doc/guix.texi:353 doc/guix.texi:4186
+#, no-wrap
+msgid "store"
+msgstr "dépôt"
+
+#. type: Plain text
+#: doc/guix.texi:360
+msgid ""
+"The result of package build functions is @dfn{cached} in the file system, in a special directory called @dfn{the store} (@pxref{The "
+"Store}). Each package is installed in a directory of its own in the store---by default under @file{/gnu/store}. The directory name "
+"contains a hash of all the inputs used to build that package; thus, changing an input yields a different directory name."
+msgstr ""
+"Le résultat des fonctions de construction de paquets est mis en @dfn{cache} dans le système de fichier, dans répertoire spécial "
+"appelé le @dfn{dépôt} (@pxref{The Store}). Chaque paquet est installé dans son répertoire propre dans le dépôt — par défaut dans "
+"@file{/gnu/store}. Le nom du répertoire contient un hash de toutes les entrées utilisées pour construire le paquet ; ainsi, changer "
+"une entrée donnera un nom de répertoire différent."
+
+#. type: Plain text
+#: doc/guix.texi:364
+msgid ""
+"This approach is the foundation for the salient features of Guix: support for transactional package upgrade and rollback, per-user "
+"installation, and garbage collection of packages (@pxref{Features})."
+msgstr ""
+"Cette approche est le fondement des fonctionnalités les plus importante de Guix : le support des mises à jour des paquets et des "
+"retours en arrière transactionnels, l'installation différenciée par utilisateur et le ramassage de miettes pour les paquets "
+"(@pxref{Fonctionnalités})."
+
+#. type: cindex
+#: doc/guix.texi:370
+#, no-wrap
+msgid "installing Guix"
+msgstr "installer Guix"
+
+#. type: Plain text
+#: doc/guix.texi:375
+msgid ""
+"GNU Guix is available for download from its website at @url{http://www.gnu.org/software/guix/}. This section describes the software "
+"requirements of Guix, as well as how to install it and get ready to use it."
+msgstr ""
+"GNU Guix est disponible au téléchargement depuis son site web sur @url{http://www.gnu.org/software/guix/}. Cette section décrit les "
+"pré-requis logiciels de Guix ainsi que la manière de l'installer et de se préparer à l'utiliser."
+
+#. type: Plain text
+#: doc/guix.texi:380
+msgid ""
+"Note that this section is concerned with the installation of the package manager, which can be done on top of a running GNU/Linux "
+"system. If, instead, you want to install the complete GNU operating system, @pxref{System Installation}."
+msgstr ""
+"Remarquez que cette section concerne l'installation du gestionnaire de paquet, ce qui se fait sur un système GNU/Linux en cours "
+"d'exécution. Si vous souhaitez plutôt installer le système d'exploitation GNU complet, @pxref{System Installation}."
+
+#. type: cindex
+#: doc/guix.texi:381 doc/guix.texi:1444
+#, no-wrap
+msgid "foreign distro"
+msgstr "distro extérieure"
+
+#. type: Plain text
+#: doc/guix.texi:387
+msgid ""
+"When installed on a running GNU/Linux system---thereafter called a @dfn{foreign distro}---GNU@tie{}Guix complements the available "
+"tools without interference. Its data lives exclusively in two directories, usually @file{/gnu/store} and @file{/var/guix}; other "
+"files on your system, such as @file{/etc}, are left untouched."
+msgstr ""
+"Lorsqu'il est installé sur an système GNU/Linux existant — ci-après nommé @dfn{distro extérieure} — GNU@tie{}Guix complète les "
+"outils disponibles sans interférence. Ses données se trouvent exclusivement dans deux répertoires, typiquement @file{/gnu/store} et "
+"@file{/var/guix} ; les autres fichiers de votre système comme @file{/etc} sont laissés intacts."
+
+#. type: Plain text
+#: doc/guix.texi:390
+msgid "Once installed, Guix can be updated by running @command{guix pull} (@pxref{Invoking guix pull})."
+msgstr "Une fois installé, Guix peut être mis à jour en lançant @command{guix pull} (@pxref{Invoking guix pull})."
+
+#. type: cindex
+#: doc/guix.texi:403
+#, no-wrap
+msgid "installing Guix from binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:409
+msgid ""
+"This section describes how to install Guix on an arbitrary system from a self-contained tarball providing binaries for Guix and for "
+"all its dependencies. This is often quicker than installing from source, which is described in the next sections. The only "
+"requirement is to have GNU@tie{}tar and Xz."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:414
+msgid ""
+"We provide a @uref{https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh, shell installer script}, which automates "
+"the download, installation, and initial configuration of Guix. It should be run as the root user."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:416
+msgid "Installing goes along these lines:"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:419
+#, no-wrap
+msgid "downloading Guix binary"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:424
+msgid ""
+"Download the binary tarball from @indicateurl{ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz}, where "
+"@var{system} is @code{x86_64-linux} for an @code{x86_64} machine already running the kernel Linux, and so on."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:428
+msgid ""
+"Make sure to download the associated @file{.sig} file and to verify the authenticity of the tarball against it, along these lines:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:432
+#, no-wrap
+msgid ""
+"$ wget ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz.sig\n"
+"$ gpg --verify guix-binary-@value{VERSION}.@var{system}.tar.xz.sig\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:436 doc/guix.texi:8194
+msgid "If that command fails because you do not have the required public key, then run this command to import it:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:439 doc/guix.texi:8197
+#, no-wrap
+msgid "$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:444 doc/guix.texi:8202
+msgid "and rerun the @code{gpg --verify} command."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:448
+msgid ""
+"Now, you need to become the @code{root} user. Depending on your distribution, you may have to run @code{su -} or @code{sudo -i}. "
+"As @code{root}, run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:454
+#, no-wrap
+msgid ""
+"# cd /tmp\n"
+"# tar --warning=no-timestamp -xf \\\n"
+" guix-binary-@value{VERSION}.@var{system}.tar.xz\n"
+"# mv var/guix /var/ && mv gnu /\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:459
+msgid ""
+"This creates @file{/gnu/store} (@pxref{The Store}) and @file{/var/guix}. The latter contains a ready-to-use profile for @code{root} "
+"(see next step.)"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:462
+msgid "Do @emph{not} unpack the tarball on a working Guix system since that would overwrite its own essential files."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:472
+msgid ""
+"The @code{--warning=no-timestamp} option makes sure GNU@tie{}tar does not emit warnings about ``implausibly old time stamps'' (such "
+"warnings were triggered by GNU@tie{}tar 1.26 and older; recent versions are fine.) They stem from the fact that all the files in "
+"the archive have their modification time set to zero (which means January 1st, 1970.) This is done on purpose to make sure the "
+"archive content is independent of its creation time, thus making it reproducible."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:475
+msgid "Make @code{root}'s profile available under @file{~root/.guix-profile}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:479
+#, no-wrap
+msgid ""
+"# ln -sf /var/guix/profiles/per-user/root/guix-profile \\\n"
+" ~root/.guix-profile\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:483
+msgid "Source @file{etc/profile} to augment @code{PATH} and other relevant environment variables:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:487
+#, no-wrap
+msgid ""
+"# GUIX_PROFILE=\"`echo ~root`/.guix-profile\" ; \\\n"
+" source $GUIX_PROFILE/etc/profile\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:492
+msgid "Create the group and user accounts for build users as explained below (@pxref{Build Environment Setup})."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:495
+msgid "Run the daemon, and set it to automatically start on boot."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:498
+msgid "If your host distro uses the systemd init system, this can be achieved with these commands:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:510
+#, no-wrap
+msgid ""
+"# cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service \\\n"
+" /etc/systemd/system/\n"
+"# systemctl start guix-daemon && systemctl enable guix-daemon\n"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:513 doc/guix.texi:7631
+msgid "If your host distro uses the Upstart init system:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:518
+#, no-wrap
+msgid ""
+"# initctl reload-configuration\n"
+"# cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf /etc/init/\n"
+"# start guix-daemon\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:521
+msgid "Otherwise, you can still start the daemon manually with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:524
+#, no-wrap
+msgid "# ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:529
+msgid "Make the @command{guix} command available to other users on the machine, for instance with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:534
+#, no-wrap
+msgid ""
+"# mkdir -p /usr/local/bin\n"
+"# cd /usr/local/bin\n"
+"# ln -s /var/guix/profiles/per-user/root/guix-profile/bin/guix\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:538
+msgid "It is also a good idea to make the Info version of this manual available there:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:544
+#, no-wrap
+msgid ""
+"# mkdir -p /usr/local/share/info\n"
+"# cd /usr/local/share/info\n"
+"# for i in /var/guix/profiles/per-user/root/guix-profile/share/info/* ;\n"
+" do ln -s $i ; done\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:550
+msgid ""
+"That way, assuming @file{/usr/local/share/info} is in the search path, running @command{info guix} will open this manual "
+"(@pxref{Other Info Directories,,, texinfo, GNU Texinfo}, for more details on changing the Info search path.)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:552 doc/guix.texi:2304 doc/guix.texi:10190
+#, no-wrap
+msgid "substitutes, authorization thereof"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:555
+msgid "To use substitutes from @code{hydra.gnu.org} or one of its mirrors (@pxref{Substitutes}), authorize them:"
+msgstr "Pour utiliser les substituts de @code{hydra.gnu.org} ou l'un de ses mirroirs (@pxref{Substituts}), autorisez-les :"
+
+#. type: example
+#: doc/guix.texi:558
+#, no-wrap
+msgid "# guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:563
+msgid "Each user may need to perform a few additional steps to make their Guix environment ready for use, @pxref{Application Setup}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:566
+msgid "Voilà, the installation is complete!"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:569
+msgid "You can confirm that Guix is working by installing a sample package into the root profile:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:572
+#, no-wrap
+msgid "# guix package -i hello\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:579
+msgid ""
+"The @code{guix} package must remain available in @code{root}'s profile, or it would become subject to garbage collection---in which "
+"case you would find yourself badly handicapped by the lack of the @command{guix} command. In other words, do not remove @code{guix} "
+"by running @code{guix package -r guix}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:582
+msgid ""
+"The binary installation tarball can be (re)produced and verified simply by running the following command in the Guix source tree:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:585
+#, no-wrap
+msgid "make guix-binary.@var{system}.tar.xz\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:589
+msgid "... which, in turn, runs:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:592
+#, no-wrap
+msgid "guix pack -s @var{system} --localstatedir guix\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:595
+msgid "@xref{Invoking guix pack}, for more info on this handy tool."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:603
+msgid ""
+"This section lists requirements when building Guix from source. The build procedure for Guix is the same as for other GNU software, "
+"and is not covered here. Please see the files @file{README} and @file{INSTALL} in the Guix source tree for additional details."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:605
+msgid "GNU Guix depends on the following packages:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:607
+#, no-wrap
+msgid "@url{http://gnu.org/software/guile/, GNU Guile}, version 2.0.13 or"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:609
+msgid "later, including 2.2.x;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:609
+#, no-wrap
+msgid "@url{http://gnupg.org/, GNU libgcrypt};"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:614
+msgid ""
+"@uref{http://gnutls.org/, GnuTLS}, specifically its Guile bindings (@pxref{Guile Preparations, how to install the GnuTLS bindings "
+"for Guile,, gnutls-guile, GnuTLS-Guile});"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:618
+msgid "@uref{https://gitlab.com/guile-git/guile-git, Guile-Git}, from August 2017 or later;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:618
+#, no-wrap
+msgid "@url{http://zlib.net, zlib};"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:619
+#, no-wrap
+msgid "@url{http://www.gnu.org/software/make/, GNU Make}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:623
+msgid "The following dependencies are optional:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:631
+msgid ""
+"Installing @url{http://savannah.nongnu.org/projects/guile-json/, Guile-JSON} will allow you to use the @command{guix import pypi} "
+"command (@pxref{Invoking guix import}). It is of interest primarily for developers and not for casual users."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:638
+msgid ""
+"Support for build offloading (@pxref{Daemon Offload Setup}) and @command{guix copy} (@pxref{Invoking guix copy}) depends on "
+"@uref{https://github.com/artyom-poptsov/guile-ssh, Guile-SSH}, version 0.10.2 or later."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:642
+msgid "When @url{http://www.bzip.org, libbz2} is available, @command{guix-daemon} can use it to compress build logs."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:646
+msgid "Unless @code{--disable-daemon} was passed to @command{configure}, the following packages are also needed:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:648
+#, no-wrap
+msgid "@url{http://sqlite.org, SQLite 3};"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:649
+#, no-wrap
+msgid "@url{http://gcc.gnu.org, GCC's g++}, with support for the"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:651
+msgid "C++11 standard."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:653
+#, no-wrap
+msgid "state directory"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:661
+msgid ""
+"When configuring Guix on a system that already has a Guix installation, be sure to specify the same state directory as the existing "
+"installation using the @code{--localstatedir} option of the @command{configure} script (@pxref{Directory Variables, "
+"@code{localstatedir},, standards, GNU Coding Standards}). The @command{configure} script protects against unintended "
+"misconfiguration of @var{localstatedir} so you do not inadvertently corrupt your store (@pxref{The Store})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:662
+#, no-wrap
+msgid "Nix, compatibility"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:667
+msgid ""
+"When a working installation of @url{http://nixos.org/nix/, the Nix package manager} is available, you can instead configure Guix "
+"with @code{--disable-daemon}. In that case, Nix replaces the three dependencies above."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:677
+msgid ""
+"Guix is compatible with Nix, so it is possible to share the same store between both. To do so, you must pass @command{configure} "
+"not only the same @code{--with-store-dir} value, but also the same @code{--localstatedir} value. The latter is essential because it "
+"specifies where the database that stores metadata about the store is located, among other things. The default values for Nix are "
+"@code{--with-store-dir=/nix/store} and @code{--localstatedir=/nix/var}. Note that @code{--disable-daemon} is not required if your "
+"goal is to share the store with Nix."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:681
+#, no-wrap
+msgid "test suite"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:687
+msgid ""
+"After a successful @command{configure} and @code{make} run, it is a good idea to run the test suite. It can help catch issues with "
+"the setup or environment, or bugs in Guix itself---and really, reporting test failures is a good way to help improve the software. "
+"To run the test suite, type:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:690
+#, no-wrap
+msgid "make check\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:697
+msgid ""
+"Test cases can run in parallel: you can use the @code{-j} option of GNU@tie{}make to speed things up. The first run may take a few "
+"minutes on a recent machine; subsequent runs will be faster because the store that is created for test purposes will already have "
+"various things in cache."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:700
+msgid "It is also possible to run a subset of the tests by defining the @code{TESTS} makefile variable as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:703
+#, no-wrap
+msgid "make check TESTS=\"tests/store.scm tests/cpio.scm\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:708
+msgid ""
+"By default, tests results are displayed at a file level. In order to see the details of every individual test cases, it is possible "
+"to define the @code{SCM_LOG_DRIVER_FLAGS} makefile variable as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:711
+#, no-wrap
+msgid "make check TESTS=\"tests/base64.scm\" SCM_LOG_DRIVER_FLAGS=\"--brief=no\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:717
+msgid ""
+"Upon failure, please email @email{bug-guix@@gnu.org} and attach the @file{test-suite.log} file. Please specify the Guix version "
+"being used as well as version numbers of the dependencies (@pxref{Requirements}) in your message."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:721
+msgid ""
+"Guix also comes with a whole-system test suite that tests complete GuixSD operating system instances. It can only run on systems "
+"where Guix is already installed, using:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:724
+#, no-wrap
+msgid "make check-system\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:728
+msgid "or, again, by defining @code{TESTS} to select a subset of tests to run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:731
+#, no-wrap
+msgid "make check-system TESTS=\"basic mcron\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:739
+msgid ""
+"These system tests are defined in the @code{(gnu tests @dots{})} modules. They work by running the operating systems under test "
+"with lightweight instrumentation in a virtual machine (VM). They can be computationally intensive or rather cheap, depending on "
+"whether substitutes are available for their dependencies (@pxref{Substitutes}). Some of them require a lot of storage space to hold "
+"VM images."
+msgstr ""
+"Ces tests systèmes sont définis dans les modules @code{(gnu tests @dots{})}. Ils fonctionnent en lançant les systèmes d'exploitation "
+"sous test avec une instrumentation légère dans une machine virtuelle (VM). Ils peuvent être intenses en terme de calculs ou plutôt "
+"rapides en fonction de la disponibilité des substituts de leurs dépendances (@pxref{Substituts}). Certains requièrent beaucoup "
+"d'espace disque pour contenir les images des VM."
+
+#. type: Plain text
+#: doc/guix.texi:742
+msgid "Again in case of test failures, please send @email{bug-guix@@gnu.org} all the details."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:746
+#, no-wrap
+msgid "daemon"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:754
+msgid ""
+"Operations such as building a package or running the garbage collector are all performed by a specialized process, the @dfn{build "
+"daemon}, on behalf of clients. Only the daemon may access the store and its associated database. Thus, any operation that "
+"manipulates the store goes through the daemon. For instance, command-line tools such as @command{guix package} and @command{guix "
+"build} communicate with the daemon (@i{via} remote procedure calls) to instruct it what to do."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:758
+msgid ""
+"The following sections explain how to prepare the build daemon's environment. See also @ref{Substitutes}, for information on how to "
+"allow the daemon to download pre-built binaries."
+msgstr ""
+"Les sections suivantes expliquent comment préparer l'environnement du démon de construction. Voir aussi @ref{Substituts} pour "
+"apprendre comment permettre le téléchargement de binaires pré-construits."
+
+#. type: cindex
+#: doc/guix.texi:768 doc/guix.texi:1193
+#, no-wrap
+msgid "build environment"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:776
+msgid ""
+"In a standard multi-user setup, Guix and its daemon---the @command{guix-daemon} program---are installed by the system administrator; "
+"@file{/gnu/store} is owned by @code{root} and @command{guix-daemon} runs as @code{root}. Unprivileged users may use Guix tools to "
+"build packages or otherwise access the store, and the daemon will do it on their behalf, ensuring that the store is kept in a "
+"consistent state, and allowing built packages to be shared among users."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:777
+#, no-wrap
+msgid "build users"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:788
+msgid ""
+"When @command{guix-daemon} runs as @code{root}, you may not want package build processes themselves to run as @code{root} too, for "
+"obvious security reasons. To avoid that, a special pool of @dfn{build users} should be created for use by build processes started "
+"by the daemon. These build users need not have a shell and a home directory: they will just be used when the daemon drops "
+"@code{root} privileges in build processes. Having several such users allows the daemon to launch distinct build processes under "
+"separate UIDs, which guarantees that they do not interfere with each other---an essential feature since builds are regarded as pure "
+"functions (@pxref{Introduction})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:791
+msgid "On a GNU/Linux system, a build user pool may be created like this (using Bash syntax and the @code{shadow} commands):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:803
+#, no-wrap
+msgid ""
+"# groupadd --system guixbuild\n"
+"# for i in `seq -w 1 10`;\n"
+" do\n"
+" useradd -g guixbuild -G guixbuild \\\n"
+" -d /var/empty -s `which nologin` \\\n"
+" -c \"Guix build user $i\" --system \\\n"
+" guixbuilder$i;\n"
+" done\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:813
+msgid ""
+"The number of build users determines how many build jobs may run in parallel, as specified by the @option{--max-jobs} option "
+"(@pxref{Invoking guix-daemon, @option{--max-jobs}}). To use @command{guix system vm} and related commands, you may need to add the "
+"build users to the @code{kvm} group so they can access @file{/dev/kvm}, using @code{-G guixbuild,kvm} instead of @code{-G guixbuild} "
+"(@pxref{Invoking guix system})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:822
+msgid ""
+"The @code{guix-daemon} program may then be run as @code{root} with the following command@footnote{If your machine uses the systemd "
+"init system, dropping the @file{@var{prefix}/lib/systemd/system/guix-daemon.service} file in @file{/etc/systemd/system} will ensure "
+"that @command{guix-daemon} is automatically started. Similarly, if your machine uses the Upstart init system, drop the "
+"@file{@var{prefix}/lib/upstart/system/guix-daemon.conf} file in @file{/etc/init}.}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:825 doc/guix.texi:1186
+#, no-wrap
+msgid "# guix-daemon --build-users-group=guixbuild\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:827 doc/guix.texi:1191
+#, no-wrap
+msgid "chroot"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:832
+msgid ""
+"This way, the daemon starts build processes in a chroot, under one of the @code{guixbuilder} users. On GNU/Linux, by default, the "
+"chroot environment contains nothing but:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:840
+msgid ""
+"a minimal @code{/dev} directory, created mostly independently from the host @code{/dev}@footnote{``Mostly'', because while the set "
+"of files that appear in the chroot's @code{/dev} is fixed, most of these files can only be created if the host has them.};"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:844
+msgid "the @code{/proc} directory; it only shows the processes of the container since a separate PID name space is used;"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:848
+msgid "@file{/etc/passwd} with an entry for the current user and an entry for user @file{nobody};"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:851
+msgid "@file{/etc/group} with an entry for the user's group;"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:855
+msgid "@file{/etc/hosts} with an entry that maps @code{localhost} to @code{127.0.0.1};"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:858
+msgid "a writable @file{/tmp} directory."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:867
+msgid ""
+"You can influence the directory where the daemon stores build trees @i{via} the @code{TMPDIR} environment variable. However, the "
+"build tree within the chroot is always called @file{/tmp/guix-build-@var{name}.drv-0}, where @var{name} is the derivation name---e."
+"g., @code{coreutils-8.24}. This way, the value of @code{TMPDIR} does not leak inside build environments, which avoids discrepancies "
+"in cases where build processes capture the name of their build tree."
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:868 doc/guix.texi:2411
+#, no-wrap
+msgid "http_proxy"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:872
+msgid ""
+"The daemon also honors the @code{http_proxy} environment variable for HTTP downloads it performs, be it for fixed-output derivations "
+"(@pxref{Derivations}) or for substitutes (@pxref{Substitutes})."
+msgstr ""
+"Le démon tient aussi compte de la variable d'environnement @code{http_proxy} pour ses téléchargements HTTP, que ce soit pour les "
+"dérivations à sortie fixes (@pxref{Derivations}) ou pour les substituts (@pxref{Substituts})."
+
+#. type: Plain text
+#: doc/guix.texi:880
+msgid ""
+"If you are installing Guix as an unprivileged user, it is still possible to run @command{guix-daemon} provided you pass @code{--"
+"disable-chroot}. However, build processes will not be isolated from one another, and not from the rest of the system. Thus, build "
+"processes may interfere with each other, and may access programs, libraries, and other files available on the system---making it "
+"much harder to view them as @emph{pure} functions."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:883
+#, no-wrap
+msgid "Using the Offload Facility"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:885
+#, no-wrap
+msgid "offloading"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:886 doc/guix.texi:1247
+#, no-wrap
+msgid "build hook"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:900
+msgid ""
+"When desired, the build daemon can @dfn{offload} derivation builds to other machines running Guix, using the @code{offload} "
+"@dfn{build hook}@footnote{This feature is available only when @uref{https://github.com/artyom-poptsov/guile-ssh, Guile-SSH} is "
+"present.}. When that feature is enabled, a list of user-specified build machines is read from @file{/etc/guix/machines.scm}; every "
+"time a build is requested, for instance via @code{guix build}, the daemon attempts to offload it to one of the machines that satisfy "
+"the constraints of the derivation, in particular its system type---e.g., @file{x86_64-linux}. Missing prerequisites for the build "
+"are copied over SSH to the target machine, which then proceeds with the build; upon success the output(s) of the build are copied "
+"back to the initial machine."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:902
+msgid "The @file{/etc/guix/machines.scm} file typically looks like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:910
+#, no-wrap
+msgid ""
+"(list (build-machine\n"
+" (name \"eightysix.example.org\")\n"
+" (system \"x86_64-linux\")\n"
+" (host-key \"ssh-ed25519 AAAAC3Nza@dots{}\")\n"
+" (user \"bob\")\n"
+" (speed 2.)) ;incredibly fast!\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:919
+#, no-wrap
+msgid ""
+" (build-machine\n"
+" (name \"meeps.example.org\")\n"
+" (system \"mips64el-linux\")\n"
+" (host-key \"ssh-rsa AAAAB3Nza@dots{}\")\n"
+" (user \"alice\")\n"
+" (private-key\n"
+" (string-append (getenv \"HOME\")\n"
+" \"/.ssh/identity-for-guix\"))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:925
+msgid ""
+"In the example above we specify a list of two build machines, one for the @code{x86_64} architecture and one for the @code{mips64el} "
+"architecture."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:934
+msgid ""
+"In fact, this file is---not surprisingly!---a Scheme file that is evaluated when the @code{offload} hook is started. Its return "
+"value must be a list of @code{build-machine} objects. While this example shows a fixed list of build machines, one could imagine, "
+"say, using DNS-SD to return a list of potential build machines discovered in the local network (@pxref{Introduction, Guile-Avahi,, "
+"guile-avahi, Using Avahi in Guile Scheme Programs}). The @code{build-machine} data type is detailed below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:935
+#, no-wrap
+msgid "{Data Type} build-machine"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:938
+msgid "This data type represents build machines to which the daemon may offload builds. The important fields are:"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:941 doc/guix.texi:3402 doc/guix.texi:9402 doc/guix.texi:9466 doc/guix.texi:9561 doc/guix.texi:10951
+#: doc/guix.texi:14988 doc/guix.texi:15221 doc/guix.texi:15354 doc/guix.texi:15628 doc/guix.texi:15669 doc/guix.texi:19601
+#: doc/guix.texi:19618 doc/guix.texi:19884 doc/guix.texi:21092
+#, no-wrap
+msgid "name"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:943
+msgid "The host name of the remote machine."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:944
+#, no-wrap
+msgid "system"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:946
+msgid "The system type of the remote machine---e.g., @code{\"x86_64-linux\"}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:947 doc/guix.texi:10961
+#, no-wrap
+msgid "user"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:951
+msgid ""
+"The user account to use when connecting to the remote machine over SSH. Note that the SSH key pair must @emph{not} be passphrase-"
+"protected, to allow non-interactive logins."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:952
+#, no-wrap
+msgid "host-key"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:956
+msgid ""
+"This must be the machine's SSH @dfn{public host key} in OpenSSH format. This is used to authenticate the machine when we connect to "
+"it. It is a long string that looks like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:959
+#, no-wrap
+msgid "ssh-ed25519 AAAAC3NzaC@dots{}mde+UhL hint@@example.org\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:964
+msgid ""
+"If the machine is running the OpenSSH daemon, @command{sshd}, the host key can be found in a file such as @file{/etc/ssh/"
+"ssh_host_ed25519_key.pub}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:969
+msgid ""
+"If the machine is running the SSH daemon of GNU@tie{}lsh, @command{lshd}, the host key is in @file{/etc/lsh/host-key.pub} or a "
+"similar file. It can be converted to the OpenSSH format using @command{lsh-export-key} (@pxref{Converting keys,,, lsh, LSH Manual}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:973
+#, no-wrap
+msgid ""
+"$ lsh-export-key --openssh < /etc/lsh/host-key.pub \n"
+"ssh-rsa AAAAB3NzaC1yc2EAAAAEOp8FoQAAAQEAs1eB46LV@dots{}\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:978
+msgid "A number of optional fields may be specified:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:981
+#, no-wrap
+msgid "@code{port} (default: @code{22})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:983
+msgid "Port number of SSH server on the machine."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:984
+#, no-wrap
+msgid "@code{private-key} (default: @file{~root/.ssh/id_rsa})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:987
+msgid "The SSH private key file to use when connecting to the machine, in OpenSSH format."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:990
+msgid "Note that the default value is the private key @emph{of the root account}. Make sure it exists if you use the default."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:991
+#, no-wrap
+msgid "@code{compression} (default: @code{\"zlib@@openssh.com,zlib\"})"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:992 doc/guix.texi:10418
+#, no-wrap
+msgid "@code{compression-level} (default: @code{3})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:994
+msgid "The SSH-level compression methods and compression level requested."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:997
+msgid "Note that offloading relies on SSH compression to reduce bandwidth usage when transferring files to and from build machines."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:998
+#, no-wrap
+msgid "@code{daemon-socket} (default: @code{\"/var/guix/daemon-socket/socket\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1001
+msgid "File name of the Unix-domain socket @command{guix-daemon} is listening to on that machine."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1002
+#, no-wrap
+msgid "@code{parallel-builds} (default: @code{1})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1004
+msgid "The number of builds that may run in parallel on the machine."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1005
+#, no-wrap
+msgid "@code{speed} (default: @code{1.0})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1008
+msgid "A ``relative speed factor''. The offload scheduler will tend to prefer machines with a higher speed factor."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1009
+#, no-wrap
+msgid "@code{features} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1014
+msgid ""
+"A list of strings denoting specific features supported by the machine. An example is @code{\"kvm\"} for machines that have the KVM "
+"Linux modules and corresponding hardware support. Derivations can request features by name, and they will be scheduled on matching "
+"build machines."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1022
+msgid ""
+"The @code{guile} command must be in the search path on the build machines. In addition, the Guix modules must be in "
+"@code{$GUILE_LOAD_PATH} on the build machine---you can check whether this is the case by running:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1025
+#, no-wrap
+msgid "ssh build-machine guile -c \"'(use-modules (guix config))'\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1032
+msgid ""
+"There is one last thing to do once @file{machines.scm} is in place. As explained above, when offloading, files are transferred back "
+"and forth between the machine stores. For this to work, you first need to generate a key pair on each machine to allow the daemon "
+"to export signed archives of files from the store (@pxref{Invoking guix archive}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1035
+#, no-wrap
+msgid "# guix archive --generate-key\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1040
+msgid "Each build machine must authorize the key of the master machine so that it accepts store items it receives from the master:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1043
+#, no-wrap
+msgid "# guix archive --authorize < master-public-key.txt\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1047
+msgid "Likewise, the master machine must authorize the key of each build machine."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1053
+msgid ""
+"All the fuss with keys is here to express pairwise mutual trust relations between the master and the build machines. Concretely, "
+"when the master receives files from a build machine (and @i{vice versa}), its build daemon can make sure they are genuine, have not "
+"been tampered with, and that they are signed by an authorized key."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1054
+#, no-wrap
+msgid "offload test"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1057
+msgid "To test whether your setup is operational, run this command on the master node:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1060
+#, no-wrap
+msgid "# guix offload test\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1066
+msgid ""
+"This will attempt to connect to each of the build machines specified in @file{/etc/guix/machines.scm}, make sure Guile and the Guix "
+"modules are available on each machine, attempt to export to the machine and import from it, and report any error in the process."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1069
+msgid "If you want to test a different machine file, just specify it on the command line:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1072
+#, no-wrap
+msgid "# guix offload test machines-qualif.scm\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1076
+msgid "Last, you can test the subset of the machines whose name matches a regular expression like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1079
+#, no-wrap
+msgid "# guix offload test machines.scm '\\.gnu\\.org$'\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1081
+#, no-wrap
+msgid "offload status"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1084
+msgid "To display the current load of all build hosts, run this command on the main node:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1087
+#, no-wrap
+msgid "# guix offload status\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1093
+#, no-wrap
+msgid "SELinux, daemon policy"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1094
+#, no-wrap
+msgid "mandatory access control, SELinux"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1095
+#, no-wrap
+msgid "security, guix-daemon"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1101
+msgid ""
+"Guix includes an SELinux policy file at @file{etc/guix-daemon.cil} that can be installed on a system where SELinux is enabled, in "
+"order to label Guix files and to specify the expected behavior of the daemon. Since GuixSD does not provide an SELinux base policy, "
+"the daemon policy cannot be used on GuixSD."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:1102
+#, no-wrap
+msgid "Installing the SELinux policy"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1103
+#, no-wrap
+msgid "SELinux, policy installation"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1105
+msgid "To install the policy run this command as root:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1108
+#, no-wrap
+msgid "semodule -i etc/guix-daemon.cil\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1112
+msgid "Then relabel the file system with @code{restorecon} or by a different mechanism provided by your system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1117
+msgid ""
+"Once the policy is installed, the file system has been relabeled, and the daemon has been restarted, it should be running in the "
+"@code{guix_daemon_t} context. You can confirm this with the following command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1120
+#, no-wrap
+msgid "ps -Zax | grep guix-daemon\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1125
+msgid ""
+"Monitor the SELinux log files as you run a command like @code{guix build hello} to convince yourself that SELinux permits all "
+"necessary operations."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1127
+#, no-wrap
+msgid "SELinux, limitations"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1132
+msgid ""
+"This policy is not perfect. Here is a list of limitations or quirks that should be considered when deploying the provided SELinux "
+"policy for the Guix daemon."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1139
+msgid ""
+"@code{guix_daemon_socket_t} isn’t actually used. None of the socket operations involve contexts that have anything to do with "
+"@code{guix_daemon_socket_t}. It doesn’t hurt to have this unused label, but it would be preferrable to define socket rules for only "
+"this label."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1150
+msgid ""
+"@code{guix gc} cannot access arbitrary links to profiles. By design, the file label of the destination of a symlink is independent "
+"of the file label of the link itself. Although all profiles under $localstatedir are labelled, the links to these profiles inherit "
+"the label of the directory they are in. For links in the user’s home directory this will be @code{user_home_t}. But for links from "
+"the root user’s home directory, or @file{/tmp}, or the HTTP server’s working directory, etc, this won’t work. @code{guix gc} would "
+"be prevented from reading and following these links."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1155
+msgid ""
+"The daemon’s feature to listen for TCP connections might no longer work. This might require extra rules, because SELinux treats "
+"network sockets differently from files."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1166
+msgid ""
+"Currently all files with a name matching the regular expression @code{/gnu/store/.+-(guix-.+|profile)/bin/guix-daemon} are assigned "
+"the label @code{guix_daemon_exec_t}; this means that @emph{any} file with that name in any profile would be permitted to run in the "
+"@code{guix_daemon_t} domain. This is not ideal. An attacker could build a package that provides this executable and convince a "
+"user to install and run it, which lifts it into the @code{guix_daemon_t} domain. At that point SELinux could not prevent it from "
+"accessing files that are allowed for processes in that domain."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1174
+msgid ""
+"We could generate a much more restrictive policy at installation time, so that only the @emph{exact} file name of the currently "
+"installed @code{guix-daemon} executable would be labelled with @code{guix_daemon_exec_t}, instead of using a broad regular "
+"expression. The downside is that root would have to install or upgrade the policy at installation time whenever the Guix package "
+"that provides the effectively running @code{guix-daemon} executable is upgraded."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:1177
+#, no-wrap
+msgid "Invoking @command{guix-daemon}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1183
+msgid ""
+"The @command{guix-daemon} program implements all the functionality to access the store. This includes launching build processes, "
+"running the garbage collector, querying the availability of a build result, etc. It is normally run as @code{root} like this:"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1190
+msgid "For details on how to set it up, @pxref{Setting Up the Daemon}."
+msgstr "Pour des détails sur son paramétrage, @pxref{Paramétrer le démon}."
+
+#. type: cindex
+#: doc/guix.texi:1192
+#, no-wrap
+msgid "container, build environment"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1194 doc/guix.texi:1732 doc/guix.texi:2392 doc/guix.texi:7644
+#, no-wrap
+msgid "reproducible builds"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1206
+msgid ""
+"By default, @command{guix-daemon} launches build processes under different UIDs, taken from the build group specified with @code{--"
+"build-users-group}. In addition, each build process is run in a chroot environment that only contains the subset of the store that "
+"the build process depends on, as specified by its derivation (@pxref{Programming Interface, derivation}), plus a set of specific "
+"system directories. By default, the latter contains @file{/dev} and @file{/dev/pts}. Furthermore, on GNU/Linux, the build "
+"environment is a @dfn{container}: in addition to having its own file system tree, it has a separate mount name space, its own PID "
+"name space, network name space, etc. This helps achieve reproducible builds (@pxref{Features})."
+msgstr ""
+"Par défaut, @command{guix-daemon} lance les processus de construction sous différents UID récupérés depuis le groupe de construction "
+"spécifié avec @code{--build-users-group}. En plus, chaque processus de construction est lancé dans un environnement chroot qui ne "
+"contient que le sous-ensemble du dépôt dont le processus de construction dépend, tel que spécifié par sa dérivation "
+"(@pxref{Interface de programmation, dérivation}), plus un ensemble de répertoires systèmes spécifiques. Par défaut ce dernier "
+"contient @file{/dev} et @file{/dev/pts}. De plus, sous GNU/Linux, l'environnement de construction est un @dfn{conteneur} : en plus "
+"d'avoir sa propre arborescence du système de fichier, elle a un espace de montage séparé, son propre espace de PID, son espace de "
+"réseau, etc. Cela aide à obtenir des constructions reproductibles (@pxref{Fonctionnalités})."
+
+#. type: Plain text
+#: doc/guix.texi:1215
+msgid ""
+"When the daemon performs a build on behalf of the user, it creates a build directory under @file{/tmp} or under the directory "
+"specified by its @code{TMPDIR} environment variable; this directory is shared with the container for the duration of the build. Be "
+"aware that using a directory other than @file{/tmp} can affect build results---for example, with a longer directory name, a build "
+"process that uses Unix-domain sockets might hit the name length limitation for @code{sun_path}, which it would otherwise not hit."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1219
+msgid ""
+"The build directory is automatically deleted upon completion, unless the build failed and the client specified @option{--keep-"
+"failed} (@pxref{Invoking guix build, @option{--keep-failed}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1221
+msgid "The following command-line options are supported:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1223
+#, no-wrap
+msgid "--build-users-group=@var{group}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1226
+msgid "Take users from @var{group} to run build processes (@pxref{Setting Up the Daemon, build users})."
+msgstr ""
+"Prend les utilisateurs de @var{group} pour lancer les processus de construction (@pxref{Paramétrer le démon, utilisateurs de "
+"construction})."
+
+#. type: item
+#: doc/guix.texi:1227 doc/guix.texi:5494
+#, no-wrap
+msgid "--no-substitutes"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1228 doc/guix.texi:1744 doc/guix.texi:2248
+#, no-wrap
+msgid "substitutes"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1232 doc/guix.texi:5498
+msgid ""
+"Do not use substitutes for build products. That is, always build things locally instead of allowing downloads of pre-built binaries "
+"(@pxref{Substitutes})."
+msgstr ""
+"Ne pas utiliser de substitut pour les résultats de la construction. C'est-à-dire, toujours construire localement plutôt que de "
+"permettre le téléchargement de binaires pré-construits (@pxref{Substituts})."
+
+#. type: table
+#: doc/guix.texi:1236
+msgid ""
+"When the daemon runs with @code{--no-substitutes}, clients can still explicitly enable substitution @i{via} the @code{set-build-"
+"options} remote procedure call (@pxref{The Store})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1237 doc/guix.texi:5481 doc/guix.texi:6893 doc/guix.texi:7769 doc/guix.texi:7957
+#, no-wrap
+msgid "--substitute-urls=@var{urls}"
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:1243
+msgid "daemon-substitute-urls"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1243
+msgid ""
+"Consider @var{urls} the default whitespace-separated list of substitute source URLs. When this option is omitted, "
+"@indicateurl{https://mirror.hydra.gnu.org https://hydra.gnu.org} is used (@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu."
+"org})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1246
+msgid ""
+"This means that substitutes may be downloaded from @var{urls}, as long as they are signed by a trusted signature "
+"(@pxref{Substitutes})."
+msgstr ""
+"Cela signifie que les substituts sont téléchargés depuis les @var{urls}, tant qu'ils sont signés par une signature de confiance "
+"(@pxref{Substituts})."
+
+#. type: item
+#: doc/guix.texi:1248 doc/guix.texi:5519
+#, no-wrap
+msgid "--no-build-hook"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1250
+msgid "Do not use the @dfn{build hook}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1254
+msgid ""
+"The build hook is a helper program that the daemon can start and to which it submits build requests. This mechanism is used to "
+"offload builds to other machines (@pxref{Daemon Offload Setup})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1255
+#, no-wrap
+msgid "--cache-failures"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1257
+msgid "Cache build failures. By default, only successful builds are cached."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1262
+msgid ""
+"When this option is used, @command{guix gc --list-failures} can be used to query the set of store items marked as failed; "
+"@command{guix gc --clear-failures} removes store items from the set of cached failures. @xref{Invoking guix gc}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1263 doc/guix.texi:5543
+#, no-wrap
+msgid "--cores=@var{n}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1264 doc/guix.texi:5544
+#, no-wrap
+msgid "-c @var{n}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1267
+msgid "Use @var{n} CPU cores to build each derivation; @code{0} means as many as available."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1271
+msgid ""
+"The default value is @code{0}, but it may be overridden by clients, such as the @code{--cores} option of @command{guix build} "
+"(@pxref{Invoking guix build})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1275
+msgid ""
+"The effect is to define the @code{NIX_BUILD_CORES} environment variable in the build process, which can then use it to exploit "
+"internal parallelism---for instance, by running @code{make -j$NIX_BUILD_CORES}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1276 doc/guix.texi:5548
+#, no-wrap
+msgid "--max-jobs=@var{n}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1277 doc/guix.texi:5549
+#, no-wrap
+msgid "-M @var{n}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1282
+msgid ""
+"Allow at most @var{n} build jobs in parallel. The default value is @code{1}. Setting it to @code{0} means that no builds will be "
+"performed locally; instead, the daemon will offload builds (@pxref{Daemon Offload Setup}), or simply fail."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1283 doc/guix.texi:5524
+#, no-wrap
+msgid "--max-silent-time=@var{seconds}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1286 doc/guix.texi:5527
+msgid "When the build or substitution process remains silent for more than @var{seconds}, terminate it and report a build failure."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1288 doc/guix.texi:1297
+msgid "The default value is @code{0}, which disables the timeout."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1291
+msgid "The value specified here can be overridden by clients (@pxref{Common Build Options, @code{--max-silent-time}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1292 doc/guix.texi:5531
+#, no-wrap
+msgid "--timeout=@var{seconds}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1295 doc/guix.texi:5534
+msgid "Likewise, when the build or substitution process lasts for more than @var{seconds}, terminate it and report a build failure."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1300
+msgid "The value specified here can be overridden by clients (@pxref{Common Build Options, @code{--timeout}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1301
+#, no-wrap
+msgid "--rounds=@var{N}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1306
+msgid ""
+"Build each derivation @var{n} times in a row, and raise an error if consecutive build results are not bit-for-bit identical. Note "
+"that this setting can be overridden by clients such as @command{guix build} (@pxref{Invoking guix build})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1310 doc/guix.texi:5826
+msgid ""
+"When used in conjunction with @option{--keep-failed}, the differing output is kept in the store, under @file{/gnu/store/@dots{}-"
+"check}. This makes it easy to look for differences between the two results."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1311
+#, no-wrap
+msgid "--debug"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1313
+msgid "Produce debugging output."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1317
+msgid ""
+"This is useful to debug daemon start-up issues, but then it may be overridden by clients, for example the @code{--verbosity} option "
+"of @command{guix build} (@pxref{Invoking guix build})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1318
+#, no-wrap
+msgid "--chroot-directory=@var{dir}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1320
+msgid "Add @var{dir} to the build chroot."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1326
+msgid ""
+"Doing this may change the result of build processes---for instance if they use optional dependencies found in @var{dir} when it is "
+"available, and not otherwise. For that reason, it is not recommended to do so. Instead, make sure that each derivation declares "
+"all the inputs that it needs."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1327
+#, no-wrap
+msgid "--disable-chroot"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1329
+msgid "Disable chroot builds."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1334
+msgid ""
+"Using this option is not recommended since, again, it would allow build processes to gain access to undeclared dependencies. It is "
+"necessary, though, when @command{guix-daemon} is running under an unprivileged user account."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1335
+#, no-wrap
+msgid "--log-compression=@var{type}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1338
+msgid "Compress build logs according to @var{type}, one of @code{gzip}, @code{bzip2}, or @code{none}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1342
+msgid ""
+"Unless @code{--lose-logs} is used, all the build logs are kept in the @var{localstatedir}. To save space, the daemon automatically "
+"compresses them with bzip2 by default."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1343
+#, no-wrap
+msgid "--disable-deduplication"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1344 doc/guix.texi:2708
+#, no-wrap
+msgid "deduplication"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1346
+msgid "Disable automatic file ``deduplication'' in the store."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1353
+msgid ""
+"By default, files added to the store are automatically ``deduplicated'': if a newly added file is identical to another one found in "
+"the store, the daemon makes the new file a hard link to the other file. This can noticeably reduce disk usage, at the expense of "
+"slightly increased input/output load at the end of a build process. This option disables this optimization."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1354
+#, no-wrap
+msgid "--gc-keep-outputs[=yes|no]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1357
+msgid "Tell whether the garbage collector (GC) must keep outputs of live derivations."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1358 doc/guix.texi:2543
+#, no-wrap
+msgid "GC roots"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1359 doc/guix.texi:2544
+#, no-wrap
+msgid "garbage collector roots"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1364
+msgid ""
+"When set to ``yes'', the GC will keep the outputs of any live derivation available in the store---the @code{.drv} files. The "
+"default is ``no'', meaning that derivation outputs are kept only if they are GC roots. @xref{Invoking guix gc}, for more on GC "
+"roots."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1365
+#, no-wrap
+msgid "--gc-keep-derivations[=yes|no]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1368
+msgid "Tell whether the garbage collector (GC) must keep derivations corresponding to live outputs."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1373
+msgid ""
+"When set to ``yes'', as is the case by default, the GC keeps derivations---i.e., @code{.drv} files---as long as at least one of "
+"their outputs is live. This allows users to keep track of the origins of items in their store. Setting it to ``no'' saves a bit of "
+"disk space."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1380
+msgid ""
+"Note that when both @code{--gc-keep-derivations} and @code{--gc-keep-outputs} are used, the effect is to keep all the build "
+"prerequisites (the sources, compiler, libraries, and other build-time tools) of live objects in the store, regardless of whether "
+"these prerequisites are live. This is convenient for developers since it saves rebuilds or downloads."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1381
+#, no-wrap
+msgid "--impersonate-linux-2.6"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1384
+msgid ""
+"On Linux-based systems, impersonate Linux 2.6. This means that the kernel's @code{uname} system call will report 2.6 as the release "
+"number."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1387
+msgid "This might be helpful to build programs that (usually wrongfully) depend on the kernel version number."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1388
+#, no-wrap
+msgid "--lose-logs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1391
+msgid "Do not keep build logs. By default they are kept under @code{@var{localstatedir}/guix/log}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1392 doc/guix.texi:2890 doc/guix.texi:5779 doc/guix.texi:6920 doc/guix.texi:7328 doc/guix.texi:7962
+#: doc/guix.texi:19986 doc/guix.texi:20530
+#, no-wrap
+msgid "--system=@var{system}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1396
+msgid ""
+"Assume @var{system} as the current system type. By default it is the architecture/kernel pair found at configure time, such as "
+"@code{x86_64-linux}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1397
+#, no-wrap
+msgid "--listen=@var{endpoint}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1402
+msgid ""
+"Listen for connections on @var{endpoint}. @var{endpoint} is interpreted as the file name of a Unix-domain socket if it starts with "
+"@code{/} (slash sign). Otherwise, @var{endpoint} is interpreted as a host name or host name and port to listen to. Here are a few "
+"examples:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1404
+#, no-wrap
+msgid "--listen=/gnu/var/daemon"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1407
+msgid "Listen for connections on the @file{/gnu/var/daemon} Unix-domain socket, creating it if needed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1408
+#, no-wrap
+msgid "--listen=localhost"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1409 doc/guix.texi:4235
+#, no-wrap
+msgid "daemon, remote access"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1410 doc/guix.texi:4236
+#, no-wrap
+msgid "remote access to the daemon"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1411 doc/guix.texi:4237
+#, no-wrap
+msgid "daemon, cluster setup"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1412 doc/guix.texi:4238
+#, no-wrap
+msgid "clusters, daemon setup"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1415
+msgid "Listen for TCP connections on the network interface corresponding to @code{localhost}, on port 44146."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1416
+#, no-wrap
+msgid "--listen=128.0.0.42:1234"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1419
+msgid "Listen for TCP connections on the network interface corresponding to @code{128.0.0.42}, on port 1234."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1426
+msgid ""
+"This option can be repeated multiple times, in which case @command{guix-daemon} accepts connections on all the specified endpoints. "
+"Users can tell client commands what endpoint to connect to by setting the @code{GUIX_DAEMON_SOCKET} environment variable (@pxref{The "
+"Store, @code{GUIX_DAEMON_SOCKET}})."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:1427 doc/guix.texi:2325 doc/guix.texi:2789 doc/guix.texi:2952 doc/guix.texi:4205 doc/guix.texi:4273 doc/guix.texi:5784
+#: doc/guix.texi:7220 doc/guix.texi:7847 doc/guix.texi:8065 doc/guix.texi:8276 doc/guix.texi:11442 doc/guix.texi:20313
+#: doc/guix.texi:20511 doc/guix.texi:20598 doc/guix.texi:21442
+#, no-wrap
+msgid "Note"
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:1433
+msgid ""
+"The daemon protocol is @emph{unauthenticated and unencrypted}. Using @code{--listen=@var{host}} is suitable on local networks, such "
+"as clusters, where only trusted nodes may connect to the build daemon. In other cases where remote access to the daemon is needed, "
+"we recommend using Unix-domain sockets along with SSH."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1438
+msgid ""
+"When @code{--listen} is omitted, @command{guix-daemon} listens for connections on the Unix-domain socket located at "
+"@file{@var{localstatedir}/guix/daemon-socket/socket}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1448
+msgid ""
+"When using Guix on top of GNU/Linux distribution other than GuixSD---a so-called @dfn{foreign distro}---a few additional steps are "
+"needed to get everything in place. Here are some of them."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:1452
+msgid "locales-and-locpath"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1452
+#, no-wrap
+msgid "locales, when not on GuixSD"
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:1453 doc/guix.texi:9545
+#, no-wrap
+msgid "LOCPATH"
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:1454
+#, no-wrap
+msgid "GUIX_LOCPATH"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1459
+msgid ""
+"Packages installed @i{via} Guix will not use the locale data of the host system. Instead, you must first install one of the locale "
+"packages available with Guix and then define the @code{GUIX_LOCPATH} environment variable:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1463
+#, no-wrap
+msgid ""
+"$ guix package -i glibc-locales\n"
+"$ export GUIX_LOCPATH=$HOME/.guix-profile/lib/locale\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1469
+msgid ""
+"Note that the @code{glibc-locales} package contains data for all the locales supported by the GNU@tie{}libc and weighs in at around "
+"110@tie{}MiB. Alternatively, the @code{glibc-utf8-locales} is smaller but limited to a few UTF-8 locales."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1473
+msgid ""
+"The @code{GUIX_LOCPATH} variable plays a role similar to @code{LOCPATH} (@pxref{Locale Names, @code{LOCPATH},, libc, The GNU C "
+"Library Reference Manual}). There are two important differences though:"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1480
+msgid ""
+"@code{GUIX_LOCPATH} is honored only by the libc in Guix, and not by the libc provided by foreign distros. Thus, using "
+"@code{GUIX_LOCPATH} allows you to make sure the programs of the foreign distro will not end up loading incompatible locale data."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:1487
+msgid ""
+"libc suffixes each entry of @code{GUIX_LOCPATH} with @code{/X.Y}, where @code{X.Y} is the libc version---e.g., @code{2.22}. This "
+"means that, should your Guix profile contain a mixture of programs linked against different libc version, each libc version will "
+"only try to load locale data in the right format."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1491
+msgid "This is important because the locale data format used by different libc versions may be incompatible."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1494
+#, no-wrap
+msgid "name service switch, glibc"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1495
+#, no-wrap
+msgid "NSS (name service switch), glibc"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1496
+#, no-wrap
+msgid "nscd (name service caching daemon)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1497
+#, no-wrap
+msgid "name service caching daemon (nscd)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1504
+msgid ""
+"When using Guix on a foreign distro, we @emph{strongly recommend} that the system run the GNU C library's @dfn{name service cache "
+"daemon}, @command{nscd}, which should be listening on the @file{/var/run/nscd/socket} socket. Failing to do that, applications "
+"installed with Guix may fail to look up host names or user accounts, or may even crash. The next paragraphs explain why."
+msgstr ""
+
+#. type: file{#1}
+#: doc/guix.texi:1505
+#, no-wrap
+msgid "nsswitch.conf"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1510
+msgid ""
+"The GNU C library implements a @dfn{name service switch} (NSS), which is an extensible mechanism for ``name lookups'' in general: "
+"host name resolution, user accounts, and more (@pxref{Name Service Switch,,, libc, The GNU C Library Reference Manual})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1511
+#, no-wrap
+msgid "Network information service (NIS)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1512
+#, no-wrap
+msgid "NIS (Network information service)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1521
+msgid ""
+"Being extensible, the NSS supports @dfn{plugins}, which provide new name lookup implementations: for example, the @code{nss-mdns} "
+"plugin allow resolution of @code{.local} host names, the @code{nis} plugin allows user account lookup using the Network information "
+"service (NIS), and so on. These extra ``lookup services'' are configured system-wide in @file{/etc/nsswitch.conf}, and all the "
+"programs running on the system honor those settings (@pxref{NSS Configuration File,,, libc, The GNU C Reference Manual})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1531
+msgid ""
+"When they perform a name lookup---for instance by calling the @code{getaddrinfo} function in C---applications first try to connect "
+"to the nscd; on success, nscd performs name lookups on their behalf. If the nscd is not running, then they perform the name lookup "
+"by themselves, by loading the name lookup services into their own address space and running it. These name lookup services---the "
+"@file{libnss_*.so} files---are @code{dlopen}'d, but they may come from the host system's C library, rather than from the C library "
+"the application is linked against (the C library coming from Guix)."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1536
+msgid ""
+"And this is where the problem is: if your application is linked against Guix's C library (say, glibc 2.24) and tries to load NSS "
+"plugins from another C library (say, @code{libnss_mdns.so} for glibc 2.22), it will likely crash or have its name lookups fail "
+"unexpectedly."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1541
+msgid ""
+"Running @command{nscd} on the system, among other advantages, eliminates this binary incompatibility problem because those "
+"@code{libnss_*.so} files are loaded in the @command{nscd} process, not in applications themselves."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:1542
+#, no-wrap
+msgid "X11 Fonts"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1544 doc/guix.texi:22008
+#, no-wrap
+msgid "fonts"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1552
+msgid ""
+"The majority of graphical applications use Fontconfig to locate and load fonts and perform X11-client-side rendering. The "
+"@code{fontconfig} package in Guix looks for fonts in @file{$HOME/.guix-profile} by default. Thus, to allow graphical applications "
+"installed with Guix to display fonts, you have to install fonts with Guix as well. Essential font packages include @code{gs-fonts}, "
+"@code{font-dejavu}, and @code{font-gnu-freefont-ttf}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1559
+msgid ""
+"To display text written in Chinese languages, Japanese, or Korean in graphical applications, consider installing @code{font-adobe-"
+"source-han-sans} or @code{font-wqy-zenhei}. The former has multiple outputs, one per language family (@pxref{Packages with Multiple "
+"Outputs}). For instance, the following command installs fonts for Chinese languages:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1562
+#, no-wrap
+msgid "guix package -i font-adobe-source-han-sans:cn\n"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:1564
+#, no-wrap
+msgid "xterm"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1568
+msgid ""
+"Older programs such as @command{xterm} do not use Fontconfig and instead rely on server-side font rendering. Such programs require "
+"to specify a full name of a font using XLFD (X Logical Font Description), like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1571
+#, no-wrap
+msgid "-*-dejavu sans-medium-r-normal-*-*-100-*-*-*-*-*-1\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1575
+msgid ""
+"To be able to use such full names for the TrueType fonts installed in your Guix profile, you need to extend the font path of the X "
+"server:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1580
+#, no-wrap
+msgid "xset +fp $(dirname $(readlink -f ~/.guix-profile/share/fonts/truetype/fonts.dir))\n"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:1582
+#, no-wrap
+msgid "xlsfonts"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1585
+msgid "After that, you can run @code{xlsfonts} (from @code{xlsfonts} package) to make sure your TrueType fonts are listed there."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:1586
+#, no-wrap
+msgid "fc-cache"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1587
+#, no-wrap
+msgid "font cache"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1593
+msgid ""
+"After installing fonts you may have to refresh the font cache to use them in applications. The same applies when applications "
+"installed via Guix do not seem to find fonts. To force rebuilding of the font cache run @code{fc-cache -f}. The @code{fc-cache} "
+"command is provided by the @code{fontconfig} package."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:1596 doc/guix.texi:19725
+#, no-wrap
+msgid "nss-certs"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1599
+msgid "The @code{nss-certs} package provides X.509 certificates, which allow programs to authenticate Web servers accessed over HTTPS."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1604
+msgid ""
+"When using Guix on a foreign distro, you can install this package and define the relevant environment variables so that packages "
+"know where to look for certificates. @xref{X.509 Certificates}, for detailed information."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:1605
+#, no-wrap
+msgid "Emacs Packages"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:1607
+#, no-wrap
+msgid "emacs"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1618
+msgid ""
+"When you install Emacs packages with Guix, the elisp files may be placed either in @file{$HOME/.guix-profile/share/emacs/site-lisp/} "
+"or in sub-directories of @file{$HOME/.guix-profile/share/emacs/site-lisp/guix.d/}. The latter directory exists because potentially "
+"there may exist thousands of Emacs packages and storing all their files in a single directory may not be reliable (because of name "
+"conflicts). So we think using a separate directory for each package is a good idea. It is very similar to how the Emacs package "
+"system organizes the file structure (@pxref{Package Files,,, emacs, The GNU Emacs Manual})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1624
+msgid ""
+"By default, Emacs (installed with Guix) ``knows'' where these packages are placed, so you do not need to perform any configuration. "
+"If, for some reason, you want to avoid auto-loading Emacs packages installed with Guix, you can do so by running Emacs with @code{--"
+"no-site-file} option (@pxref{Init File,,, emacs, The GNU Emacs Manual})."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:1625
+#, no-wrap
+msgid "The GCC toolchain"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1627
+#, no-wrap
+msgid "GCC"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1628
+#, no-wrap
+msgid "ld-wrapper"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1637
+msgid ""
+"Guix offers individual compiler packages such as @code{gcc} but if you are in need of a complete toolchain for compiling and linking "
+"source code what you really want is the @code{gcc-toolchain} package. This package provides a complete GCC toolchain for C/C++ "
+"development, including GCC itself, the GNU C Library (headers and binaries, plus debugging symbols in the @code{debug} output), "
+"Binutils, and a linker wrapper."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1638
+#, no-wrap
+msgid "attempt to use impure library, error message"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1648
+msgid ""
+"The wrapper's purpose is to inspect the @code{-L} and @code{-l} switches passed to the linker, add corresponding @code{-rpath} "
+"arguments, and invoke the actual linker with this new set of arguments. By default, the linker wrapper refuses to link to libraries "
+"outside the store to ensure ``purity''. This can be annoying when using the toolchain to link with local libraries. To allow "
+"references to libraries outside the store you need to define the environment variable @code{GUIX_LD_WRAPPER_ALLOW_IMPURITIES}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1655
+#, no-wrap
+msgid "packages"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1660
+msgid ""
+"The purpose of GNU Guix is to allow users to easily install, upgrade, and remove software packages, without having to know about "
+"their build procedures or dependencies. Guix also goes beyond this obvious set of features."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1668
+msgid ""
+"This chapter describes the main features of Guix, as well as the package management tools it provides. Along with the command-line "
+"interface described below (@pxref{Invoking guix package, @code{guix package}}), you may also use the Emacs-Guix interface "
+"(@pxref{Top,,, emacs-guix, The Emacs-Guix Reference Manual}), after installing @code{emacs-guix} package (run @kbd{M-x guix-help} "
+"command to start with it):"
+msgstr ""
+"Ce chapitre décrit les principales fonctionnalités de Guix, ainsi que des outils de gestion des paquets qu'il fournit. En plus de "
+"l'interface en ligne de commande décrite en dessous de (@pxref{Invoquer guix package, @code{guix package}}), vous pouvez aussi "
+"utiliser l'interface Emacs-Guix (@pxref{Top,,, emacs-guix, Le manuel de référence de emacs-guix}), après avoir installé le paquet "
+"@code{emacs-guix} (lancez la commande @kbd{M-x guix-help} pour le démarrer) :"
+
+#. type: example
+#: doc/guix.texi:1671
+#, no-wrap
+msgid "guix package -i emacs-guix\n"
+msgstr "guix package -i emacs-guix\n"
+
+#. type: Plain text
+#: doc/guix.texi:1690
+msgid ""
+"When using Guix, each package ends up in the @dfn{package store}, in its own directory---something that resembles @file{/gnu/store/"
+"xxx-package-1.2}, where @code{xxx} is a base32 string."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1695
+msgid ""
+"Instead of referring to these directories, users have their own @dfn{profile}, which points to the packages that they actually want "
+"to use. These profiles are stored within each user's home directory, at @code{$HOME/.guix-profile}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1703
+msgid ""
+"For example, @code{alice} installs GCC 4.7.2. As a result, @file{/home/alice/.guix-profile/bin/gcc} points to @file{/gnu/store/"
+"@dots{}-gcc-4.7.2/bin/gcc}. Now, on the same machine, @code{bob} had already installed GCC 4.8.0. The profile of @code{bob} simply "
+"continues to point to @file{/gnu/store/@dots{}-gcc-4.8.0/bin/gcc}---i.e., both versions of GCC coexist on the same system without "
+"any interference."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1707
+msgid ""
+"The @command{guix package} command is the central tool to manage packages (@pxref{Invoking guix package}). It operates on the per-"
+"user profiles, and can be used @emph{with normal user privileges}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1708 doc/guix.texi:1777
+#, no-wrap
+msgid "transactions"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1715
+msgid ""
+"The command provides the obvious install, remove, and upgrade operations. Each invocation is actually a @emph{transaction}: either "
+"the specified operation succeeds, or nothing happens. Thus, if the @command{guix package} process is terminated during the "
+"transaction, or if a power outage occurs during the transaction, then the user's profile remains in its previous state, and remains "
+"usable."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1723
+msgid ""
+"In addition, any package transaction may be @emph{rolled back}. So, if, for example, an upgrade installs a new version of a package "
+"that turns out to have a serious bug, users may roll back to the previous instance of their profile, which was known to work well. "
+"Similarly, the global system configuration on GuixSD is subject to transactional upgrades and roll-back (@pxref{Using the "
+"Configuration System})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1730
+msgid ""
+"All packages in the package store may be @emph{garbage-collected}. Guix can determine which packages are still referenced by user "
+"profiles, and remove those that are provably no longer referenced (@pxref{Invoking guix gc}). Users may also explicitly remove old "
+"generations of their profile so that the packages they refer to can be collected."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1731
+#, no-wrap
+msgid "reproducibility"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1743
+msgid ""
+"Finally, Guix takes a @dfn{purely functional} approach to package management, as described in the introduction "
+"(@pxref{Introduction}). Each @file{/gnu/store} package directory name contains a hash of all the inputs that were used to build "
+"that package---compiler, libraries, build scripts, etc. This direct correspondence allows users to make sure a given package "
+"installation matches the current state of their distribution. It also helps maximize @dfn{build reproducibility}: thanks to the "
+"isolated build environments that are used, a given build is likely to yield bit-identical files when performed on different machines "
+"(@pxref{Invoking guix-daemon, container})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1754
+msgid ""
+"This foundation allows Guix to support @dfn{transparent binary/source deployment}. When a pre-built binary for a @file{/gnu/store} "
+"item is available from an external source---a @dfn{substitute}, Guix just downloads it and unpacks it; otherwise, it builds the "
+"package from source, locally (@pxref{Substitutes}). Because build results are usually bit-for-bit reproducible, users do not have "
+"to trust servers that provide substitutes: they can force a local build and @emph{challenge} providers (@pxref{Invoking guix "
+"challenge})."
+msgstr ""
+"Ce fondement permet à Guix de supporter le @dfn{déploiement transparent de binaire ou source}. Lorsqu'une binaire pré-construit pour "
+"une entrée de @file{/gnu/store} est disponible depuis une source externe (un @dfn{substitut}), Guix le télécharge simplement et le "
+"décompresse ; sinon, il construit le paquet depuis les sources localement (@pxref{Substituts}). Comme les résultats des "
+"constructions sont généralement reproductibles au bit près, si vous n'avez pas besoin de faire confiance aux serveurs qui "
+"fournissent les substituts : vous pouvez forcer une construction locale et @emph{défier} les fournisseurs (@pxref{Invoking guix "
+"challenge})."
+
+#. type: Plain text
+#: doc/guix.texi:1760
+msgid ""
+"Control over the build environment is a feature that is also useful for developers. The @command{guix environment} command allows "
+"developers of a package to quickly set up the right development environment for their package, without having to manually install "
+"the dependencies of the package into their profile (@pxref{Invoking guix environment})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:1762
+#, no-wrap
+msgid "Invoking @command{guix package}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1764
+#, no-wrap
+msgid "installing packages"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1765
+#, no-wrap
+msgid "removing packages"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1766
+#, no-wrap
+msgid "package installation"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1767
+#, no-wrap
+msgid "package removal"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1773
+msgid ""
+"The @command{guix package} command is the tool that allows users to install, upgrade, and remove packages, as well as rolling back "
+"to previous configurations. It operates only on the user's own profile, and works with normal user privileges (@pxref{Features}). "
+"Its syntax is:"
+msgstr ""
+"La commande @command{guix package} est l'outil qui permet d'installer, mettre à jour et supprimer les paquets ainsi que de revenir à "
+"une configuration précédente. Elle n'opère que dans le profil de l'utilisateur et fonctionne avec les privilèges utilisateurs "
+"normaux (@pxref{Fonctionnalités}). Sa syntaxe est :"
+
+#. type: example
+#: doc/guix.texi:1776
+#, no-wrap
+msgid "guix package @var{options}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1782
+msgid ""
+"Primarily, @var{options} specifies the operations to be performed during the transaction. Upon completion, a new profile is "
+"created, but previous @dfn{generations} of the profile remain available, should the user want to roll back."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1785
+msgid "For example, to remove @code{lua} and install @code{guile} and @code{guile-cairo} in a single transaction:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1788
+#, no-wrap
+msgid "guix package -r lua -i guile guile-cairo\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1794
+msgid ""
+"@command{guix package} also supports a @dfn{declarative approach} whereby the user specifies the exact set of packages to be "
+"available and passes it @i{via} the @option{--manifest} option (@pxref{profile-manifest, @option{--manifest}})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1795
+#, no-wrap
+msgid "profile"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1801
+msgid ""
+"For each user, a symlink to the user's default profile is automatically created in @file{$HOME/.guix-profile}. This symlink always "
+"points to the current generation of the user's default profile. Thus, users can add @file{$HOME/.guix-profile/bin} to their "
+"@code{PATH} environment variable, and so on."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1801 doc/guix.texi:1998
+#, no-wrap
+msgid "search paths"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1806
+msgid ""
+"If you are not using the Guix System Distribution, consider adding the following lines to your @file{~/.bash_profile} (@pxref{Bash "
+"Startup Files,,, bash, The GNU Bash Reference Manual}) so that newly-spawned shells get all the right environment variable "
+"definitions:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1810
+#, no-wrap
+msgid ""
+"GUIX_PROFILE=\"$HOME/.guix-profile\" ; \\\n"
+"source \"$HOME/.guix-profile/etc/profile\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1821
+msgid ""
+"In a multi-user setup, user profiles are stored in a place registered as a @dfn{garbage-collector root}, which @file{$HOME/.guix-"
+"profile} points to (@pxref{Invoking guix gc}). That directory is normally @code{@var{localstatedir}/guix/profiles/per-user/"
+"@var{user}}, where @var{localstatedir} is the value passed to @code{configure} as @code{--localstatedir}, and @var{user} is the user "
+"name. The @file{per-user} directory is created when @command{guix-daemon} is started, and the @var{user} sub-directory is created "
+"by @command{guix package}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:1823
+msgid "The @var{options} can be among the following:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1826
+#, no-wrap
+msgid "--install=@var{package} @dots{}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1827
+#, no-wrap
+msgid "-i @var{package} @dots{}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1829
+msgid "Install the specified @var{package}s."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1834
+msgid ""
+"Each @var{package} may specify either a simple package name, such as @code{guile}, or a package name followed by an at-sign and "
+"version number, such as @code{guile@@1.8.8} or simply @code{guile@@1.8} (in the latter case, the newest version prefixed by "
+"@code{1.8} is selected.)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1842
+msgid ""
+"If no version number is specified, the newest available version will be selected. In addition, @var{package} may contain a colon, "
+"followed by the name of one of the outputs of the package, as in @code{gcc:doc} or @code{binutils@@2.22:lib} (@pxref{Packages with "
+"Multiple Outputs}). Packages with a corresponding name (and optionally version) are searched for among the GNU distribution modules "
+"(@pxref{Package Modules})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1843
+#, no-wrap
+msgid "propagated inputs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1849
+msgid ""
+"Sometimes packages have @dfn{propagated inputs}: these are dependencies that automatically get installed along with the required "
+"package (@pxref{package-propagated-inputs, @code{propagated-inputs} in @code{package} objects}, for information about propagated "
+"inputs in package definitions)."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:1856
+msgid "package-cmd-propagated-inputs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1856
+msgid ""
+"An example is the GNU MPC library: its C header files refer to those of the GNU MPFR library, which in turn refer to those of the "
+"GMP library. Thus, when installing MPC, the MPFR and GMP libraries also get installed in the profile; removing MPC also removes "
+"MPFR and GMP---unless they had also been explicitly installed by the user."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1861
+msgid ""
+"Besides, packages sometimes rely on the definition of environment variables for their search paths (see explanation of @code{--"
+"search-paths} below). Any missing or possibly incorrect environment variable definitions are reported here."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1862
+#, no-wrap
+msgid "--install-from-expression=@var{exp}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1863
+#, no-wrap
+msgid "-e @var{exp}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1865
+msgid "Install the package @var{exp} evaluates to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1870
+msgid ""
+"@var{exp} must be a Scheme expression that evaluates to a @code{<package>} object. This option is notably useful to disambiguate "
+"between same-named variants of a package, with expressions such as @code{(@@ (gnu packages base) guile-final)}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1874
+msgid ""
+"Note that this option installs the first output of the specified package, which may be insufficient when needing a specific output "
+"of a multiple-output package."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1875
+#, no-wrap
+msgid "--install-from-file=@var{file}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1876 doc/guix.texi:5695
+#, no-wrap
+msgid "-f @var{file}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1878
+msgid "Install the package that the code within @var{file} evaluates to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1881 doc/guix.texi:7279
+msgid "As an example, @var{file} might contain a definition like this (@pxref{Defining Packages}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1884 doc/guix.texi:5705
+#, no-wrap
+msgid "@verbatiminclude package-hello.scm\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1890
+msgid ""
+"Developers may find it useful to include such a @file{guix.scm} file in the root of their project source tree that can be used to "
+"test development snapshots and create reproducible development environments (@pxref{Invoking guix environment})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1891
+#, no-wrap
+msgid "--remove=@var{package} @dots{}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1892
+#, no-wrap
+msgid "-r @var{package} @dots{}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1894
+msgid "Remove the specified @var{package}s."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1899
+msgid ""
+"As for @code{--install}, each @var{package} may specify a version number and/or output name in addition to the package name. For "
+"instance, @code{-r glibc:debug} would remove the @code{debug} output of @code{glibc}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1900
+#, no-wrap
+msgid "--upgrade[=@var{regexp} @dots{}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1901
+#, no-wrap
+msgid "-u [@var{regexp} @dots{}]"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1902
+#, no-wrap
+msgid "upgrading packages"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1906
+msgid ""
+"Upgrade all the installed packages. If one or more @var{regexp}s are specified, upgrade only installed packages whose name matches "
+"a @var{regexp}. Also see the @code{--do-not-upgrade} option below."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1911
+msgid ""
+"Note that this upgrades package to the latest version of packages found in the distribution currently installed. To update your "
+"distribution, you should regularly run @command{guix pull} (@pxref{Invoking guix pull})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1912
+#, no-wrap
+msgid "--do-not-upgrade[=@var{regexp} @dots{}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1917
+msgid ""
+"When used together with the @code{--upgrade} option, do @emph{not} upgrade any packages whose name matches a @var{regexp}. For "
+"example, to upgrade all packages in the current profile except those containing the substring ``emacs'':"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1920
+#, no-wrap
+msgid "$ guix package --upgrade . --do-not-upgrade emacs\n"
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:1922
+#, no-wrap
+msgid "profile-manifest"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1922 doc/guix.texi:2877 doc/guix.texi:6573 doc/guix.texi:7284 doc/guix.texi:7968
+#, no-wrap
+msgid "--manifest=@var{file}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1923 doc/guix.texi:2878 doc/guix.texi:6574 doc/guix.texi:7285
+#, no-wrap
+msgid "-m @var{file}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1924
+#, no-wrap
+msgid "profile declaration"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1925
+#, no-wrap
+msgid "profile manifest"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1928
+msgid "Create a new generation of the profile from the manifest object returned by the Scheme code in @var{file}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1934
+msgid ""
+"This allows you to @emph{declare} the profile's contents rather than constructing it through a sequence of @code{--install} and "
+"similar commands. The advantage is that @var{file} can be put under version control, copied to different machines to reproduce the "
+"same profile, and so on."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1938
+msgid "@var{file} must return a @dfn{manifest} object, which is roughly a list of packages:"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:1939
+#, no-wrap
+msgid "packages->manifest"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1942
+#, no-wrap
+msgid ""
+"(use-package-modules guile emacs)\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1948
+#, no-wrap
+msgid ""
+"(packages->manifest\n"
+" (list emacs\n"
+" guile-2.0\n"
+" ;; Use a specific package output.\n"
+" (list guile-2.0 \"debug\")))\n"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:1950
+#, no-wrap
+msgid "specifications->manifest"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1957
+msgid ""
+"In this example we have to know which modules define the @code{emacs} and @code{guile-2.0} variables to provide the right @code{use-"
+"package-modules} line, which can be cumbersome. We can instead provide regular package specifications and let @code{specifications-"
+">manifest} look up the corresponding package objects, like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:1961
+#, no-wrap
+msgid ""
+"(specifications->manifest\n"
+" '(\"emacs\" \"guile@@2.2\" \"guile@@2.2:debug\"))\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1963
+#, no-wrap
+msgid "--roll-back"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1964 doc/guix.texi:20365
+#, no-wrap
+msgid "rolling back"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1965
+#, no-wrap
+msgid "undoing transactions"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1966
+#, no-wrap
+msgid "transactions, undoing"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1969
+msgid "Roll back to the previous @dfn{generation} of the profile---i.e., undo the last transaction."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1972
+msgid "When combined with options such as @code{--install}, roll back occurs before any other actions."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1976
+msgid ""
+"When rolling back from the first generation that actually contains installed packages, the profile is made to point to the "
+"@dfn{zeroth generation}, which contains no files apart from its own metadata."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1980
+msgid ""
+"After having rolled back, installing, removing, or upgrading packages overwrites previous future generations. Thus, the history of "
+"the generations in a profile is always linear."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1981
+#, no-wrap
+msgid "--switch-generation=@var{pattern}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:1982
+#, no-wrap
+msgid "-S @var{pattern}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:1983 doc/guix.texi:2181 doc/guix.texi:20323
+#, no-wrap
+msgid "generations"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1985
+msgid "Switch to a particular generation defined by @var{pattern}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1991
+msgid ""
+"@var{pattern} may be either a generation number or a number prefixed with ``+'' or ``-''. The latter means: move forward/backward "
+"by a specified number of generations. For example, if you want to return to the latest generation after @code{--roll-back}, use "
+"@code{--switch-generation=+1}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:1996
+msgid ""
+"The difference between @code{--roll-back} and @code{--switch-generation=-1} is that @code{--switch-generation} will not make a "
+"zeroth generation, so if a specified generation does not exist, the current generation will not be changed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:1997
+#, no-wrap
+msgid "--search-paths[=@var{kind}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2003
+msgid ""
+"Report environment variable definitions, in Bash syntax, that may be needed in order to use the set of installed packages. These "
+"environment variables are used to specify @dfn{search paths} for files used by some of the installed packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2011
+msgid ""
+"For example, GCC needs the @code{CPATH} and @code{LIBRARY_PATH} environment variables to be defined so it can look for headers and "
+"libraries in the user's profile (@pxref{Environment Variables,,, gcc, Using the GNU Compiler Collection (GCC)}). If GCC and, say, "
+"the C library are installed in the profile, then @code{--search-paths} will suggest setting these variables to @code{@var{profile}/"
+"include} and @code{@var{profile}/lib}, respectively."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2014
+msgid "The typical use case is to define these environment variables in the shell:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2017
+#, no-wrap
+msgid "$ eval `guix package --search-paths`\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2023
+msgid ""
+"@var{kind} may be one of @code{exact}, @code{prefix}, or @code{suffix}, meaning that the returned environment variable definitions "
+"will either be exact settings, or prefixes or suffixes of the current value of these variables. When omitted, @var{kind} defaults "
+"to @code{exact}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2026
+msgid "This option can also be used to compute the @emph{combined} search paths of several profiles. Consider this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2031
+#, no-wrap
+msgid ""
+"$ guix package -p foo -i guile\n"
+"$ guix package -p bar -i guile-json\n"
+"$ guix package -p foo -p bar --search-paths\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2036
+msgid ""
+"The last command above reports about the @code{GUILE_LOAD_PATH} variable, even though, taken individually, neither @file{foo} nor "
+"@file{bar} would lead to that recommendation."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2038
+#, no-wrap
+msgid "--profile=@var{profile}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2039
+#, no-wrap
+msgid "-p @var{profile}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2041
+msgid "Use @var{profile} instead of the user's default profile."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2042
+#, no-wrap
+msgid "collisions, in a profile"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2043
+#, no-wrap
+msgid "colliding packages in profiles"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2044
+#, no-wrap
+msgid "profile collisions"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2045
+#, no-wrap
+msgid "--allow-collisions"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2047
+msgid "Allow colliding packages in the new profile. Use at your own risk!"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2051
+msgid ""
+"By default, @command{guix package} reports as an error @dfn{collisions} in the profile. Collisions happen when two or more "
+"different versions or variants of a given package end up in the profile."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2052 doc/guix.texi:2754 doc/guix.texi:7773
+#, no-wrap
+msgid "--verbose"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2055
+msgid "Produce verbose output. In particular, emit the build log of the environment on the standard error port."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2056 doc/guix.texi:2773 doc/guix.texi:2931
+#, no-wrap
+msgid "--bootstrap"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2059
+msgid "Use the bootstrap Guile to build the profile. This option is only useful to distribution developers."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2065
+msgid ""
+"In addition to these actions, @command{guix package} supports the following options to query the current state of a profile, or the "
+"availability of packages:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2068
+#, no-wrap
+msgid "--search=@var{regexp}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2069
+#, no-wrap
+msgid "-s @var{regexp}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2070
+#, no-wrap
+msgid "searching for packages"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2075
+msgid ""
+"List the available packages whose name, synopsis, or description matches @var{regexp}, sorted by relevance. Print all the metadata "
+"of matching packages in @code{recutils} format (@pxref{Top, GNU recutils databases,, recutils, GNU recutils manual})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2078
+msgid "This allows specific fields to be extracted using the @command{recsel} command, for instance:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2084
+#, no-wrap
+msgid ""
+"$ guix package -s malloc | recsel -p name,version,relevance\n"
+"name: jemalloc\n"
+"version: 4.5.0\n"
+"relevance: 6\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2088
+#, no-wrap
+msgid ""
+"name: glibc\n"
+"version: 2.25\n"
+"relevance: 1\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2092
+#, no-wrap
+msgid ""
+"name: libgc\n"
+"version: 7.6.0\n"
+"relevance: 1\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2096
+msgid "Similarly, to show the name of all the packages available under the terms of the GNU@tie{}LGPL version 3:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2100
+#, no-wrap
+msgid ""
+"$ guix package -s \"\" | recsel -p name -e 'license ~ \"LGPL 3\"'\n"
+"name: elfutils\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2103
+#, no-wrap
+msgid ""
+"name: gmp\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2108
+msgid ""
+"It is also possible to refine search results using several @code{-s} flags. For example, the following command returns a list of "
+"board games:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2113
+#, no-wrap
+msgid ""
+"$ guix package -s '\\<board\\>' -s game | recsel -p name\n"
+"name: gnubg\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2119
+msgid ""
+"If we were to omit @code{-s game}, we would also get software packages that deal with printed circuit boards; removing the angle "
+"brackets around @code{board} would further add packages that have to do with keyboards."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2123
+msgid ""
+"And now for a more elaborate example. The following command searches for cryptographic libraries, filters out Haskell, Perl, "
+"Python, and Ruby libraries, and prints the name and synopsis of the matching packages:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2127
+#, no-wrap
+msgid ""
+"$ guix package -s crypto -s library | \\\n"
+" recsel -e '! (name ~ \"^(ghc|perl|python|ruby)\")' -p name,synopsis\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2132
+msgid ""
+"@xref{Selection Expressions,,, recutils, GNU recutils manual}, for more information on @dfn{selection expressions} for @code{recsel -"
+"e}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2133
+#, no-wrap
+msgid "--show=@var{package}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2137
+msgid ""
+"Show details about @var{package}, taken from the list of available packages, in @code{recutils} format (@pxref{Top, GNU recutils "
+"databases,, recutils, GNU recutils manual})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2142
+#, no-wrap
+msgid ""
+"$ guix package --show=python | recsel -p name,version\n"
+"name: python\n"
+"version: 2.7.6\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2145
+#, no-wrap
+msgid ""
+"name: python\n"
+"version: 3.3.5\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2149
+msgid "You may also specify the full name of a package to only get details about a specific version of it:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2153
+#, no-wrap
+msgid ""
+"$ guix package --show=python@@3.4 | recsel -p name,version\n"
+"name: python\n"
+"version: 3.4.3\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2157
+#, no-wrap
+msgid "--list-installed[=@var{regexp}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2158
+#, no-wrap
+msgid "-I [@var{regexp}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2162
+msgid ""
+"List the currently installed packages in the specified profile, with the most recently installed packages shown last. When "
+"@var{regexp} is specified, list only installed packages whose name matches @var{regexp}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2168
+msgid ""
+"For each installed package, print the following items, separated by tabs: the package name, its version string, the part of the "
+"package that is installed (for instance, @code{out} for the default output, @code{include} for its headers, etc.), and the path of "
+"this package in the store."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2169
+#, no-wrap
+msgid "--list-available[=@var{regexp}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2170
+#, no-wrap
+msgid "-A [@var{regexp}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2174
+msgid ""
+"List packages currently available in the distribution for this system (@pxref{GNU Distribution}). When @var{regexp} is specified, "
+"list only installed packages whose name matches @var{regexp}."
+msgstr ""
+"Liste les paquets actuellement disponibles dans la distribution pour ce système (@pxref{Distribution GNU}). Lorsque @var{regexp} est "
+"spécifié, liste uniquement les paquets dont le nom correspond à @var{regexp}."
+
+#. type: table
+#: doc/guix.texi:2178
+msgid ""
+"For each package, print the following items separated by tabs: its name, its version string, the parts of the package "
+"(@pxref{Packages with Multiple Outputs}), and the source location of its definition."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2179
+#, no-wrap
+msgid "--list-generations[=@var{pattern}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2180
+#, no-wrap
+msgid "-l [@var{pattern}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2186
+msgid ""
+"Return a list of generations along with their creation dates; for each generation, show the installed packages, with the most "
+"recently installed packages shown last. Note that the zeroth generation is never shown."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2191
+msgid ""
+"For each installed package, print the following items, separated by tabs: the name of a package, its version string, the part of the "
+"package that is installed (@pxref{Packages with Multiple Outputs}), and the location of this package in the store."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2194
+msgid "When @var{pattern} is used, the command returns only matching generations. Valid patterns include:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2196
+#, no-wrap
+msgid "@emph{Integers and comma-separated integers}. Both patterns denote"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:2199
+msgid "generation numbers. For instance, @code{--list-generations=1} returns the first one."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:2202
+msgid ""
+"And @code{--list-generations=1,8,2} outputs three generations in the specified order. Neither spaces nor trailing commas are "
+"allowed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2203
+#, no-wrap
+msgid "@emph{Ranges}. @code{--list-generations=2..9} prints the"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:2206
+msgid "specified generations and everything in between. Note that the start of a range must be smaller than its end."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:2210
+msgid ""
+"It is also possible to omit the endpoint. For example, @code{--list-generations=2..}, returns all generations starting from the "
+"second one."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2211
+#, no-wrap
+msgid "@emph{Durations}. You can also get the last @emph{N}@tie{}days, weeks,"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:2215
+msgid ""
+"or months by passing an integer along with the first letter of the duration. For example, @code{--list-generations=20d} lists "
+"generations that are up to 20 days old."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2217
+#, no-wrap
+msgid "--delete-generations[=@var{pattern}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2218
+#, no-wrap
+msgid "-d [@var{pattern}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2221
+msgid "When @var{pattern} is omitted, delete all generations except the current one."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2227
+msgid ""
+"This command accepts the same patterns as @option{--list-generations}. When @var{pattern} is specified, delete the matching "
+"generations. When @var{pattern} specifies a duration, generations @emph{older} than the specified duration match. For instance, "
+"@code{--delete-generations=1m} deletes generations that are more than one month old."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2230
+msgid "If the current generation matches, it is @emph{not} deleted. Also, the zeroth generation is never deleted."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2233
+msgid "Note that deleting generations prevents rolling back to them. Consequently, this command must be used with care."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2244
+msgid ""
+"Finally, since @command{guix package} may actually start build processes, it supports all the common build options (@pxref{Common "
+"Build Options}). It also supports package transformation options, such as @option{--with-source} (@pxref{Package Transformation "
+"Options}). However, note that package transformations are lost when upgrading; to preserve transformations across upgrades, you "
+"should define your own package variant in a Guile module and add it to @code{GUIX_PACKAGE_PATH} (@pxref{Defining Packages})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2249
+#, no-wrap
+msgid "pre-built binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2255
+msgid ""
+"Guix supports transparent source/binary deployment, which means that it can either build things locally, or download pre-built items "
+"from a server, or both. We call these pre-built items @dfn{substitutes}---they are substitutes for local build results. In many "
+"cases, downloading a substitute is much faster than building things locally."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2260
+msgid ""
+"Substitutes can be anything resulting from a derivation build (@pxref{Derivations}). Of course, in the common case, they are pre-"
+"built package binaries, but source tarballs, for instance, which also result from derivation builds, can be available as substitutes."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2273
+#, no-wrap
+msgid "hydra"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2274
+#, no-wrap
+msgid "build farm"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2284
+msgid ""
+"The @code{mirror.hydra.gnu.org} server is a front-end to an official build farm that builds packages from Guix continuously for some "
+"architectures, and makes them available as substitutes. This is the default source of substitutes; it can be overridden by passing "
+"the @option{--substitute-urls} option either to @command{guix-daemon} (@pxref{daemon-substitute-urls,, @code{guix-daemon --"
+"substitute-urls}}) or to client tools such as @command{guix package} (@pxref{client-substitute-urls,, client @option{--substitute-"
+"urls} option})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2290
+msgid ""
+"Substitute URLs can be either HTTP or HTTPS. HTTPS is recommended because communications are encrypted; conversely, using HTTP "
+"makes all communications visible to an eavesdropper, who could use the information gathered to determine, for instance, whether your "
+"system has unpatched security vulnerabilities."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2299
+msgid ""
+"Substitutes from the official build farm are enabled by default when using the Guix System Distribution (@pxref{GNU Distribution}). "
+"However, they are disabled by default when using Guix on a foreign distribution, unless you have explicitly enabled them via one of "
+"the recommended installation steps (@pxref{Installation}). The following paragraphs describe how to enable or disable substitutes "
+"for the official build farm; the same procedure can also be used to enable substitutes for any other substitute server."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2303
+#, no-wrap
+msgid "security"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2305
+#, no-wrap
+msgid "access control list (ACL), for substitutes"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2306
+#, no-wrap
+msgid "ACL (access control list), for substitutes"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2313
+msgid ""
+"To allow Guix to download substitutes from @code{hydra.gnu.org} or a mirror thereof, you must add its public key to the access "
+"control list (ACL) of archive imports, using the @command{guix archive} command (@pxref{Invoking guix archive}). Doing so implies "
+"that you trust @code{hydra.gnu.org} to not be compromised and to serve genuine substitutes."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2320
+msgid ""
+"The public key for @code{hydra.gnu.org} is installed along with Guix, in @code{@var{prefix}/share/guix/hydra.gnu.org.pub}, where "
+"@var{prefix} is the installation prefix of Guix. If you installed Guix from source, make sure you checked the GPG signature of "
+"@file{guix-@value{VERSION}.tar.gz}, which contains this public key file. Then, you can run something like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2323
+#, no-wrap
+msgid "# guix archive --authorize < @var{prefix}/share/guix/hydra.gnu.org.pub\n"
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:2329
+msgid ""
+"Similarly, the @file{berlin.guixsd.org.pub} file contains the public key for the project's new build farm, reachable at "
+"@indicateurl{https://berlin.guixsd.org}."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:2334
+msgid ""
+"As of this writing @code{berlin.guixsd.org} is being upgraded so it can better scale up, but you might want to give it a try. It is "
+"backed by 20 x86_64/i686 build nodes and may be able to provide substitutes more quickly than @code{mirror.hydra.gnu.org}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2338
+msgid "Once this is in place, the output of a command like @code{guix build} should change from something like:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2347
+#, no-wrap
+msgid ""
+"$ guix build emacs --dry-run\n"
+"The following derivations would be built:\n"
+" /gnu/store/yr7bnx8xwcayd6j95r2clmkdl1qh688w-emacs-24.3.drv\n"
+" /gnu/store/x8qsh1hlhgjx6cwsjyvybnfv2i37z23w-dbus-1.6.4.tar.gz.drv\n"
+" /gnu/store/1ixwp12fl950d15h2cj11c73733jay0z-alsa-lib-1.0.27.1.tar.bz2.drv\n"
+" /gnu/store/nlma1pw0p603fpfiqy7kn4zm105r5dmw-util-linux-2.21.drv\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2351
+msgid "to something like:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2360
+#, no-wrap
+msgid ""
+"$ guix build emacs --dry-run\n"
+"112.3 MB would be downloaded:\n"
+" /gnu/store/pk3n22lbq6ydamyymqkkz7i69wiwjiwi-emacs-24.3\n"
+" /gnu/store/2ygn4ncnhrpr61rssa6z0d9x22si0va3-libjpeg-8d\n"
+" /gnu/store/71yz6lgx4dazma9dwn2mcjxaah9w77jq-cairo-1.12.16\n"
+" /gnu/store/7zdhgp0n1518lvfn8mb96sxqfmvqrl7v-libxrender-0.9.7\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2365
+msgid "This indicates that substitutes from @code{hydra.gnu.org} are usable and will be downloaded, when possible, for future builds."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2366
+#, no-wrap
+msgid "substitutes, how to disable"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2372
+msgid ""
+"The substitute mechanism can be disabled globally by running @code{guix-daemon} with @code{--no-substitutes} (@pxref{Invoking guix-"
+"daemon}). It can also be disabled temporarily by passing the @code{--no-substitutes} option to @command{guix package}, "
+"@command{guix build}, and other command-line tools."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2376
+#, no-wrap
+msgid "digital signatures"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2380
+msgid ""
+"Guix detects and raises an error when attempting to use a substitute that has been tampered with. Likewise, it ignores substitutes "
+"that are not signed, or that are not signed by one of the keys listed in the ACL."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2386
+msgid ""
+"There is one exception though: if an unauthorized server provides substitutes that are @emph{bit-for-bit identical} to those "
+"provided by an authorized server, then the unauthorized server becomes eligible for downloads. For example, assume we have chosen "
+"two substitute servers with this option:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2389
+#, no-wrap
+msgid "--substitute-urls=\"https://a.example.org https://b.example.org\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2400
+msgid ""
+"If the ACL contains only the key for @code{b.example.org}, and if @code{a.example.org} happens to serve the @emph{exact same} "
+"substitutes, then Guix will download substitutes from @code{a.example.org} because it comes first in the list and can be considered "
+"a mirror of @code{b.example.org}. In practice, independent build machines usually produce the same binaries, thanks to bit-"
+"reproducible builds (see below)."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2407
+msgid ""
+"When using HTTPS, the server's X.509 certificate is @emph{not} validated (in other words, the server is not authenticated), contrary "
+"to what HTTPS clients such as Web browsers usually do. This is because Guix authenticates substitute information itself, as "
+"explained above, which is what we care about (whereas X.509 certificates are about authenticating bindings between domain names and "
+"public keys.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2419
+msgid ""
+"Substitutes are downloaded over HTTP or HTTPS. The @code{http_proxy} environment variable can be set in the environment of "
+"@command{guix-daemon} and is honored for downloads of substitutes. Note that the value of @code{http_proxy} in the environment "
+"where @command{guix build}, @command{guix package}, and other client commands are run has @emph{absolutely no effect}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2428
+msgid ""
+"Even when a substitute for a derivation is available, sometimes the substitution attempt will fail. This can happen for a variety "
+"of reasons: the substitute server might be offline, the substitute may recently have been deleted, the connection might have been "
+"interrupted, etc."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2442
+msgid ""
+"When substitutes are enabled and a substitute for a derivation is available, but the substitution attempt fails, Guix will attempt "
+"to build the derivation locally depending on whether or not @code{--fallback} was given (@pxref{fallback-option,, common build "
+"option @code{--fallback}}). Specifically, if @code{--fallback} was omitted, then no local build will be performed, and the "
+"derivation is considered to have failed. However, if @code{--fallback} was given, then Guix will attempt to build the derivation "
+"locally, and the success or failure of the derivation depends on the success or failure of the local build. Note that when "
+"substitutes are disabled or no substitute is available for the derivation in question, a local build will @emph{always} be "
+"performed, regardless of whether or not @code{--fallback} was given."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2447
+msgid ""
+"To get an idea of how many substitutes are available right now, you can try running the @command{guix weather} command "
+"(@pxref{Invoking guix weather}). This command provides statistics on the substitutes provided by a server."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2451
+#, no-wrap
+msgid "trust, of pre-built binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2461
+msgid ""
+"Today, each individual's control over their own computing is at the mercy of institutions, corporations, and groups with enough "
+"power and determination to subvert the computing infrastructure and exploit its weaknesses. While using @code{hydra.gnu.org} "
+"substitutes can be convenient, we encourage users to also build on their own, or even run their own build farm, such that "
+"@code{hydra.gnu.org} is less of an interesting target. One way to help is by publishing the software you build using @command{guix "
+"publish} so that others have one more choice of server to download substitutes from (@pxref{Invoking guix publish})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2473
+msgid ""
+"Guix has the foundations to maximize build reproducibility (@pxref{Features}). In most cases, independent builds of a given package "
+"or derivation should yield bit-identical results. Thus, through a diverse set of independent package builds, we can strengthen the "
+"integrity of our systems. The @command{guix challenge} command aims to help users assess substitute servers, and to assist "
+"developers in finding out about non-deterministic package builds (@pxref{Invoking guix challenge}). Similarly, the @option{--check} "
+"option of @command{guix build} allows users to check whether previously-installed substitutes are genuine by rebuilding them locally "
+"(@pxref{build-check, @command{guix build --check}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2477
+msgid ""
+"In the future, we want Guix to have support to publish and retrieve binaries to/from other users, in a peer-to-peer fashion. If you "
+"would like to discuss this project, join us on @email{guix-devel@@gnu.org}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2481
+#, no-wrap
+msgid "multiple-output packages"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2482
+#, no-wrap
+msgid "package outputs"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2483
+#, no-wrap
+msgid "outputs"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2493
+msgid ""
+"Often, packages defined in Guix have a single @dfn{output}---i.e., the source package leads to exactly one directory in the store. "
+"When running @command{guix package -i glibc}, one installs the default output of the GNU libc package; the default output is called "
+"@code{out}, but its name can be omitted as shown in this command. In this particular case, the default output of @code{glibc} "
+"contains all the C header files, shared libraries, static libraries, Info documentation, and other supporting files."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2501
+msgid ""
+"Sometimes it is more appropriate to separate the various types of files produced from a single source package into separate "
+"outputs. For instance, the GLib C library (used by GTK+ and related packages) installs more than 20 MiB of reference documentation "
+"as HTML pages. To save space for users who do not need it, the documentation goes to a separate output, called @code{doc}. To "
+"install the main GLib output, which contains everything but the documentation, one would run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2504
+#, no-wrap
+msgid "guix package -i glib\n"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:2506 doc/guix.texi:21259
+#, no-wrap
+msgid "documentation"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2508
+msgid "The command to install its documentation is:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2511
+#, no-wrap
+msgid "guix package -i glib:doc\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2522
+msgid ""
+"Some packages install programs with different ``dependency footprints''. For instance, the WordNet package installs both command-"
+"line tools and graphical user interfaces (GUIs). The former depend solely on the C library, whereas the latter depend on Tcl/Tk and "
+"the underlying X libraries. In this case, we leave the command-line tools in the default output, whereas the GUIs are in a separate "
+"output. This allows users who do not need the GUIs to save space. The @command{guix size} command can help find out about such "
+"situations (@pxref{Invoking guix size}). @command{guix graph} can also be helpful (@pxref{Invoking guix graph})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2530
+msgid ""
+"There are several such multiple-output packages in the GNU distribution. Other conventional output names include @code{lib} for "
+"libraries and possibly header files, @code{bin} for stand-alone programs, and @code{debug} for debugging information "
+"(@pxref{Installing Debugging Files}). The outputs of a packages are listed in the third column of the output of @command{guix "
+"package --list-available} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:2533
+#, no-wrap
+msgid "Invoking @command{guix gc}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2535
+#, no-wrap
+msgid "garbage collector"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2536
+#, no-wrap
+msgid "disk space"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2542
+msgid ""
+"Packages that are installed, but not used, may be @dfn{garbage-collected}. The @command{guix gc} command allows users to explicitly "
+"run the garbage collector to reclaim space from the @file{/gnu/store} directory. It is the @emph{only} way to remove files from "
+"@file{/gnu/store}---removing files or directories manually may break it beyond repair!"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2553
+msgid ""
+"The garbage collector has a set of known @dfn{roots}: any file under @file{/gnu/store} reachable from a root is considered "
+"@dfn{live} and cannot be deleted; any other file is considered @dfn{dead} and may be deleted. The set of garbage collector roots "
+"(``GC roots'' for short) includes default user profiles; by default, the symlinks under @file{/var/guix/gcroots} represent these GC "
+"roots. New GC roots can be added with @command{guix build --root}, for example (@pxref{Invoking guix build})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2559
+msgid ""
+"Prior to running @code{guix gc --collect-garbage} to make space, it is often useful to remove old generations from user profiles; "
+"that way, old package builds referenced by those generations can be reclaimed. This is achieved by running @code{guix package --"
+"delete-generations} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2563
+msgid ""
+"Our recommendation is to run a garbage collection periodically, or when you are short on disk space. For instance, to guarantee "
+"that at least 5@tie{}GB are available on your disk, simply run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2566
+#, no-wrap
+msgid "guix gc -F 5G\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2575
+msgid ""
+"It is perfectly safe to run as a non-interactive periodic job (@pxref{Scheduled Job Execution}, for how to set up such a job on "
+"GuixSD). Running @command{guix gc} with no arguments will collect as much garbage as it can, but that is often inconvenient: you "
+"may find yourself having to rebuild or re-download software that is ``dead'' from the GC viewpoint but that is necessary to build "
+"other pieces of software---e.g., the compiler tool chain."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2581
+msgid ""
+"The @command{guix gc} command has three modes of operation: it can be used to garbage-collect any dead files (the default), to "
+"delete specific files (the @code{--delete} option), to print garbage-collector information, or for more advanced queries. The "
+"garbage collection options are as follows:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2583
+#, no-wrap
+msgid "--collect-garbage[=@var{min}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2584
+#, no-wrap
+msgid "-C [@var{min}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2588
+msgid ""
+"Collect garbage---i.e., unreachable @file{/gnu/store} files and sub-directories. This is the default operation when no option is "
+"specified."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2593
+msgid ""
+"When @var{min} is given, stop once @var{min} bytes have been collected. @var{min} may be a number of bytes, or it may include a "
+"unit as a suffix, such as @code{MiB} for mebibytes and @code{GB} for gigabytes (@pxref{Block size, size specifications,, coreutils, "
+"GNU Coreutils})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2595
+msgid "When @var{min} is omitted, collect all the garbage."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2596
+#, no-wrap
+msgid "--free-space=@var{free}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2597
+#, no-wrap
+msgid "-F @var{free}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2601
+msgid ""
+"Collect garbage until @var{free} space is available under @file{/gnu/store}, if possible; @var{free} denotes storage space, such as "
+"@code{500MiB}, as described above."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2604
+msgid "When @var{free} or more is already available in @file{/gnu/store}, do nothing and exit immediately."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2605
+#, no-wrap
+msgid "--delete"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2606 doc/guix.texi:5836 doc/guix.texi:20536
+#, no-wrap
+msgid "-d"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2610
+msgid ""
+"Attempt to delete all the store files and directories specified as arguments. This fails if some of the files are not in the store, "
+"or if they are still live."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2611
+#, no-wrap
+msgid "--list-failures"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2613
+msgid "List store items corresponding to cached build failures."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2617
+msgid ""
+"This prints nothing unless the daemon was started with @option{--cache-failures} (@pxref{Invoking guix-daemon, @option{--cache-"
+"failures}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2618
+#, no-wrap
+msgid "--clear-failures"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2620
+msgid "Remove the specified store items from the failed-build cache."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2623
+msgid "Again, this option only makes sense when the daemon is started with @option{--cache-failures}. Otherwise, it does nothing."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2624
+#, no-wrap
+msgid "--list-dead"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2627
+msgid ""
+"Show the list of dead files and directories still present in the store---i.e., files and directories no longer reachable from any "
+"root."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2628
+#, no-wrap
+msgid "--list-live"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2630
+msgid "Show the list of live store files and directories."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2634
+msgid "In addition, the references among existing store files can be queried:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2637
+#, no-wrap
+msgid "--references"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2638
+#, no-wrap
+msgid "--referrers"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2639 doc/guix.texi:6931
+#, no-wrap
+msgid "package dependencies"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2642
+msgid "List the references (respectively, the referrers) of store files given as arguments."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2643
+#, no-wrap
+msgid "--requisites"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2644
+#, no-wrap
+msgid "-R"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2645 doc/guix.texi:6815 doc/guix.texi:6839 doc/guix.texi:6903
+#, no-wrap
+msgid "closure"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2650
+msgid ""
+"List the requisites of the store files passed as arguments. Requisites include the store files themselves, their references, and "
+"the references of these, recursively. In other words, the returned list is the @dfn{transitive closure} of the store files."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2654
+msgid ""
+"@xref{Invoking guix size}, for a tool to profile the size of the closure of an element. @xref{Invoking guix graph}, for a tool to "
+"visualize the graph of references."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2655
+#, no-wrap
+msgid "--derivers"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2656 doc/guix.texi:3122 doc/guix.texi:7016
+#, no-wrap
+msgid "derivation"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2659
+msgid "Return the derivation(s) leading to the given store items (@pxref{Derivations})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2661
+msgid "For example, this command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2664
+#, no-wrap
+msgid "guix gc --derivers `guix package -I ^emacs$ | cut -f4`\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2669
+msgid "returns the @file{.drv} file(s) leading to the @code{emacs} package installed in your profile."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2673
+msgid ""
+"Note that there may be zero matching @file{.drv} files, for instance because these files have been garbage-collected. There can "
+"also be more than one matching @file{.drv} due to fixed-output derivations."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2677
+msgid "Lastly, the following options allow you to check the integrity of the store and to control disk usage."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2680
+#, no-wrap
+msgid "--verify[=@var{options}]"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2681
+#, no-wrap
+msgid "integrity, of the store"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2682
+#, no-wrap
+msgid "integrity checking"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2684
+msgid "Verify the integrity of the store."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2687
+msgid ""
+"By default, make sure that all the store items marked as valid in the database of the daemon actually exist in @file{/gnu/store}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2690
+msgid "When provided, @var{options} must be a comma-separated list containing one or more of @code{contents} and @code{repair}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2696
+msgid ""
+"When passing @option{--verify=contents}, the daemon computes the content hash of each store item and compares it against its hash in "
+"the database. Hash mismatches are reported as data corruptions. Because it traverses @emph{all the files in the store}, this "
+"command can take a long time, especially on systems with a slow disk drive."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2697
+#, no-wrap
+msgid "repairing the store"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2698 doc/guix.texi:5829
+#, no-wrap
+msgid "corruption, recovering from"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2706
+msgid ""
+"Using @option{--verify=repair} or @option{--verify=contents,repair} causes the daemon to try to repair corrupt store items by "
+"fetching substitutes for them (@pxref{Substitutes}). Because repairing is not atomic, and thus potentially dangerous, it is "
+"available only to the system administrator. A lightweight alternative, when you know exactly which items in the store are corrupt, "
+"is @command{guix build --repair} (@pxref{Invoking guix build})."
+msgstr ""
+"Utiliser @option{--verify=repair} ou @option{--verify=contents,repair} fait que le démon essaie de réparer les objets du dépôt "
+"corrompus en récupérant leurs substituts (@pxref{Substituts}). Comme la réparation n'est pas atomique et donc potentiellement "
+"dangereuse, elle n'est disponible que pour l'administrateur système. Une alternative plus légère lorsque vous connaissez exactement "
+"quelle entrée est corrompue consiste à lancer @command{guix build --repair} (@pxref{Invoking guix build})."
+
+#. type: item
+#: doc/guix.texi:2707
+#, no-wrap
+msgid "--optimize"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2711
+msgid "Optimize the store by hard-linking identical files---this is @dfn{deduplication}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2717
+msgid ""
+"The daemon performs deduplication after each successful build or archive import, unless it was started with @code{--disable-"
+"deduplication} (@pxref{Invoking guix-daemon, @code{--disable-deduplication}}). Thus, this option is primarily useful when the "
+"daemon was running with @code{--disable-deduplication}."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:2721
+#, no-wrap
+msgid "Invoking @command{guix pull}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2723
+#, no-wrap
+msgid "upgrading Guix"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2724
+#, no-wrap
+msgid "updating Guix"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:2725
+#, no-wrap
+msgid "guix pull"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2726
+#, no-wrap
+msgid "pull"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2733
+msgid ""
+"Packages are installed or upgraded to the latest version available in the distribution currently available on your local machine. "
+"To update that distribution, along with the Guix tools, you must run @command{guix pull}: the command downloads the latest Guix "
+"source code and package descriptions, and deploys it. Source code is downloaded from a @uref{https://git-scm.com, Git} repository."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2739
+msgid ""
+"On completion, @command{guix package} will use packages and package versions from this just-retrieved copy of Guix. Not only that, "
+"but all the Guix commands and Scheme modules will also be taken from that latest version. New @command{guix} sub-commands added by "
+"the update also become available."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2749
+msgid ""
+"Any user can update their Guix copy using @command{guix pull}, and the effect is limited to the user who run @command{guix pull}. "
+"For instance, when user @code{root} runs @command{guix pull}, this has no effect on the version of Guix that user @code{alice} sees, "
+"and vice versa@footnote{Under the hood, @command{guix pull} updates the @file{~/.config/guix/latest} symbolic link to point to the "
+"latest Guix, and the @command{guix} command loads code from there. Currently, the only way to roll back an invocation of "
+"@command{guix pull} is to manually update this symlink to point to the previous Guix.}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2752
+msgid "The @command{guix pull} command is usually invoked with no arguments, but it supports the following options:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2756
+msgid "Produce verbose output, writing build logs to the standard error output."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2757
+#, no-wrap
+msgid "--url=@var{url}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2759
+msgid "Download Guix from the Git repository at @var{url}."
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:2760
+#, no-wrap
+msgid "GUIX_PULL_URL"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2764
+msgid ""
+"By default, the source is taken from its canonical Git repository at @code{gnu.org}, for the stable branch of Guix. To use a "
+"different source, set the @code{GUIX_PULL_URL} environment variable."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2765
+#, no-wrap
+msgid "--commit=@var{commit}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2768
+msgid "Deploy @var{commit}, a valid Git commit ID represented as a hexadecimal string."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2769
+#, no-wrap
+msgid "--branch=@var{branch}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2772
+msgid "Deploy the tip of @var{branch}, the name of a Git branch available on the repository at @var{url}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2776
+msgid "Use the bootstrap Guile to build the latest Guix. This option is only useful to Guix developers."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2780
+msgid "In addition, @command{guix pull} supports all the common build options (@pxref{Common Build Options})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:2782
+#, no-wrap
+msgid "Invoking @command{guix pack}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2788
+msgid ""
+"Occasionally you want to pass software to people who are not (yet!) lucky enough to be using Guix. You'd tell them to run "
+"@command{guix package -i @var{something}}, but that's not possible in this case. This is where @command{guix pack} comes in."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:2793
+msgid ""
+"If you are looking for ways to exchange binaries among machines that already run Guix, @pxref{Invoking guix copy}, @ref{Invoking "
+"guix publish}, and @ref{Invoking guix archive}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2795
+#, no-wrap
+msgid "pack"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2796
+#, no-wrap
+msgid "bundle"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2797
+#, no-wrap
+msgid "application bundle"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2798
+#, no-wrap
+msgid "software bundle"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2807
+msgid ""
+"The @command{guix pack} command creates a shrink-wrapped @dfn{pack} or @dfn{software bundle}: it creates a tarball or some other "
+"archive containing the binaries of the software you're interested in, and all its dependencies. The resulting archive can be used "
+"on any machine that does not have Guix, and people can run the exact same binaries as those you have with Guix. The pack itself is "
+"created in a bit-reproducible fashion, so anyone can verify that it really contains the build results that you pretend to be "
+"shipping."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2810
+msgid "For example, to create a bundle containing Guile, Emacs, Geiser, and all their dependencies, you can run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2815
+#, no-wrap
+msgid ""
+"$ guix pack guile emacs geiser\n"
+"@dots{}\n"
+"/gnu/store/@dots{}-pack.tar.gz\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2823
+msgid ""
+"The result here is a tarball containing a @file{/gnu/store} directory with all the relevant packages. The resulting tarball "
+"contains a @dfn{profile} with the three packages of interest; the profile is the same as would be created by @command{guix package -"
+"i}. It is this mechanism that is used to create Guix's own standalone binary tarball (@pxref{Binary Installation})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2828
+msgid ""
+"Users of this pack would have to run @file{/gnu/store/@dots{}-profile/bin/guile} to run Guile, which you may find inconvenient. To "
+"work around it, you can create, say, a @file{/opt/gnu/bin} symlink to the profile:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2831
+#, no-wrap
+msgid "guix pack -S /opt/gnu/bin=bin guile emacs geiser\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2835
+msgid "That way, users can happily type @file{/opt/gnu/bin/guile} and enjoy."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2838
+msgid "Alternatively, you can produce a pack in the Docker image format using the following command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2841
+#, no-wrap
+msgid "guix pack -f docker guile emacs geiser\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2848
+msgid ""
+"The result is a tarball that can be passed to the @command{docker load} command. See the @uref{https://docs.docker.com/engine/"
+"reference/commandline/load/, Docker documentation} for more information."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2850
+msgid "Several command-line options allow you to customize your pack:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2852
+#, no-wrap
+msgid "--format=@var{format}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2853
+#, no-wrap
+msgid "-f @var{format}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2855
+msgid "Produce a pack in the given @var{format}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2857
+msgid "The available formats are:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2859
+#, no-wrap
+msgid "tarball"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2862
+msgid "This is the default format. It produces a tarball containing all the specified binaries and symlinks."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2863
+#, no-wrap
+msgid "docker"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2867
+msgid ""
+"This produces a tarball that follows the @uref{https://github.com/docker/docker/blob/master/image/spec/v1.2.md, Docker Image "
+"Specification}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2869 doc/guix.texi:5707 doc/guix.texi:6532 doc/guix.texi:7093 doc/guix.texi:7243 doc/guix.texi:20522
+#, no-wrap
+msgid "--expression=@var{expr}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2870 doc/guix.texi:5708 doc/guix.texi:6533 doc/guix.texi:7094 doc/guix.texi:7244 doc/guix.texi:20523
+#, no-wrap
+msgid "-e @var{expr}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2872 doc/guix.texi:6535 doc/guix.texi:7096
+msgid "Consider the package @var{expr} evaluates to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2876
+msgid ""
+"This has the same purpose as the same-named option in @command{guix build} (@pxref{Additional Build Options, @code{--expression} in "
+"@command{guix build}})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2881
+msgid "Use the packages contained in the manifest object returned by the Scheme code in @var{file}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2889
+msgid ""
+"This has a similar purpose as the same-named option in @command{guix package} (@pxref{profile-manifest, @option{--manifest}}) and "
+"uses the same manifest files. It allows you to define a collection of packages once and use it both for creating profiles and for "
+"creating archives for use on machines that do not have Guix installed. Note that you can specify @emph{either} a manifest file "
+"@emph{or} a list of packages, but not both."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2891 doc/guix.texi:5780 doc/guix.texi:6921 doc/guix.texi:7329 doc/guix.texi:7963 doc/guix.texi:20531
+#, no-wrap
+msgid "-s @var{system}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2894 doc/guix.texi:5783
+msgid "Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of the system type of the build host."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2895 doc/guix.texi:5804
+#, no-wrap
+msgid "--target=@var{triplet}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2896 doc/guix.texi:3322 doc/guix.texi:5805
+#, no-wrap
+msgid "cross-compilation"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2900 doc/guix.texi:5809
+msgid ""
+"Cross-build for @var{triplet}, which must be a valid GNU triplet, such as @code{\"mips64el-linux-gnu\"} (@pxref{Specifying target "
+"triplets, GNU configuration triplets,, autoconf, Autoconf})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2901
+#, no-wrap
+msgid "--compression=@var{tool}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2902
+#, no-wrap
+msgid "-C @var{tool}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2905
+msgid ""
+"Compress the resulting tarball using @var{tool}---one of @code{gzip}, @code{bzip2}, @code{xz}, @code{lzip}, or @code{none} for no "
+"compression."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2906
+#, no-wrap
+msgid "--symlink=@var{spec}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:2907
+#, no-wrap
+msgid "-S @var{spec}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2910
+msgid "Add the symlinks specified by @var{spec} to the pack. This option can appear several times."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2914
+msgid ""
+"@var{spec} has the form @code{@var{source}=@var{target}}, where @var{source} is the symlink that will be created and @var{target} is "
+"the symlink target."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2917
+msgid ""
+"For instance, @code{-S /opt/gnu/bin=bin} creates a @file{/opt/gnu/bin} symlink pointing to the @file{bin} sub-directory of the "
+"profile."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:2918
+#, no-wrap
+msgid "--localstatedir"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2921
+msgid "Include the ``local state directory'', @file{/var/guix}, in the resulting pack."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2927
+msgid ""
+"@file{/var/guix} contains the store database (@pxref{The Store}) as well as garbage-collector roots (@pxref{Invoking guix gc}). "
+"Providing it in the pack means that the store is ``complete'' and manageable by Guix; not providing it pack means that the store is "
+"``dead'': items cannot be added to it or removed from it after extraction of the pack."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2930
+msgid "One use case for this is the Guix self-contained binary tarball (@pxref{Binary Installation})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:2934
+msgid "Use the bootstrap binaries to build the pack. This option is only useful to Guix developers."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2939
+msgid ""
+"In addition, @command{guix pack} supports all the common build options (@pxref{Common Build Options}) and all the package "
+"transformation options (@pxref{Package Transformation Options})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:2942
+#, no-wrap
+msgid "Invoking @command{guix archive}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:2944
+#, no-wrap
+msgid "guix archive"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2945
+#, no-wrap
+msgid "archive"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2951
+msgid ""
+"The @command{guix archive} command allows users to @dfn{export} files from the store into a single archive, and to later "
+"@dfn{import} them on a machine that runs Guix. In particular, it allows store files to be transferred from one machine to the store "
+"on another machine."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:2955
+msgid "If you're looking for a way to produce archives in a format suitable for tools other than Guix, @pxref{Invoking guix pack}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:2957
+#, no-wrap
+msgid "exporting store items"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2959
+msgid "To export store files as an archive to standard output, run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2962
+#, no-wrap
+msgid "guix archive --export @var{options} @var{specifications}...\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2969
+msgid ""
+"@var{specifications} may be either store file names or package specifications, as for @command{guix package} (@pxref{Invoking guix "
+"package}). For instance, the following command creates an archive containing the @code{gui} output of the @code{git} package and "
+"the main output of @code{emacs}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2972
+#, no-wrap
+msgid "guix archive --export git:gui /gnu/store/...-emacs-24.3 > great.nar\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2977
+msgid ""
+"If the specified packages are not built yet, @command{guix archive} automatically builds them. The build process may be controlled "
+"with the common build options (@pxref{Common Build Options})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2980
+msgid "To transfer the @code{emacs} package to a machine connected over SSH, one would run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2983
+#, no-wrap
+msgid "guix archive --export -r emacs | ssh the-machine guix archive --import\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:2988
+msgid "Similarly, a complete user profile may be transferred from one machine to another like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:2992
+#, no-wrap
+msgid ""
+"guix archive --export -r $(readlink -f ~/.guix-profile) | \\\n"
+" ssh the-machine guix-archive --import\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3002
+msgid ""
+"However, note that, in both examples, all of @code{emacs} and the profile as well as all of their dependencies are transferred (due "
+"to @code{-r}), regardless of what is already available in the store on the target machine. The @code{--missing} option can help "
+"figure out which items are missing from the target store. The @command{guix copy} command simplifies and optimizes this whole "
+"process, so this is probably what you should use in this case (@pxref{Invoking guix copy})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3003
+#, no-wrap
+msgid "nar, archive format"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3004
+#, no-wrap
+msgid "normalized archive (nar)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3014
+msgid ""
+"Archives are stored in the ``normalized archive'' or ``nar'' format, which is comparable in spirit to `tar', but with differences "
+"that make it more appropriate for our purposes. First, rather than recording all Unix metadata for each file, the nar format only "
+"mentions the file type (regular, directory, or symbolic link); Unix permissions and owner/group are dismissed. Second, the order in "
+"which directory entries are stored always follows the order of file names according to the C locale collation order. This makes "
+"archive production fully deterministic."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3020
+msgid ""
+"When exporting, the daemon digitally signs the contents of the archive, and that digital signature is appended. When importing, the "
+"daemon verifies the signature and rejects the import in case of an invalid signature or if the signing key is not authorized."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3022
+msgid "The main options are:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3024
+#, no-wrap
+msgid "--export"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3027
+msgid "Export the specified store files or packages (see below.) Write the resulting archive to the standard output."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3030
+msgid "Dependencies are @emph{not} included in the output, unless @code{--recursive} is passed."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:3031 doc/guix.texi:6076
+#, no-wrap
+msgid "-r"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3032 doc/guix.texi:6075
+#, no-wrap
+msgid "--recursive"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3037
+msgid ""
+"When combined with @code{--export}, this instructs @command{guix archive} to include dependencies of the given items in the "
+"archive. Thus, the resulting archive is self-contained: it contains the closure of the exported store items."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3038
+#, no-wrap
+msgid "--import"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3043
+msgid ""
+"Read an archive from the standard input, and import the files listed therein into the store. Abort if the archive has an invalid "
+"digital signature, or if it is signed by a public key not among the authorized keys (see @code{--authorize} below.)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3044
+#, no-wrap
+msgid "--missing"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3048
+msgid ""
+"Read a list of store file names from the standard input, one per line, and write on the standard output the subset of these files "
+"missing from the store."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3049
+#, no-wrap
+msgid "--generate-key[=@var{parameters}]"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3050
+#, no-wrap
+msgid "signing, archives"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3055
+msgid ""
+"Generate a new key pair for the daemon. This is a prerequisite before archives can be exported with @code{--export}. Note that "
+"this operation usually takes time, because it needs to gather enough entropy to generate the key pair."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3065
+msgid ""
+"The generated key pair is typically stored under @file{/etc/guix}, in @file{signing-key.pub} (public key) and @file{signing-key.sec} "
+"(private key, which must be kept secret.) When @var{parameters} is omitted, an ECDSA key using the Ed25519 curve is generated, or, "
+"for Libgcrypt versions before 1.6.0, it is a 4096-bit RSA key. Alternatively, @var{parameters} can specify @code{genkey} parameters "
+"suitable for Libgcrypt (@pxref{General public-key related Functions, @code{gcry_pk_genkey},, gcrypt, The Libgcrypt Reference "
+"Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3066
+#, no-wrap
+msgid "--authorize"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3067
+#, no-wrap
+msgid "authorizing, archives"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3071
+msgid ""
+"Authorize imports signed by the public key passed on standard input. The public key must be in ``s-expression advanced format''---i."
+"e., the same format as the @file{signing-key.pub} file."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3078
+msgid ""
+"The list of authorized keys is kept in the human-editable file @file{/etc/guix/acl}. The file contains @url{http://people.csail.mit."
+"edu/rivest/Sexp.txt, ``advanced-format s-expressions''} and is structured as an access-control list in the @url{http://theworld.com/"
+"~cme/spki.txt, Simple Public-Key Infrastructure (SPKI)}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3079
+#, no-wrap
+msgid "--extract=@var{directory}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:3080
+#, no-wrap
+msgid "-x @var{directory}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3084
+msgid ""
+"Read a single-item archive as served by substitute servers (@pxref{Substitutes}) and extract it to @var{directory}. This is a low-"
+"level operation needed in only very narrow use cases; see below."
+msgstr ""
+"Lit une archive à un seul élément telle que servie par un serveur de substituts (@pxref{Substituts}) et l'extrait dans "
+"@var{directory}. C'est une opération de bas niveau requise seulement dans de rares cas d'usage ; voir plus loin."
+
+#. type: table
+#: doc/guix.texi:3087
+msgid "For example, the following command extracts the substitute for Emacs served by @code{hydra.gnu.org} to @file{/tmp/emacs}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3092
+#, no-wrap
+msgid ""
+"$ wget -O - \\\n"
+" https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \\\n"
+" | bunzip2 | guix archive -x /tmp/emacs\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3099
+msgid ""
+"Single-item archives are different from multiple-item archives produced by @command{guix archive --export}; they contain a single "
+"store item, and they do @emph{not} embed a signature. Thus this operation does @emph{no} signature verification and its output "
+"should be considered unsafe."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3102
+msgid ""
+"The primary purpose of this operation is to facilitate inspection of archive contents coming from possibly untrusted substitute "
+"servers."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3115
+msgid ""
+"GNU Guix provides several Scheme programming interfaces (APIs) to define, build, and query packages. The first interface allows "
+"users to write high-level package definitions. These definitions refer to familiar packaging concepts, such as the name and version "
+"of a package, its build system, and its dependencies. These definitions can then be turned into concrete build actions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3121
+msgid ""
+"Build actions are performed by the Guix daemon, on behalf of users. In a standard setup, the daemon has write access to the store---"
+"the @file{/gnu/store} directory---whereas users do not. The recommended setup also has the daemon perform builds in chroots, under "
+"a specific build users, to minimize interference with the rest of the system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3130
+msgid ""
+"Lower-level APIs are available to interact with the daemon and the store. To instruct the daemon to perform a build action, users "
+"actually provide it with a @dfn{derivation}. A derivation is a low-level representation of the build actions to be taken, and the "
+"environment in which they should occur---derivations are to package definitions what assembly is to C programs. The term "
+"``derivation'' comes from the fact that build results @emph{derive} from them."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3133
+msgid "This chapter describes all these APIs in turn, starting from high-level package definitions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3150
+msgid ""
+"The high-level interface to package definitions is implemented in the @code{(guix packages)} and @code{(guix build-system)} "
+"modules. As an example, the package definition, or @dfn{recipe}, for the GNU Hello package looks like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3158
+#, no-wrap
+msgid ""
+"(define-module (gnu packages hello)\n"
+" #:use-module (guix packages)\n"
+" #:use-module (guix download)\n"
+" #:use-module (guix build-system gnu)\n"
+" #:use-module (guix licenses)\n"
+" #:use-module (gnu packages gawk))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3177
+#, no-wrap
+msgid ""
+"(define-public hello\n"
+" (package\n"
+" (name \"hello\")\n"
+" (version \"2.10\")\n"
+" (source (origin\n"
+" (method url-fetch)\n"
+" (uri (string-append \"mirror://gnu/hello/hello-\" version\n"
+" \".tar.gz\"))\n"
+" (sha256\n"
+" (base32\n"
+" \"0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i\"))))\n"
+" (build-system gnu-build-system)\n"
+" (arguments '(#:configure-flags '(\"--enable-silent-rules\")))\n"
+" (inputs `((\"gawk\" ,gawk)))\n"
+" (synopsis \"Hello, GNU world: An example GNU package\")\n"
+" (description \"Guess what GNU Hello prints!\")\n"
+" (home-page \"http://www.gnu.org/software/hello/\")\n"
+" (license gpl3+)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3187
+msgid ""
+"Without being a Scheme expert, the reader may have guessed the meaning of the various fields here. This expression binds the "
+"variable @code{hello} to a @code{<package>} object, which is essentially a record (@pxref{SRFI-9, Scheme records,, guile, GNU Guile "
+"Reference Manual}). This package object can be inspected using procedures found in the @code{(guix packages)} module; for instance, "
+"@code{(package-name hello)} returns---surprise!---@code{\"hello\"}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3191
+msgid ""
+"With luck, you may be able to import part or all of the definition of the package you are interested in from another repository, "
+"using the @code{guix import} command (@pxref{Invoking guix import})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3197
+msgid ""
+"In the example above, @var{hello} is defined in a module of its own, @code{(gnu packages hello)}. Technically, this is not strictly "
+"necessary, but it is convenient to do so: all the packages defined in modules under @code{(gnu packages @dots{})} are automatically "
+"known to the command-line tools (@pxref{Package Modules})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3199
+msgid "There are a few points worth noting in the above package definition:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3206
+msgid ""
+"The @code{source} field of the package is an @code{<origin>} object (@pxref{origin Reference}, for the complete reference). Here, "
+"the @code{url-fetch} method from @code{(guix download)} is used, meaning that the source is a file to be downloaded over FTP or HTTP."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3209
+msgid "The @code{mirror://gnu} prefix instructs @code{url-fetch} to use one of the GNU mirrors defined in @code{(guix download)}."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3216
+msgid ""
+"The @code{sha256} field specifies the expected SHA256 hash of the file being downloaded. It is mandatory, and allows Guix to check "
+"the integrity of the file. The @code{(base32 @dots{})} form introduces the base32 representation of the hash. You can obtain this "
+"information with @code{guix download} (@pxref{Invoking guix download}) and @code{guix hash} (@pxref{Invoking guix hash})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3217
+#, no-wrap
+msgid "patches"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3221
+msgid ""
+"When needed, the @code{origin} form can also have a @code{patches} field listing patches to be applied, and a @code{snippet} field "
+"giving a Scheme expression to modify the source code."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3223
+#, no-wrap
+msgid "GNU Build System"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3229
+msgid ""
+"The @code{build-system} field specifies the procedure to build the package (@pxref{Build Systems}). Here, @var{gnu-build-system} "
+"represents the familiar GNU Build System, where packages may be configured, built, and installed with the usual @code{./configure && "
+"make && make check && make install} command sequence."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3235
+msgid ""
+"The @code{arguments} field specifies options for the build system (@pxref{Build Systems}). Here it is interpreted by @var{gnu-build-"
+"system} as a request run @file{configure} with the @code{--enable-silent-rules} flag."
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3236 doc/guix.texi:3239
+#, no-wrap
+msgid "quote"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3237
+#, no-wrap
+msgid "quoting"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3238
+#, no-wrap
+msgid "'"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3247
+msgid ""
+"What about these quote (@code{'}) characters? They are Scheme syntax to introduce a literal list; @code{'} is synonymous with "
+"@code{quote}. @xref{Expression Syntax, quoting,, guile, GNU Guile Reference Manual}, for details. Here the value of the "
+"@code{arguments} field is a list of arguments passed to the build system down the road, as with @code{apply} (@pxref{Fly Evaluation, "
+"@code{apply},, guile, GNU Guile Reference Manual})."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3253
+msgid ""
+"The hash-colon (@code{#:}) sequence defines a Scheme @dfn{keyword} (@pxref{Keywords,,, guile, GNU Guile Reference Manual}), and "
+"@code{#:configure-flags} is a keyword used to pass a keyword argument to the build system (@pxref{Coding With Keywords,,, guile, GNU "
+"Guile Reference Manual})."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3259
+msgid ""
+"The @code{inputs} field specifies inputs to the build process---i.e., build-time or run-time dependencies of the package. Here, we "
+"define an input called @code{\"gawk\"} whose value is that of the @var{gawk} variable; @var{gawk} is itself bound to a "
+"@code{<package>} object."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3260
+#, no-wrap
+msgid "backquote (quasiquote)"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3261
+#, no-wrap
+msgid "`"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3262
+#, no-wrap
+msgid "quasiquote"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3263
+#, no-wrap
+msgid "comma (unquote)"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3264
+#, no-wrap
+msgid ","
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3265
+#, no-wrap
+msgid "unquote"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3266
+#, no-wrap
+msgid ",@@"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:3267
+#, no-wrap
+msgid "unquote-splicing"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3273
+msgid ""
+"Again, @code{`} (a backquote, synonymous with @code{quasiquote}) allows us to introduce a literal list in the @code{inputs} field, "
+"while @code{,} (a comma, synonymous with @code{unquote}) allows us to insert a value in that list (@pxref{Expression Syntax, "
+"unquote,, guile, GNU Guile Reference Manual})."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3277
+msgid ""
+"Note that GCC, Coreutils, Bash, and other essential tools do not need to be specified as inputs here. Instead, @var{gnu-build-"
+"system} takes care of ensuring that they are present (@pxref{Build Systems})."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:3281
+msgid ""
+"However, any other dependencies need to be specified in the @code{inputs} field. Any dependency not specified here will simply be "
+"unavailable to the build process, possibly leading to a build failure."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3284
+msgid "@xref{package Reference}, for a full description of possible fields."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3295
+msgid ""
+"Once a package definition is in place, the package may actually be built using the @code{guix build} command-line tool "
+"(@pxref{Invoking guix build}), troubleshooting any build failures you encounter (@pxref{Debugging Build Failures}). You can easily "
+"jump back to the package definition using the @command{guix edit} command (@pxref{Invoking guix edit}). @xref{Packaging "
+"Guidelines}, for more information on how to test package definitions, and @ref{Invoking guix lint}, for information on how to check "
+"a definition for style conformance."
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:3295
+#, no-wrap
+msgid "GUIX_PACKAGE_PATH"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3299
+msgid ""
+"Lastly, @pxref{Package Modules}, for information on how to extend the distribution by adding your own package definitions to "
+"@code{GUIX_PACKAGE_PATH}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3303
+msgid ""
+"Finally, updating the package definition to a new upstream version can be partly automated by the @command{guix refresh} command "
+"(@pxref{Invoking guix refresh})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3309
+msgid ""
+"Behind the scenes, a derivation corresponding to the @code{<package>} object is first computed by the @code{package-derivation} "
+"procedure. That derivation is stored in a @code{.drv} file under @file{/gnu/store}. The build actions it prescribes may then be "
+"realized by using the @code{build-derivations} procedure (@pxref{The Store})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3310
+#, no-wrap
+msgid "{Scheme Procedure} package-derivation @var{store} @var{package} [@var{system}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3313
+msgid "Return the @code{<derivation>} object of @var{package} for @var{system} (@pxref{Derivations})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3319
+msgid ""
+"@var{package} must be a valid @code{<package>} object, and @var{system} must be a string denoting the target system type---e.g., "
+"@code{\"x86_64-linux\"} for an x86_64 Linux-based GNU system. @var{store} must be a connection to the daemon, which operates on the "
+"store (@pxref{The Store})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3325
+msgid "Similarly, it is possible to compute a derivation that cross-builds a package for some other system:"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3326
+#, no-wrap
+msgid "{Scheme Procedure} package-cross-derivation @var{store} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3330
+msgid ""
+"@var{package} @var{target} [@var{system}] Return the @code{<derivation>} object of @var{package} cross-built from @var{system} to "
+"@var{target}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3335
+msgid ""
+"@var{target} must be a valid GNU triplet denoting the target hardware and operating system, such as @code{\"mips64el-linux-gnu\"} "
+"(@pxref{Configuration Names, GNU configuration triplets,, configure, GNU Configure and Build System})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3337
+#, no-wrap
+msgid "package transformations"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3338
+#, no-wrap
+msgid "input rewriting"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3339
+#, no-wrap
+msgid "dependency tree rewriting"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3343
+msgid ""
+"Packages can be manipulated in arbitrary ways. An example of a useful transformation is @dfn{input rewriting}, whereby the "
+"dependency tree of a package is rewritten by replacing specific inputs by others:"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3344
+#, no-wrap
+msgid "{Scheme Procedure} package-input-rewriting @var{replacements} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3351
+msgid ""
+"[@var{rewrite-name}] Return a procedure that, when passed a package, replaces its direct and indirect dependencies (but not its "
+"implicit inputs) according to @var{replacements}. @var{replacements} is a list of package pairs; the first element of each pair is "
+"the package to replace, and the second one is the replacement."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3354
+msgid ""
+"Optionally, @var{rewrite-name} is a one-argument procedure that takes the name of a package and returns its new name after rewrite."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3358
+msgid "Consider this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3364
+#, no-wrap
+msgid ""
+"(define libressl-instead-of-openssl\n"
+" ;; This is a procedure to replace OPENSSL by LIBRESSL,\n"
+" ;; recursively.\n"
+" (package-input-rewriting `((,openssl . ,libressl))))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3367
+#, no-wrap
+msgid ""
+"(define git-with-libressl\n"
+" (libressl-instead-of-openssl git))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3375
+msgid ""
+"Here we first define a rewriting procedure that replaces @var{openssl} with @var{libressl}. Then we use it to define a "
+"@dfn{variant} of the @var{git} package that uses @var{libressl} instead of @var{openssl}. This is exactly what the @option{--with-"
+"input} command-line option does (@pxref{Package Transformation Options, @option{--with-input}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3379
+msgid ""
+"A more generic procedure to rewrite a package dependency graph is @code{package-mapping}: it supports arbitrary changes to nodes in "
+"the graph."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3380
+#, no-wrap
+msgid "{Scheme Procedure} package-mapping @var{proc} [@var{cut?}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:3384
+msgid ""
+"Return a procedure that, given a package, applies @var{proc} to all the packages depended on and returns the resulting package. The "
+"procedure stops recursion when @var{cut?} returns true for a given package."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:3393
+#, no-wrap
+msgid "@code{package} Reference"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3397
+msgid "This section summarizes all the options available in @code{package} declarations (@pxref{Defining Packages})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:3398
+#, no-wrap
+msgid "{Data Type} package"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:3400
+msgid "This is the data type representing a package recipe."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3404
+msgid "The name of the package, as a string."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3405
+#, no-wrap
+msgid "version"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3407
+msgid "The version of the package, as a string."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3408 doc/guix.texi:6739 doc/guix.texi:9277 doc/guix.texi:9565
+#, no-wrap
+msgid "source"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3415
+msgid ""
+"An object telling how the source code for the package should be acquired. Most of the time, this is an @code{origin} object, which "
+"denotes a file fetched from the Internet (@pxref{origin Reference}). It can also be any other ``file-like'' object such as a "
+"@code{local-file}, which denotes a file from the local file system (@pxref{G-Expressions, @code{local-file}})."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3416
+#, no-wrap
+msgid "build-system"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3419
+msgid "The build system that should be used to build the package (@pxref{Build Systems})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3420 doc/guix.texi:10969
+#, no-wrap
+msgid "@code{arguments} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3423
+msgid "The arguments that should be passed to the build system. This is a list, typically containing sequential keyword-value pairs."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3424
+#, no-wrap
+msgid "@code{inputs} (default: @code{'()})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:3425
+#, no-wrap
+msgid "@code{native-inputs} (default: @code{'()})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:3426
+#, no-wrap
+msgid "@code{propagated-inputs} (default: @code{'()})"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3427
+#, no-wrap
+msgid "inputs, of packages"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3435
+msgid ""
+"These fields list dependencies of the package. Each one is a list of tuples, where each tuple has a label for the input (a string) "
+"as its first element, a package, origin, or derivation as its second element, and optionally the name of the output thereof that "
+"should be used, which defaults to @code{\"out\"} (@pxref{Packages with Multiple Outputs}, for more on package outputs). For "
+"example, the list below specifies three inputs:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3440
+#, no-wrap
+msgid ""
+"`((\"libffi\" ,libffi)\n"
+" (\"libunistring\" ,libunistring)\n"
+" (\"glib:bin\" ,glib \"bin\")) ;the \"bin\" output of Glib\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3442
+#, no-wrap
+msgid "cross compilation, package dependencies"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3448
+msgid ""
+"The distinction between @code{native-inputs} and @code{inputs} is necessary when considering cross-compilation. When cross-"
+"compiling, dependencies listed in @code{inputs} are built for the @emph{target} architecture; conversely, dependencies listed in "
+"@code{native-inputs} are built for the architecture of the @emph{build} machine."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3453
+msgid ""
+"@code{native-inputs} is typically used to list tools needed at build time, but not at run time, such as Autoconf, Automake, pkg-"
+"config, Gettext, or Bison. @command{guix lint} can report likely mistakes in this area (@pxref{Invoking guix lint})."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:3460
+msgid "package-propagated-inputs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3460
+msgid ""
+"Lastly, @code{propagated-inputs} is similar to @code{inputs}, but the specified packages will be automatically installed alongside "
+"the package they belong to (@pxref{package-cmd-propagated-inputs, @command{guix package}}, for information on how @command{guix "
+"package} deals with propagated inputs.)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3464
+msgid ""
+"For example this is necessary when a C/C++ library needs headers of another library to compile, or when a pkg-config file refers to "
+"another one @i{via} its @code{Requires} field."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3471
+msgid ""
+"Another example where @code{propagated-inputs} is useful is for languages that lack a facility to record the run-time search path "
+"akin to the @code{RUNPATH} of ELF files; this includes Guile, Python, Perl, and more. To ensure that libraries written in those "
+"languages can find library code they depend on at run time, run-time dependencies must be listed in @code{propagated-inputs} rather "
+"than @code{inputs}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3472
+#, no-wrap
+msgid "@code{self-native-input?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3475
+msgid "This is a Boolean field telling whether the package should use itself as a native input when cross-compiling."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3476
+#, no-wrap
+msgid "@code{outputs} (default: @code{'(\"out\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3479
+msgid "The list of output names of the package. @xref{Packages with Multiple Outputs}, for typical uses of additional outputs."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3480
+#, no-wrap
+msgid "@code{native-search-paths} (default: @code{'()})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:3481
+#, no-wrap
+msgid "@code{search-paths} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3484
+msgid "A list of @code{search-path-specification} objects describing search-path environment variables honored by the package."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3485
+#, no-wrap
+msgid "@code{replacement} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3489
+msgid ""
+"This must be either @code{#f} or a package object that will be used as a @dfn{replacement} for this package. @xref{Security "
+"Updates, grafts}, for details."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3490 doc/guix.texi:6731
+#, no-wrap
+msgid "synopsis"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3492
+msgid "A one-line description of the package."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3493 doc/guix.texi:6732 doc/guix.texi:20965
+#, no-wrap
+msgid "description"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3495
+msgid "A more elaborate description of the package."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3496
+#, no-wrap
+msgid "license"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3497
+#, no-wrap
+msgid "license, of packages"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3500
+msgid "The license of the package; a value from @code{(guix licenses)}, or a list of such values."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:3501 doc/guix.texi:6740
+#, no-wrap
+msgid "home-page"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3503
+msgid "The URL to the home-page of the package, as a string."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3504
+#, no-wrap
+msgid "@code{supported-systems} (default: @var{%supported-systems})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3507
+msgid ""
+"The list of systems supported by the package, as strings of the form @code{architecture-kernel}, for example @code{\"x86_64-linux\"}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3508
+#, no-wrap
+msgid "@code{maintainers} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3510
+msgid "The list of maintainers of the package, as @code{maintainer} objects."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3511
+#, no-wrap
+msgid "@code{location} (default: source location of the @code{package} form)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3515
+msgid ""
+"The source location of the package. It is useful to override this when inheriting from another package, in which case this field is "
+"not automatically corrected."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:3520
+#, no-wrap
+msgid "@code{origin} Reference"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3524
+msgid "This section summarizes all the options available in @code{origin} declarations (@pxref{Defining Packages})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:3525
+#, no-wrap
+msgid "{Data Type} origin"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:3527
+msgid "This is the data type representing a source code origin."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3529 doc/guix.texi:15647
+#, no-wrap
+msgid "uri"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3534
+msgid ""
+"An object containing the URI of the source. The object type depends on the @code{method} (see below). For example, when using the "
+"@var{url-fetch} method of @code{(guix download)}, the valid @code{uri} values are: a URL represented as a string, or a list thereof."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3535
+#, no-wrap
+msgid "method"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3537
+msgid "A procedure that handles the URI."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3539
+msgid "Examples include:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3541
+#, no-wrap
+msgid "@var{url-fetch} from @code{(guix download)}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3544
+msgid "download a file from the HTTP, HTTPS, or FTP URL specified in the @code{uri} field;"
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:3545 doc/guix.texi:6093
+#, no-wrap
+msgid "git-fetch"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3546
+#, no-wrap
+msgid "@var{git-fetch} from @code{(guix git-download)}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3550
+msgid ""
+"clone the Git version control repository, and check out the revision specified in the @code{uri} field as a @code{git-reference} "
+"object; a @code{git-reference} looks like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3555
+#, no-wrap
+msgid ""
+"(git-reference\n"
+" (url \"git://git.debian.org/git/pkg-shadow/shadow\")\n"
+" (commit \"v4.1.5.1\"))\n"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:3558
+#, no-wrap
+msgid "sha256"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3562
+msgid ""
+"A bytevector containing the SHA-256 hash of the source. Typically the @code{base32} form is used here to generate the bytevector "
+"from a base-32 string."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3566
+msgid ""
+"You can obtain this information using @code{guix download} (@pxref{Invoking guix download}) or @code{guix hash} (@pxref{Invoking "
+"guix hash})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3567
+#, no-wrap
+msgid "@code{file-name} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3573
+msgid ""
+"The file name under which the source code should be saved. When this is @code{#f}, a sensible default value will be used in most "
+"cases. In case the source is fetched from a URL, the file name from the URL will be used. For version control checkouts, it is "
+"recommended to provide the file name explicitly because the default is not very descriptive."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3574
+#, no-wrap
+msgid "@code{patches} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3577
+msgid ""
+"A list of file names, origins, or file-like objects (@pxref{G-Expressions, file-like objects}) pointing to patches to be applied to "
+"the source."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3581
+msgid ""
+"This list of patches must be unconditional. In particular, it cannot depend on the value of @code{%current-system} or "
+"@code{%current-target-system}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3582
+#, no-wrap
+msgid "@code{snippet} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3586
+msgid ""
+"A G-expression (@pxref{G-Expressions}) or S-expression that will be run in the source directory. This is a convenient way to modify "
+"the source, sometimes more convenient than a patch."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3587
+#, no-wrap
+msgid "@code{patch-flags} (default: @code{'(\"-p1\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3590
+msgid "A list of command-line flags that should be passed to the @code{patch} command."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3591
+#, no-wrap
+msgid "@code{patch-inputs} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3595
+msgid ""
+"Input packages or derivations to the patching process. When this is @code{#f}, the usual set of inputs necessary for patching are "
+"provided, such as GNU@tie{}Patch."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3596
+#, no-wrap
+msgid "@code{modules} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3599
+msgid ""
+"A list of Guile modules that should be loaded during the patching process and while running the code in the @code{snippet} field."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3600
+#, no-wrap
+msgid "@code{patch-guile} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3603
+msgid "The Guile package that should be used in the patching process. When this is @code{#f}, a sensible default is used."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3610
+#, no-wrap
+msgid "build system"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3615
+msgid ""
+"Each package definition specifies a @dfn{build system} and arguments for that build system (@pxref{Defining Packages}). This "
+"@code{build-system} field represents the build procedure of the package, as well as implicit dependencies of that build procedure."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3619
+msgid ""
+"Build systems are @code{<build-system>} objects. The interface to create and manipulate them is provided by the @code{(guix build-"
+"system)} module, and actual build systems are exported by specific modules."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3620
+#, no-wrap
+msgid "bag (low-level package representation)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3627
+msgid ""
+"Under the hood, build systems first compile package objects to @dfn{bags}. A @dfn{bag} is like a package, but with less "
+"ornamentation---in other words, a bag is a lower-level representation of a package, which includes all the inputs of that package, "
+"including some that were implicitly added by the build system. This intermediate representation is then compiled to a derivation "
+"(@pxref{Derivations})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3635
+msgid ""
+"Build systems accept an optional list of @dfn{arguments}. In package definitions, these are passed @i{via} the @code{arguments} "
+"field (@pxref{Defining Packages}). They are typically keyword arguments (@pxref{Optional Arguments, keyword arguments in Guile,, "
+"guile, GNU Guile Reference Manual}). The value of these arguments is usually evaluated in the @dfn{build stratum}---i.e., by a "
+"Guile process launched by the daemon (@pxref{Derivations})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3639
+msgid ""
+"The main build system is @var{gnu-build-system}, which implements the standard build procedure for GNU and many other packages. It "
+"is provided by the @code{(guix build-system gnu)} module."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3640
+#, no-wrap
+msgid "{Scheme Variable} gnu-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3644
+msgid ""
+"@var{gnu-build-system} represents the GNU Build System, and variants thereof (@pxref{Configuration, configuration and makefile "
+"conventions,, standards, GNU Coding Standards})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3645
+#, no-wrap
+msgid "build phases"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3652
+msgid ""
+"In a nutshell, packages using it are configured, built, and installed with the usual @code{./configure && make && make check && make "
+"install} command sequence. In practice, a few additional steps are often needed. All these steps are split up in separate "
+"@dfn{phases}, notably@footnote{Please see the @code{(guix build gnu-build-system)} modules for more details about the build phases.}:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3654
+#, no-wrap
+msgid "unpack"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3658
+msgid ""
+"Unpack the source tarball, and change the current directory to the extracted source tree. If the source is actually a directory, "
+"copy it to the build tree, and enter that directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3659
+#, no-wrap
+msgid "patch-source-shebangs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3663
+msgid ""
+"Patch shebangs encountered in source files so they refer to the right store file names. For instance, this changes @code{#!/bin/sh} "
+"to @code{#!/gnu/store/@dots{}-bash-4.3/bin/sh}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3664 doc/guix.texi:4130
+#, no-wrap
+msgid "configure"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3668
+msgid ""
+"Run the @file{configure} script with a number of default options, such as @code{--prefix=/gnu/store/@dots{}}, as well as the options "
+"specified by the @code{#:configure-flags} argument."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3669 doc/guix.texi:4135 doc/guix.texi:20375
+#, no-wrap
+msgid "build"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3673
+msgid ""
+"Run @code{make} with the list of flags specified with @code{#:make-flags}. If the @code{#:parallel-build?} argument is true (the "
+"default), build with @code{make -j}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3674 doc/guix.texi:4139
+#, no-wrap
+msgid "check"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3679
+msgid ""
+"Run @code{make check}, or some other target specified with @code{#:test-target}, unless @code{#:tests? #f} is passed. If the "
+"@code{#:parallel-tests?} argument is true (the default), run @code{make check -j}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3680 doc/guix.texi:4143
+#, no-wrap
+msgid "install"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3682
+msgid "Run @code{make install} with the flags listed in @code{#:make-flags}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3683
+#, no-wrap
+msgid "patch-shebangs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3685
+msgid "Patch shebangs on the installed executable files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3686
+#, no-wrap
+msgid "strip"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3690
+msgid ""
+"Strip debugging symbols from ELF files (unless @code{#:strip-binaries?} is false), copying them to the @code{debug} output when "
+"available (@pxref{Installing Debugging Files})."
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:3692
+#, no-wrap
+msgid "%standard-phases"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3697
+msgid ""
+"The build-side module @code{(guix build gnu-build-system)} defines @var{%standard-phases} as the default list of build phases. "
+"@var{%standard-phases} is a list of symbol/procedure pairs, where the procedure implements the actual phase."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3700
+msgid "The list of phases used for a particular package can be changed with the @code{#:phases} parameter. For instance, passing:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:3703
+#, no-wrap
+msgid "#:phases (modify-phases %standard-phases (delete 'configure))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3707
+msgid "means that all the phases described above will be used, except the @code{configure} phase."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3714
+msgid ""
+"In addition, this build system ensures that the ``standard'' environment for GNU packages is available. This includes tools such as "
+"GCC, libc, Coreutils, Bash, Make, Diffutils, grep, and sed (see the @code{(guix build-system gnu)} module for a complete list). We "
+"call these the @dfn{implicit inputs} of a package, because package definitions do not have to mention them."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:3721
+msgid ""
+"Other @code{<build-system>} objects are defined to support other conventions and tools used by free software packages. They inherit "
+"most of @var{gnu-build-system}, and differ mainly in the set of inputs implicitly added to the build process, and in the list of "
+"phases executed. Some of these build systems are listed below."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3722
+#, no-wrap
+msgid "{Scheme Variable} ant-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3726
+msgid ""
+"This variable is exported by @code{(guix build-system ant)}. It implements the build procedure for Java packages that can be built "
+"with @url{http://ant.apache.org/, Ant build tool}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3731
+msgid ""
+"It adds both @code{ant} and the @dfn{Java Development Kit} (JDK) as provided by the @code{icedtea} package to the set of inputs. "
+"Different packages can be specified with the @code{#:ant} and @code{#:jdk} parameters, respectively."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3737
+msgid ""
+"When the original package does not provide a suitable Ant build file, the parameter @code{#:jar-name} can be used to generate a "
+"minimal Ant build file @file{build.xml} with tasks to build the specified jar archive. In this case the parameter @code{#:source-"
+"dir} can be used to specify the source sub-directory, defaulting to ``src''."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3745
+msgid ""
+"The @code{#:main-class} parameter can be used with the minimal ant buildfile to specify the main class of the resulting jar. This "
+"makes the jar file executable. The @code{#:test-include} parameter can be used to specify the list of junit tests to run. It "
+"defaults to @code{(list \"**/*Test.java\")}. The @code{#:test-exclude} can be used to disable some tests. It defaults to "
+"@code{(list \"**/Abstract*.java\")}, because abstract classes cannot be run as tests."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3749
+msgid ""
+"The parameter @code{#:build-target} can be used to specify the Ant task that should be run during the @code{build} phase. By "
+"default the ``jar'' task will be run."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3752
+#, no-wrap
+msgid "{Scheme Variable} asdf-build-system/source"
+msgstr ""
+
+#. type: defvrx
+#: doc/guix.texi:3753
+#, no-wrap
+msgid "{Scheme Variable} asdf-build-system/sbcl"
+msgstr ""
+
+#. type: defvrx
+#: doc/guix.texi:3754
+#, no-wrap
+msgid "{Scheme Variable} asdf-build-system/ecl"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3760
+msgid ""
+"These variables, exported by @code{(guix build-system asdf)}, implement build procedures for Common Lisp packages using @url{https://"
+"common-lisp.net/project/asdf/, ``ASDF''}. ASDF is a system definition facility for Common Lisp programs and libraries."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3767
+msgid ""
+"The @code{asdf-build-system/source} system installs the packages in source form, and can be loaded using any common lisp "
+"implementation, via ASDF. The others, such as @code{asdf-build-system/sbcl}, install binary systems in the format which a "
+"particular implementation understands. These build systems can also be used to produce executable programs, or lisp images which "
+"contain a set of packages pre-loaded."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3771
+msgid ""
+"The build system uses naming conventions. For binary packages, the package name should be prefixed with the lisp implementation, "
+"such as @code{sbcl-} for @code{asdf-build-system/sbcl}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3775
+msgid ""
+"Additionally, the corresponding source package should be labeled using the same convention as python packages (see @ref{Python "
+"Modules}), using the @code{cl-} prefix."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3780
+msgid ""
+"For binary packages, each system should be defined as a Guix package. If one package @code{origin} contains several systems, "
+"package variants can be created in order to build all the systems. Source packages, which use @code{asdf-build-system/source}, may "
+"contain several systems."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3787
+msgid ""
+"In order to create executable programs and images, the build-side procedures @code{build-program} and @code{build-image} can be "
+"used. They should be called in a build phase after the @code{create-symlinks} phase, so that the system which was just built can be "
+"used within the resulting image. @code{build-program} requires a list of Common Lisp expressions to be passed as the @code{#:entry-"
+"program} argument."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3796
+msgid ""
+"If the system is not defined within its own @code{.asd} file of the same name, then the @code{#:asd-file} parameter should be used "
+"to specify which file the system is defined in. Furthermore, if the package defines a system for its tests in a separate file, it "
+"will be loaded before the tests are run if it is specified by the @code{#:test-asd-file} parameter. If it is not set, the files "
+"@code{<system>-tests.asd}, @code{<system>-test.asd}, @code{tests.asd}, and @code{test.asd} will be tried if they exist."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3800
+msgid ""
+"If for some reason the package must be named in a different way than the naming conventions suggest, the @code{#:asd-system-name} "
+"parameter can be used to specify the name of the system."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3803
+#, no-wrap
+msgid "{Scheme Variable} cargo-build-system"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3804
+#, no-wrap
+msgid "Rust programming language"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:3805
+#, no-wrap
+msgid "Cargo (Rust build system)"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3809
+msgid ""
+"This variable is exported by @code{(guix build-system cargo)}. It supports builds of packages using Cargo, the build tool of the "
+"@uref{https://www.rust-lang.org, Rust programming language}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3814
+msgid ""
+"In its @code{configure} phase, this build system replaces dependencies specified in the @file{Carto.toml} file with inputs to the "
+"Guix package. The @code{install} phase installs the binaries, and it also installs the source code and @file{Cargo.toml} file."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3816
+#, no-wrap
+msgid "{Scheme Variable} cmake-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3820
+msgid ""
+"This variable is exported by @code{(guix build-system cmake)}. It implements the build procedure for packages using the @url{http://"
+"www.cmake.org, CMake build tool}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3824
+msgid ""
+"It automatically adds the @code{cmake} package to the set of inputs. Which package is used can be specified with the @code{#:cmake} "
+"parameter."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3831
+msgid ""
+"The @code{#:configure-flags} parameter is taken as a list of flags passed to the @command{cmake} command. The @code{#:build-type} "
+"parameter specifies in abstract terms the flags passed to the compiler; it defaults to @code{\"RelWithDebInfo\"} (short for "
+"``release mode with debugging information''), which roughly means that code is compiled with @code{-O2 -g}, as is the case for "
+"Autoconf-based packages by default."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3833
+#, no-wrap
+msgid "{Scheme Variable} go-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3838
+msgid ""
+"This variable is exported by @code{(guix build-system go)}. It implements a build procedure for Go packages using the standard "
+"@url{https://golang.org/cmd/go/#hdr-Compile_packages_and_dependencies, Go build mechanisms}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3849
+msgid ""
+"The user is expected to provide a value for the key @code{#:import-path} and, in some cases, @code{#:unpack-path}. The @url{https://"
+"golang.org/doc/code.html#ImportPaths, import path} corresponds to the file system path expected by the package's build scripts and "
+"any referring packages, and provides a unique way to refer to a Go package. It is typically based on a combination of the package "
+"source code's remote URI and file system hierarchy structure. In some cases, you will need to unpack the package's source code to a "
+"different directory structure than the one indicated by the import path, and @code{#:unpack-path} should be used in such cases."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3854
+msgid ""
+"Packages that provide Go libraries should be installed along with their source code. The key @code{#:install-source?}, which "
+"defaults to @code{#t}, controls whether or not the source code is installed. It can be set to @code{#f} for packages that only "
+"provide executable files."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3856
+#, no-wrap
+msgid "{Scheme Variable} glib-or-gtk-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3859
+msgid ""
+"This variable is exported by @code{(guix build-system glib-or-gtk)}. It is intended for use with packages making use of GLib or GTK"
+"+."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3862
+msgid "This build system adds the following two phases to the ones defined by @var{gnu-build-system}:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3864 doc/guix.texi:4159
+#, no-wrap
+msgid "glib-or-gtk-wrap"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3871
+msgid ""
+"The phase @code{glib-or-gtk-wrap} ensures that programs in @file{bin/} are able to find GLib ``schemas'' and @uref{https://developer."
+"gnome.org/gtk3/stable/gtk-running.html, GTK+ modules}. This is achieved by wrapping the programs in launch scripts that "
+"appropriately set the @code{XDG_DATA_DIRS} and @code{GTK_PATH} environment variables."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3878
+msgid ""
+"It is possible to exclude specific package outputs from that wrapping process by listing their names in the @code{#:glib-or-gtk-wrap-"
+"excluded-outputs} parameter. This is useful when an output is known not to contain any GLib or GTK+ binaries, and where wrapping "
+"would gratuitously add a dependency of that output on GLib and GTK+."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:3879 doc/guix.texi:4163
+#, no-wrap
+msgid "glib-or-gtk-compile-schemas"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:3887
+msgid ""
+"The phase @code{glib-or-gtk-compile-schemas} makes sure that all @uref{https://developer.gnome.org/gio/stable/glib-compile-schemas."
+"html, GSettings schemas} of GLib are compiled. Compilation is performed by the @command{glib-compile-schemas} program. It is "
+"provided by the package @code{glib:bin} which is automatically imported by the build system. The @code{glib} package providing "
+"@command{glib-compile-schemas} can be specified with the @code{#:glib} parameter."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3890
+msgid "Both phases are executed after the @code{install} phase."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3892
+#, no-wrap
+msgid "{Scheme Variable} minify-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3895
+msgid ""
+"This variable is exported by @code{(guix build-system minify)}. It implements a minification procedure for simple JavaScript "
+"packages."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3901
+msgid ""
+"It adds @code{uglify-js} to the set of inputs and uses it to compress all JavaScript files in the @file{src} directory. A different "
+"minifier package can be specified with the @code{#:uglify-js} parameter, but it is expected that the package writes the minified "
+"code to the standard output."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3905
+msgid ""
+"When the input JavaScript files are not all located in the @file{src} directory, the parameter @code{#:javascript-files} can be used "
+"to specify a list of file names to feed to the minifier."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3907
+#, no-wrap
+msgid "{Scheme Variable} ocaml-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3913
+msgid ""
+"This variable is exported by @code{(guix build-system ocaml)}. It implements a build procedure for @uref{https://ocaml.org, OCaml} "
+"packages, which consists of choosing the correct set of commands to run for each package. OCaml packages can expect many different "
+"commands to be run. This build system will try some of them."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3923
+msgid ""
+"When the package has a @file{setup.ml} file present at the top-level, it will run @code{ocaml setup.ml -configure}, @code{ocaml "
+"setup.ml -build} and @code{ocaml setup.ml -install}. The build system will assume that this file was generated by @uref{http://"
+"oasis.forge.ocamlcore.org/, OASIS} and will take care of setting the prefix and enabling tests if they are not disabled. You can "
+"pass configure and build flags with the @code{#:configure-flags} and @code{#:build-flags}. The @code{#:test-flags} key can be "
+"passed to change the set of flags used to enable tests. The @code{#:use-make?} key can be used to bypass this system in the build "
+"and install phases."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3928
+msgid ""
+"When the package has a @file{configure} file, it is assumed that it is a hand-made configure script that requires a different "
+"argument format than in the @code{gnu-build-system}. You can add more flags with the @code{#:configure-flags} key."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3932
+msgid ""
+"When the package has a @file{Makefile} file (or @code{#:use-make?} is @code{#t}), it will be used and more flags can be passed to "
+"the build and install phases with the @code{#:make-flags} key."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3940
+msgid ""
+"Finally, some packages do not have these files and use a somewhat standard location for its build system. In that case, the build "
+"system will run @code{ocaml pkg/pkg.ml} or @code{ocaml pkg/build.ml} and take care of providing the path to the required findlib "
+"module. Additional flags can be passed via the @code{#:build-flags} key. Install is taken care of by @command{opam-installer}. In "
+"this case, the @code{opam} package must be added to the @code{native-inputs} field of the package definition."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3948
+msgid ""
+"Note that most OCaml packages assume they will be installed in the same directory as OCaml, which is not what we want in guix. In "
+"particular, they will install @file{.so} files in their module's directory, which is usually fine because it is in the OCaml "
+"compiler directory. In guix though, these libraries cannot be found and we use @code{CAML_LD_LIBRARY_PATH}. This variable points "
+"to @file{lib/ocaml/site-lib/stubslibs} and this is where @file{.so} libraries should be installed."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3950
+#, no-wrap
+msgid "{Scheme Variable} python-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3955
+msgid ""
+"This variable is exported by @code{(guix build-system python)}. It implements the more or less standard build procedure used by "
+"Python packages, which consists in running @code{python setup.py build} and then @code{python setup.py install --prefix=/gnu/store/"
+"@dots{}}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3959
+msgid ""
+"For packages that install stand-alone Python programs under @code{bin/}, it takes care of wrapping these programs so that their "
+"@code{PYTHONPATH} environment variable points to all the Python libraries they depend on."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3965
+msgid ""
+"Which Python package is used to perform the build can be specified with the @code{#:python} parameter. This is a useful way to "
+"force a package to be built for a specific version of the Python interpreter, which might be necessary if the package is only "
+"compatible with a single interpreter version."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3970
+msgid ""
+"By default guix calls @code{setup.py} under control of @code{setuptools}, much like @command{pip} does. Some packages are not "
+"compatible with setuptools (and pip), thus you can disable this by setting the @code{#:use-setuptools} parameter to @code{#f}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3972
+#, no-wrap
+msgid "{Scheme Variable} perl-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3984
+msgid ""
+"This variable is exported by @code{(guix build-system perl)}. It implements the standard build procedure for Perl packages, which "
+"either consists in running @code{perl Build.PL --prefix=/gnu/store/@dots{}}, followed by @code{Build} and @code{Build install}; or "
+"in running @code{perl Makefile.PL PREFIX=/gnu/store/@dots{}}, followed by @code{make} and @code{make install}, depending on which of "
+"@code{Build.PL} or @code{Makefile.PL} is present in the package distribution. Preference is given to the former if both @code{Build."
+"PL} and @code{Makefile.PL} exist in the package distribution. This preference can be reversed by specifying @code{#t} for the "
+"@code{#:make-maker?} parameter."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3988
+msgid ""
+"The initial @code{perl Makefile.PL} or @code{perl Build.PL} invocation passes flags specified by the @code{#:make-maker-flags} or "
+"@code{#:module-build-flags} parameter, respectively."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3990
+msgid "Which Perl package is used can be specified with @code{#:perl}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:3992
+#, no-wrap
+msgid "{Scheme Variable} r-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4000
+msgid ""
+"This variable is exported by @code{(guix build-system r)}. It implements the build procedure used by @uref{http://r-project.org, R} "
+"packages, which essentially is little more than running @code{R CMD INSTALL --library=/gnu/store/@dots{}} in an environment where "
+"@code{R_LIBS_SITE} contains the paths to all R package inputs. Tests are run after installation using the R function @code{tools::"
+"testInstalledPackage}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4002
+#, no-wrap
+msgid "{Scheme Variable} texlive-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4007
+msgid ""
+"This variable is exported by @code{(guix build-system texlive)}. It is used to build TeX packages in batch mode with a specified "
+"engine. The build system sets the @code{TEXINPUTS} variable to find all TeX source files in the inputs."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4016
+msgid ""
+"By default it runs @code{luatex} on all files ending on @code{ins}. A different engine and format can be specified with the @code{#:"
+"tex-format} argument. Different build targets can be specified with the @code{#:build-targets} argument, which expects a list of "
+"file names. The build system adds only @code{texlive-bin} and @code{texlive-latex-base} (both from @code{(gnu packages tex}) to the "
+"inputs. Both can be overridden with the arguments @code{#:texlive-bin} and @code{#:texlive-latex-base}, respectively."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4019
+msgid "The @code{#:tex-directory} parameter tells the build system where to install the built files under the texmf tree."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4021
+#, no-wrap
+msgid "{Scheme Variable} ruby-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4025
+msgid ""
+"This variable is exported by @code{(guix build-system ruby)}. It implements the RubyGems build procedure used by Ruby packages, "
+"which involves running @code{gem build} followed by @code{gem install}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4033
+msgid ""
+"The @code{source} field of a package that uses this build system typically references a gem archive, since this is the format that "
+"Ruby developers use when releasing their software. The build system unpacks the gem archive, potentially patches the source, runs "
+"the test suite, repackages the gem, and installs it. Additionally, directories and tarballs may be referenced to allow building "
+"unreleased gems from Git or a traditional source release tarball."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4037
+msgid ""
+"Which Ruby package is used can be specified with the @code{#:ruby} parameter. A list of additional flags to be passed to the "
+"@command{gem} command can be specified with the @code{#:gem-flags} parameter."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4039
+#, no-wrap
+msgid "{Scheme Variable} waf-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4045
+msgid ""
+"This variable is exported by @code{(guix build-system waf)}. It implements a build procedure around the @code{waf} script. The "
+"common phases---@code{configure}, @code{build}, and @code{install}---are implemented by passing their names as arguments to the "
+"@code{waf} script."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4049
+msgid ""
+"The @code{waf} script is executed by the Python interpreter. Which Python package is used to run the script can be specified with "
+"the @code{#:python} parameter."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4051
+#, no-wrap
+msgid "{Scheme Variable} scons-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4057
+msgid ""
+"This variable is exported by @code{(guix build-system scons)}. It implements the build procedure used by the SCons software "
+"construction tool. This build system runs @code{scons} to build the package, @code{scons test} to run tests, and then @code{scons "
+"install} to install the package."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4062
+msgid ""
+"Additional flags to be passed to @code{scons} can be specified with the @code{#:scons-flags} parameter. The version of Python used "
+"to run SCons can be specified by selecting the appropriate SCons package with the @code{#:scons} parameter."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4064
+#, no-wrap
+msgid "{Scheme Variable} haskell-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4078
+msgid ""
+"This variable is exported by @code{(guix build-system haskell)}. It implements the Cabal build procedure used by Haskell packages, "
+"which involves running @code{runhaskell Setup.hs configure --prefix=/gnu/store/@dots{}} and @code{runhaskell Setup.hs build}. "
+"Instead of installing the package by running @code{runhaskell Setup.hs install}, to avoid trying to register libraries in the read-"
+"only compiler store directory, the build system uses @code{runhaskell Setup.hs copy}, followed by @code{runhaskell Setup.hs "
+"register}. In addition, the build system generates the package documentation by running @code{runhaskell Setup.hs haddock}, unless "
+"@code{#:haddock? #f} is passed. Optional Haddock parameters can be passed with the help of the @code{#:haddock-flags} parameter. "
+"If the file @code{Setup.hs} is not found, the build system looks for @code{Setup.lhs} instead."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4081
+msgid "Which Haskell compiler is used can be specified with the @code{#:haskell} parameter which defaults to @code{ghc}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4083
+#, no-wrap
+msgid "{Scheme Variable} dub-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4088
+msgid ""
+"This variable is exported by @code{(guix build-system dub)}. It implements the Dub build procedure used by D packages, which "
+"involves running @code{dub build} and @code{dub run}. Installation is done by copying the files manually."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4091
+msgid "Which D compiler is used can be specified with the @code{#:ldc} parameter which defaults to @code{ldc}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4093
+#, no-wrap
+msgid "{Scheme Variable} emacs-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4097
+msgid ""
+"This variable is exported by @code{(guix build-system emacs)}. It implements an installation procedure similar to the packaging "
+"system of Emacs itself (@pxref{Packages,,, emacs, The GNU Emacs Manual})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4104
+msgid ""
+"It first creates the @code{@var{package}-autoloads.el} file, then it byte compiles all Emacs Lisp files. Differently from the Emacs "
+"packaging system, the Info documentation files are moved to the standard documentation directory and the @file{dir} file is "
+"deleted. Each package is installed in its own directory under @file{share/emacs/site-lisp/guix.d}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4106
+#, no-wrap
+msgid "{Scheme Variable} font-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4112
+msgid ""
+"This variable is exported by @code{(guix build-system font)}. It implements an installation procedure for font packages where "
+"upstream provides pre-compiled TrueType, OpenType, etc. font files that merely need to be copied into place. It copies font files "
+"to standard locations in the output directory."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4114
+#, no-wrap
+msgid "{Scheme Variable} meson-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4118
+msgid ""
+"This variable is exported by @code{(guix build-system meson)}. It implements the build procedure for packages that use @url{http://"
+"mesonbuild.com, Meson} as their build system."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4124
+msgid ""
+"It adds both Meson and @uref{https://ninja-build.org/, Ninja} to the set of inputs, and they can be changed with the parameters "
+"@code{#:meson} and @code{#:ninja} if needed. The default Meson is @code{meson-for-build}, which is special because it doesn't clear "
+"the @code{RUNPATH} of binaries and libraries when they are installed."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4127
+msgid "This build system is an extension of @var{gnu-build-system}, but with the following phases changed to some specific for Meson:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4134
+msgid ""
+"The phase runs @code{meson} with the flags specified in @code{#:configure-flags}. The flag @code{--build-type} is always set to "
+"@code{plain} unless something else is specified in @code{#:build-type}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4138
+msgid "The phase runs @code{ninja} to build the package in parallel by default, but this can be changed with @code{#:parallel-build?}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4142
+msgid "The phase runs @code{ninja} with the target specified in @code{#:test-target}, which is @code{\"test\"} by default."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4145
+msgid "The phase runs @code{ninja install} and can not be changed."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4148
+msgid "Apart from that, the build system also adds the following phases:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:4151
+#, no-wrap
+msgid "fix-runpath"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4158
+msgid ""
+"This phase ensures that all binaries can find the libraries they need. It searches for required libraries in subdirectories of the "
+"package being built, and adds those to @code{RUNPATH} where needed. It also removes references to libraries left over from the "
+"build phase by @code{meson-for-build}, such as test dependencies, that aren't actually required for the program to run."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4162 doc/guix.texi:4166
+msgid ""
+"This phase is the phase provided by @code{glib-or-gtk-build-system}, and it is not enabled by default. It can be enabled with "
+"@code{#:glib-or-gtk?}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4173
+msgid ""
+"Lastly, for packages that do not need anything as sophisticated, a ``trivial'' build system is provided. It is trivial in the sense "
+"that it provides basically no support: it does not pull any implicit inputs, and does not have a notion of build phases."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4174
+#, no-wrap
+msgid "{Scheme Variable} trivial-build-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4176
+msgid "This variable is exported by @code{(guix build-system trivial)}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4181
+msgid ""
+"This build system requires a @code{#:builder} argument. This argument must be a Scheme expression that builds the package "
+"output(s)---as with @code{build-expression->derivation} (@pxref{Derivations, @code{build-expression->derivation}})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4187
+#, no-wrap
+msgid "store items"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4188
+#, no-wrap
+msgid "store paths"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4199
+msgid ""
+"Conceptually, the @dfn{store} is the place where derivations that have been built successfully are stored---by default, @file{/gnu/"
+"store}. Sub-directories in the store are referred to as @dfn{store items} or sometimes @dfn{store paths}. The store has an "
+"associated database that contains information such as the store paths referred to by each store path, and the list of @emph{valid} "
+"store items---results of successful builds. This database resides in @file{@var{localstatedir}/guix/db}, where @var{localstatedir} "
+"is the state directory specified @i{via} @option{--localstatedir} at configure time, usually @file{/var}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4204
+msgid ""
+"The store is @emph{always} accessed by the daemon on behalf of its clients (@pxref{Invoking guix-daemon}). To manipulate the store, "
+"clients connect to the daemon over a Unix-domain socket, send requests to it, and read the result---these are remote procedure "
+"calls, or RPCs."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:4209
+msgid ""
+"Users must @emph{never} modify files under @file{/gnu/store} directly. This would lead to inconsistencies and break the "
+"immutability assumptions of Guix's functional model (@pxref{Introduction})."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:4213
+msgid ""
+"@xref{Invoking guix gc, @command{guix gc --verify}}, for information on how to check the integrity of the store and attempt recovery "
+"from accidental modifications."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4220
+msgid ""
+"The @code{(guix store)} module provides procedures to connect to the daemon, and to perform RPCs. These are described below. By "
+"default, @code{open-connection}, and thus all the @command{guix} commands, connect to the local daemon or to the URI specified by "
+"the @code{GUIX_DAEMON_SOCKET} environment variable."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4221
+#, no-wrap
+msgid "{Environment Variable} GUIX_DAEMON_SOCKET"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4226
+msgid ""
+"When set, the value of this variable should be a file name or a URI designating the daemon endpoint. When it is a file name, it "
+"denotes a Unix-domain socket to connect to. In addition to file names, the supported URI schemes are:"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:4228 doc/guix.texi:15357
+#, no-wrap
+msgid "file"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:4229
+#, no-wrap
+msgid "unix"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4233
+msgid ""
+"These are for Unix-domain sockets. @code{file:///var/guix/daemon-socket/socket} is equivalent to @file{/var/guix/daemon-socket/"
+"socket}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:4234
+#, no-wrap
+msgid "guix"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4242
+msgid ""
+"These URIs denote connections over TCP/IP, without encryption nor authentication of the remote host. The URI must specify the host "
+"name and optionally a port number (by default port 44146 is used):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4245
+#, no-wrap
+msgid "guix://master.guix.example.org:1234\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4250
+msgid ""
+"This setup is suitable on local networks, such as clusters, where only trusted nodes may connect to the build daemon at @code{master."
+"guix.example.org}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4254
+msgid ""
+"The @code{--listen} option of @command{guix-daemon} can be used to instruct it to listen for TCP connections (@pxref{Invoking guix-"
+"daemon, @code{--listen}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:4255
+#, no-wrap
+msgid "ssh"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4256
+#, no-wrap
+msgid "SSH access to build daemons"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4260
+msgid ""
+"These URIs allow you to connect to a remote daemon over SSH@footnote{This feature requires Guile-SSH (@pxref{Requirements}).}. A "
+"typical URL might look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4263
+#, no-wrap
+msgid "ssh://charlie@@guix.example.org:22\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4267
+msgid "As for @command{guix copy}, the usual OpenSSH client configuration files are honored (@pxref{Invoking guix copy})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4270
+msgid "Additional URI schemes may be supported in the future."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:4277
+msgid ""
+"The ability to connect to remote build daemons is considered experimental as of @value{VERSION}. Please get in touch with us to "
+"share any problems or suggestions you may have (@pxref{Contributing})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4280
+#, no-wrap
+msgid "{Scheme Procedure} open-connection [@var{uri}] [#:reserve-space? #t]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4285
+msgid ""
+"Connect to the daemon over the Unix-domain socket at @var{uri} (a string). When @var{reserve-space?} is true, instruct it to "
+"reserve a little bit of extra space on the file system so that the garbage collector can still operate should the disk become full. "
+"Return a server object."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4288
+msgid ""
+"@var{file} defaults to @var{%default-socket-path}, which is the normal location given the options that were passed to "
+"@command{configure}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4290
+#, no-wrap
+msgid "{Scheme Procedure} close-connection @var{server}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4292
+msgid "Close the connection to @var{server}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4294
+#, no-wrap
+msgid "{Scheme Variable} current-build-output-port"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4297
+msgid ""
+"This variable is bound to a SRFI-39 parameter, which refers to the port where build and error logs sent by the daemon should be "
+"written."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4301
+msgid "Procedures that make RPCs all take a server object as their first argument."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4302
+#, no-wrap
+msgid "{Scheme Procedure} valid-path? @var{server} @var{path}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4303
+#, no-wrap
+msgid "invalid store items"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4308
+msgid ""
+"Return @code{#t} when @var{path} designates a valid store item and @code{#f} otherwise (an invalid item may exist on disk but still "
+"be invalid, for instance because it is the result of an aborted or failed build.)"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4311
+msgid "A @code{&nix-protocol-error} condition is raised if @var{path} is not prefixed by the store directory (@file{/gnu/store})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4313
+#, no-wrap
+msgid "{Scheme Procedure} add-text-to-store @var{server} @var{name} @var{text} [@var{references}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4317
+msgid ""
+"Add @var{text} under file @var{name} in the store, and return its store path. @var{references} is the list of store paths referred "
+"to by the resulting store path."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4319
+#, no-wrap
+msgid "{Scheme Procedure} build-derivations @var{server} @var{derivations}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4323
+msgid ""
+"Build @var{derivations} (a list of @code{<derivation>} objects or derivation paths), and return when the worker is done building "
+"them. Return @code{#t} on success."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4329
+msgid ""
+"Note that the @code{(guix monads)} module provides a monad as well as monadic versions of the above procedures, with the goal of "
+"making it more convenient to work with code that accesses the store (@pxref{The Store Monad})."
+msgstr ""
+
+#. type: i{#1}
+#: doc/guix.texi:4332
+msgid "This section is currently incomplete."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4336
+#, no-wrap
+msgid "derivations"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4340
+msgid ""
+"Low-level build actions and the environment in which they are performed are represented by @dfn{derivations}. A derivation contains "
+"the following pieces of information:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4345
+msgid "The outputs of the derivation---derivations produce at least one file or directory in the store, but may produce more."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4349
+msgid "The inputs of the derivations, which may be other derivations or plain files in the store (patches, build scripts, etc.)"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4352
+msgid "The system type targeted by the derivation---e.g., @code{x86_64-linux}."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4356
+msgid "The file name of a build script in the store, along with the arguments to be passed."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4359
+msgid "A list of environment variables to be defined."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4362
+#, no-wrap
+msgid "derivation path"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4370
+msgid ""
+"Derivations allow clients of the daemon to communicate build actions to the store. They exist in two forms: as an in-memory "
+"representation, both on the client- and daemon-side, and as files in the store whose name end in @code{.drv}---these files are "
+"referred to as @dfn{derivation paths}. Derivations paths can be passed to the @code{build-derivations} procedure to perform the "
+"build actions they prescribe (@pxref{The Store})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4371
+#, no-wrap
+msgid "fixed-output derivations"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4378
+msgid ""
+"Operations such as file downloads and version-control checkouts for which the expected content hash is known in advance are modeled "
+"as @dfn{fixed-output derivations}. Unlike regular derivations, the outputs of a fixed-output derivation are independent of its "
+"inputs---e.g., a source code download produces the same result regardless of the download method and tools being used."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4383
+msgid ""
+"The @code{(guix derivations)} module provides a representation of derivations as Scheme objects, along with procedures to create and "
+"otherwise manipulate derivations. The lowest-level primitive to create a derivation is the @code{derivation} procedure:"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4384
+#, no-wrap
+msgid "{Scheme Procedure} derivation @var{store} @var{name} @var{builder} @"
+msgstr "{Scheme Procedure} derivation @var{store} @var{name} @var{builder} @"
+
+#. type: deffn
+#: doc/guix.texi:4393
+msgid ""
+"@var{args} [#:outputs '(\"out\")] [#:hash #f] [#:hash-algo #f] @ [#:recursive? #f] [#:inputs '()] [#:env-vars '()] @ [#:system "
+"(%current-system)] [#:references-graphs #f] @ [#:allowed-references #f] [#:disallowed-references #f] @ [#:leaked-env-vars #f] [#:"
+"local-build? #f] @ [#:substitutable? #t] Build a derivation with the given arguments, and return the resulting @code{<derivation>} "
+"object."
+msgstr ""
+"@var{args} [#:outputs '(\"out\")] [#:hash #f] [#:hash-algo #f] @ [#:recursive? #f] [#:inputs '()] [#:env-vars '()] @ [#:system "
+"(%current-system)] [#:references-graphs #f] @ [#:allowed-references #f] [#:disallowed-references #f] @ [#:leaked-env-vars #f] [#:"
+"local-build? #f] @ [#:substitutable? #t] Construit une dérivation avec les arguments donnés et renvie l'objet @code{<derivation>} "
+"obtenu."
+
+#. type: deffn
+#: doc/guix.texi:4400
+msgid ""
+"When @var{hash} and @var{hash-algo} are given, a @dfn{fixed-output derivation} is created---i.e., one whose result is known in "
+"advance, such as a file download. If, in addition, @var{recursive?} is true, then that fixed output may be an executable file or a "
+"directory and @var{hash} must be the hash of an archive containing this output."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4405
+msgid ""
+"When @var{references-graphs} is true, it must be a list of file name/store path pairs. In that case, the reference graph of each "
+"store path is exported in the build environment in the corresponding file, in a simple text format."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4410
+msgid ""
+"When @var{allowed-references} is true, it must be a list of store items or outputs that the derivation's output may refer to. "
+"Likewise, @var{disallowed-references}, if true, must be a list of things the outputs may @emph{not} refer to."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4417
+msgid ""
+"When @var{leaked-env-vars} is true, it must be a list of strings denoting environment variables that are allowed to ``leak'' from "
+"the daemon's environment to the build environment. This is only applicable to fixed-output derivations---i.e., when @var{hash} is "
+"true. The main use is to allow variables such as @code{http_proxy} to be passed to derivations that download files."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4422
+msgid ""
+"When @var{local-build?} is true, declare that the derivation is not a good candidate for offloading and should rather be built "
+"locally (@pxref{Daemon Offload Setup}). This is the case for small derivations where the costs of data transfers would outweigh the "
+"benefits."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4427
+msgid ""
+"When @var{substitutable?} is false, declare that substitutes of the derivation's output should not be used (@pxref{Substitutes}). "
+"This is useful, for instance, when building packages that capture details of the host CPU instruction set."
+msgstr ""
+"Lorsque que @var{substitutable?} est faux, déclare que les substituts de la sortie de la dérivation ne devraient pas être utilisés "
+"(@pxref{Substituts}). Cela est utile par exemple pour construire des paquets qui utilisent des détails du jeu d'instruction du CPU "
+"hôte."
+
+#. type: Plain text
+#: doc/guix.texi:4433
+msgid ""
+"Here's an example with a shell script as its builder, assuming @var{store} is an open connection to the daemon, and @var{bash} "
+"points to a Bash executable in the store:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:4438
+#, no-wrap
+msgid ""
+"(use-modules (guix utils)\n"
+" (guix store)\n"
+" (guix derivations))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:4447
+#, no-wrap
+msgid ""
+"(let ((builder ; add the Bash script to the store\n"
+" (add-text-to-store store \"my-builder.sh\"\n"
+" \"echo hello world > $out\\n\" '())))\n"
+" (derivation store \"foo\"\n"
+" bash `(\"-e\" ,builder)\n"
+" #:inputs `((,bash) (,builder))\n"
+" #:env-vars '((\"HOME\" . \"/homeless\"))))\n"
+"@result{} #<derivation /gnu/store/@dots{}-foo.drv => /gnu/store/@dots{}-foo>\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4454
+msgid ""
+"As can be guessed, this primitive is cumbersome to use directly. A better approach is to write build scripts in Scheme, of course! "
+"The best course of action for that is to write the build code as a ``G-expression'', and to pass it to @code{gexp->derivation}. For "
+"more information, @pxref{G-Expressions}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4459
+msgid ""
+"Once upon a time, @code{gexp->derivation} did not exist and constructing derivations with build code written in Scheme was achieved "
+"with @code{build-expression->derivation}, documented below. This procedure is now deprecated in favor of the much nicer @code{gexp-"
+">derivation}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4460
+#, no-wrap
+msgid "{Scheme Procedure} build-expression->derivation @var{store} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4476
+msgid ""
+"@var{name} @var{exp} @ [#:system (%current-system)] [#:inputs '()] @ [#:outputs '(\"out\")] [#:hash #f] [#:hash-algo #f] @ [#:"
+"recursive? #f] [#:env-vars '()] [#:modules '()] @ [#:references-graphs #f] [#:allowed-references #f] @ [#:disallowed-references #f] "
+"@ [#:local-build? #f] [#:substitutable? #t] [#:guile-for-build #f] Return a derivation that executes Scheme expression @var{exp} as "
+"a builder for derivation @var{name}. @var{inputs} must be a list of @code{(name drv-path sub-drv)} tuples; when @var{sub-drv} is "
+"omitted, @code{\"out\"} is assumed. @var{modules} is a list of names of Guile modules from the current search path to be copied in "
+"the store, compiled, and made available in the load path during the execution of @var{exp}---e.g., @code{((guix build utils) (guix "
+"build gnu-build-system))}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4484
+msgid ""
+"@var{exp} is evaluated in an environment where @code{%outputs} is bound to a list of output/path pairs, and where @code{%build-"
+"inputs} is bound to a list of string/output-path pairs made from @var{inputs}. Optionally, @var{env-vars} is a list of string pairs "
+"specifying the name and value of environment variables visible to the builder. The builder terminates by passing the result of "
+"@var{exp} to @code{exit}; thus, when @var{exp} returns @code{#f}, the build is considered to have failed."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4488
+msgid ""
+"@var{exp} is built using @var{guile-for-build} (a derivation). When @var{guile-for-build} is omitted or is @code{#f}, the value of "
+"the @code{%guile-for-build} fluid is used instead."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4493
+msgid ""
+"See the @code{derivation} procedure for the meaning of @var{references-graphs}, @var{allowed-references}, @var{disallowed-"
+"references}, @var{local-build?}, and @var{substitutable?}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4498
+msgid "Here's an example of a single-output derivation that creates a directory containing one file:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:4506
+#, no-wrap
+msgid ""
+"(let ((builder '(let ((out (assoc-ref %outputs \"out\")))\n"
+" (mkdir out) ; create /gnu/store/@dots{}-goo\n"
+" (call-with-output-file (string-append out \"/test\")\n"
+" (lambda (p)\n"
+" (display '(hello guix) p))))))\n"
+" (build-expression->derivation store \"goo\" builder))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:4508
+#, no-wrap
+msgid "@result{} #<derivation /gnu/store/@dots{}-goo.drv => @dots{}>\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4514
+#, no-wrap
+msgid "monad"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4520
+msgid ""
+"The procedures that operate on the store described in the previous sections all take an open connection to the build daemon as their "
+"first argument. Although the underlying model is functional, they either have side effects or depend on the current state of the "
+"store."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4526
+msgid ""
+"The former is inconvenient: the connection to the build daemon has to be carried around in all those functions, making it impossible "
+"to compose functions that do not take that parameter with functions that do. The latter can be problematic: since store operations "
+"have side effects and/or depend on external state, they have to be properly sequenced."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4527
+#, no-wrap
+msgid "monadic values"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4528
+#, no-wrap
+msgid "monadic functions"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4538
+msgid ""
+"This is where the @code{(guix monads)} module comes in. This module provides a framework for working with @dfn{monads}, and a "
+"particularly useful monad for our uses, the @dfn{store monad}. Monads are a construct that allows two things: associating "
+"``context'' with values (in our case, the context is the store), and building sequences of computations (here computations include "
+"accesses to the store). Values in a monad---values that carry this additional context---are called @dfn{monadic values}; procedures "
+"that return such values are called @dfn{monadic procedures}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4540
+msgid "Consider this ``normal'' procedure:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4549
+#, no-wrap
+msgid ""
+"(define (sh-symlink store)\n"
+" ;; Return a derivation that symlinks the 'bash' executable.\n"
+" (let* ((drv (package-derivation store bash))\n"
+" (out (derivation->output-path drv))\n"
+" (sh (string-append out \"/bin/bash\")))\n"
+" (build-expression->derivation store \"sh\"\n"
+" `(symlink ,sh %output))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4553
+msgid "Using @code{(guix monads)} and @code{(guix gexp)}, it may be rewritten as a monadic function:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4561
+#, no-wrap
+msgid ""
+"(define (sh-symlink)\n"
+" ;; Same, but return a monadic value.\n"
+" (mlet %store-monad ((drv (package->derivation bash)))\n"
+" (gexp->derivation \"sh\"\n"
+" #~(symlink (string-append #$drv \"/bin/bash\")\n"
+" #$output))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4568
+msgid ""
+"There are several things to note in the second version: the @code{store} parameter is now implicit and is ``threaded'' in the calls "
+"to the @code{package->derivation} and @code{gexp->derivation} monadic procedures, and the monadic value returned by @code{package-"
+">derivation} is @dfn{bound} using @code{mlet} instead of plain @code{let}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4572
+msgid ""
+"As it turns out, the call to @code{package->derivation} can even be omitted since it will take place implicitly, as we will see "
+"later (@pxref{G-Expressions}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4578
+#, no-wrap
+msgid ""
+"(define (sh-symlink)\n"
+" (gexp->derivation \"sh\"\n"
+" #~(symlink (string-append #$bash \"/bin/bash\")\n"
+" #$output)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4587
+msgid ""
+"Calling the monadic @code{sh-symlink} has no effect. As someone once said, ``you exit a monad like you exit a building on fire: by "
+"running''. So, to exit the monad and get the desired effect, one must use @code{run-with-store}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4591
+#, no-wrap
+msgid ""
+"(run-with-store (open-connection) (sh-symlink))\n"
+"@result{} /gnu/store/...-sh-symlink\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4597
+msgid ""
+"Note that the @code{(guix monad-repl)} module extends the Guile REPL with new ``meta-commands'' to make it easier to deal with "
+"monadic procedures: @code{run-in-store}, and @code{enter-store-monad}. The former is used to ``run'' a single monadic value through "
+"the store:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4601
+#, no-wrap
+msgid ""
+"scheme@@(guile-user)> ,run-in-store (package->derivation hello)\n"
+"$1 = #<derivation /gnu/store/@dots{}-hello-2.9.drv => @dots{}>\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4605
+msgid "The latter enters a recursive REPL, where all the return values are automatically run through the store:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4614
+#, no-wrap
+msgid ""
+"scheme@@(guile-user)> ,enter-store-monad\n"
+"store-monad@@(guile-user) [1]> (package->derivation hello)\n"
+"$2 = #<derivation /gnu/store/@dots{}-hello-2.9.drv => @dots{}>\n"
+"store-monad@@(guile-user) [1]> (text-file \"foo\" \"Hello!\")\n"
+"$3 = \"/gnu/store/@dots{}-foo\"\n"
+"store-monad@@(guile-user) [1]> ,q\n"
+"scheme@@(guile-user)>\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4619
+msgid "Note that non-monadic values cannot be returned in the @code{store-monad} REPL."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4622
+msgid ""
+"The main syntactic forms to deal with monads in general are provided by the @code{(guix monads)} module and are described below."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4623
+#, no-wrap
+msgid "{Scheme Syntax} with-monad @var{monad} @var{body} ..."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4626
+msgid "Evaluate any @code{>>=} or @code{return} forms in @var{body} as being in @var{monad}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4628
+#, no-wrap
+msgid "{Scheme Syntax} return @var{val}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4630
+msgid "Return a monadic value that encapsulates @var{val}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4632
+#, no-wrap
+msgid "{Scheme Syntax} >>= @var{mval} @var{mproc} ..."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4639
+msgid ""
+"@dfn{Bind} monadic value @var{mval}, passing its ``contents'' to monadic procedures @var{mproc}@dots{}@footnote{This operation is "
+"commonly referred to as ``bind'', but that name denotes an unrelated procedure in Guile. Thus we use this somewhat cryptic symbol "
+"inherited from the Haskell language.}. There can be one @var{mproc} or several of them, as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4647
+#, no-wrap
+msgid ""
+"(run-with-state\n"
+" (with-monad %state-monad\n"
+" (>>= (return 1)\n"
+" (lambda (x) (return (+ 1 x)))\n"
+" (lambda (x) (return (* 2 x)))))\n"
+" 'some-state)\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4650
+#, no-wrap
+msgid ""
+"@result{} 4\n"
+"@result{} some-state\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4653
+#, no-wrap
+msgid "{Scheme Syntax} mlet @var{monad} ((@var{var} @var{mval}) ...) @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4655
+msgid "@var{body} ..."
+msgstr ""
+
+#. type: deffnx
+#: doc/guix.texi:4655
+#, no-wrap
+msgid "{Scheme Syntax} mlet* @var{monad} ((@var{var} @var{mval}) ...) @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4667
+msgid ""
+"@var{body} ... Bind the variables @var{var} to the monadic values @var{mval} in @var{body}, which is a sequence of expressions. As "
+"with the bind operator, this can be thought of as ``unpacking'' the raw, non-monadic value ``contained'' in @var{mval} and making "
+"@var{var} refer to that raw, non-monadic value within the scope of the @var{body}. The form (@var{var} -> @var{val}) binds "
+"@var{var} to the ``normal'' value @var{val}, as per @code{let}. The binding operations occur in sequence from left to right. The "
+"last expression of @var{body} must be a monadic expression, and its result will become the result of the @code{mlet} or @code{mlet*} "
+"when run in the @var{monad}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4670
+msgid "@code{mlet*} is to @code{mlet} what @code{let*} is to @code{let} (@pxref{Local Bindings,,, guile, GNU Guile Reference Manual})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4672
+#, no-wrap
+msgid "{Scheme System} mbegin @var{monad} @var{mexp} ..."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4676
+msgid ""
+"Bind @var{mexp} and the following monadic expressions in sequence, returning the result of the last expression. Every expression in "
+"the sequence must be a monadic expression."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4680
+msgid ""
+"This is akin to @code{mlet}, except that the return values of the monadic expressions are ignored. In that sense, it is analogous "
+"to @code{begin}, but applied to monadic expressions."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4682
+#, no-wrap
+msgid "{Scheme System} mwhen @var{condition} @var{mexp0} @var{mexp*} ..."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4687
+msgid ""
+"When @var{condition} is true, evaluate the sequence of monadic expressions @var{mexp0}..@var{mexp*} as in an @code{mbegin}. When "
+"@var{condition} is false, return @code{*unspecified*} in the current monad. Every expression in the sequence must be a monadic "
+"expression."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4689
+#, no-wrap
+msgid "{Scheme System} munless @var{condition} @var{mexp0} @var{mexp*} ..."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4694
+msgid ""
+"When @var{condition} is false, evaluate the sequence of monadic expressions @var{mexp0}..@var{mexp*} as in an @code{mbegin}. When "
+"@var{condition} is true, return @code{*unspecified*} in the current monad. Every expression in the sequence must be a monadic "
+"expression."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4696
+#, no-wrap
+msgid "state monad"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4700
+msgid ""
+"The @code{(guix monads)} module provides the @dfn{state monad}, which allows an additional value---the state---to be @emph{threaded} "
+"through monadic procedure calls."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4701
+#, no-wrap
+msgid "{Scheme Variable} %state-monad"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4704
+msgid "The state monad. Procedures in the state monad can access and change the state that is threaded."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4708
+msgid ""
+"Consider the example below. The @code{square} procedure returns a value in the state monad. It returns the square of its argument, "
+"but also increments the current state value:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4715
+#, no-wrap
+msgid ""
+"(define (square x)\n"
+" (mlet %state-monad ((count (current-state)))\n"
+" (mbegin %state-monad\n"
+" (set-current-state (+ 1 count))\n"
+" (return (* x x)))))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4719
+#, no-wrap
+msgid ""
+"(run-with-state (sequence %state-monad (map square (iota 3))) 0)\n"
+"@result{} (0 1 4)\n"
+"@result{} 3\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4723
+msgid "When ``run'' through @var{%state-monad}, we obtain that additional state value, which is the number of @code{square} calls."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4725
+#, no-wrap
+msgid "{Monadic Procedure} current-state"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4727
+msgid "Return the current state as a monadic value."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4729
+#, no-wrap
+msgid "{Monadic Procedure} set-current-state @var{value}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4732
+msgid "Set the current state to @var{value} and return the previous state as a monadic value."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4734
+#, no-wrap
+msgid "{Monadic Procedure} state-push @var{value}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4737
+msgid "Push @var{value} to the current state, which is assumed to be a list, and return the previous state as a monadic value."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4739
+#, no-wrap
+msgid "{Monadic Procedure} state-pop"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4742
+msgid "Pop a value from the current state and return it as a monadic value. The state is assumed to be a list."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4744
+#, no-wrap
+msgid "{Scheme Procedure} run-with-state @var{mval} [@var{state}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4747
+msgid ""
+"Run monadic value @var{mval} starting with @var{state} as the initial state. Return two values: the resulting value, and the "
+"resulting state."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4751
+msgid "The main interface to the store monad, provided by the @code{(guix store)} module, is as follows."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4752
+#, no-wrap
+msgid "{Scheme Variable} %store-monad"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4754
+msgid "The store monad---an alias for @var{%state-monad}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:4758
+msgid ""
+"Values in the store monad encapsulate accesses to the store. When its effect is needed, a value of the store monad must be "
+"``evaluated'' by passing it to the @code{run-with-store} procedure (see below.)"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4760
+#, no-wrap
+msgid "{Scheme Procedure} run-with-store @var{store} @var{mval} [#:guile-for-build] [#:system (%current-system)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4763
+msgid "Run @var{mval}, a monadic value in the store monad, in @var{store}, an open store connection."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4765
+#, no-wrap
+msgid "{Monadic Procedure} text-file @var{name} @var{text} [@var{references}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4769
+msgid ""
+"Return as a monadic value the absolute file name in the store of the file containing @var{text}, a string. @var{references} is a "
+"list of store items that the resulting text file refers to; it defaults to the empty list."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4771
+#, no-wrap
+msgid "{Monadic Procedure} interned-file @var{file} [@var{name}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4776
+msgid ""
+"[#:recursive? #t] [#:select? (const #t)] Return the name of @var{file} once interned in the store. Use @var{name} as its store "
+"name, or the basename of @var{file} if @var{name} is omitted."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4780 doc/guix.texi:5159
+msgid ""
+"When @var{recursive?} is true, the contents of @var{file} are added recursively; if @var{file} designates a flat file and "
+"@var{recursive?} is true, its contents are added, and its permission bits are kept."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4785 doc/guix.texi:5164
+msgid ""
+"When @var{recursive?} is true, call @code{(@var{select?} @var{file} @var{stat})} for each directory entry, where @var{file} is the "
+"entry's absolute file name and @var{stat} is the result of @code{lstat}; exclude entries for which @var{select?} does not return "
+"true."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4787
+msgid "The example below adds a file to the store, under two different names:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4793
+#, no-wrap
+msgid ""
+"(run-with-store (open-connection)\n"
+" (mlet %store-monad ((a (interned-file \"README\"))\n"
+" (b (interned-file \"README\" \"LEGU-MIN\")))\n"
+" (return (list a b))))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4795
+#, no-wrap
+msgid "@result{} (\"/gnu/store/rwm@dots{}-README\" \"/gnu/store/44i@dots{}-LEGU-MIN\")\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4801
+msgid "The @code{(guix packages)} module exports the following package-related monadic procedures:"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4802
+#, no-wrap
+msgid "{Monadic Procedure} package-file @var{package} [@var{file}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4810
+msgid ""
+"[#:system (%current-system)] [#:target #f] @ [#:output \"out\"] Return as a monadic value in the absolute file name of @var{file} "
+"within the @var{output} directory of @var{package}. When @var{file} is omitted, return the name of the @var{output} directory of "
+"@var{package}. When @var{target} is true, use it as a cross-compilation target triplet."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4812
+#, no-wrap
+msgid "{Monadic Procedure} package->derivation @var{package} [@var{system}]"
+msgstr ""
+
+#. type: deffnx
+#: doc/guix.texi:4813
+#, no-wrap
+msgid "{Monadic Procedure} package->cross-derivation @var{package} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4817
+msgid ""
+"@var{target} [@var{system}] Monadic version of @code{package-derivation} and @code{package-cross-derivation} (@pxref{Defining "
+"Packages})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4823
+#, no-wrap
+msgid "G-expression"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4824
+#, no-wrap
+msgid "build code quoting"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4830
+msgid ""
+"So we have ``derivations'', which represent a sequence of build actions to be performed to produce an item in the store "
+"(@pxref{Derivations}). These build actions are performed when asking the daemon to actually build the derivations; they are run by "
+"the daemon in a container (@pxref{Invoking guix-daemon})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4831
+#, no-wrap
+msgid "strata of code"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4843
+msgid ""
+"It should come as no surprise that we like to write these build actions in Scheme. When we do that, we end up with two @dfn{strata} "
+"of Scheme code@footnote{The term @dfn{stratum} in this context was coined by Manuel Serrano et al.@: in the context of their work on "
+"Hop. Oleg Kiselyov, who has written insightful @url{http://okmij.org/ftp/meta-programming/#meta-scheme, essays and code on this "
+"topic}, refers to this kind of code generation as @dfn{staging}.}: the ``host code''---code that defines packages, talks to the "
+"daemon, etc.---and the ``build code''---code that actually performs build actions, such as making directories, invoking "
+"@command{make}, etc."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4850
+msgid ""
+"To describe a derivation and its build actions, one typically needs to embed build code inside host code. It boils down to "
+"manipulating build code as data, and the homoiconicity of Scheme---code has a direct representation as data---comes in handy for "
+"that. But we need more than the normal @code{quasiquote} mechanism in Scheme to construct build expressions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4859
+msgid ""
+"The @code{(guix gexp)} module implements @dfn{G-expressions}, a form of S-expressions adapted to build expressions. G-expressions, "
+"or @dfn{gexps}, consist essentially of three syntactic forms: @code{gexp}, @code{ungexp}, and @code{ungexp-splicing} (or simply: "
+"@code{#~}, @code{#$}, and @code{#$@@}), which are comparable to @code{quasiquote}, @code{unquote}, and @code{unquote-splicing}, "
+"respectively (@pxref{Expression Syntax, @code{quasiquote},, guile, GNU Guile Reference Manual}). However, there are major "
+"differences:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4864
+msgid "Gexps are meant to be written to a file and run or manipulated by other processes."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4869
+msgid ""
+"When a high-level object such as a package or derivation is unquoted inside a gexp, the result is as if its output file name had "
+"been introduced."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:4874
+msgid ""
+"Gexps carry information about the packages or derivations they refer to, and these dependencies are automatically added as inputs to "
+"the build processes that use them."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4876 doc/guix.texi:5342
+#, no-wrap
+msgid "lowering, of high-level objects in gexps"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4886
+msgid ""
+"This mechanism is not limited to package and derivation objects: @dfn{compilers} able to ``lower'' other high-level objects to "
+"derivations or files in the store can be defined, such that these objects can also be inserted into gexps. For example, a useful "
+"type of high-level objects that can be inserted in a gexp is ``file-like objects'', which make it easy to add files to the store and "
+"to refer to them in derivations and such (see @code{local-file} and @code{plain-file} below.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4888
+msgid "To illustrate the idea, here is an example of a gexp:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4896
+#, no-wrap
+msgid ""
+"(define build-exp\n"
+" #~(begin\n"
+" (mkdir #$output)\n"
+" (chdir #$output)\n"
+" (symlink (string-append #$coreutils \"/bin/ls\")\n"
+" \"list-files\")))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4901
+msgid ""
+"This gexp can be passed to @code{gexp->derivation}; we obtain a derivation that builds a directory containing exactly one symlink to "
+"@file{/gnu/store/@dots{}-coreutils-8.22/bin/ls}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4904
+#, no-wrap
+msgid "(gexp->derivation \"the-thing\" build-exp)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4912
+msgid ""
+"As one would expect, the @code{\"/gnu/store/@dots{}-coreutils-8.22\"} string is substituted to the reference to the @var{coreutils} "
+"package in the actual build code, and @var{coreutils} is automatically made an input to the derivation. Likewise, @code{#$output} "
+"(equivalent to @code{(ungexp output)}) is replaced by a string containing the directory name of the output of the derivation."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4913
+#, no-wrap
+msgid "cross compilation"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4919
+msgid ""
+"In a cross-compilation context, it is useful to distinguish between references to the @emph{native} build of a package---that can "
+"run on the host---versus references to cross builds of a package. To that end, the @code{#+} plays the same role as @code{#$}, but "
+"is a reference to a native package build:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4929
+#, no-wrap
+msgid ""
+"(gexp->derivation \"vi\"\n"
+" #~(begin\n"
+" (mkdir #$output)\n"
+" (system* (string-append #+coreutils \"/bin/ln\")\n"
+" \"-s\"\n"
+" (string-append #$emacs \"/bin/emacs\")\n"
+" (string-append #$output \"/bin/vi\")))\n"
+" #:target \"mips64el-linux-gnu\")\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4935
+msgid ""
+"In the example above, the native build of @var{coreutils} is used, so that @command{ln} can actually run on the host; but then the "
+"cross-compiled build of @var{emacs} is referenced."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4936
+#, no-wrap
+msgid "imported modules, for gexps"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:4937
+#, no-wrap
+msgid "with-imported-modules"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4942
+msgid ""
+"Another gexp feature is @dfn{imported modules}: sometimes you want to be able to use certain Guile modules from the ``host "
+"environment'' in the gexp, so those modules should be imported in the ``build environment''. The @code{with-imported-modules} form "
+"allows you to express that:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4953
+#, no-wrap
+msgid ""
+"(let ((build (with-imported-modules '((guix build utils))\n"
+" #~(begin\n"
+" (use-modules (guix build utils))\n"
+" (mkdir-p (string-append #$output \"/bin\"))))))\n"
+" (gexp->derivation \"empty-dir\"\n"
+" #~(begin\n"
+" #$build\n"
+" (display \"success!\\n\")\n"
+" #t)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4959
+msgid ""
+"In this example, the @code{(guix build utils)} module is automatically pulled into the isolated build environment of our gexp, such "
+"that @code{(use-modules (guix build utils))} works as expected."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:4960
+#, no-wrap
+msgid "module closure"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:4961
+#, no-wrap
+msgid "source-module-closure"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4968
+msgid ""
+"Usually you want the @emph{closure} of the module to be imported---i.e., the module itself and all the modules it depends on---"
+"rather than just the module; failing to do that, attempts to use the module will fail because of missing dependent modules. The "
+"@code{source-module-closure} procedure computes the closure of a module by looking at its source file headers, which comes in handy "
+"in this case:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4971
+#, no-wrap
+msgid ""
+"(use-modules (guix modules)) ;for 'source-module-closure'\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:4980
+#, no-wrap
+msgid ""
+"(with-imported-modules (source-module-closure\n"
+" '((guix build utils)\n"
+" (gnu build vm)))\n"
+" (gexp->derivation \"something-with-vms\"\n"
+" #~(begin\n"
+" (use-modules (guix build utils)\n"
+" (gnu build vm))\n"
+" @dots{})))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:4983
+msgid "The syntactic form to construct gexps is summarized below."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4984
+#, no-wrap
+msgid "{Scheme Syntax} #~@var{exp}"
+msgstr ""
+
+#. type: deffnx
+#: doc/guix.texi:4985
+#, no-wrap
+msgid "{Scheme Syntax} (gexp @var{exp})"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:4988
+msgid "Return a G-expression containing @var{exp}. @var{exp} may contain one or more of the following forms:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:4990
+#, no-wrap
+msgid "#$@var{obj}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:4991
+#, no-wrap
+msgid "(ungexp @var{obj})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4996
+msgid ""
+"Introduce a reference to @var{obj}. @var{obj} may have one of the supported types, for example a package or a derivation, in which "
+"case the @code{ungexp} form is replaced by its output file name---e.g., @code{\"/gnu/store/@dots{}-coreutils-8.22}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:4999
+msgid "If @var{obj} is a list, it is traversed and references to supported objects are substituted similarly."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5002
+msgid "If @var{obj} is another gexp, its contents are inserted and its dependencies are added to those of the containing gexp."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5004
+msgid "If @var{obj} is another kind of object, it is inserted as is."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5005
+#, no-wrap
+msgid "#$@var{obj}:@var{output}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5006
+#, no-wrap
+msgid "(ungexp @var{obj} @var{output})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5010
+msgid ""
+"This is like the form above, but referring explicitly to the @var{output} of @var{obj}---this is useful when @var{obj} produces "
+"multiple outputs (@pxref{Packages with Multiple Outputs})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5011
+#, no-wrap
+msgid "#+@var{obj}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5012
+#, no-wrap
+msgid "#+@var{obj}:output"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5013
+#, no-wrap
+msgid "(ungexp-native @var{obj})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5014
+#, no-wrap
+msgid "(ungexp-native @var{obj} @var{output})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5017
+msgid ""
+"Same as @code{ungexp}, but produces a reference to the @emph{native} build of @var{obj} when used in a cross compilation context."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5018
+#, no-wrap
+msgid "#$output[:@var{output}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5019
+#, no-wrap
+msgid "(ungexp output [@var{output}])"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5022
+msgid "Insert a reference to derivation output @var{output}, or to the main output when @var{output} is omitted."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5024
+msgid "This only makes sense for gexps passed to @code{gexp->derivation}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5025
+#, no-wrap
+msgid "#$@@@var{lst}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5026
+#, no-wrap
+msgid "(ungexp-splicing @var{lst})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5029
+msgid "Like the above, but splices the contents of @var{lst} inside the containing list."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5030
+#, no-wrap
+msgid "#+@@@var{lst}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5031
+#, no-wrap
+msgid "(ungexp-native-splicing @var{lst})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5034
+msgid "Like the above, but refers to native builds of the objects listed in @var{lst}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5039
+msgid "G-expressions created by @code{gexp} or @code{#~} are run-time objects of the @code{gexp?} type (see below.)"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5041
+#, no-wrap
+msgid "{Scheme Syntax} with-imported-modules @var{modules} @var{body}@dots{}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5044
+msgid "Mark the gexps defined in @var{body}@dots{} as requiring @var{modules} in their execution environment."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5048
+msgid ""
+"Each item in @var{modules} can be the name of a module, such as @code{(guix build utils)}, or it can be a module name, followed by "
+"an arrow, followed by a file-like object:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5054
+#, no-wrap
+msgid ""
+"`((guix build utils)\n"
+" (guix gcrypt)\n"
+" ((guix config) => ,(scheme-file \"config.scm\"\n"
+" #~(define-module @dots{}))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5059
+msgid ""
+"In the example above, the first two modules are taken from the search path, and the last one is created from the given file-like "
+"object."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5063
+msgid ""
+"This form has @emph{lexical} scope: it has an effect on the gexps directly defined in @var{body}@dots{}, but not on those defined, "
+"say, in procedures called from @var{body}@dots{}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5065
+#, no-wrap
+msgid "{Scheme Procedure} gexp? @var{obj}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5067
+msgid "Return @code{#t} if @var{obj} is a G-expression."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5073
+msgid ""
+"G-expressions are meant to be written to disk, either as code building some derivation, or as plain files in the store. The monadic "
+"procedures below allow you to do that (@pxref{The Store Monad}, for more information about monads.)"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5074
+#, no-wrap
+msgid "{Monadic Procedure} gexp->derivation @var{name} @var{exp} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5090
+msgid ""
+"[#:system (%current-system)] [#:target #f] [#:graft? #t] @ [#:hash #f] [#:hash-algo #f] @ [#:recursive? #f] [#:env-vars '()] [#:"
+"modules '()] @ [#:module-path @var{%load-path}] @ [#:references-graphs #f] [#:allowed-references #f] @ [#:disallowed-references #f] "
+"@ [#:leaked-env-vars #f] @ [#:script-name (string-append @var{name} \"-builder\")] @ [#:deprecation-warnings #f] @ [#:local-build? "
+"#f] [#:substitutable? #t] [#:guile-for-build #f] Return a derivation @var{name} that runs @var{exp} (a gexp) with @var{guile-for-"
+"build} (a derivation) on @var{system}; @var{exp} is stored in a file called @var{script-name}. When @var{target} is true, it is "
+"used as the cross-compilation target triplet for packages referred to by @var{exp}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5098
+msgid ""
+"@var{modules} is deprecated in favor of @code{with-imported-modules}. Its meaning is to make @var{modules} available in the "
+"evaluation context of @var{exp}; @var{modules} is a list of names of Guile modules searched in @var{module-path} to be copied in the "
+"store, compiled, and made available in the load path during the execution of @var{exp}---e.g., @code{((guix build utils) (guix build "
+"gnu-build-system))}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5101
+msgid "@var{graft?} determines whether packages referred to by @var{exp} should be grafted when applicable."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5104
+msgid "When @var{references-graphs} is true, it must be a list of tuples of one of the following forms:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5111
+#, no-wrap
+msgid ""
+"(@var{file-name} @var{package})\n"
+"(@var{file-name} @var{package} @var{output})\n"
+"(@var{file-name} @var{derivation})\n"
+"(@var{file-name} @var{derivation} @var{output})\n"
+"(@var{file-name} @var{store-item})\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5117
+msgid ""
+"The right-hand-side of each element of @var{references-graphs} is automatically made an input of the build process of @var{exp}. In "
+"the build environment, each @var{file-name} contains the reference graph of the corresponding item, in a simple text format."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5123
+msgid ""
+"@var{allowed-references} must be either @code{#f} or a list of output names and packages. In the latter case, the list denotes "
+"store items that the result is allowed to refer to. Any reference to another store item will lead to a build error. Similarly for "
+"@var{disallowed-references}, which can list items that must not be referenced by the outputs."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5126
+msgid ""
+"@var{deprecation-warnings} determines whether to show deprecation warnings while compiling modules. It can be @code{#f}, @code{#t}, "
+"or @code{'detailed}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5128
+msgid "The other arguments are as for @code{derivation} (@pxref{Derivations})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5130
+#, no-wrap
+msgid "file-like objects"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5135
+msgid ""
+"The @code{local-file}, @code{plain-file}, @code{computed-file}, @code{program-file}, and @code{scheme-file} procedures below return "
+"@dfn{file-like objects}. That is, when unquoted in a G-expression, these objects lead to a file in the store. Consider this G-"
+"expression:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5139
+#, no-wrap
+msgid ""
+"#~(system* #$(file-append glibc \"/sbin/nscd\") \"-f\"\n"
+" #$(local-file \"/tmp/my-nscd.conf\"))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5148
+msgid ""
+"The effect here is to ``intern'' @file{/tmp/my-nscd.conf} by copying it to the store. Once expanded, for instance @i{via} "
+"@code{gexp->derivation}, the G-expression refers to that copy under @file{/gnu/store}; thus, modifying or removing the file in "
+"@file{/tmp} does not have any effect on what the G-expression does. @code{plain-file} can be used similarly; it differs in that the "
+"file content is directly passed as a string."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5149
+#, no-wrap
+msgid "{Scheme Procedure} local-file @var{file} [@var{name}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5155
+msgid ""
+"[#:recursive? #f] [#:select? (const #t)] Return an object representing local file @var{file} to add to the store; this object can be "
+"used in a gexp. If @var{file} is a relative file name, it is looked up relative to the source file where this form appears. "
+"@var{file} will be added to the store under @var{name}--by default the base name of @var{file}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5167
+msgid ""
+"This is the declarative counterpart of the @code{interned-file} monadic procedure (@pxref{The Store Monad, @code{interned-file}})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5169
+#, no-wrap
+msgid "{Scheme Procedure} plain-file @var{name} @var{content}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5172
+msgid "Return an object representing a text file called @var{name} with the given @var{content} (a string) to be added to the store."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5174
+msgid "This is the declarative counterpart of @code{text-file}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5176
+#, no-wrap
+msgid "{Scheme Procedure} computed-file @var{name} @var{gexp} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5181
+msgid ""
+"[#:options '(#:local-build? #t)] Return an object representing the store item @var{name}, a file or directory computed by "
+"@var{gexp}. @var{options} is a list of additional arguments to pass to @code{gexp->derivation}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5183
+msgid "This is the declarative counterpart of @code{gexp->derivation}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5185
+#, no-wrap
+msgid "{Monadic Procedure} gexp->script @var{name} @var{exp} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5190
+msgid ""
+"[#:guile (default-guile)] [#:module-path %load-path] Return an executable script @var{name} that runs @var{exp} using @var{guile}, "
+"with @var{exp}'s imported modules in its search path. Look up @var{exp}'s modules in @var{module-path}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5193
+msgid "The example below builds a script that simply invokes the @command{ls} command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5196
+#, no-wrap
+msgid ""
+"(use-modules (guix gexp) (gnu packages base))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5200
+#, no-wrap
+msgid ""
+"(gexp->script \"list-files\"\n"
+" #~(execl #$(file-append coreutils \"/bin/ls\")\n"
+" \"ls\"))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5205
+msgid ""
+"When ``running'' it through the store (@pxref{The Store Monad, @code{run-with-store}}), we obtain a derivation that produces an "
+"executable file @file{/gnu/store/@dots{}-list-files} along these lines:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5210
+#, no-wrap
+msgid ""
+"#!/gnu/store/@dots{}-guile-2.0.11/bin/guile -ds\n"
+"!#\n"
+"(execl \"/gnu/store/@dots{}-coreutils-8.22\"/bin/ls\" \"ls\")\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5213
+#, no-wrap
+msgid "{Scheme Procedure} program-file @var{name} @var{exp} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5218
+msgid ""
+"[#:guile #f] [#:module-path %load-path] Return an object representing the executable store item @var{name} that runs @var{gexp}. "
+"@var{guile} is the Guile package used to execute that script. Imported modules of @var{gexp} are looked up in @var{module-path}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5220
+msgid "This is the declarative counterpart of @code{gexp->script}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5222
+#, no-wrap
+msgid "{Monadic Procedure} gexp->file @var{name} @var{exp} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5230
+msgid ""
+"[#:set-load-path? #t] [#:module-path %load-path] @ [#:guile (default-guile)] Return a derivation that builds a file @var{name} "
+"containing @var{exp}. When @var{set-load-path?} is true, emit code in the resulting file to set @code{%load-path} and @code{%load-"
+"compiled-path} to honor @var{exp}'s imported modules. Look up @var{exp}'s modules in @var{module-path}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5233
+msgid "The resulting file holds references to all the dependencies of @var{exp} or a subset thereof."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5235
+#, no-wrap
+msgid "{Scheme Procedure} scheme-file @var{name} @var{exp}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5238
+msgid "Return an object representing the Scheme file @var{name} that contains @var{exp}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5240
+msgid "This is the declarative counterpart of @code{gexp->file}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5242
+#, no-wrap
+msgid "{Monadic Procedure} text-file* @var{name} @var{text} @dots{}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5248
+msgid ""
+"Return as a monadic value a derivation that builds a text file containing all of @var{text}. @var{text} may list, in addition to "
+"strings, objects of any type that can be used in a gexp: packages, derivations, local file objects, etc. The resulting store file "
+"holds references to all these."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5253
+msgid ""
+"This variant should be preferred over @code{text-file} anytime the file to create will reference items from the store. This is "
+"typically the case when building a configuration file that embeds store file names, like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5261
+#, no-wrap
+msgid ""
+"(define (profile.sh)\n"
+" ;; Return the name of a shell script in the store that\n"
+" ;; initializes the 'PATH' environment variable.\n"
+" (text-file* \"profile.sh\"\n"
+" \"export PATH=\" coreutils \"/bin:\"\n"
+" grep \"/bin:\" sed \"/bin\\n\"))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5266
+msgid ""
+"In this example, the resulting @file{/gnu/store/@dots{}-profile.sh} file will reference @var{coreutils}, @var{grep}, and @var{sed}, "
+"thereby preventing them from being garbage-collected during its lifetime."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5268
+#, no-wrap
+msgid "{Scheme Procedure} mixed-text-file @var{name} @var{text} @dots{}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5272
+msgid ""
+"Return an object representing store file @var{name} containing @var{text}. @var{text} is a sequence of strings and file-like "
+"objects, as in:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5276
+#, no-wrap
+msgid ""
+"(mixed-text-file \"profile\"\n"
+" \"export PATH=\" coreutils \"/bin:\" grep \"/bin\")\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5279
+msgid "This is the declarative counterpart of @code{text-file*}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5281
+#, no-wrap
+msgid "{Scheme Procedure} file-union @var{name} @var{files}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5286
+msgid ""
+"Return a @code{<computed-file>} that builds a directory containing all of @var{files}. Each item in @var{files} must be a two-"
+"element list where the first element is the file name to use in the new directory, and the second element is a gexp denoting the "
+"target file. Here's an example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5293
+#, no-wrap
+msgid ""
+"(file-union \"etc\"\n"
+" `((\"hosts\" ,(plain-file \"hosts\"\n"
+" \"127.0.0.1 localhost\"))\n"
+" (\"bashrc\" ,(plain-file \"bashrc\"\n"
+" \"alias ls='ls --color'\"))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5296
+msgid "This yields an @code{etc} directory containing these two files."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5298
+#, no-wrap
+msgid "{Scheme Procedure} directory-union @var{name} @var{things}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5301
+msgid ""
+"Return a directory that is the union of @var{things}, where @var{things} is a list of file-like objects denoting directories. For "
+"example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5304
+#, no-wrap
+msgid "(directory-union \"guile+emacs\" (list guile emacs))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5307
+msgid "yields a directory that is the union of the @code{guile} and @code{emacs} packages."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5309
+#, no-wrap
+msgid "{Scheme Procedure} file-append @var{obj} @var{suffix} @dots{}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5313
+msgid ""
+"Return a file-like object that expands to the concatenation of @var{obj} and @var{suffix}, where @var{obj} is a lowerable object and "
+"each @var{suffix} is a string."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5315
+msgid "As an example, consider this gexp:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5320
+#, no-wrap
+msgid ""
+"(gexp->script \"run-uname\"\n"
+" #~(system* #$(file-append coreutils\n"
+" \"/bin/uname\")))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5323
+msgid "The same effect could be achieved with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5328
+#, no-wrap
+msgid ""
+"(gexp->script \"run-uname\"\n"
+" #~(system* (string-append #$coreutils\n"
+" \"/bin/uname\")))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5334
+msgid ""
+"There is one difference though: in the @code{file-append} case, the resulting script contains the absolute file name as a string, "
+"whereas in the second case, the resulting script contains a @code{(string-append @dots{})} expression to construct the file name "
+"@emph{at run time}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5341
+msgid ""
+"Of course, in addition to gexps embedded in ``host'' code, there are also modules containing build tools. To make it clear that "
+"they are meant to be used in the build stratum, these modules are kept in the @code{(guix build @dots{})} name space."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5347
+msgid ""
+"Internally, high-level objects are @dfn{lowered}, using their compiler, to either derivations or store items. For instance, "
+"lowering a package yields a derivation, and lowering a @code{plain-file} yields a store item. This is achieved using the "
+"@code{lower-object} monadic procedure."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5348
+#, no-wrap
+msgid "{Monadic Procedure} lower-object @var{obj} [@var{system}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:5354
+msgid ""
+"[#:target #f] Return as a value in @var{%store-monad} the derivation or store item corresponding to @var{obj} for @var{system}, "
+"cross-compiling for @var{target} if @var{target} is true. @var{obj} must be an object that has an associated gexp compiler, such as "
+"a @code{<package>}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5365
+msgid ""
+"This section describes Guix command-line utilities. Some of them are primarily targeted at developers and users who write new "
+"package definitions, while others are more generally useful. They complement the Scheme programming interface of Guix in a "
+"convenient way."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5387
+#, no-wrap
+msgid "package building"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:5388
+#, no-wrap
+msgid "guix build"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5394
+msgid ""
+"The @command{guix build} command builds packages or derivations and their dependencies, and prints the resulting store paths. Note "
+"that it does not modify the user's profile---this is the job of the @command{guix package} command (@pxref{Invoking guix package}). "
+"Thus, it is mainly useful for distribution developers."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5396 doc/guix.texi:6053 doc/guix.texi:6120 doc/guix.texi:6789 doc/guix.texi:7119 doc/guix.texi:7449 doc/guix.texi:7754
+#: doc/guix.texi:7820 doc/guix.texi:7859
+msgid "The general syntax is:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5399
+#, no-wrap
+msgid "guix build @var{options} @var{package-or-derivation}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5404
+msgid ""
+"As an example, the following command builds the latest versions of Emacs and of Guile, displays their build logs, and finally "
+"displays the resulting directories:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5407
+#, no-wrap
+msgid "guix build emacs guile\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5410
+msgid "Similarly, the following command builds all the available packages:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5414
+#, no-wrap
+msgid ""
+"guix build --quiet --keep-going \\\n"
+" `guix package -A | cut -f1,2 --output-delimiter=@@`\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5422
+msgid ""
+"@var{package-or-derivation} may be either the name of a package found in the software distribution such as @code{coreutils} or "
+"@code{coreutils@@8.20}, or a derivation such as @file{/gnu/store/@dots{}-coreutils-8.19.drv}. In the former case, a package with "
+"the corresponding name (and optionally version) is searched for among the GNU distribution modules (@pxref{Package Modules})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5427
+msgid ""
+"Alternatively, the @code{--expression} option may be used to specify a Scheme expression that evaluates to a package; this is useful "
+"when disambiguating among several same-named packages or package variants is needed."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5430
+msgid "There may be zero or more @var{options}. The available options are described in the subsections below."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5445
+msgid ""
+"A number of options that control the build process are common to @command{guix build} and other commands that can spawn builds, such "
+"as @command{guix package} or @command{guix archive}. These are the following:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5448
+#, no-wrap
+msgid "--load-path=@var{directory}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5449
+#, no-wrap
+msgid "-L @var{directory}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5452
+msgid "Add @var{directory} to the front of the package module search path (@pxref{Package Modules})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5455
+msgid "This allows users to define their own packages and make them visible to the command-line tools."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5456
+#, no-wrap
+msgid "--keep-failed"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5457
+#, no-wrap
+msgid "-K"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5463
+msgid ""
+"Keep the build tree of failed builds. Thus, if a build fails, its build tree is kept under @file{/tmp}, in a directory whose name "
+"is shown at the end of the build log. This is useful when debugging build issues. @xref{Debugging Build Failures}, for tips and "
+"tricks on how to debug build issues."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5464
+#, no-wrap
+msgid "--keep-going"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5465
+#, no-wrap
+msgid "-k"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5468
+msgid "Keep going when some of the derivations fail to build; return only once all the builds have either completed or failed."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5471
+msgid "The default behavior is to stop as soon as one of the specified derivations has failed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5472
+#, no-wrap
+msgid "--dry-run"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5473
+#, no-wrap
+msgid "-n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5475
+msgid "Do not build the derivations."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:5477
+msgid "fallback-option"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5477
+#, no-wrap
+msgid "--fallback"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5480
+msgid "When substituting a pre-built binary fails, fall back to building packages locally (@pxref{Substitution Failure})."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:5486
+msgid "client-substitute-urls"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5486
+msgid ""
+"Consider @var{urls} the whitespace-separated list of substitute source URLs, overriding the default list of URLs of @command{guix-"
+"daemon} (@pxref{daemon-substitute-urls,, @command{guix-daemon} URLs})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5490
+msgid ""
+"This means that substitutes may be downloaded from @var{urls}, provided they are signed by a key authorized by the system "
+"administrator (@pxref{Substitutes})."
+msgstr ""
+"Cela signifie que les substituts peuvent être téléchargés depuis @var{urls}, tant qu'ils sont signés par une clef autorisée par "
+"l'administrateur système (@pxref{Substituts})."
+
+#. type: table
+#: doc/guix.texi:5493
+msgid "When @var{urls} is the empty string, substitutes are effectively disabled."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5499
+#, no-wrap
+msgid "--no-grafts"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5503
+msgid ""
+"Do not ``graft'' packages. In practice, this means that package updates available as grafts are not applied. @xref{Security "
+"Updates}, for more information on grafts."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5504
+#, no-wrap
+msgid "--rounds=@var{n}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5507
+msgid "Build each derivation @var{n} times in a row, and raise an error if consecutive build results are not bit-for-bit identical."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5512
+msgid ""
+"This is a useful way to detect non-deterministic builds processes. Non-deterministic build processes are a problem because they "
+"make it practically impossible for users to @emph{verify} whether third-party binaries are genuine. @xref{Invoking guix challenge}, "
+"for more."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5518
+msgid ""
+"Note that, currently, the differing build results are not kept around, so you will have to manually investigate in case of an "
+"error---e.g., by stashing one of the build results with @code{guix archive --export} (@pxref{Invoking guix archive}), then "
+"rebuilding, and finally comparing the two results."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5523
+msgid ""
+"Do not attempt to offload builds @i{via} the ``build hook'' of the daemon (@pxref{Daemon Offload Setup}). That is, always build "
+"things locally instead of offloading builds to remote machines."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5530
+msgid "By default, the daemon's setting is honored (@pxref{Invoking guix-daemon, @code{--max-silent-time}})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5537
+msgid "By default, the daemon's setting is honored (@pxref{Invoking guix-daemon, @code{--timeout}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5538
+#, no-wrap
+msgid "--verbosity=@var{level}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5542
+msgid ""
+"Use the given verbosity level. @var{level} must be an integer between 0 and 5; higher means more verbose output. Setting a level "
+"of 4 or more may be helpful when debugging setup issues with the build daemon."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5547
+msgid ""
+"Allow the use of up to @var{n} CPU cores for the build. The special value @code{0} means to use as many CPU cores as available."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5553
+msgid ""
+"Allow at most @var{n} build jobs in parallel. @xref{Invoking guix-daemon, @code{--max-jobs}}, for details about this option and the "
+"equivalent @command{guix-daemon} option."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5560
+msgid ""
+"Behind the scenes, @command{guix build} is essentially an interface to the @code{package-derivation} procedure of the @code{(guix "
+"packages)} module, and to the @code{build-derivations} procedure of the @code{(guix derivations)} module."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5564
+msgid ""
+"In addition to options explicitly passed on the command line, @command{guix build} and other @command{guix} commands that support "
+"building honor the @code{GUIX_BUILD_OPTIONS} environment variable."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:5565
+#, no-wrap
+msgid "{Environment Variable} GUIX_BUILD_OPTIONS"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:5570
+msgid ""
+"Users can define this variable to a list of command line options that will automatically be used by @command{guix build} and other "
+"@command{guix} commands that can perform builds, as in the example below:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5573
+#, no-wrap
+msgid "$ export GUIX_BUILD_OPTIONS=\"--no-substitutes -c 2 -L /foo/bar\"\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:5577
+msgid "These options are parsed independently, and the result is appended to the parsed command-line options."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5583
+#, no-wrap
+msgid "package variants"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5591
+msgid ""
+"Another set of command-line options supported by @command{guix build} and also @command{guix package} are @dfn{package "
+"transformation options}. These are options that make it possible to define @dfn{package variants}---for instance, packages built "
+"from different source code. This is a convenient way to create customized packages on the fly without having to type in the "
+"definitions of package variants (@pxref{Defining Packages})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5594
+#, no-wrap
+msgid "--with-source=@var{source}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5595
+#, no-wrap
+msgid "--with-source=@var{package}=@var{source}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5596
+#, no-wrap
+msgid "--with-source=@var{package}@@@var{version}=@var{source}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5601
+msgid ""
+"Use @var{source} as the source of @var{package}, and @var{version} as its version number. @var{source} must be a file name or a "
+"URL, as for @command{guix download} (@pxref{Invoking guix download})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5607
+msgid ""
+"When @var{package} is omitted, it is taken to be the package name specified on the command line that matches the base of "
+"@var{source}---e.g., if @var{source} is @code{/src/guile-2.0.10.tar.gz}, the corresponding package is @code{guile}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5610
+msgid ""
+"Likewise, when @var{version} is omitted, the version string is inferred from @var{source}; in the previous example, it is "
+"@code{2.0.10}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5615
+msgid ""
+"This option allows users to try out versions of packages other than the one provided by the distribution. The example below "
+"downloads @file{ed-1.7.tar.gz} from a GNU mirror and uses that as the source for the @code{ed} package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5618
+#, no-wrap
+msgid "guix build ed --with-source=mirror://gnu/ed/ed-1.7.tar.gz\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5622
+msgid "As a developer, @code{--with-source} makes it easy to test release candidates:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5625
+#, no-wrap
+msgid "guix build guile --with-source=../guile-2.0.9.219-e1bb7.tar.xz\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5628
+msgid "@dots{} or to build from a checkout in a pristine environment:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5632
+#, no-wrap
+msgid ""
+"$ git clone git://git.sv.gnu.org/guix.git\n"
+"$ guix build guix --with-source=guix@@1.0=./guix\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5634
+#, no-wrap
+msgid "--with-input=@var{package}=@var{replacement}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5639
+msgid ""
+"Replace dependency on @var{package} by a dependency on @var{replacement}. @var{package} must be a package name, and "
+"@var{replacement} must be a package specification such as @code{guile} or @code{guile@@1.8}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5643
+msgid ""
+"For instance, the following command builds Guix, but replaces its dependency on the current stable version of Guile with a "
+"dependency on the legacy version of Guile, @code{guile@@2.0}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5646
+#, no-wrap
+msgid "guix build --with-input=guile=guile@@2.0 guix\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5651
+msgid ""
+"This is a recursive, deep replacement. So in this example, both @code{guix} and its dependency @code{guile-json} (which also "
+"depends on @code{guile}) get rebuilt against @code{guile@@2.0}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5654
+msgid ""
+"This is implemented using the @code{package-input-rewriting} Scheme procedure (@pxref{Defining Packages, @code{package-input-"
+"rewriting}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5655
+#, no-wrap
+msgid "--with-graft=@var{package}=@var{replacement}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5661
+msgid ""
+"This is similar to @code{--with-input} but with an important difference: instead of rebuilding the whole dependency chain, "
+"@var{replacement} is built and then @dfn{grafted} onto the binaries that were initially referring to @var{package}. @xref{Security "
+"Updates}, for more information on grafts."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5665
+msgid ""
+"For example, the command below grafts version 3.5.4 of GnuTLS onto Wget and all its dependencies, replacing references to the "
+"version of GnuTLS they currently refer to:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5668
+#, no-wrap
+msgid "guix build --with-graft=gnutls=gnutls@@3.5.4 wget\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5677
+msgid ""
+"This has the advantage of being much faster than rebuilding everything. But there is a caveat: it works if and only if "
+"@var{package} and @var{replacement} are strictly compatible---for example, if they provide a library, the application binary "
+"interface (ABI) of those libraries must be compatible. If @var{replacement} is somehow incompatible with @var{package}, then the "
+"resulting package may be unusable. Use with care!"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5685
+msgid "The command-line options presented below are specific to @command{guix build}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5688
+#, no-wrap
+msgid "--quiet"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5689
+#, no-wrap
+msgid "-q"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5693
+msgid ""
+"Build quietly, without displaying the build log. Upon completion, the build log is kept in @file{/var} (or similar) and can always "
+"be retrieved using the @option{--log-file} option."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5694
+#, no-wrap
+msgid "--file=@var{file}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5699
+msgid "Build the package or derivation that the code within @var{file} evaluates to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5702
+msgid "As an example, @var{file} might contain a package definition like this (@pxref{Defining Packages}):"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5710
+msgid "Build the package or derivation @var{expr} evaluates to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5714
+msgid ""
+"For example, @var{expr} may be @code{(@@ (gnu packages guile) guile-1.8)}, which unambiguously designates this specific variant of "
+"version 1.8 of Guile."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5718
+msgid ""
+"Alternatively, @var{expr} may be a G-expression, in which case it is used as a build program passed to @code{gexp->derivation} "
+"(@pxref{G-Expressions})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5722
+msgid ""
+"Lastly, @var{expr} may refer to a zero-argument monadic procedure (@pxref{The Store Monad}). The procedure must return a derivation "
+"as a monadic value, which is then passed through @code{run-with-store}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5723
+#, no-wrap
+msgid "--source"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5724
+#, no-wrap
+msgid "-S"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5727
+msgid "Build the source derivations of the packages, rather than the packages themselves."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5731
+msgid ""
+"For instance, @code{guix build -S gcc} returns something like @file{/gnu/store/@dots{}-gcc-4.7.2.tar.bz2}, which is the GCC source "
+"tarball."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5735
+msgid ""
+"The returned source tarball is the result of applying any patches and code snippets specified in the package @code{origin} "
+"(@pxref{Defining Packages})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5736
+#, no-wrap
+msgid "--sources"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5743
+msgid ""
+"Fetch and return the source of @var{package-or-derivation} and all their dependencies, recursively. This is a handy way to obtain a "
+"local copy of all the source code needed to build @var{packages}, allowing you to eventually build them even without network "
+"access. It is an extension of the @code{--source} option and can accept one of the following optional argument values:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5745 doc/guix.texi:6970
+#, no-wrap
+msgid "package"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5748
+msgid "This value causes the @code{--sources} option to behave in the same way as the @code{--source} option."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5749 doc/guix.texi:11749
+#, no-wrap
+msgid "all"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5752
+msgid ""
+"Build the source derivations of all packages, including any source that might be listed as @code{inputs}. This is the default value."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5758
+#, no-wrap
+msgid ""
+"$ guix build --sources tzdata\n"
+"The following derivations will be built:\n"
+" /gnu/store/@dots{}-tzdata2015b.tar.gz.drv\n"
+" /gnu/store/@dots{}-tzcode2015b.tar.gz.drv\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5760
+#, no-wrap
+msgid "transitive"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5764
+msgid ""
+"Build the source derivations of all packages, as well of all transitive inputs to the packages. This can be used e.g. to prefetch "
+"package source for later offline building."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5775
+#, no-wrap
+msgid ""
+"$ guix build --sources=transitive tzdata\n"
+"The following derivations will be built:\n"
+" /gnu/store/@dots{}-tzcode2015b.tar.gz.drv\n"
+" /gnu/store/@dots{}-findutils-4.4.2.tar.xz.drv\n"
+" /gnu/store/@dots{}-grep-2.21.tar.xz.drv\n"
+" /gnu/store/@dots{}-coreutils-8.23.tar.xz.drv\n"
+" /gnu/store/@dots{}-make-4.1.tar.xz.drv\n"
+" /gnu/store/@dots{}-bash-4.3.tar.xz.drv\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:5788
+msgid ""
+"The @code{--system} flag is for @emph{native} compilation and must not be confused with cross-compilation. See @code{--target} "
+"below for information on cross-compilation."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5794
+msgid ""
+"An example use of this is on Linux-based systems, which can emulate different personalities. For instance, passing @code{--"
+"system=i686-linux} on an @code{x86_64-linux} system allows you to build packages in a complete 32-bit environment."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5799
+msgid ""
+"Similarly, when transparent emulation with QEMU and @code{binfmt_misc} is enabled (@pxref{Virtualization Services, @code{qemu-binfmt-"
+"service-type}}), you can build for any system for which a QEMU @code{binfmt_misc} handler is installed."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5803
+msgid ""
+"Builds for a system other than that of the machine you are using can also be offloaded to a remote machine of the right "
+"architecture. @xref{Daemon Offload Setup}, for more information on offloading."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:5811
+msgid "build-check"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5811
+#, no-wrap
+msgid "--check"
+msgstr "--check"
+
+#. type: cindex
+#: doc/guix.texi:5812
+#, no-wrap
+msgid "determinism, checking"
+msgstr "déterminisme, vérification"
+
+#. type: cindex
+#: doc/guix.texi:5813
+#, no-wrap
+msgid "reproducibility, checking"
+msgstr "reproductibilité, vérification"
+
+#. type: table
+#: doc/guix.texi:5817
+msgid ""
+"Rebuild @var{package-or-derivation}, which are already available in the store, and raise an error if the build results are not bit-"
+"for-bit identical."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5822
+msgid ""
+"This mechanism allows you to check whether previously installed substitutes are genuine (@pxref{Substitutes}), or whether the build "
+"result of a package is deterministic. @xref{Invoking guix challenge}, for more background information and tools."
+msgstr ""
+"Ce mécanisme vous permet de vérifier si les substituts précédemment installés sont authentiques (@pxref{Substituts}) ou si le "
+"résultat de la construction d'un paquet est déterministe. @xref{Invoking guix challenge} pour plus d'informations et pour les outils."
+
+#. type: item
+#: doc/guix.texi:5827
+#, no-wrap
+msgid "--repair"
+msgstr "--repair"
+
+#. type: cindex
+#: doc/guix.texi:5828
+#, no-wrap
+msgid "repairing store items"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5832
+msgid "Attempt to repair the specified store items, if they are corrupt, by re-downloading or rebuilding them."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5834
+msgid "This operation is not atomic and thus restricted to @code{root}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5835
+#, no-wrap
+msgid "--derivations"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5839
+msgid "Return the derivation paths, not the output paths, of the given packages."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5840 doc/guix.texi:7227 doc/guix.texi:20563
+#, no-wrap
+msgid "--root=@var{file}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:5841 doc/guix.texi:7228 doc/guix.texi:20564
+#, no-wrap
+msgid "-r @var{file}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5842
+#, no-wrap
+msgid "GC roots, adding"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5843
+#, no-wrap
+msgid "garbage collector roots, adding"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5846 doc/guix.texi:20567
+msgid "Make @var{file} a symlink to the result, and register it as a garbage collector root."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5852
+msgid ""
+"Consequently, the results of this @command{guix build} invocation are protected from garbage collection until @var{file} is "
+"removed. When that option is omitted, build results are eligible for garbage collection as soon as the build completes. "
+"@xref{Invoking guix gc}, for more on GC roots."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:5853
+#, no-wrap
+msgid "--log-file"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5854
+#, no-wrap
+msgid "build logs, access"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5858
+msgid "Return the build log file names or URLs for the given @var{package-or-derivation}, or raise an error if build logs are missing."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5861
+msgid "This works regardless of how packages or derivations are specified. For instance, the following invocations are equivalent:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5867
+#, no-wrap
+msgid ""
+"guix build --log-file `guix build -d guile`\n"
+"guix build --log-file `guix build guile`\n"
+"guix build --log-file guile\n"
+"guix build --log-file -e '(@@ (gnu packages guile) guile-2.0)'\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5872
+msgid ""
+"If a log is unavailable locally, and unless @code{--no-substitutes} is passed, the command looks for a corresponding log on one of "
+"the substitute servers (as specified with @code{--substitute-urls}.)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5875
+msgid "So for instance, imagine you want to see the build log of GDB on MIPS, but you are actually on an @code{x86_64} machine:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5879
+#, no-wrap
+msgid ""
+"$ guix build --log-file gdb -s mips64el-linux\n"
+"https://hydra.gnu.org/log/@dots{}-gdb-7.10\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:5882
+msgid "You can freely access a huge library of build logs!"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5887
+#, no-wrap
+msgid "build failures, debugging"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5893
+msgid ""
+"When defining a new package (@pxref{Defining Packages}), you will probably find yourself spending some time debugging and tweaking "
+"the build until it succeeds. To do that, you need to operate the build commands yourself in an environment as close as possible to "
+"the one the build daemon uses."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5898
+msgid ""
+"To that end, the first thing to do is to use the @option{--keep-failed} or @option{-K} option of @command{guix build}, which will "
+"keep the failed build tree in @file{/tmp} or whatever directory you specified as @code{TMPDIR} (@pxref{Invoking guix build, @code{--"
+"keep-failed}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5904
+msgid ""
+"From there on, you can @command{cd} to the failed build tree and source the @file{environment-variables} file, which contains all "
+"the environment variable definitions that were in place when the build failed. So let's say you're debugging a build failure in "
+"package @code{foo}; a typical session would look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5911
+#, no-wrap
+msgid ""
+"$ guix build foo -K\n"
+"@dots{} @i{build fails}\n"
+"$ cd /tmp/guix-build-foo.drv-0\n"
+"$ source ./environment-variables\n"
+"$ cd foo-1.2\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5915
+msgid "Now, you can invoke commands as if you were the daemon (almost) and troubleshoot your build process."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5921
+msgid ""
+"Sometimes it happens that, for example, a package's tests pass when you run them manually but they fail when the daemon runs them. "
+"This can happen because the daemon runs builds in containers where, unlike in our environment above, network access is missing, "
+"@file{/bin/sh} does not exist, etc. (@pxref{Build Environment Setup})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5924
+msgid ""
+"In such cases, you may need to run inspect the build process from within a container similar to the one the build daemon creates:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5932
+#, no-wrap
+msgid ""
+"$ guix build -K foo\n"
+"@dots{}\n"
+"$ cd /tmp/guix-build-foo.drv-0\n"
+"$ guix environment --no-grafts -C foo --ad-hoc strace gdb\n"
+"[env]# source ./environment-variables\n"
+"[env]# cd foo-1.2\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5941
+msgid ""
+"Here, @command{guix environment -C} creates a container and spawns a new shell in it (@pxref{Invoking guix environment}). The "
+"@command{--ad-hoc strace gdb} part adds the @command{strace} and @command{gdb} commands to the container, which would may find handy "
+"while debugging. The @option{--no-grafts} option makes sure we get the exact same environment, with ungrafted packages "
+"(@pxref{Security Updates}, for more info on grafts)."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5944
+msgid "To get closer to a container like that used by the build daemon, we can remove @file{/bin/sh}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5947
+#, no-wrap
+msgid "[env]# rm /bin/sh\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5951
+msgid "(Don't worry, this is harmless: this is all happening in the throw-away container created by @command{guix environment}.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5954
+msgid "The @command{strace} command is probably not in the search path, but we can run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5957
+#, no-wrap
+msgid "[env]# $GUIX_ENVIRONMENT/bin/strace -f -o log make check\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5962
+msgid ""
+"In this way, not only you will have reproduced the environment variables the daemon uses, you will also be running the build process "
+"in a container similar to the one the daemon uses."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:5965
+#, no-wrap
+msgid "Invoking @command{guix edit}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:5967
+#, no-wrap
+msgid "guix edit"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5968
+#, no-wrap
+msgid "package definition, editing"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5973
+msgid ""
+"So many packages, so many source files! The @command{guix edit} command facilitates the life of users and packagers by pointing "
+"their editor at the source file containing the definition of the specified packages. For instance:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:5976
+#, no-wrap
+msgid "guix edit gcc@@4.9 vim\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5982
+msgid ""
+"launches the program specified in the @code{VISUAL} or in the @code{EDITOR} environment variable to view the recipe of GCC@tie{}"
+"4.9.3 and that of Vim."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:5988
+msgid ""
+"If you are using a Guix Git checkout (@pxref{Building from Git}), or have created your own packages on @code{GUIX_PACKAGE_PATH} "
+"(@pxref{Defining Packages}), you will be able to edit the package recipes. Otherwise, you will be able to examine the read-only "
+"recipes for packages currently in the store."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:5991
+#, no-wrap
+msgid "Invoking @command{guix download}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:5993
+#, no-wrap
+msgid "guix download"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:5994
+#, no-wrap
+msgid "downloading package sources"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6001
+msgid ""
+"When writing a package definition, developers typically need to download a source tarball, compute its SHA256 hash, and write that "
+"hash in the package definition (@pxref{Defining Packages}). The @command{guix download} tool helps with this task: it downloads a "
+"file from the given URI, adds it to the store, and prints both its file name in the store and its SHA256 hash."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6008
+msgid ""
+"The fact that the downloaded file is added to the store saves bandwidth: when the developer eventually tries to build the newly "
+"defined package with @command{guix build}, the source tarball will not have to be downloaded again because it is already in the "
+"store. It is also a convenient way to temporarily stash files, which may be deleted eventually (@pxref{Invoking guix gc})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6016
+msgid ""
+"The @command{guix download} command supports the same URIs as used in package definitions. In particular, it supports "
+"@code{mirror://} URIs. @code{https} URIs (HTTP over TLS) are supported @emph{provided} the Guile bindings for GnuTLS are available "
+"in the user's environment; when they are not available, an error is raised. @xref{Guile Preparations, how to install the GnuTLS "
+"bindings for Guile,, gnutls-guile, GnuTLS-Guile}, for more information."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6021
+msgid ""
+"@command{guix download} verifies HTTPS server certificates by loading the certificates of X.509 authorities from the directory "
+"pointed to by the @code{SSL_CERT_DIR} environment variable (@pxref{X.509 Certificates}), unless @option{--no-check-certificate} is "
+"used."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6023 doc/guix.texi:7507
+msgid "The following options are available:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6025 doc/guix.texi:6064
+#, no-wrap
+msgid "--format=@var{fmt}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6026 doc/guix.texi:6065
+#, no-wrap
+msgid "-f @var{fmt}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6029
+msgid ""
+"Write the hash in the format specified by @var{fmt}. For more information on the valid values for @var{fmt}, @pxref{Invoking guix "
+"hash}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6030
+#, no-wrap
+msgid "--no-check-certificate"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6032
+msgid "Do not validate the X.509 certificates of HTTPS servers."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6036
+msgid ""
+"When using this option, you have @emph{absolutely no guarantee} that you are communicating with the authentic server responsible for "
+"the given URL, which makes you vulnerable to ``man-in-the-middle'' attacks."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6037
+#, no-wrap
+msgid "--output=@var{file}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6038
+#, no-wrap
+msgid "-o @var{file}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6041
+msgid "Save the downloaded file to @var{file} instead of adding it to the store."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:6044
+#, no-wrap
+msgid "Invoking @command{guix hash}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:6046
+#, no-wrap
+msgid "guix hash"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6051
+msgid ""
+"The @command{guix hash} command computes the SHA256 hash of a file. It is primarily a convenience tool for anyone contributing to "
+"the distribution: it computes the cryptographic hash of a file, which can be used in the definition of a package (@pxref{Defining "
+"Packages})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6056
+#, no-wrap
+msgid "guix hash @var{option} @var{file}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6061
+msgid ""
+"When @var{file} is @code{-} (a hyphen), @command{guix hash} computes the hash of data read from standard input. @command{guix hash} "
+"has the following options:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6067
+msgid "Write the hash in the format specified by @var{fmt}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6070
+msgid "Supported formats: @code{nix-base32}, @code{base32}, @code{base16} (@code{hex} and @code{hexadecimal} can be used as well)."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6074
+msgid ""
+"If the @option{--format} option is not specified, @command{guix hash} will output the hash in @code{nix-base32}. This "
+"representation is used in the definitions of packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6078
+msgid "Compute the hash on @var{file} recursively."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6087
+msgid ""
+"In this case, the hash is computed on an archive containing @var{file}, including its children if it is a directory. Some of the "
+"metadata of @var{file} is part of the archive; for instance, when @var{file} is a regular file, the hash is different depending on "
+"whether @var{file} is executable or not. Metadata such as time stamps has no impact on the hash (@pxref{Invoking guix archive})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6088
+#, no-wrap
+msgid "--exclude-vcs"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6089
+#, no-wrap
+msgid "-x"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6092
+msgid ""
+"When combined with @option{--recursive}, exclude version control system directories (@file{.bzr}, @file{.git}, @file{.hg}, etc.)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6097
+msgid ""
+"As an example, here is how you would compute the hash of a Git checkout, which is useful when using the @code{git-fetch} method "
+"(@pxref{origin Reference}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6102
+#, no-wrap
+msgid ""
+"$ git clone http://example.org/foo.git\n"
+"$ cd foo\n"
+"$ guix hash -rx .\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6106 doc/guix.texi:6111
+#, no-wrap
+msgid "Invoking @command{guix import}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6108
+#, no-wrap
+msgid "importing packages"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6109
+#, no-wrap
+msgid "package import"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6110
+#, no-wrap
+msgid "package conversion"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6118
+msgid ""
+"The @command{guix import} command is useful for people who would like to add a package to the distribution with as little work as "
+"possible---a legitimate demand. The command knows of a few repositories from which it can ``import'' package metadata. The result "
+"is a package definition, or a template thereof, in the format we know (@pxref{Defining Packages})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6123
+#, no-wrap
+msgid "guix import @var{importer} @var{options}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6129
+msgid ""
+"@var{importer} specifies the source from which to import package metadata, and @var{options} specifies a package identifier and "
+"other options specific to @var{importer}. Currently, the available ``importers'' are:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6131 doc/guix.texi:6584
+#, no-wrap
+msgid "gnu"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6135
+msgid ""
+"Import metadata for the given GNU package. This provides a template for the latest version of that GNU package, including the hash "
+"of its source tarball, and its canonical synopsis and description."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6138
+msgid "Additional information such as the package dependencies and its license needs to be figured out manually."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6141
+msgid "For example, the following command returns a package definition for GNU@tie{}Hello:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6144
+#, no-wrap
+msgid "guix import gnu hello\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6147 doc/guix.texi:6365 doc/guix.texi:6410 doc/guix.texi:6434
+msgid "Specific command-line options are:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6149 doc/guix.texi:6685
+#, no-wrap
+msgid "--key-download=@var{policy}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6153
+msgid ""
+"As for @code{guix refresh}, specify the policy to handle missing OpenPGP keys when verifying the package signature. @xref{Invoking "
+"guix refresh, @code{--key-download}}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6155 doc/guix.texi:6156 doc/guix.texi:6602
+#, no-wrap
+msgid "pypi"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6164
+msgid ""
+"Import metadata from the @uref{https://pypi.python.org/, Python Package Index}@footnote{This functionality requires Guile-JSON to be "
+"installed. @xref{Requirements}.}. Information is taken from the JSON-formatted description available at @code{pypi.python.org} and "
+"usually includes all the relevant information, including package dependencies. For maximum efficiency, it is recommended to install "
+"the @command{unzip} utility, so that the importer can unzip Python wheels and gather data from them."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6167
+msgid "The command below imports metadata for the @code{itsdangerous} Python package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6170
+#, no-wrap
+msgid "guix import pypi itsdangerous\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6172 doc/guix.texi:6173 doc/guix.texi:6604
+#, no-wrap
+msgid "gem"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6184
+msgid ""
+"Import metadata from @uref{https://rubygems.org/, RubyGems}@footnote{This functionality requires Guile-JSON to be installed. "
+"@xref{Requirements}.}. Information is taken from the JSON-formatted description available at @code{rubygems.org} and includes most "
+"relevant information, including runtime dependencies. There are some caveats, however. The metadata doesn't distinguish between "
+"synopses and descriptions, so the same string is used for both fields. Additionally, the details of non-Ruby dependencies required "
+"to build native extensions is unavailable and left as an exercise to the packager."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6186
+msgid "The command below imports metadata for the @code{rails} Ruby package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6189
+#, no-wrap
+msgid "guix import gem rails\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6191 doc/guix.texi:6600
+#, no-wrap
+msgid "cpan"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6192
+#, no-wrap
+msgid "CPAN"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6202
+msgid ""
+"Import metadata from @uref{https://www.metacpan.org/, MetaCPAN}@footnote{This functionality requires Guile-JSON to be installed. "
+"@xref{Requirements}.}. Information is taken from the JSON-formatted metadata provided through @uref{https://fastapi.metacpan.org/, "
+"MetaCPAN's API} and includes most relevant information, such as module dependencies. License information should be checked "
+"closely. If Perl is available in the store, then the @code{corelist} utility will be used to filter core modules out of the list of "
+"dependencies."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6205
+msgid "The command command below imports metadata for the @code{Acme::Boolean} Perl module:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6208
+#, no-wrap
+msgid "guix import cpan Acme::Boolean\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6210 doc/guix.texi:6596
+#, no-wrap
+msgid "cran"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6211
+#, no-wrap
+msgid "CRAN"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6212
+#, no-wrap
+msgid "Bioconductor"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6216
+msgid ""
+"Import metadata from @uref{https://cran.r-project.org/, CRAN}, the central repository for the @uref{http://r-project.org, GNU@tie{}R "
+"statistical and graphical environment}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6218
+msgid "Information is extracted from the @code{DESCRIPTION} file of the package."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6221
+msgid "The command command below imports metadata for the @code{Cairo} R package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6224
+#, no-wrap
+msgid "guix import cran Cairo\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6229
+msgid ""
+"When @code{--recursive} is added, the importer will traverse the dependency graph of the given upstream package recursively and "
+"generate package expressions for all those packages that are not yet in Guix."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6234
+msgid ""
+"When @code{--archive=bioconductor} is added, metadata is imported from @uref{https://www.bioconductor.org/, Bioconductor}, a "
+"repository of R packages for for the analysis and comprehension of high-throughput genomic data in bioinformatics."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6237
+msgid ""
+"Information is extracted from the @code{DESCRIPTION} file of a package published on the web interface of the Bioconductor SVN "
+"repository."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6240
+msgid "The command below imports metadata for the @code{GenomicRanges} R package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6243
+#, no-wrap
+msgid "guix import cran --archive=bioconductor GenomicRanges\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6245
+#, no-wrap
+msgid "texlive"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6246
+#, no-wrap
+msgid "TeX Live"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6247
+#, no-wrap
+msgid "CTAN"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6251
+msgid ""
+"Import metadata from @uref{http://www.ctan.org/, CTAN}, the comprehensive TeX archive network for TeX packages that are part of the "
+"@uref{https://www.tug.org/texlive/, TeX Live distribution}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6256
+msgid ""
+"Information about the package is obtained through the XML API provided by CTAN, while the source code is downloaded from the SVN "
+"repository of the Tex Live project. This is done because the CTAN does not keep versioned archives."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6259
+msgid "The command command below imports metadata for the @code{fontspec} TeX package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6262
+#, no-wrap
+msgid "guix import texlive fontspec\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6268
+msgid ""
+"When @code{--archive=DIRECTORY} is added, the source code is downloaded not from the @file{latex} sub-directory of the @file{texmf-"
+"dist/source} tree in the TeX Live SVN repository, but from the specified sibling directory under the same root."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6272
+msgid ""
+"The command below imports metadata for the @code{ifxetex} package from CTAN while fetching the sources from the directory "
+"@file{texmf/source/generic}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6275
+#, no-wrap
+msgid "guix import texlive --archive=generic ifxetex\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6277
+#, no-wrap
+msgid "json"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6278
+#, no-wrap
+msgid "JSON, import"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6283
+msgid ""
+"Import package metadata from a local JSON file@footnote{This functionality requires Guile-JSON to be installed. "
+"@xref{Requirements}.}. Consider the following example package definition in JSON format:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6296
+#, no-wrap
+msgid ""
+"@{\n"
+" \"name\": \"hello\",\n"
+" \"version\": \"2.10\",\n"
+" \"source\": \"mirror://gnu/hello/hello-2.10.tar.gz\",\n"
+" \"build-system\": \"gnu\",\n"
+" \"home-page\": \"https://www.gnu.org/software/hello/\",\n"
+" \"synopsis\": \"Hello, GNU world: An example GNU package\",\n"
+" \"description\": \"GNU Hello prints a greeting.\",\n"
+" \"license\": \"GPL-3.0+\",\n"
+" \"native-inputs\": [\"gcc@@6\"]\n"
+"@}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6302
+msgid ""
+"The field names are the same as for the @code{<package>} record (@xref{Defining Packages}). References to other packages are "
+"provided as JSON lists of quoted package specification strings such as @code{guile} or @code{guile@@2.0}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6305
+msgid "The importer also supports a more explicit source definition using the common fields for @code{<origin>} records:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6318
+#, no-wrap
+msgid ""
+"@{\n"
+" @dots{}\n"
+" \"source\": @{\n"
+" \"method\": \"url-fetch\",\n"
+" \"uri\": \"mirror://gnu/hello/hello-2.10.tar.gz\",\n"
+" \"sha256\": @{\n"
+" \"base32\": \"0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i\"\n"
+" @}\n"
+" @}\n"
+" @dots{}\n"
+"@}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6322
+msgid "The command below reads metadata from the JSON file @code{hello.json} and outputs a package expression:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6325
+#, no-wrap
+msgid "guix import json hello.json\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6327
+#, no-wrap
+msgid "nix"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6336
+msgid ""
+"Import metadata from a local copy of the source of the @uref{http://nixos.org/nixpkgs/, Nixpkgs distribution}@footnote{This relies "
+"on the @command{nix-instantiate} command of @uref{http://nixos.org/nix/, Nix}.}. Package definitions in Nixpkgs are typically "
+"written in a mixture of Nix-language and Bash code. This command only imports the high-level package structure that is written in "
+"the Nix language. It normally includes all the basic fields of a package definition."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6339
+msgid "When importing a GNU package, the synopsis and descriptions are replaced by their canonical upstream variant."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6341
+msgid "Usually, you will first need to do:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6344
+#, no-wrap
+msgid "export NIX_REMOTE=daemon\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6348
+msgid "so that @command{nix-instantiate} does not try to open the Nix database."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6352
+msgid ""
+"As an example, the command below imports the package definition of LibreOffice (more precisely, it imports the definition of the "
+"package bound to the @code{libreoffice} top-level attribute):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6355
+#, no-wrap
+msgid "guix import nix ~/path/to/nixpkgs libreoffice\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6357 doc/guix.texi:6358 doc/guix.texi:6608
+#, no-wrap
+msgid "hackage"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6363
+msgid ""
+"Import metadata from the Haskell community's central package archive @uref{https://hackage.haskell.org/, Hackage}. Information is "
+"taken from Cabal files and includes all the relevant information, including package dependencies."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6367
+#, no-wrap
+msgid "--stdin"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6368
+#, no-wrap
+msgid "-s"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6370
+msgid "Read a Cabal file from standard input."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6370 doc/guix.texi:6412
+#, no-wrap
+msgid "--no-test-dependencies"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6371 doc/guix.texi:6413
+#, no-wrap
+msgid "-t"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6373 doc/guix.texi:6415
+msgid "Do not include dependencies required only by the test suites."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6373
+#, no-wrap
+msgid "--cabal-environment=@var{alist}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6374
+#, no-wrap
+msgid "-e @var{alist}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6383
+msgid ""
+"@var{alist} is a Scheme alist defining the environment in which the Cabal conditionals are evaluated. The accepted keys are: "
+"@code{os}, @code{arch}, @code{impl} and a string representing the name of a flag. The value associated with a flag has to be either "
+"the symbol @code{true} or @code{false}. The value associated with other keys has to conform to the Cabal file format definition. "
+"The default value associated with the keys @code{os}, @code{arch} and @code{impl} is @samp{linux}, @samp{x86_64} and @samp{ghc}, "
+"respectively."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6388
+msgid ""
+"The command below imports metadata for the latest version of the @code{HTTP} Haskell package without including test dependencies and "
+"specifying the value of the flag @samp{network-uri} as @code{false}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6391
+#, no-wrap
+msgid "guix import hackage -t -e \"'((\\\"network-uri\\\" . false))\" HTTP\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6395
+msgid ""
+"A specific package version may optionally be specified by following the package name by an at-sign and a version number as in the "
+"following example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6398
+#, no-wrap
+msgid "guix import hackage mtl@@2.1.3.1\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6400 doc/guix.texi:6401 doc/guix.texi:6610
+#, no-wrap
+msgid "stackage"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6408
+msgid ""
+"The @code{stackage} importer is a wrapper around the @code{hackage} one. It takes a package name, looks up the package version "
+"included in a long-term support (LTS) @uref{https://www.stackage.org, Stackage} release and uses the @code{hackage} importer to "
+"retrieve its metadata. Note that it is up to you to select an LTS release compatible with the GHC compiler used by Guix."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6415
+#, no-wrap
+msgid "--lts-version=@var{version}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6416
+#, no-wrap
+msgid "-r @var{version}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6419
+msgid "@var{version} is the desired LTS release version. If omitted the latest release is used."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6423
+msgid "The command below imports metadata for the @code{HTTP} Haskell package included in the LTS Stackage release version 7.18:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6426
+#, no-wrap
+msgid "guix import stackage --lts-version=7.18 HTTP\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6428 doc/guix.texi:6429 doc/guix.texi:6594
+#, no-wrap
+msgid "elpa"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6432
+msgid "Import metadata from an Emacs Lisp Package Archive (ELPA) package repository (@pxref{Packages,,, emacs, The GNU Emacs Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6436
+#, no-wrap
+msgid "--archive=@var{repo}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6437
+#, no-wrap
+msgid "-a @var{repo}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6441
+msgid ""
+"@var{repo} identifies the archive repository from which to retrieve the information. Currently the supported repositories and their "
+"identifiers are:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:6445
+msgid "@uref{http://elpa.gnu.org/packages, GNU}, selected by the @code{gnu} identifier. This is the default."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:6451
+msgid ""
+"Packages from @code{elpa.gnu.org} are signed with one of the keys contained in the GnuPG keyring at @file{share/emacs/25.1/etc/"
+"package-keyring.gpg} (or similar) in the @code{emacs} package (@pxref{Package Installation, ELPA package signatures,, emacs, The GNU "
+"Emacs Manual})."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:6455
+msgid "@uref{http://stable.melpa.org/packages, MELPA-Stable}, selected by the @code{melpa-stable} identifier."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:6459
+msgid "@uref{http://melpa.org/packages, MELPA}, selected by the @code{melpa} identifier."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6462 doc/guix.texi:6463 doc/guix.texi:6612
+#, no-wrap
+msgid "crate"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6466
+msgid "Import metadata from the crates.io Rust package repository @uref{https://crates.io, crates.io}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6471
+msgid ""
+"The structure of the @command{guix import} code is modular. It would be useful to have more importers for other package formats, "
+"and your help is welcome here (@pxref{Contributing})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:6473
+#, no-wrap
+msgid "Invoking @command{guix refresh}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:6475
+#, no-wrap
+msgid "guix refresh"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6480
+msgid ""
+"The primary audience of the @command{guix refresh} command is developers of the GNU software distribution. By default, it reports "
+"any packages provided by the distribution that are outdated compared to the latest upstream version, like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6485
+#, no-wrap
+msgid ""
+"$ guix refresh\n"
+"gnu/packages/gettext.scm:29:13: gettext would be upgraded from 0.18.1.1 to 0.18.2.1\n"
+"gnu/packages/glib.scm:77:12: glib would be upgraded from 2.34.3 to 2.37.0\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6489
+msgid "Alternately, one can specify packages to consider, in which case a warning is emitted for packages that lack an updater:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6494
+#, no-wrap
+msgid ""
+"$ guix refresh coreutils guile guile-ssh\n"
+"gnu/packages/ssh.scm:205:2: warning: no updater for guile-ssh\n"
+"gnu/packages/guile.scm:136:12: guile would be upgraded from 2.0.12 to 2.0.13\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6503
+msgid ""
+"@command{guix refresh} browses the upstream repository of each package and determines the highest version number of the releases "
+"therein. The command knows how to update specific types of packages: GNU packages, ELPA packages, etc.---see the documentation for "
+"@option{--type} below. There are many packages, though, for which it lacks a method to determine whether a new upstream release is "
+"available. However, the mechanism is extensible, so feel free to get in touch with us to add a new method!"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6508
+msgid ""
+"Sometimes the upstream name differs from the package name used in Guix, and @command{guix refresh} needs a little help. Most "
+"updaters honor the @code{upstream-name} property in package definitions, which can be used to that effect:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6515
+#, no-wrap
+msgid ""
+"(define-public network-manager\n"
+" (package\n"
+" (name \"network-manager\")\n"
+" ;; @dots{}\n"
+" (properties '((upstream-name . \"NetworkManager\")))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6527
+msgid ""
+"When passed @code{--update}, it modifies distribution source files to update the version numbers and source tarball hashes of those "
+"package recipes (@pxref{Defining Packages}). This is achieved by downloading each package's latest source tarball and its "
+"associated OpenPGP signature, authenticating the downloaded tarball against its signature using @command{gpg}, and finally computing "
+"its hash. When the public key used to sign the tarball is missing from the user's keyring, an attempt is made to automatically "
+"retrieve it from a public key server; when this is successful, the key is added to the user's keyring; otherwise, @command{guix "
+"refresh} reports an error."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6529
+msgid "The following options are supported:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6537 doc/guix.texi:7098
+msgid "This is useful to precisely refer to a package, as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6540
+#, no-wrap
+msgid "guix refresh -l -e '(@@@@ (gnu packages commencement) glibc-final)'\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6544
+msgid "This command lists the dependents of the ``final'' libc (essentially all the packages.)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6545
+#, no-wrap
+msgid "--update"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6546
+#, no-wrap
+msgid "-u"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6550
+msgid ""
+"Update distribution source files (package recipes) in place. This is usually run from a checkout of the Guix source tree "
+"(@pxref{Running Guix Before It Is Installed}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6553
+#, no-wrap
+msgid "$ ./pre-inst-env guix refresh -s non-core -u\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6556
+msgid "@xref{Defining Packages}, for more information on package definitions."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6557
+#, no-wrap
+msgid "--select=[@var{subset}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6558
+#, no-wrap
+msgid "-s @var{subset}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6561
+msgid "Select all the packages in @var{subset}, one of @code{core} or @code{non-core}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6568
+msgid ""
+"The @code{core} subset refers to all the packages at the core of the distribution---i.e., packages that are used to build "
+"``everything else''. This includes GCC, libc, Binutils, Bash, etc. Usually, changing one of these packages in the distribution "
+"entails a rebuild of all the others. Thus, such updates are an inconvenience to users in terms of build time or bandwidth used to "
+"achieve the upgrade."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6572
+msgid ""
+"The @code{non-core} subset refers to the remaining packages. It is typically useful in cases where an update of the core packages "
+"would be inconvenient."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6577
+msgid ""
+"Select all the packages from the manifest in @var{file}. This is useful to check if any packages of the user manifest can be updated."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6578
+#, no-wrap
+msgid "--type=@var{updater}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6579
+#, no-wrap
+msgid "-t @var{updater}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6582
+msgid ""
+"Select only packages handled by @var{updater} (may be a comma-separated list of updaters). Currently, @var{updater} may be one of:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6586
+msgid "the updater for GNU packages;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6586
+#, no-wrap
+msgid "gnome"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6588
+msgid "the updater for GNOME packages;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6588
+#, no-wrap
+msgid "kde"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6590
+msgid "the updater for KDE packages;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6590
+#, no-wrap
+msgid "xorg"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6592
+msgid "the updater for X.org packages;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6592
+#, no-wrap
+msgid "kernel.org"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6594
+msgid "the updater for packages hosted on kernel.org;"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6596
+msgid "the updater for @uref{http://elpa.gnu.org/, ELPA} packages;"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6598
+msgid "the updater for @uref{https://cran.r-project.org/, CRAN} packages;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6598
+#, no-wrap
+msgid "bioconductor"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6600
+msgid "the updater for @uref{https://www.bioconductor.org/, Bioconductor} R packages;"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6602
+msgid "the updater for @uref{http://www.cpan.org/, CPAN} packages;"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6604
+msgid "the updater for @uref{https://pypi.python.org, PyPI} packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6606
+msgid "the updater for @uref{https://rubygems.org, RubyGems} packages."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6606
+#, no-wrap
+msgid "github"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6608
+msgid "the updater for @uref{https://github.com, GitHub} packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6610
+msgid "the updater for @uref{https://hackage.haskell.org, Hackage} packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6612
+msgid "the updater for @uref{https://www.stackage.org, Stackage} packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6614
+msgid "the updater for @uref{https://crates.io, Crates} packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6618
+msgid ""
+"For instance, the following command only checks for updates of Emacs packages hosted at @code{elpa.gnu.org} and for updates of CRAN "
+"packages:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6623
+#, no-wrap
+msgid ""
+"$ guix refresh --type=elpa,cran\n"
+"gnu/packages/statistics.scm:819:13: r-testthat would be upgraded from 0.10.0 to 0.11.0\n"
+"gnu/packages/emacs.scm:856:13: emacs-auctex would be upgraded from 11.88.6 to 11.88.9\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6629
+msgid "In addition, @command{guix refresh} can be passed one or more package names, as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6632
+#, no-wrap
+msgid "$ ./pre-inst-env guix refresh -u emacs idutils gcc@@4.8\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6638
+msgid ""
+"The command above specifically updates the @code{emacs} and @code{idutils} packages. The @code{--select} option would have no "
+"effect in this case."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6643
+msgid ""
+"When considering whether to upgrade a package, it is sometimes convenient to know which packages would be affected by the upgrade "
+"and should be checked for compatibility. For this the following option may be used when passing @command{guix refresh} one or more "
+"package names:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6646
+#, no-wrap
+msgid "--list-updaters"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6647
+#, no-wrap
+msgid "-L"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6649
+msgid "List available updaters and exit (see @option{--type} above.)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6652
+msgid ""
+"For each updater, display the fraction of packages it covers; at the end, display the fraction of packages covered by all these "
+"updaters."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6653
+#, no-wrap
+msgid "--list-dependent"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6654 doc/guix.texi:6799
+#, no-wrap
+msgid "-l"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6657
+msgid "List top-level dependent packages that would need to be rebuilt as a result of upgrading one or more packages."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6661
+msgid ""
+"@xref{Invoking guix graph, the @code{reverse-package} type of @command{guix graph}}, for information on how to visualize the list of "
+"dependents of a package."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6667
+msgid ""
+"Be aware that the @code{--list-dependent} option only @emph{approximates} the rebuilds that would be required as a result of an "
+"upgrade. More rebuilds might be required under some circumstances."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6672
+#, no-wrap
+msgid ""
+"$ guix refresh --list-dependent flex\n"
+"Building the following 120 packages would ensure 213 dependent packages are rebuilt:\n"
+"hop@@2.4.0 geiser@@0.4 notmuch@@0.18 mu@@0.9.9.5 cflow@@1.4 idutils@@4.6 @dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6676
+msgid "The command above lists a set of packages that could be built to check for compatibility with an upgraded @code{flex} package."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6678
+msgid "The following options can be used to customize GnuPG operation:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6681
+#, no-wrap
+msgid "--gpg=@var{command}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6684
+msgid "Use @var{command} as the GnuPG 2.x command. @var{command} is searched for in @code{$PATH}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6688
+msgid "Handle missing OpenPGP keys according to @var{policy}, which may be one of:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6690 doc/guix.texi:13666
+#, no-wrap
+msgid "always"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6693
+msgid "Always download missing OpenPGP keys from the key server, and add them to the user's GnuPG keyring."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6694 doc/guix.texi:13668
+#, no-wrap
+msgid "never"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6696
+msgid "Never try to download missing OpenPGP keys. Instead just bail out."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6697
+#, no-wrap
+msgid "interactive"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6700
+msgid ""
+"When a package signed with an unknown OpenPGP key is encountered, ask the user whether to download it or not. This is the default "
+"behavior."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6702
+#, no-wrap
+msgid "--key-server=@var{host}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6704
+msgid "Use @var{host} as the OpenPGP key server when importing a public key."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6717
+msgid ""
+"The @code{github} updater uses the @uref{https://developer.github.com/v3/, GitHub API} to query for new releases. When used "
+"repeatedly e.g. when refreshing all packages, GitHub will eventually refuse to answer any further API requests. By default 60 API "
+"requests per hour are allowed, and a full refresh on all GitHub packages in Guix requires more than this. Authentication with "
+"GitHub through the use of an API token alleviates these limits. To use an API token, set the environment variable "
+"@code{GUIX_GITHUB_TOKEN} to a token procured from @uref{https://github.com/settings/tokens} or otherwise."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:6720
+#, no-wrap
+msgid "Invoking @command{guix lint}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:6722
+#, no-wrap
+msgid "guix lint"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6723
+#, no-wrap
+msgid "package, checking for errors"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6729
+msgid ""
+"The @command{guix lint} command is meant to help package developers avoid common errors and use a consistent style. It runs a "
+"number of checks on a given set of packages in order to find common mistakes in their definitions. Available @dfn{checkers} include "
+"(see @code{--list-checkers} for a complete list):"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6735
+msgid "Validate certain typographical and stylistic rules about package descriptions and synopses."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6736
+#, no-wrap
+msgid "inputs-should-be-native"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6738
+msgid "Identify inputs that should most likely be native inputs."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6741
+#, no-wrap
+msgid "mirror-url"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6742
+#, no-wrap
+msgid "source-file-name"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6748
+msgid ""
+"Probe @code{home-page} and @code{source} URLs and report those that are invalid. Suggest a @code{mirror://} URL when applicable. "
+"Check that the source file name is meaningful, e.g. is not just a version number or ``git-checkout'', without a declared @code{file-"
+"name} (@pxref{origin Reference})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6749
+#, no-wrap
+msgid "cve"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6750 doc/guix.texi:21423
+#, no-wrap
+msgid "security vulnerabilities"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6751
+#, no-wrap
+msgid "CVE, Common Vulnerabilities and Exposures"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6756
+msgid ""
+"Report known vulnerabilities found in the Common Vulnerabilities and Exposures (CVE) databases of the current and past year "
+"@uref{https://nvd.nist.gov/download.cfm#CVE_FEED, published by the US NIST}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6758
+msgid "To view information about a particular vulnerability, visit pages such as:"
+msgstr ""
+
+#. type: indicateurl{#1}
+#: doc/guix.texi:6762
+msgid "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-YYYY-ABCD"
+msgstr ""
+
+#. type: indicateurl{#1}
+#: doc/guix.texi:6764
+msgid "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ABCD"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6769
+msgid "where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g., @code{CVE-2015-7554}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6774
+msgid ""
+"Package developers can specify in package recipes the @uref{https://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)} name and "
+"version of the package when they differ from the name that Guix uses, as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6781
+#, no-wrap
+msgid ""
+"(package\n"
+" (name \"grub\")\n"
+" ;; @dots{}\n"
+" ;; CPE calls this package \"grub2\".\n"
+" (properties '((cpe-name . \"grub2\"))))\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6783
+#, no-wrap
+msgid "formatting"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6786
+msgid "Warn about obvious source code formatting issues: trailing white space, use of tabulations, etc."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6792
+#, no-wrap
+msgid "guix lint @var{options} @var{package}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6796
+msgid ""
+"If no package is given on the command line, then all packages are checked. The @var{options} may be zero or more of the following:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6798
+#, no-wrap
+msgid "--list-checkers"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6802
+msgid "List and describe all the available checkers that will be run on packages and exit."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6803
+#, no-wrap
+msgid "--checkers"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:6804
+#, no-wrap
+msgid "-c"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6807
+msgid "Only enable the checkers specified in a comma-separated list using the names returned by @code{--list-checkers}."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:6811
+#, no-wrap
+msgid "Invoking @command{guix size}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6813
+#, no-wrap
+msgid "size"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6814
+#, no-wrap
+msgid "package size"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:6816
+#, no-wrap
+msgid "guix size"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6823
+msgid ""
+"The @command{guix size} command helps package developers profile the disk usage of packages. It is easy to overlook the impact of "
+"an additional dependency added to a package, or the impact of using a single output for a package that could easily be split "
+"(@pxref{Packages with Multiple Outputs}). Such are the typical issues that @command{guix size} can highlight."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6827
+msgid ""
+"The command can be passed a package specification such as @code{gcc@@4.8} or @code{guile:debug}, or a file name in the store. "
+"Consider this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6837
+#, no-wrap
+msgid ""
+"$ guix size coreutils\n"
+"store item total self\n"
+"/gnu/store/@dots{}-coreutils-8.23 70.0 13.9 19.8%\n"
+"/gnu/store/@dots{}-gmp-6.0.0a 55.3 2.5 3.6%\n"
+"/gnu/store/@dots{}-acl-2.2.52 53.7 0.5 0.7%\n"
+"/gnu/store/@dots{}-attr-2.4.46 53.2 0.3 0.5%\n"
+"/gnu/store/@dots{}-gcc-4.8.4-lib 52.9 15.7 22.4%\n"
+"/gnu/store/@dots{}-glibc-2.21 37.2 37.2 53.1%\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6843
+msgid ""
+"The store items listed here constitute the @dfn{transitive closure} of Coreutils---i.e., Coreutils and all its dependencies, "
+"recursively---as would be returned by:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6846
+#, no-wrap
+msgid "$ guix gc -R /gnu/store/@dots{}-coreutils-8.23\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6854
+msgid ""
+"Here the output shows three columns next to store items. The first column, labeled ``total'', shows the size in mebibytes (MiB) of "
+"the closure of the store item---that is, its own size plus the size of all its dependencies. The next column, labeled ``self'', "
+"shows the size of the item itself. The last column shows the ratio of the size of the item itself to the space occupied by all the "
+"items listed here."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6859
+msgid ""
+"In this example, we see that the closure of Coreutils weighs in at 70@tie{}MiB, half of which is taken by libc. (That libc "
+"represents a large fraction of the closure is not a problem @i{per se} because it is always available on the system anyway.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6865
+msgid ""
+"When the package passed to @command{guix size} is available in the store, @command{guix size} queries the daemon to determine its "
+"dependencies, and measures its size in the store, similar to @command{du -ms --apparent-size} (@pxref{du invocation,,, coreutils, "
+"GNU Coreutils})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6870
+msgid ""
+"When the given package is @emph{not} in the store, @command{guix size} reports information based on the available substitutes "
+"(@pxref{Substitutes}). This makes it possible it to profile disk usage of store items that are not even on disk, only available "
+"remotely."
+msgstr ""
+"Lorsque le paquet donné n'est @emph{pas} dans le dépôt, @command{guix size} rapporte les informations en se basant sur les "
+"substituts disponibles (@pxref{Substituts}). Cela permet de profiler l'utilisation du disque des éléments du dépôt qui ne sont pas "
+"sur le disque, mais seulement disponibles à distance."
+
+#. type: Plain text
+#: doc/guix.texi:6872
+msgid "You can also specify several package names:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6882
+#, no-wrap
+msgid ""
+"$ guix size coreutils grep sed bash\n"
+"store item total self\n"
+"/gnu/store/@dots{}-coreutils-8.24 77.8 13.8 13.4%\n"
+"/gnu/store/@dots{}-grep-2.22 73.1 0.8 0.8%\n"
+"/gnu/store/@dots{}-bash-4.3.42 72.3 4.7 4.6%\n"
+"/gnu/store/@dots{}-readline-6.3 67.6 1.2 1.2%\n"
+"@dots{}\n"
+"total: 102.3 MiB\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6888
+msgid ""
+"In this example we see that the combination of the four packages takes 102.3@tie{}MiB in total, which is much less than the sum of "
+"each closure since they have a lot of dependencies in common."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6890
+msgid "The available options are:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6896
+msgid "Use substitute information from @var{urls}. @xref{client-substitute-urls, the same option for @code{guix build}}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6897
+#, no-wrap
+msgid "--sort=@var{key}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6899
+msgid "Sort lines according to @var{key}, one of the following options:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6901
+#, no-wrap
+msgid "self"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6903
+msgid "the size of each item (the default);"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6905
+msgid "the total size of the item's closure."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6907
+#, no-wrap
+msgid "--map-file=@var{file}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6909
+msgid "Write a graphical map of disk usage in PNG format to @var{file}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6911
+msgid "For the example above, the map looks like this:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6914
+msgid "@image{images/coreutils-size-map,5in,, map of Coreutils disk usage produced by @command{guix size}}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6919
+msgid ""
+"This option requires that @uref{http://wingolog.org/software/guile-charting/, Guile-Charting} be installed and visible in Guile's "
+"module search path. When that is not the case, @command{guix size} fails as it tries to load it."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6923
+msgid "Consider packages for @var{system}---e.g., @code{x86_64-linux}."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:6927
+#, no-wrap
+msgid "Invoking @command{guix graph}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:6929
+#, no-wrap
+msgid "DAG"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:6930
+#, no-wrap
+msgid "guix graph"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6944
+msgid ""
+"Packages and their dependencies form a @dfn{graph}, specifically a directed acyclic graph (DAG). It can quickly become difficult to "
+"have a mental model of the package DAG, so the @command{guix graph} command provides a visual representation of the DAG. By "
+"default, @command{guix graph} emits a DAG representation in the input format of @uref{http://www.graphviz.org/, Graphviz}, so its "
+"output can be passed directly to the @command{dot} command of Graphviz. It can also emit an HTML page with embedded JavaScript code "
+"to display a ``chord diagram'' in a Web browser, using the @uref{https://d3js.org/, d3.js} library, or emit Cypher queries to "
+"construct a graph in a graph database supporting the @uref{http://www.opencypher.org/, openCypher} query language. The general "
+"syntax is:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6947
+#, no-wrap
+msgid "guix graph @var{options} @var{package}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6952
+msgid ""
+"For example, the following command generates a PDF file representing the package DAG for the GNU@tie{}Core Utilities, showing its "
+"build-time dependencies:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6955
+#, no-wrap
+msgid "guix graph coreutils | dot -Tpdf > dag.pdf\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6958
+msgid "The output looks like this:"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6960
+msgid "@image{images/coreutils-graph,2in,,Dependency graph of the GNU Coreutils}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6962
+msgid "Nice little graph, no?"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:6968
+msgid ""
+"But there is more than one graph! The one above is concise: it is the graph of package objects, omitting implicit inputs such as "
+"GCC, libc, grep, etc. It is often useful to have such a concise graph, but sometimes one may want to see more details. "
+"@command{guix graph} supports several types of graphs, allowing you to choose the level of detail:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6974
+msgid ""
+"This is the default type used in the example above. It shows the DAG of package objects, excluding implicit dependencies. It is "
+"concise, but filters out many details."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6975
+#, no-wrap
+msgid "reverse-package"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6977
+msgid "This shows the @emph{reverse} DAG of packages. For example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6980
+#, no-wrap
+msgid "guix graph --type=reverse-package ocaml\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6983
+msgid "... yields the graph of packages that depend on OCaml."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6988
+msgid ""
+"Note that for core packages this can yield huge graphs. If all you want is to know the number of packages that depend on a given "
+"package, use @command{guix refresh --list-dependent} (@pxref{Invoking guix refresh, @option{--list-dependent}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:6989
+#, no-wrap
+msgid "bag-emerged"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6991
+msgid "This is the package DAG, @emph{including} implicit inputs."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6993
+msgid "For instance, the following command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:6996
+#, no-wrap
+msgid "guix graph --type=bag-emerged coreutils | dot -Tpdf > dag.pdf\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:6999
+msgid "... yields this bigger graph:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7001
+msgid "@image{images/coreutils-bag-graph,,5in,Detailed dependency graph of the GNU Coreutils}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7004
+msgid ""
+"At the bottom of the graph, we see all the implicit inputs of @var{gnu-build-system} (@pxref{Build Systems, @code{gnu-build-"
+"system}})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7008
+msgid ""
+"Now, note that the dependencies of these implicit inputs---that is, the @dfn{bootstrap dependencies} (@pxref{Bootstrapping})---are "
+"not shown here, for conciseness."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7009
+#, no-wrap
+msgid "bag"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7012
+msgid "Similar to @code{bag-emerged}, but this time including all the bootstrap dependencies."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7013
+#, no-wrap
+msgid "bag-with-origins"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7015
+msgid "Similar to @code{bag}, but also showing origins and their dependencies."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7021
+msgid ""
+"This is the most detailed representation: It shows the DAG of derivations (@pxref{Derivations}) and plain store items. Compared to "
+"the above representation, many additional nodes are visible, including build scripts, patches, Guile modules, etc."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7024
+msgid "For this type of graph, it is also possible to pass a @file{.drv} file name instead of a package name, as in:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7027
+#, no-wrap
+msgid "guix graph -t derivation `guix system build -d my-config.scm`\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7029
+#, no-wrap
+msgid "module"
+msgstr "module"
+
+#. type: table
+#: doc/guix.texi:7033
+msgid ""
+"This is the graph of @dfn{package modules} (@pxref{Package Modules}). For example, the following command shows the graph for the "
+"package module that defines the @code{guile} package:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7036
+#, no-wrap
+msgid "guix graph -t module guile | dot -Tpdf > module-graph.pdf\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7041
+msgid ""
+"All the types above correspond to @emph{build-time dependencies}. The following graph type represents the @emph{run-time "
+"dependencies}:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7043
+#, no-wrap
+msgid "references"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7046
+msgid ""
+"This is the graph of @dfn{references} of a package output, as returned by @command{guix gc --references} (@pxref{Invoking guix gc})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7049
+msgid ""
+"If the given package output is not available in the store, @command{guix graph} attempts to obtain dependency information from "
+"substitutes."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7053
+msgid ""
+"Here you can also pass a store file name instead of a package name. For example, the command below produces the reference graph of "
+"your profile (which can be big!):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7056
+#, no-wrap
+msgid "guix graph -t references `readlink -f ~/.guix-profile`\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7058
+#, no-wrap
+msgid "referrers"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7061
+msgid ""
+"This is the graph of the @dfn{referrers} of a store item, as returned by @command{guix gc --referrers} (@pxref{Invoking guix gc})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7067
+msgid ""
+"This relies exclusively on local information from your store. For instance, let us suppose that the current Inkscape is available "
+"in 10 profiles on your machine; @command{guix graph -t referrers inkscape} will show a graph rooted at Inkscape and with those 10 "
+"profiles linked to it."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7070
+msgid "It can help determine what is preventing a store item from being garbage collected."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7074
+msgid "The available options are the following:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7076
+#, no-wrap
+msgid "--type=@var{type}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7077 doc/guix.texi:20541
+#, no-wrap
+msgid "-t @var{type}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7080
+msgid "Produce a graph output of @var{type}, where @var{type} must be one of the values listed above."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7081
+#, no-wrap
+msgid "--list-types"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7083
+msgid "List the supported graph types."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7084
+#, no-wrap
+msgid "--backend=@var{backend}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7085
+#, no-wrap
+msgid "-b @var{backend}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7087
+msgid "Produce a graph using the selected @var{backend}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7088
+#, no-wrap
+msgid "--list-backends"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7090
+msgid "List the supported graph backends."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7092
+msgid "Currently, the available backends are Graphviz and d3.js."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7101
+#, no-wrap
+msgid "guix graph -e '(@@@@ (gnu packages commencement) gnu-make-final)'\n"
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:7106
+#, no-wrap
+msgid "Invoking @command{guix environment}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7108
+#, no-wrap
+msgid "reproducible build environments"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7109
+#, no-wrap
+msgid "development environments"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:7110
+#, no-wrap
+msgid "guix environment"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7111
+#, no-wrap
+msgid "environment, package build environment"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7117
+msgid ""
+"The purpose of @command{guix environment} is to assist hackers in creating reproducible development environments without polluting "
+"their package profile. The @command{guix environment} tool takes one or more packages, builds all of their inputs, and creates a "
+"shell environment to use them."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7122
+#, no-wrap
+msgid "guix environment @var{options} @var{package}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7126
+msgid "The following example spawns a new shell set up for the development of GNU@tie{}Guile:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7129
+#, no-wrap
+msgid "guix environment guile\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7146
+msgid ""
+"If the needed dependencies are not built yet, @command{guix environment} automatically builds them. The environment of the new "
+"shell is an augmented version of the environment that @command{guix environment} was run in. It contains the necessary search paths "
+"for building the given package added to the existing environment variables. To create a ``pure'' environment, in which the original "
+"environment variables have been unset, use the @code{--pure} option@footnote{Users sometimes wrongfully augment environment "
+"variables such as @code{PATH} in their @file{~/.bashrc} file. As a consequence, when @code{guix environment} launches it, Bash may "
+"read @file{~/.bashrc}, thereby introducing ``impurities'' in these environment variables. It is an error to define such environment "
+"variables in @file{.bashrc}; instead, they should be defined in @file{.bash_profile}, which is sourced only by log-in shells. "
+"@xref{Bash Startup Files,,, bash, The GNU Bash Reference Manual}, for details on Bash start-up files.}."
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:7147
+#, no-wrap
+msgid "GUIX_ENVIRONMENT"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7153
+msgid ""
+"@command{guix environment} defines the @code{GUIX_ENVIRONMENT} variable in the shell it spawns; its value is the file name of the "
+"profile of this environment. This allows users to, say, define a specific prompt for development environments in their @file{."
+"bashrc} (@pxref{Bash Startup Files,,, bash, The GNU Bash Reference Manual}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7159
+#, no-wrap
+msgid ""
+"if [ -n \"$GUIX_ENVIRONMENT\" ]\n"
+"then\n"
+" export PS1=\"\\u@@\\h \\w [dev]\\$ \"\n"
+"fi\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7163
+msgid "... or to browse the profile:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7166
+#, no-wrap
+msgid "$ ls \"$GUIX_ENVIRONMENT/bin\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7172
+msgid ""
+"Additionally, more than one package may be specified, in which case the union of the inputs for the given packages are used. For "
+"example, the command below spawns a shell where all of the dependencies of both Guile and Emacs are available:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7175
+#, no-wrap
+msgid "guix environment guile emacs\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7180
+msgid ""
+"Sometimes an interactive shell session is not desired. An arbitrary command may be invoked by placing the @code{--} token to "
+"separate the command from the rest of the arguments:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7183
+#, no-wrap
+msgid "guix environment guile -- make -j4\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7189
+msgid ""
+"In other situations, it is more convenient to specify the list of packages needed in the environment. For example, the following "
+"command runs @command{python} from an environment containing Python@tie{}2.7 and NumPy:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7192
+#, no-wrap
+msgid "guix environment --ad-hoc python2-numpy python-2.7 -- python\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7203
+msgid ""
+"Furthermore, one might want the dependencies of a package and also some additional packages that are not build-time or runtime "
+"dependencies, but are useful when developing nonetheless. Because of this, the @code{--ad-hoc} flag is positional. Packages "
+"appearing before @code{--ad-hoc} are interpreted as packages whose dependencies will be added to the environment. Packages "
+"appearing after are interpreted as packages that will be added to the environment directly. For example, the following command "
+"creates a Guix development environment that additionally includes Git and strace:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7206
+#, no-wrap
+msgid "guix environment guix --ad-hoc git strace\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7215
+msgid ""
+"Sometimes it is desirable to isolate the environment as much as possible, for maximal purity and reproducibility. In particular, "
+"when using Guix on a host distro that is not GuixSD, it is desirable to prevent access to @file{/usr/bin} and other system-wide "
+"resources from the development environment. For example, the following command spawns a Guile REPL in a ``container'' where only "
+"the store and the current working directory are mounted:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7218
+#, no-wrap
+msgid "guix environment --ad-hoc --container guile -- guile\n"
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:7222
+msgid "The @code{--container} option requires Linux-libre 3.19 or newer."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7225
+msgid "The available options are summarized below."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7229
+#, no-wrap
+msgid "persistent environment"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7230
+#, no-wrap
+msgid "garbage collector root, for environments"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7233
+msgid "Make @var{file} a symlink to the profile for this environment, and register it as a garbage collector root."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7236
+msgid "This is useful if you want to protect your environment from garbage collection, to make it ``persistent''."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7242
+msgid ""
+"When this option is omitted, the environment is protected from garbage collection only for the duration of the @command{guix "
+"environment} session. This means that next time you recreate the same environment, you could have to rebuild or re-download "
+"packages. @xref{Invoking guix gc}, for more on GC roots."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7247
+msgid "Create an environment for the package or list of packages that @var{expr} evaluates to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7249
+msgid "For example, running:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7252
+#, no-wrap
+msgid "guix environment -e '(@@ (gnu packages maths) petsc-openmpi)'\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7256
+msgid "starts a shell with the environment for this specific variant of the PETSc package."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7258
+msgid "Running:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7261
+#, no-wrap
+msgid "guix environment --ad-hoc -e '(@@ (gnu) %base-packages)'\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7264
+msgid "starts a shell with all the GuixSD base packages available."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7267
+msgid ""
+"The above commands only use the default output of the given packages. To select other outputs, two element tuples can be specified:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7270
+#, no-wrap
+msgid "guix environment --ad-hoc -e '(list (@@ (gnu packages bash) bash) \"include\")'\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7272
+#, no-wrap
+msgid "--load=@var{file}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7273
+#, no-wrap
+msgid "-l @var{file}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7276
+msgid "Create an environment for the package or list of packages that the code within @var{file} evaluates to."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7282
+#, no-wrap
+msgid "@verbatiminclude environment-gdb.scm\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7288
+msgid "Create an environment for the packages contained in the manifest object returned by the Scheme code in @var{file}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7292
+msgid ""
+"This is similar to the same-named option in @command{guix package} (@pxref{profile-manifest, @option{--manifest}}) and uses the same "
+"manifest files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7293
+#, no-wrap
+msgid "--ad-hoc"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7298
+msgid ""
+"Include all specified packages in the resulting environment, as if an @i{ad hoc} package were defined with them as inputs. This "
+"option is useful for quickly creating an environment without having to write a package expression to contain the desired inputs."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7300
+msgid "For instance, the command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7303
+#, no-wrap
+msgid "guix environment --ad-hoc guile guile-sdl -- guile\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7307
+msgid "runs @command{guile} in an environment where Guile and Guile-SDL are available."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7312
+msgid ""
+"Note that this example implicitly asks for the default output of @code{guile} and @code{guile-sdl}, but it is possible to ask for a "
+"specific output---e.g., @code{glib:bin} asks for the @code{bin} output of @code{glib} (@pxref{Packages with Multiple Outputs})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7318
+msgid ""
+"This option may be composed with the default behavior of @command{guix environment}. Packages appearing before @code{--ad-hoc} are "
+"interpreted as packages whose dependencies will be added to the environment, the default behavior. Packages appearing after are "
+"interpreted as packages that will be added to the environment directly."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7319
+#, no-wrap
+msgid "--pure"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7323
+msgid ""
+"Unset existing environment variables when building the new environment. This has the effect of creating an environment in which "
+"search paths only contain package inputs."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7324
+#, no-wrap
+msgid "--search-paths"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7327
+msgid "Display the environment variable definitions that make up the environment."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7331
+msgid "Attempt to build for @var{system}---e.g., @code{i686-linux}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7332
+#, no-wrap
+msgid "--container"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7333
+#, no-wrap
+msgid "-C"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7334 doc/guix.texi:7845 doc/guix.texi:20490
+#, no-wrap
+msgid "container"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7342
+msgid ""
+"Run @var{command} within an isolated container. The current working directory outside the container is mapped inside the "
+"container. Additionally, unless overridden with @code{--user}, a dummy home directory is created that matches the current user's "
+"home directory, and @file{/etc/passwd} is configured accordingly. The spawned process runs as the current user outside the "
+"container, but has root privileges in the context of the container."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7343
+#, no-wrap
+msgid "--network"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7344
+#, no-wrap
+msgid "-N"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7348
+msgid ""
+"For containers, share the network namespace with the host system. Containers created without this flag only have access to the "
+"loopback device."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7349
+#, no-wrap
+msgid "--link-profile"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7350
+#, no-wrap
+msgid "-P"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7357
+msgid ""
+"For containers, link the environment profile to @file{~/.guix-profile} within the container. This is equivalent to running the "
+"command @command{ln -s $GUIX_ENVIRONMENT ~/.guix-profile} within the container. Linking will fail and abort the environment if the "
+"directory already exists, which will certainly be the case if @command{guix environment} was invoked in the user's home directory."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7364
+msgid ""
+"Certain packages are configured to look in @code{~/.guix-profile} for configuration files and data;@footnote{For example, the "
+"@code{fontconfig} package inspects @file{~/.guix-profile/share/fonts} for additional fonts.} @code{--link-profile} allows these "
+"programs to behave as expected within the environment."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7365 doc/guix.texi:7517
+#, no-wrap
+msgid "--user=@var{user}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7366 doc/guix.texi:7518
+#, no-wrap
+msgid "-u @var{user}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7372
+msgid ""
+"For containers, use the username @var{user} in place of the current user. The generated @file{/etc/passwd} entry within the "
+"container will contain the name @var{user}; the home directory will be @file{/home/USER}; and no user GECOS data will be copied. "
+"@var{user} need not exist on the system."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7377
+msgid ""
+"Additionally, any shared or exposed path (see @code{--share} and @code{--expose} respectively) whose target is within the current "
+"user's home directory will be remapped relative to @file{/home/USER}; this includes the automatic mapping of the current working "
+"directory."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7384
+#, no-wrap
+msgid ""
+"# will expose paths as /home/foo/wd, /home/foo/test, and /home/foo/target\n"
+"cd $HOME/wd\n"
+"guix environment --container --user=foo \\\n"
+" --expose=$HOME/test \\\n"
+" --expose=/tmp/target=$HOME/target\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7389
+msgid ""
+"While this will limit the leaking of user identity through home paths and each of the user fields, this is only one useful component "
+"of a broader privacy/anonymity solution---not one in and of itself."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7390
+#, no-wrap
+msgid "--expose=@var{source}[=@var{target}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7395
+msgid ""
+"For containers, expose the file system @var{source} from the host system as the read-only file system @var{target} within the "
+"container. If @var{target} is not specified, @var{source} is used as the target mount point in the container."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7399
+msgid ""
+"The example below spawns a Guile REPL in a container in which the user's home directory is accessible read-only via the @file{/"
+"exchange} directory:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7402
+#, no-wrap
+msgid "guix environment --container --expose=$HOME=/exchange --ad-hoc guile -- guile\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7404
+#, no-wrap
+msgid "--share=@var{source}[=@var{target}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7409
+msgid ""
+"For containers, share the file system @var{source} from the host system as the writable file system @var{target} within the "
+"container. If @var{target} is not specified, @var{source} is used as the target mount point in the container."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7413
+msgid ""
+"The example below spawns a Guile REPL in a container in which the user's home directory is accessible for both reading and writing "
+"via the @file{/exchange} directory:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7416
+#, no-wrap
+msgid "guix environment --container --share=$HOME=/exchange --ad-hoc guile -- guile\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7422
+msgid ""
+"@command{guix environment} also supports all of the common build options that @command{guix build} supports (@pxref{Common Build "
+"Options})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:7425
+#, no-wrap
+msgid "Invoking @command{guix publish}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:7427
+#, no-wrap
+msgid "guix publish"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7431
+msgid ""
+"The purpose of @command{guix publish} is to enable users to easily share their store with others, who can then use it as a "
+"substitute server (@pxref{Substitutes})."
+msgstr ""
+"Le but de @command{guix publish} est de vous permettre de partager facilement votre dépôt avec d'autres personnes qui peuvent "
+"ensuite l'utiliser comme serveur de substituts (@pxref{Substituts})."
+
+#. type: Plain text
+#: doc/guix.texi:7437
+msgid ""
+"When @command{guix publish} runs, it spawns an HTTP server which allows anyone with network access to obtain substitutes from it. "
+"This means that any machine running Guix can also act as if it were a build farm, since the HTTP interface is compatible with Hydra, "
+"the software behind the @code{hydra.gnu.org} build farm."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7443
+msgid ""
+"For security, each substitute is signed, allowing recipients to check their authenticity and integrity (@pxref{Substitutes}). "
+"Because @command{guix publish} uses the signing key of the system, which is only readable by the system administrator, it must be "
+"started as root; the @code{--user} option makes it drop root privileges early on."
+msgstr ""
+"Pour des raisons de sécurité, chaque substitut est signé, ce qui permet aux destinataires de vérifier leur authenticité et leur "
+"intégrité (@pxref{Substituts}). Comme @command{guix publish} utilise la clef de signature du système, qui n'est lisible que par "
+"l'administrateur système, il doit être lancé en root ; l'option @code{--user} lui fait baisser ses privilèges le plus tôt possible."
+
+#. type: Plain text
+#: doc/guix.texi:7447
+msgid ""
+"The signing key pair must be generated before @command{guix publish} is launched, using @command{guix archive --generate-key} "
+"(@pxref{Invoking guix archive})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7452
+#, no-wrap
+msgid "guix publish @var{options}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7456
+msgid "Running @command{guix publish} without any additional arguments will spawn an HTTP server on port 8080:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7459
+#, no-wrap
+msgid "guix publish\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7463
+msgid "Once a publishing server has been authorized (@pxref{Invoking guix archive}), the daemon may download substitutes from it:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7466
+#, no-wrap
+msgid "guix-daemon --substitute-urls=http://example.org:8080\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7475
+msgid ""
+"By default, @command{guix publish} compresses archives on the fly as it serves them. This ``on-the-fly'' mode is convenient in that "
+"it requires no setup and is immediately available. However, when serving lots of clients, we recommend using the @option{--cache} "
+"option, which enables caching of the archives before they are sent to clients---see below for details. The @command{guix weather} "
+"command provides a handy way to check what a server provides (@pxref{Invoking guix weather})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7482
+msgid ""
+"As a bonus, @command{guix publish} also serves as a content-addressed mirror for source files referenced in @code{origin} records "
+"(@pxref{origin Reference}). For instance, assuming @command{guix publish} is running on @code{example.org}, the following URL "
+"returns the raw @file{hello-2.10.tar.gz} file with the given SHA256 hash (represented in @code{nix-base32} format, @pxref{Invoking "
+"guix hash}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7485
+#, no-wrap
+msgid "http://example.org/file/hello-2.10.tar.gz/sha256/0ssi1@dots{}ndq1i\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7489
+msgid "Obviously, these URLs only work for files that are in the store; in other cases, they return 404 (``Not Found'')."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7490
+#, no-wrap
+msgid "build logs, publication"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7492
+msgid "Build logs are available from @code{/log} URLs like:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7495
+#, no-wrap
+msgid "http://example.org/log/gwspk@dots{}-guile-2.2.3\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7505
+msgid ""
+"When @command{guix-daemon} is configured to save compressed build logs, as is the case by default (@pxref{Invoking guix-daemon}), "
+"@code{/log} URLs return the compressed log as-is, with an appropriate @code{Content-Type} and/or @code{Content-Encoding} header. We "
+"recommend running @command{guix-daemon} with @code{--log-compression=gzip} since Web browsers can automatically decompress it, which "
+"is not the case with bzip2 compression."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7509
+#, no-wrap
+msgid "--port=@var{port}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7510
+#, no-wrap
+msgid "-p @var{port}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7512
+msgid "Listen for HTTP requests on @var{port}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7513 doc/guix.texi:16983
+#, no-wrap
+msgid "--listen=@var{host}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7516
+msgid "Listen on the network interface for @var{host}. The default is to accept connections from any interface."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7521
+msgid "Change privileges to @var{user} as soon as possible---i.e., once the server socket is open and the signing key has been read."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7522
+#, no-wrap
+msgid "--compression[=@var{level}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7523
+#, no-wrap
+msgid "-C [@var{level}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7528
+msgid ""
+"Compress data using the given @var{level}. When @var{level} is zero, disable compression. The range 1 to 9 corresponds to "
+"different gzip compression levels: 1 is the fastest, and 9 is the best (CPU-intensive). The default is 3."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7537
+msgid ""
+"Unless @option{--cache} is used, compression occurs on the fly and the compressed streams are not cached. Thus, to reduce load on "
+"the machine that runs @command{guix publish}, it may be a good idea to choose a low compression level, to run @command{guix publish} "
+"behind a caching proxy, or to use @option{--cache}. Using @option{--cache} has the advantage that it allows @command{guix publish} "
+"to add @code{Content-Length} HTTP header to its responses."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7538
+#, no-wrap
+msgid "--cache=@var{directory}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7539
+#, no-wrap
+msgid "-c @var{directory}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7542
+msgid "Cache archives and meta-data (@code{.narinfo} URLs) to @var{directory} and only serve archives that are in cache."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7550
+msgid ""
+"When this option is omitted, archives and meta-data are created on-the-fly. This can reduce the available bandwidth, especially "
+"when compression is enabled, since this may become CPU-bound. Another drawback of the default mode is that the length of archives "
+"is not known in advance, so @command{guix publish} does not add a @code{Content-Length} HTTP header to its responses, which in turn "
+"prevents clients from knowing the amount of data being downloaded."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7558
+msgid ""
+"Conversely, when @option{--cache} is used, the first request for a store item (@i{via} a @code{.narinfo} URL) returns 404 and "
+"triggers a background process to @dfn{bake} the archive---computing its @code{.narinfo} and compressing the archive, if needed. "
+"Once the archive is cached in @var{directory}, subsequent requests succeed and are served directly from the cache, which guarantees "
+"that clients get the best possible bandwidth."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7562
+msgid ""
+"The ``baking'' process is performed by worker threads. By default, one thread per CPU core is created, but this can be customized. "
+"See @option{--workers} below."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7565
+msgid "When @option{--ttl} is used, cached entries are automatically deleted when they have expired."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7566
+#, no-wrap
+msgid "--workers=@var{N}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7569
+msgid "When @option{--cache} is used, request the allocation of @var{N} worker threads to ``bake'' archives."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7570
+#, no-wrap
+msgid "--ttl=@var{ttl}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7574
+msgid ""
+"Produce @code{Cache-Control} HTTP headers that advertise a time-to-live (TTL) of @var{ttl}. @var{ttl} must denote a duration: "
+"@code{5d} means 5 days, @code{1m} means 1 month, and so on."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7579
+msgid ""
+"This allows the user's Guix to keep substitute information in cache for @var{ttl}. However, note that @code{guix publish} does not "
+"itself guarantee that the store items it provides will indeed remain available for as long as @var{ttl}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7583
+msgid ""
+"Additionally, when @option{--cache} is used, cached entries that have not been accessed for @var{ttl} and that no longer have a "
+"corresponding item in the store, may be deleted."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7584
+#, no-wrap
+msgid "--nar-path=@var{path}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7587
+msgid "Use @var{path} as the prefix for the URLs of ``nar'' files (@pxref{Invoking guix archive, normalized archives})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7591
+msgid ""
+"By default, nars are served at a URL such as @code{/nar/gzip/@dots{}-coreutils-8.25}. This option allows you to change the @code{/"
+"nar} part to @var{path}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7592
+#, no-wrap
+msgid "--public-key=@var{file}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7593
+#, no-wrap
+msgid "--private-key=@var{file}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7596
+msgid "Use the specific @var{file}s as the public/private key pair used to sign the store items being published."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7603
+msgid ""
+"The files must correspond to the same key pair (the private key is used for signing and the public key is merely advertised in the "
+"signature metadata). They must contain keys in the canonical s-expression format as produced by @command{guix archive --generate-"
+"key} (@pxref{Invoking guix archive}). By default, @file{/etc/guix/signing-key.pub} and @file{/etc/guix/signing-key.sec} are used."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7604
+#, no-wrap
+msgid "--repl[=@var{port}]"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7605
+#, no-wrap
+msgid "-r [@var{port}]"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7609
+msgid ""
+"Spawn a Guile REPL server (@pxref{REPL Servers,,, guile, GNU Guile Reference Manual}) on @var{port} (37146 by default). This is "
+"used primarily for debugging a running @command{guix publish} server."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7615
+msgid ""
+"Enabling @command{guix publish} on a GuixSD system is a one-liner: just instantiate a @code{guix-publish-service-type} service in "
+"the @code{services} field of the @code{operating-system} declaration (@pxref{guix-publish-service-type, @code{guix-publish-service-"
+"type}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7618
+msgid "If you are instead running Guix on a ``foreign distro'', follow these instructions:”"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:7622
+msgid "If your host distro uses the systemd init system:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7627
+#, no-wrap
+msgid ""
+"# ln -s ~root/.guix-profile/lib/systemd/system/guix-publish.service \\\n"
+" /etc/systemd/system/\n"
+"# systemctl start guix-publish && systemctl enable guix-publish\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7635
+#, no-wrap
+msgid ""
+"# ln -s ~root/.guix-profile/lib/upstart/system/guix-publish.conf /etc/init/\n"
+"# start guix-publish\n"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:7639
+msgid "Otherwise, proceed similarly with your distro's init system."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:7642
+#, no-wrap
+msgid "Invoking @command{guix challenge}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7645
+#, no-wrap
+msgid "verifiable builds"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:7646
+#, no-wrap
+msgid "guix challenge"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7647
+#, no-wrap
+msgid "challenge"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7652
+msgid ""
+"Do the binaries provided by this server really correspond to the source code it claims to build? Is a package build process "
+"deterministic? These are the questions the @command{guix challenge} command attempts to answer."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7660
+msgid ""
+"The former is obviously an important question: Before using a substitute server (@pxref{Substitutes}), one had better @emph{verify} "
+"that it provides the right binaries, and thus @emph{challenge} it. The latter is what enables the former: If package builds are "
+"deterministic, then independent builds of the package should yield the exact same result, bit for bit; if a server provides a binary "
+"different from the one obtained locally, it may be either corrupt or malicious."
+msgstr ""
+"La première question est évidemment importante : avant d'utiliser un serveur de substituts (@pxref{Substituts}), il vaut mieux "
+"@emph{vérifier} qu'il fournit les bons binaires et donc le @emph{défier}. La deuxième est ce qui permet la première : si les "
+"constructions des paquets sont déterministes alors des constructions indépendantes du paquet devraient donner le même résultat, bit "
+"à bit ; si un serveur fournit un binaire différent de celui obtenu localement, il peut être soit corrompu, soit malveillant."
+
+#. type: Plain text
+#: doc/guix.texi:7669
+msgid ""
+"We know that the hash that shows up in @file{/gnu/store} file names is the hash of all the inputs of the process that built the file "
+"or directory---compilers, libraries, build scripts, etc. (@pxref{Introduction}). Assuming deterministic build processes, one store "
+"file name should map to exactly one build output. @command{guix challenge} checks whether there is, indeed, a single mapping by "
+"comparing the build outputs of several independent builds of any given store item."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7671
+msgid "The command output looks like this:"
+msgstr ""
+
+#. type: smallexample
+#: doc/guix.texi:7688
+#, no-wrap
+msgid ""
+"$ guix challenge --substitute-urls=\"https://hydra.gnu.org https://guix.example.org\"\n"
+"updating list of substitutes from 'https://hydra.gnu.org'... 100.0%\n"
+"updating list of substitutes from 'https://guix.example.org'... 100.0%\n"
+"/gnu/store/@dots{}-openssl-1.0.2d contents differ:\n"
+" local hash: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q\n"
+" https://hydra.gnu.org/nar/@dots{}-openssl-1.0.2d: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q\n"
+" https://guix.example.org/nar/@dots{}-openssl-1.0.2d: 1zy4fmaaqcnjrzzajkdn3f5gmjk754b43qkq47llbyak9z0qjyim\n"
+"/gnu/store/@dots{}-git-2.5.0 contents differ:\n"
+" local hash: 00p3bmryhjxrhpn2gxs2fy0a15lnip05l97205pgbk5ra395hyha\n"
+" https://hydra.gnu.org/nar/@dots{}-git-2.5.0: 069nb85bv4d4a6slrwjdy8v1cn4cwspm3kdbmyb81d6zckj3nq9f\n"
+" https://guix.example.org/nar/@dots{}-git-2.5.0: 0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73\n"
+"/gnu/store/@dots{}-pius-2.1.1 contents differ:\n"
+" local hash: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax\n"
+" https://hydra.gnu.org/nar/@dots{}-pius-2.1.1: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax\n"
+" https://guix.example.org/nar/@dots{}-pius-2.1.1: 1cy25x1a4fzq5rk0pmvc8xhwyffnqz95h2bpvqsz2mpvlbccy0gs\n"
+"\n"
+msgstr ""
+
+#. type: smallexample
+#: doc/guix.texi:7690
+#, no-wrap
+msgid ""
+"@dots{}\n"
+"\n"
+msgstr ""
+
+#. type: smallexample
+#: doc/guix.texi:7695
+#, no-wrap
+msgid ""
+"6,406 store items were analyzed:\n"
+" - 4,749 (74.1%) were identical\n"
+" - 525 (8.2%) differed\n"
+" - 1,132 (17.7%) were inconclusive\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7703
+msgid ""
+"In this example, @command{guix challenge} first scans the store to determine the set of locally-built derivations---as opposed to "
+"store items that were downloaded from a substitute server---and then queries all the substitute servers. It then reports those "
+"store items for which the servers obtained a result different from the local build."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7704
+#, no-wrap
+msgid "non-determinism, in package builds"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7715
+msgid ""
+"As an example, @code{guix.example.org} always gets a different answer. Conversely, @code{hydra.gnu.org} agrees with local builds, "
+"except in the case of Git. This might indicate that the build process of Git is non-deterministic, meaning that its output varies "
+"as a function of various things that Guix does not fully control, in spite of building packages in isolated environments "
+"(@pxref{Features}). Most common sources of non-determinism include the addition of timestamps in build results, the inclusion of "
+"random numbers, and directory listings sorted by inode number. See @uref{https://reproducible-builds.org/docs/}, for more "
+"information."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7718
+msgid "To find out what is wrong with this Git binary, we can do something along these lines (@pxref{Invoking guix archive}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7723
+#, no-wrap
+msgid ""
+"$ wget -q -O - https://hydra.gnu.org/nar/@dots{}-git-2.5.0 \\\n"
+" | guix archive -x /tmp/git\n"
+"$ diff -ur --no-dereference /gnu/store/@dots{}-git.2.5.0 /tmp/git\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7732
+msgid ""
+"This command shows the difference between the files resulting from the local build, and the files resulting from the build on "
+"@code{hydra.gnu.org} (@pxref{Overview, Comparing and Merging Files,, diffutils, Comparing and Merging Files}). The @command{diff} "
+"command works great for text files. When binary files differ, a better option is @uref{https://diffoscope.org/, Diffoscope}, a tool "
+"that helps visualize differences for all kinds of files."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7740
+msgid ""
+"Once you have done that work, you can tell whether the differences are due to a non-deterministic build process or to a malicious "
+"server. We try hard to remove sources of non-determinism in packages to make it easier to verify substitutes, but of course, this "
+"is a process that involves not just Guix, but a large part of the free software community. In the meantime, @command{guix "
+"challenge} is one tool to help address the problem."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7744
+msgid ""
+"If you are writing packages for Guix, you are encouraged to check whether @code{hydra.gnu.org} and other substitute servers obtain "
+"the same build result as you did with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7747
+#, no-wrap
+msgid "$ guix challenge @var{package}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7752
+msgid "where @var{package} is a package specification such as @code{guile@@2.0} or @code{glibc:debug}."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7757
+#, no-wrap
+msgid "guix challenge @var{options} [@var{packages}@dots{}]\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7764
+msgid ""
+"When a difference is found between the hash of a locally-built item and that of a server-provided substitute, or among substitutes "
+"provided by different servers, the command displays it as in the example above and its exit code is 2 (other non-zero exit codes "
+"denote other kinds of errors.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7766
+msgid "The one option that matters is:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7772
+msgid "Consider @var{urls} the whitespace-separated list of substitute source URLs to compare to."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7774
+#, no-wrap
+msgid "-v"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7777
+msgid "Show details about matches (identical contents) in addition to information about mismatches."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:7781
+#, no-wrap
+msgid "Invoking @command{guix copy}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7783
+#, no-wrap
+msgid "copy, of store items, over SSH"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7784
+#, no-wrap
+msgid "SSH, copy of store items"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7785
+#, no-wrap
+msgid "sharing store items across machines"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7786
+#, no-wrap
+msgid "transferring store items across machines"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7793
+msgid ""
+"The @command{guix copy} command copies items from the store of one machine to that of another machine over a secure shell (SSH) "
+"connection@footnote{This command is available only when Guile-SSH was found. @xref{Requirements}, for details.}. For example, the "
+"following command copies the @code{coreutils} package, the user's profile, and all their dependencies over to @var{host}, logged in "
+"as @var{user}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7797
+#, no-wrap
+msgid ""
+"guix copy --to=@var{user}@@@var{host} \\\n"
+" coreutils `readlink -f ~/.guix-profile`\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7801
+msgid "If some of the items to be copied are already present on @var{host}, they are not actually sent."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7804
+msgid "The command below retrieves @code{libreoffice} and @code{gimp} from @var{host}, assuming they are available there:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7807
+#, no-wrap
+msgid "guix copy --from=@var{host} libreoffice gimp\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7812
+msgid ""
+"The SSH connection is established using the Guile-SSH client, which is compatible with OpenSSH: it honors @file{~/.ssh/known_hosts} "
+"and @file{~/.ssh/config}, and uses the SSH agent for authentication."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7818
+msgid ""
+"The key used to sign items that are sent must be accepted by the remote machine. Likewise, the key used by the remote machine to "
+"sign items you are retrieving must be in @file{/etc/guix/acl} so it is accepted by your own daemon. @xref{Invoking guix archive}, "
+"for more information about store item authentication."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7823
+#, no-wrap
+msgid "guix copy [--to=@var{spec}|--from=@var{spec}] @var{items}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7826
+msgid "You must always specify one of the following options:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7828
+#, no-wrap
+msgid "--to=@var{spec}"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:7829
+#, no-wrap
+msgid "--from=@var{spec}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7833
+msgid ""
+"Specify the host to send to or receive from. @var{spec} must be an SSH spec such as @code{example.org}, @code{charlie@@example."
+"org}, or @code{charlie@@example.org:2222}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7837
+msgid ""
+"The @var{items} can be either package names, such as @code{gimp}, or store items, such as @file{/gnu/store/@dots{}-idutils-4.6}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7841
+msgid ""
+"When specifying the name of a package to send, it is first built if needed, unless @option{--dry-run} was specified. Common build "
+"options are supported (@pxref{Common Build Options})."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:7844
+#, no-wrap
+msgid "Invoking @command{guix container}"
+msgstr ""
+
+#. type: command{#1}
+#: doc/guix.texi:7846
+#, no-wrap
+msgid "guix container"
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:7850
+msgid "As of version @value{VERSION}, this tool is experimental. The interface is subject to radical change in the future."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7857
+msgid ""
+"The purpose of @command{guix container} is to manipulate processes running within an isolated environment, commonly known as a "
+"``container'', typically created by the @command{guix environment} (@pxref{Invoking guix environment}) and @command{guix system "
+"container} (@pxref{Invoking guix system}) commands."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7862
+#, no-wrap
+msgid "guix container @var{action} @var{options}@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7866
+msgid ""
+"@var{action} specifies the operation to perform with a container, and @var{options} specifies the context-specific arguments for the "
+"action."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7868
+msgid "The following actions are available:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:7870
+#, no-wrap
+msgid "exec"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7872
+msgid "Execute a command within the context of a running container."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7874
+msgid "The syntax is:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7877
+#, no-wrap
+msgid "guix container exec @var{pid} @var{program} @var{arguments}@dots{}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7883
+msgid ""
+"@var{pid} specifies the process ID of the running container. @var{program} specifies an executable file name within the root file "
+"system of the container. @var{arguments} are the additional options that will be passed to @var{program}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7887
+msgid ""
+"The following command launches an interactive login shell inside a GuixSD container, started by @command{guix system container}, and "
+"whose process ID is 9001:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7890
+#, no-wrap
+msgid "guix container exec 9001 /run/current-system/profile/bin/bash --login\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7894
+msgid ""
+"Note that the @var{pid} cannot be the parent process of a container. It must be PID 1 of the container or one of its child "
+"processes."
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:7898
+#, no-wrap
+msgid "Invoking @command{guix weather}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7907
+msgid ""
+"Occasionally you're grumpy because substitutes are lacking and you end up building packages by yourself (@pxref{Substitutes}). The "
+"@command{guix weather} command reports on substitute availability on the specified servers so you can have an idea of whether you'll "
+"be grumpy today. It can sometimes be useful info as a user, but it is primarily useful to people running @command{guix publish} "
+"(@pxref{Invoking guix publish})."
+msgstr ""
+"Vous pouvez parfois grogner lorsque les substituts ne sont pas disponibles et que vous devez construire les paquets vous-même "
+"(@pxref{Substituts}). La commande @command{guix weather} rapporte la disponibilité des substituts sur les serveurs spécifiés pour "
+"que vous sachiez si vous allez raller aujourd'hui. Cela peut parfois être une information utile pour les utilisateurs, mais elle est "
+"surtout utile pour les personnes qui font tourner @command{guix publish} (@pxref{Invoking guix publish})."
+
+#. type: cindex
+#: doc/guix.texi:7908
+#, no-wrap
+msgid "statistics, for substitutes"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7909
+#, no-wrap
+msgid "availability of substitutes"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7910
+#, no-wrap
+msgid "substitute availability"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7911
+#, no-wrap
+msgid "weather, substitute availability"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7913
+msgid "Here's a sample run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7925
+#, no-wrap
+msgid ""
+"$ guix weather --substitute-urls=https://guix.example.org\n"
+"computing 5,872 package derivations for x86_64-linux...\n"
+"looking for 6,128 store items on https://guix.example.org..\n"
+"updating list of substitutes from 'https://guix.example.org'... 100.0%\n"
+"https://guix.example.org\n"
+" 43.4% substitutes available (2,658 out of 6,128)\n"
+" 7,032.5 MiB of nars (compressed)\n"
+" 19,824.2 MiB on disk (uncompressed)\n"
+" 0.030 seconds per request (182.9 seconds in total)\n"
+" 33.5 requests per second\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:7935
+#, no-wrap
+msgid ""
+" 9.8% (342 out of 3,470) of the missing items are queued\n"
+" 867 queued builds\n"
+" x86_64-linux: 518 (59.7%)\n"
+" i686-linux: 221 (25.5%)\n"
+" aarch64-linux: 128 (14.8%)\n"
+" build rate: 23.41 builds per hour\n"
+" x86_64-linux: 11.16 builds per hour\n"
+" i686-linux: 6.03 builds per hour\n"
+" aarch64-linux: 6.41 builds per hour\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:7937
+#, no-wrap
+msgid "continuous integration, statistics"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7946
+msgid ""
+"As you can see, it reports the fraction of all the packages for which substitutes are available on the server---regardless of "
+"whether substitutes are enabled, and regardless of whether this server's signing key is authorized. It also reports the size of the "
+"compressed archives (``nars'') provided by the server, the size the corresponding store items occupy in the store (assuming "
+"deduplication is turned off), and the server's throughput. The second part gives continuous integration (CI) statistics, if the "
+"server supports it."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7952
+msgid ""
+"To achieve that, @command{guix weather} queries over HTTP(S) meta-data (@dfn{narinfos}) for all the relevant store items. Like "
+"@command{guix challenge}, it ignores signatures on those substitutes, which is innocuous since the command only gathers statistics "
+"and cannot install those substitutes."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7955
+msgid ""
+"Among other things, it is possible to query specific system types and specific package sets. The available options are listed below."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7961
+msgid ""
+"@var{urls} is the space-separated list of substitute server URLs to query. When this option is omitted, the default set of "
+"substitute servers is queried."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7967
+msgid ""
+"Query substitutes for @var{system}---e.g., @code{aarch64-linux}. This option can be repeated, in which case @command{guix weather} "
+"will query substitutes for several system types."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:7973
+msgid ""
+"Instead of querying substitutes for all the packages, only ask for those specified in @var{file}. @var{file} must contain a "
+"@dfn{manifest}, as with the @code{-m} option of @command{guix package} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7991
+msgid ""
+"Guix comes with a distribution of the GNU system consisting entirely of free software@footnote{The term ``free'' here refers to the "
+"@url{http://www.gnu.org/philosophy/free-sw.html,freedom provided to users of that software}.}. The distribution can be installed on "
+"its own (@pxref{System Installation}), but it is also possible to install Guix as a package manager on top of an installed GNU/Linux "
+"system (@pxref{Installation}). To distinguish between the two, we refer to the standalone distribution as the Guix System "
+"Distribution, or GuixSD."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:7997
+msgid ""
+"The distribution provides core GNU packages such as GNU libc, GCC, and Binutils, as well as many GNU and non-GNU applications. The "
+"complete list of available packages can be browsed @url{http://www.gnu.org/software/guix/packages,on-line} or by running "
+"@command{guix package} (@pxref{Invoking guix package}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8000
+#, no-wrap
+msgid "guix package --list-available\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8006
+msgid ""
+"Our goal is to provide a practical 100% free software distribution of Linux-based and other variants of GNU, with a focus on the "
+"promotion and tight integration of GNU components, and an emphasis on programs and tools that help users exert that freedom."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8008
+msgid "Packages are currently available on the following platforms:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8011 doc/guix.texi:8176
+#, no-wrap
+msgid "x86_64-linux"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8013
+msgid "Intel/AMD @code{x86_64} architecture, Linux-Libre kernel;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8014 doc/guix.texi:8179
+#, no-wrap
+msgid "i686-linux"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8016
+msgid "Intel 32-bit architecture (IA32), Linux-Libre kernel;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8017
+#, no-wrap
+msgid "armhf-linux"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8021
+msgid ""
+"ARMv7-A architecture with hard float, Thumb-2 and NEON, using the EABI hard-float application binary interface (ABI), and Linux-"
+"Libre kernel."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8022
+#, no-wrap
+msgid "aarch64-linux"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8026
+msgid ""
+"little-endian 64-bit ARMv8-A processors, Linux-Libre kernel. This is currently in an experimental stage, with limited support. "
+"@xref{Contributing}, for how to help!"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8027
+#, no-wrap
+msgid "mips64el-linux"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8030
+msgid "little-endian 64-bit MIPS processors, specifically the Loongson series, n32 ABI, and Linux-Libre kernel."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8034
+msgid "GuixSD itself is currently only available on @code{i686} and @code{x86_64}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8038
+msgid "For information on porting to other architectures or kernels, @pxref{Porting}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8053
+msgid ""
+"Building this distribution is a cooperative effort, and you are invited to join! @xref{Contributing}, for information about how you "
+"can help."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8057
+#, no-wrap
+msgid "installing GuixSD"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8063
+msgid ""
+"This section explains how to install the Guix System Distribution (GuixSD) on a machine. The Guix package manager can also be "
+"installed on top of a running GNU/Linux system, @pxref{Installation}."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:8072
+msgid ""
+"You are reading this documentation with an Info reader. For details on how to use it, hit the @key{RET} key (``return'' or "
+"``enter'') on the link that follows: @pxref{Top, Info reader,, info-stnd, Stand-alone GNU Info}. Hit @kbd{l} afterwards to come "
+"back here."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:8075
+msgid "Alternately, run @command{info info} in another tty to keep the manual available."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8100
+msgid ""
+"As of version @value{VERSION}, the Guix System Distribution (GuixSD) is not production-ready. It may contain bugs and lack "
+"important features. Thus, if you are looking for a stable production system that respects your freedom as a computer user, a good "
+"solution at this point is to consider @url{http://www.gnu.org/distros/free-distros.html, one of the more established GNU/Linux "
+"distributions}. We hope you can soon switch to the GuixSD without fear, of course. In the meantime, you can also keep using your "
+"distribution and try out the package manager on top of it (@pxref{Installation})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8103
+msgid ""
+"Before you proceed with the installation, be aware of the following noteworthy limitations applicable to version @value{VERSION}:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8109
+msgid ""
+"The installation process does not include a graphical user interface and requires familiarity with GNU/Linux (see the following "
+"subsections to get a feel of what that means.)"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8112
+msgid "Support for the Logical Volume Manager (LVM) is missing."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8116
+msgid "More and more system services are provided (@pxref{Services}), but some may be missing."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8120
+msgid "More than 6,500 packages are available, but you might occasionally find that a useful package is missing."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8125
+msgid ""
+"GNOME, Xfce, LXDE, and Enlightenment are available (@pxref{Desktop Services}), as well as a number of X11 window managers. However, "
+"some graphical applications may be missing, as well as KDE."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8130
+msgid ""
+"You have been warned! But more than a disclaimer, this is an invitation to report issues (and success stories!), and to join us in "
+"improving it. @xref{Contributing}, for more info."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8135
+#, no-wrap
+msgid "hardware support on GuixSD"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8144
+msgid ""
+"GNU@tie{}GuixSD focuses on respecting the user's computing freedom. It builds around the kernel Linux-libre, which means that only "
+"hardware for which free software drivers and firmware exist is supported. Nowadays, a wide range of off-the-shelf hardware is "
+"supported on GNU/Linux-libre---from keyboards to graphics cards to scanners and Ethernet controllers. Unfortunately, there are "
+"still areas where hardware vendors deny users control over their own computing, and such hardware is not supported on GuixSD."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8145
+#, no-wrap
+msgid "WiFi, hardware support"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8154
+msgid ""
+"One of the main areas where free drivers or firmware are lacking is WiFi devices. WiFi devices known to work include those using "
+"Atheros chips (AR9271 and AR7010), which corresponds to the @code{ath9k} Linux-libre driver, and those using Broadcom/AirForce chips "
+"(BCM43xx with Wireless-Core Revision 5), which corresponds to the @code{b43-open} Linux-libre driver. Free firmware exists for both "
+"and is available out-of-the-box on GuixSD, as part of @var{%base-firmware} (@pxref{operating-system Reference, @code{firmware}})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8155
+#, no-wrap
+msgid "RYF, Respects Your Freedom"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8161
+msgid ""
+"The @uref{https://www.fsf.org/, Free Software Foundation} runs @uref{https://www.fsf.org/ryf, @dfn{Respects Your Freedom}} (RYF), a "
+"certification program for hardware products that respect your freedom and your privacy and ensure that you have control over your "
+"device. We encourage you to check the list of RYF-certified devices."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8165
+msgid ""
+"Another useful resource is the @uref{https://www.h-node.org/, H-Node} web site. It contains a catalog of hardware devices with "
+"information about their support in GNU/Linux."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8174
+msgid ""
+"An ISO-9660 installation image that can be written to a USB stick or burnt to a DVD can be downloaded from @indicateurl{ftp://alpha."
+"gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.iso.xz}, where @var{system} is one of:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8178
+msgid "for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs;"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8181
+msgid "for a 32-bit GNU/Linux system on Intel-compatible CPUs."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8186
+msgid ""
+"Make sure to download the associated @file{.sig} file and to verify the authenticity of the image against it, along these lines:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8190
+#, no-wrap
+msgid ""
+"$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-install-@value{VERSION}.@var{system}.iso.xz.sig\n"
+"$ gpg --verify guixsd-install-@value{VERSION}.@var{system}.iso.xz.sig\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8205
+msgid ""
+"This image contains the tools necessary for an installation. It is meant to be copied @emph{as is} to a large-enough USB stick or "
+"DVD."
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8206
+#, no-wrap
+msgid "Copying to a USB Stick"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8209
+msgid "To copy the image to a USB stick, follow these steps:"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8213 doc/guix.texi:8238
+msgid "Decompress the image using the @command{xz} command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8216 doc/guix.texi:8241
+#, no-wrap
+msgid "xz -d guixsd-install-@value{VERSION}.@var{system}.iso.xz\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8222
+msgid ""
+"Insert a USB stick of 1@tie{}GiB or more into your machine, and determine its device name. Assuming that the USB stick is known as "
+"@file{/dev/sdX}, copy the image with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8226
+#, no-wrap
+msgid ""
+"dd if=guixsd-install-@value{VERSION}.x86_64-linux.iso of=/dev/sdX\n"
+"sync\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8229
+msgid "Access to @file{/dev/sdX} usually requires root privileges."
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8231
+#, no-wrap
+msgid "Burning on a DVD"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8234
+msgid "To copy the image to a DVD, follow these steps:"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8247
+msgid ""
+"Insert a blank DVD into your machine, and determine its device name. Assuming that the DVD drive is known as @file{/dev/srX}, copy "
+"the image with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8250
+#, no-wrap
+msgid "growisofs -dvd-compat -Z /dev/srX=guixsd-install-@value{VERSION}.x86_64.iso\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8253
+msgid "Access to @file{/dev/srX} usually requires root privileges."
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8255
+#, no-wrap
+msgid "Booting"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8260
+msgid ""
+"Once this is done, you should be able to reboot the system and boot from the USB stick or DVD. The latter usually requires you to "
+"get in the BIOS or UEFI boot menu, where you can choose to boot from the USB stick."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8263
+msgid "@xref{Installing GuixSD in a VM}, if, instead, you would like to install GuixSD in a virtual machine (VM)."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8275
+msgid ""
+"Once you have successfully booted your computer using the installation medium, you should end up with a root prompt. Several "
+"console TTYs are configured and can be used to run commands as root. TTY2 shows this documentation, browsable using the Info reader "
+"commands (@pxref{Top,,, info-stnd, Stand-alone GNU Info}). The installation system runs the GPM mouse daemon, which allows you to "
+"select text with the left mouse button and to paste it with the middle button."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:8280
+msgid ""
+"Installation requires access to the Internet so that any missing dependencies of your system configuration can be downloaded. See "
+"the ``Networking'' section below."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8286
+msgid ""
+"The installation system includes many common tools needed for this task. But it is also a full-blown GuixSD system, which means "
+"that you can install additional packages, should you need it, using @command{guix package} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:8287
+#, no-wrap
+msgid "Keyboard Layout"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8289 doc/guix.texi:10360
+#, no-wrap
+msgid "keyboard layout"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8293
+msgid ""
+"The installation image uses the US qwerty keyboard layout. If you want to change it, you can use the @command{loadkeys} command. "
+"For example, the following command selects the Dvorak keyboard layout:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8296
+#, no-wrap
+msgid "loadkeys dvorak\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8301
+msgid ""
+"See the files under @file{/run/current-system/profile/share/keymaps} for a list of available keyboard layouts. Run @command{man "
+"loadkeys} for more information."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:8302
+#, no-wrap
+msgid "Networking"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8305
+msgid "Run the following command see what your network interfaces are called:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8308
+#, no-wrap
+msgid "ifconfig -a\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8312
+msgid "@dots{} or, using the GNU/Linux-specific @command{ip} command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8315
+#, no-wrap
+msgid "ip a\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8322
+msgid ""
+"Wired interfaces have a name starting with @samp{e}; for example, the interface corresponding to the first on-board Ethernet "
+"controller is called @samp{eno1}. Wireless interfaces have a name starting with @samp{w}, like @samp{w1p2s0}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8324
+#, no-wrap
+msgid "Wired connection"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8327
+msgid ""
+"To configure a wired network run the following command, substituting @var{interface} with the name of the wired interface you want "
+"to use."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8330
+#, no-wrap
+msgid "ifconfig @var{interface} up\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8332
+#, no-wrap
+msgid "Wireless connection"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8333 doc/guix.texi:10714
+#, no-wrap
+msgid "wireless"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8334 doc/guix.texi:10715
+#, no-wrap
+msgid "WiFi"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8339
+msgid ""
+"To configure wireless networking, you can create a configuration file for the @command{wpa_supplicant} configuration tool (its "
+"location is not important) using one of the available text editors such as @command{nano}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8342
+#, no-wrap
+msgid "nano wpa_supplicant.conf\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8347
+msgid ""
+"As an example, the following stanza can go to this file and will work for many wireless networks, provided you give the actual SSID "
+"and passphrase for the network you are connecting to:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8354
+#, no-wrap
+msgid ""
+"network=@{\n"
+" ssid=\"@var{my-ssid}\"\n"
+" key_mgmt=WPA-PSK\n"
+" psk=\"the network's secret passphrase\"\n"
+"@}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8359
+msgid ""
+"Start the wireless service and run it in the background with the following command (substitute @var{interface} with the name of the "
+"network interface you want to use):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8362
+#, no-wrap
+msgid "wpa_supplicant -c wpa_supplicant.conf -i @var{interface} -B\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8365
+msgid "Run @command{man wpa_supplicant} for more information."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8367
+#, no-wrap
+msgid "DHCP"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8370
+msgid ""
+"At this point, you need to acquire an IP address. On a network where IP addresses are automatically assigned @i{via} DHCP, you can "
+"run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8373
+#, no-wrap
+msgid "dhclient -v @var{interface}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8376
+msgid "Try to ping a server to see if networking is up and running:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8379
+#, no-wrap
+msgid "ping -c 3 gnu.org\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8383
+msgid ""
+"Setting up network access is almost always a requirement because the image does not contain all the software and tools that may be "
+"needed."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8384
+#, no-wrap
+msgid "installing over SSH"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8387
+msgid "If you want to, you can continue the installation remotely by starting an SSH server:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8390
+#, no-wrap
+msgid "herd start ssh-daemon\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8394
+msgid "Make sure to either set a password with @command{passwd}, or configure OpenSSH public key authentication before logging in."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:8395
+#, no-wrap
+msgid "Disk Partitioning"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8399
+msgid "Unless this has already been done, the next step is to partition, and then format the target partition(s)."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8404
+msgid ""
+"The installation image includes several partitioning tools, including Parted (@pxref{Overview,,, parted, GNU Parted User Manual}), "
+"@command{fdisk}, and @command{cfdisk}. Run it and set up your disk with the partition layout you want:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8407
+#, no-wrap
+msgid "cfdisk\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8413
+msgid ""
+"If your disk uses the GUID Partition Table (GPT) format and you plan to install BIOS-based GRUB (which is the default), make sure a "
+"BIOS Boot Partition is available (@pxref{BIOS installation,,, grub, GNU GRUB manual})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8414
+#, no-wrap
+msgid "EFI, installation"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8415
+#, no-wrap
+msgid "UEFI, installation"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8416
+#, no-wrap
+msgid "ESP, EFI system partition"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8420
+msgid ""
+"If you instead wish to use EFI-based GRUB, a FAT32 @dfn{EFI System Partition} (ESP) is required. This partition should be mounted "
+"at @file{/boot/efi} and must have the @code{esp} flag set. E.g., for @command{parted}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8423
+#, no-wrap
+msgid "parted /dev/sda set 1 esp on\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8431
+msgid ""
+"Once you are done partitioning the target hard disk drive, you have to create a file system on the relevant "
+"partition(s)@footnote{Currently GuixSD only supports ext4 and btrfs file systems. In particular, code that reads file system UUIDs "
+"and labels only works for these file system types.}. For the ESP, if you have one and assuming it is @file{/dev/sda2}, run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8434
+#, no-wrap
+msgid "mkfs.fat -F32 /dev/sda2\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8442
+msgid ""
+"Preferably, assign file systems a label so that you can easily and reliably refer to them in @code{file-system} declarations "
+"(@pxref{File Systems}). This is typically done using the @code{-L} option of @command{mkfs.ext4} and related commands. So, "
+"assuming the target root partition lives at @file{/dev/sda1}, a file system with the label @code{my-root} can be created with:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8445
+#, no-wrap
+msgid "mkfs.ext4 -L my-root /dev/sda1\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8447 doc/guix.texi:8836
+#, no-wrap
+msgid "encrypted disk"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8454
+msgid ""
+"If you are instead planning to encrypt the root partition, you can use the Cryptsetup/LUKS utilities to do that (see "
+"@inlinefmtifelse{html, @uref{https://linux.die.net/man/8/cryptsetup, @code{man cryptsetup}}, @code{man cryptsetup}} for more "
+"information.) Assuming you want to store the root partition on @file{/dev/sda1}, the command sequence would be along these lines:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8459
+#, no-wrap
+msgid ""
+"cryptsetup luksFormat /dev/sda1\n"
+"cryptsetup open --type luks /dev/sda1 my-partition\n"
+"mkfs.ext4 -L my-root /dev/mapper/my-partition\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8464
+msgid ""
+"Once that is done, mount the target file system under @file{/mnt} with a command like (again, assuming @code{my-root} is the label "
+"of the root file system):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8467
+#, no-wrap
+msgid "mount LABEL=my-root /mnt\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8473
+msgid ""
+"Also mount any other file systems you would like to use on the target system relative to this path. If you have @file{/boot} on a "
+"separate partition for example, mount it at @file{/mnt/boot} now so it is found by @code{guix system init} afterwards."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8478
+msgid ""
+"Finally, if you plan to use one or more swap partitions (@pxref{Memory Concepts, swap space,, libc, The GNU C Library Reference "
+"Manual}), make sure to initialize them with @command{mkswap}. Assuming you have one swap partition on @file{/dev/sda2}, you would "
+"run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8482
+#, no-wrap
+msgid ""
+"mkswap /dev/sda2\n"
+"swapon /dev/sda2\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8490
+msgid ""
+"Alternatively, you may use a swap file. For example, assuming that in the new system you want to use the file @file{/swapfile} as a "
+"swap file, you would run@footnote{This example will work for many types of file systems (e.g., ext4). However, for copy-on-write "
+"file systems (e.g., btrfs), the required steps may be different. For details, see the manual pages for @command{mkswap} and "
+"@command{swapon}.}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8498
+#, no-wrap
+msgid ""
+"# This is 10 GiB of swap space. Adjust \"count\" to change the size.\n"
+"dd if=/dev/zero of=/mnt/swapfile bs=1MiB count=10240\n"
+"# For security, make the file readable and writable only by root.\n"
+"chmod 600 /mnt/swapfile\n"
+"mkswap /mnt/swapfile\n"
+"swapon /mnt/swapfile\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8503
+msgid ""
+"Note that if you have encrypted the root partition and created a swap file in its file system as described above, then the "
+"encryption also protects the swap file, just like any other file in that file system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8509
+msgid "With the target partitions ready and the target root mounted on @file{/mnt}, we're ready to go. First, run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8512
+#, no-wrap
+msgid "herd start cow-store /mnt\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8519
+msgid ""
+"This makes @file{/gnu/store} copy-on-write, such that packages added to it during the installation phase are written to the target "
+"disk on @file{/mnt} rather than kept in memory. This is necessary because the first phase of the @command{guix system init} command "
+"(see below) entails downloads or builds to @file{/gnu/store} which, initially, is an in-memory file system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8530
+msgid ""
+"Next, you have to edit a file and provide the declaration of the operating system to be installed. To that end, the installation "
+"system comes with three text editors. We recommend GNU nano (@pxref{Top,,, nano, GNU nano Manual}), which supports syntax "
+"highlighting and parentheses matching; other editors include GNU Zile (an Emacs clone), and nvi (a clone of the original BSD "
+"@command{vi} editor). We strongly recommend storing that file on the target root file system, say, as @file{/mnt/etc/config.scm}. "
+"Failing to do that, you will have lost your configuration file once you have rebooted into the newly-installed system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8537
+msgid ""
+"@xref{Using the Configuration System}, for an overview of the configuration file. The example configurations discussed in that "
+"section are available under @file{/etc/configuration} in the installation image. Thus, to get started with a system configuration "
+"providing a graphical display server (a ``desktop'' system), you can run something along these lines:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8542
+#, no-wrap
+msgid ""
+"# mkdir /mnt/etc\n"
+"# cp /etc/configuration/desktop.scm /mnt/etc/config.scm\n"
+"# nano /mnt/etc/config.scm\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8546
+msgid "You should pay attention to what your configuration file contains, and in particular:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8556
+msgid ""
+"Make sure the @code{bootloader-configuration} form refers to the target you want to install GRUB on. It should mention @code{grub-"
+"bootloader} if you are installing GRUB in the legacy way, or @code{grub-efi-bootloader} for newer UEFI systems. For legacy systems, "
+"the @code{target} field names a device, like @code{/dev/sda}; for UEFI systems it names a path to a mounted EFI partition, like "
+"@code{/boot/efi}, and do make sure the path is actually mounted."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8562
+msgid ""
+"Be sure that your file system labels match the value of their respective @code{device} fields in your @code{file-system} "
+"configuration, assuming your @code{file-system} configuration sets the value of @code{title} to @code{'label}."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:8566
+msgid ""
+"If there are encrypted or RAID partitions, make sure to add a @code{mapped-devices} field to describe them (@pxref{Mapped Devices})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8571
+msgid ""
+"Once you are done preparing the configuration file, the new system must be initialized (remember that the target root file system is "
+"mounted under @file{/mnt}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8574
+#, no-wrap
+msgid "guix system init /mnt/etc/config.scm /mnt\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8581
+msgid ""
+"This copies all the necessary files and installs GRUB on @file{/dev/sdX}, unless you pass the @option{--no-bootloader} option. For "
+"more information, @pxref{Invoking guix system}. This command may trigger downloads or builds of missing packages, which can take "
+"some time."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8588
+msgid ""
+"Once that command has completed---and hopefully succeeded!---you can run @command{reboot} and boot into the new system. The "
+"@code{root} password in the new system is initially empty; other users' passwords need to be initialized by running the "
+"@command{passwd} command as @code{root}, unless your configuration specifies otherwise (@pxref{user-account-password, user account "
+"passwords})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8589
+#, no-wrap
+msgid "upgrading GuixSD"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8596
+msgid ""
+"From then on, you can update GuixSD whenever you want by running @command{guix pull} as @code{root} (@pxref{Invoking guix pull}), "
+"and then running @command{guix system reconfigure} to build a new system generation with the latest packages and services "
+"(@pxref{Invoking guix system}). We recommend doing that regularly so that your system includes the latest security updates "
+"(@pxref{Security Updates})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8600
+msgid ""
+"Join us on @code{#guix} on the Freenode IRC network or on @file{guix-devel@@gnu.org} to share your experience---good or not so good."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:8602
+#, no-wrap
+msgid "Installing GuixSD in a Virtual Machine"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8604
+#, no-wrap
+msgid "virtual machine, GuixSD installation"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8605
+#, no-wrap
+msgid "virtual private server (VPS)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8606
+#, no-wrap
+msgid "VPS (virtual private server)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8610
+msgid ""
+"If you'd like to install GuixSD in a virtual machine (VM) or on a virtual private server (VPS) rather than on your beloved machine, "
+"this section is for you."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8613
+msgid "To boot a @uref{http://qemu.org/,QEMU} VM for installing GuixSD in a disk image, follow these steps:"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8618
+msgid "First, retrieve and decompress the GuixSD installation image as described previously (@pxref{USB Stick and DVD Installation})."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8622
+msgid ""
+"Create a disk image that will hold the installed system. To make a qcow2-formatted disk image, use the @command{qemu-img} command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8625
+#, no-wrap
+msgid "qemu-img create -f qcow2 guixsd.img 50G\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8629
+msgid ""
+"The resulting file will be much smaller than 50 GB (typically less than 1 MB), but it will grow as the virtualized storage device is "
+"filled up."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8632
+msgid "Boot the USB installation image in an VM:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8638
+#, no-wrap
+msgid ""
+"qemu-system-x86_64 -m 1024 -smp 1 \\\n"
+" -net user -net nic,model=virtio -boot menu=on \\\n"
+" -drive file=guixsd-install-@value{VERSION}.@var{system}.iso \\\n"
+" -drive file=guixsd.img\n"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8641
+msgid "The ordering of the drives matters."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8645
+msgid ""
+"In the VM console, quickly press the @kbd{F12} key to enter the boot menu. Then press the @kbd{2} key and the @kbd{RET} key to "
+"validate your selection."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:8649
+msgid ""
+"You're now root in the VM, proceed with the installation process. @xref{Preparing for Installation}, and follow the instructions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8654
+msgid ""
+"Once installation is complete, you can boot the system that's on your @file{guixsd.img} image. @xref{Running GuixSD in a VM}, for "
+"how to do that."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8658
+#, no-wrap
+msgid "installation image"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8661
+msgid "The installation image described above was built using the @command{guix system} command, specifically:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8664
+#, no-wrap
+msgid "guix system disk-image gnu/system/install.scm\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8669
+msgid ""
+"Have a look at @file{gnu/system/install.scm} in the source tree, and see also @ref{Invoking guix system} for more information about "
+"the installation image."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8673
+#, no-wrap
+msgid "system configuration"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8679
+msgid ""
+"The Guix System Distribution supports a consistent whole-system configuration mechanism. By that we mean that all aspects of the "
+"global system configuration---such as the available system services, timezone and locale settings, user accounts---are declared in a "
+"single place. Such a @dfn{system configuration} can be @dfn{instantiated}---i.e., effected."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8689
+msgid ""
+"One of the advantages of putting all the system configuration under the control of Guix is that it supports transactional system "
+"upgrades, and makes it possible to roll back to a previous system instantiation, should something go wrong with the new one "
+"(@pxref{Features}). Another advantage is that it makes it easy to replicate the exact same configuration across different machines, "
+"or at different points in time, without having to resort to additional administration tools layered on top of the own tools of the "
+"system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8694
+msgid ""
+"This section describes this mechanism. First we focus on the system administrator's viewpoint---explaining how the system is "
+"configured and instantiated. Then we show how this mechanism can be extended, for instance to support new system services."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8721
+msgid ""
+"The operating system is configured by providing an @code{operating-system} declaration in a file that can then be passed to the "
+"@command{guix system} command (@pxref{Invoking guix system}). A simple setup, with the default system services, the default Linux-"
+"Libre kernel, initial RAM disk, and boot loader looks like this:"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:8722
+#, no-wrap
+msgid "operating-system"
+msgstr ""
+
+#. type: include
+#: doc/guix.texi:8724
+#, no-wrap
+msgid "os-config-bare-bones.texi"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8731
+msgid ""
+"This example should be self-describing. Some of the fields defined above, such as @code{host-name} and @code{bootloader}, are "
+"mandatory. Others, such as @code{packages} and @code{services}, can be omitted, in which case they get a default value."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8736
+msgid ""
+"Below we discuss the effect of some of the most important fields (@pxref{operating-system Reference}, for details about all the "
+"available fields), and how to @dfn{instantiate} the operating system using @command{guix system}."
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8737
+#, no-wrap
+msgid "Globally-Visible Packages"
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:8739
+#, no-wrap
+msgid "%base-packages"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8752
+msgid ""
+"The @code{packages} field lists packages that will be globally visible on the system, for all user accounts---i.e., in every user's "
+"@code{PATH} environment variable---in addition to the per-user profiles (@pxref{Invoking guix package}). The @var{%base-packages} "
+"variable provides all the tools one would expect for basic user and administrator tasks---including the GNU Core Utilities, the GNU "
+"Networking Utilities, the GNU Zile lightweight text editor, @command{find}, @command{grep}, etc. The example above adds GNU@tie{}"
+"Screen and OpenSSH to those, taken from the @code{(gnu packages screen)} and @code{(gnu packages ssh)} modules (@pxref{Package "
+"Modules}). The @code{(list package output)} syntax can be used to add a specific output of a package:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:8756
+#, no-wrap
+msgid ""
+"(use-modules (gnu packages))\n"
+"(use-modules (gnu packages dns))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:8761
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; ...\n"
+" (packages (cons (list bind \"utils\")\n"
+" %base-packages)))\n"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:8763
+#, no-wrap
+msgid "specification->package"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8772
+msgid ""
+"Referring to packages by variable name, like @code{bind} above, has the advantage of being unambiguous; it also allows typos and "
+"such to be diagnosed right away as ``unbound variables''. The downside is that one needs to know which module defines which "
+"package, and to augment the @code{use-package-modules} line accordingly. To avoid that, one can use the @code{specification-"
+">package} procedure of the @code{(gnu packages)} module, which returns the best package for a given name or name and version:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:8775
+#, no-wrap
+msgid ""
+"(use-modules (gnu packages))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:8781
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; ...\n"
+" (packages (append (map specification->package\n"
+" '(\"tcpdump\" \"htop\" \"gnupg@@2.0\"))\n"
+" %base-packages)))\n"
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8783
+#, no-wrap
+msgid "System Services"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8785 doc/guix.texi:19871 doc/guix.texi:20789
+#, no-wrap
+msgid "services"
+msgstr ""
+
+#. type: vindex
+#: doc/guix.texi:8786
+#, no-wrap
+msgid "%base-services"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8796
+msgid ""
+"The @code{services} field lists @dfn{system services} to be made available when the system starts (@pxref{Services}). The "
+"@code{operating-system} declaration above specifies that, in addition to the basic services, we want the @command{lshd} secure shell "
+"daemon listening on port 2222 (@pxref{Networking Services, @code{lsh-service}}). Under the hood, @code{lsh-service} arranges so "
+"that @code{lshd} is started with the right command-line options, possibly with supporting configuration files generated as needed "
+"(@pxref{Defining Services})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8797
+#, no-wrap
+msgid "customization, of services"
+msgstr ""
+
+#. type: findex
+#: doc/guix.texi:8798
+#, no-wrap
+msgid "modify-services"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8802
+msgid ""
+"Occasionally, instead of using the base services as is, you will want to customize them. To do this, use @code{modify-services} "
+"(@pxref{Service Reference, @code{modify-services}}) to modify the list."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8807
+msgid ""
+"For example, suppose you want to modify @code{guix-daemon} and Mingetty (the console log-in) in the @var{%base-services} list "
+"(@pxref{Base Services, @code{%base-services}}). To do that, you can write the following in your operating system declaration:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:8820
+#, no-wrap
+msgid ""
+"(define %my-services\n"
+" ;; My very own list of services.\n"
+" (modify-services %base-services\n"
+" (guix-service-type config =>\n"
+" (guix-configuration\n"
+" (inherit config)\n"
+" (use-substitutes? #f)\n"
+" (extra-options '(\"--gc-keep-derivations\"))))\n"
+" (mingetty-service-type config =>\n"
+" (mingetty-configuration\n"
+" (inherit config)))))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:8824
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (services %my-services))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8835
+msgid ""
+"This changes the configuration---i.e., the service parameters---of the @code{guix-service-type} instance, and that of all the "
+"@code{mingetty-service-type} instances in the @var{%base-services} list. Observe how this is accomplished: first, we arrange for "
+"the original configuration to be bound to the identifier @code{config} in the @var{body}, and then we write the @var{body} so that "
+"it evaluates to the desired configuration. In particular, notice how we use @code{inherit} to create a new configuration which has "
+"the same values as the old configuration, but with a few modifications."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8842
+msgid ""
+"The configuration for a typical ``desktop'' usage, with an encrypted root partition, the X11 display server, GNOME and Xfce (users "
+"can choose which of these desktop environments to use at the log-in screen by pressing @kbd{F1}), network management, power "
+"management, and more, would look like this:"
+msgstr ""
+
+#. type: include
+#: doc/guix.texi:8844
+#, no-wrap
+msgid "os-config-desktop.texi"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8847
+#, no-wrap
+msgid "UEFI"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8850
+msgid ""
+"A graphical UEFI system with a choice of lightweight window managers instead of full-blown desktop environments would look like this:"
+msgstr ""
+
+#. type: include
+#: doc/guix.texi:8852
+#, no-wrap
+msgid "os-config-lightweight-desktop.texi"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8858
+msgid ""
+"This example refers to the @file{/boot/efi} file system by its UUID, @code{1234-ABCD}. Replace this UUID with the right UUID on "
+"your system, as returned by the @command{blkid} command."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8862
+msgid ""
+"@xref{Desktop Services}, for the exact list of services provided by @var{%desktop-services}. @xref{X.509 Certificates}, for "
+"background information about the @code{nss-certs} package that is used here."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8869
+msgid ""
+"Again, @var{%desktop-services} is just a list of service objects. If you want to remove services from there, you can do so using "
+"the procedures for list filtering (@pxref{SRFI-1 Filtering and Partitioning,,, guile, GNU Guile Reference Manual}). For instance, "
+"the following expression returns a list that contains all the services in @var{%desktop-services} minus the Avahi service:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:8874
+#, no-wrap
+msgid ""
+"(remove (lambda (service)\n"
+" (eq? (service-kind service) avahi-service-type))\n"
+" %desktop-services)\n"
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8876
+#, no-wrap
+msgid "Instantiating the System"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8883
+msgid ""
+"Assuming the @code{operating-system} declaration is stored in the @file{my-system-config.scm} file, the @command{guix system "
+"reconfigure my-system-config.scm} command instantiates that configuration, and makes it the default GRUB boot entry (@pxref{Invoking "
+"guix system})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8891
+msgid ""
+"The normal way to change the system configuration is by updating this file and re-running @command{guix system reconfigure}. One "
+"should never have to touch files in @file{/etc} or to run commands that modify the system state such as @command{useradd} or "
+"@command{grub-install}. In fact, you must avoid that since that would not only void your warranty but also prevent you from rolling "
+"back to previous versions of your system, should you ever need to."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8892
+#, no-wrap
+msgid "roll-back, of the operating system"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8902
+msgid ""
+"Speaking of roll-back, each time you run @command{guix system reconfigure}, a new @dfn{generation} of the system is created---"
+"without modifying or deleting previous generations. Old system generations get an entry in the bootloader boot menu, allowing you "
+"to boot them in case something went wrong with the latest generation. Reassuring, no? The @command{guix system list-generations} "
+"command lists the system generations available on disk. It is also possible to roll back the system via the commands @command{guix "
+"system roll-back} and @command{guix system switch-generation}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8908
+msgid ""
+"Although the command @command{guix system reconfigure} will not modify previous generations, must take care when the current "
+"generation is not the latest (e.g., after invoking @command{guix system roll-back}), since the operation might overwrite a later "
+"generation (@pxref{Invoking guix system})."
+msgstr ""
+
+#. type: unnumberedsubsubsec
+#: doc/guix.texi:8909
+#, no-wrap
+msgid "The Programming Interface"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8914
+msgid ""
+"At the Scheme level, the bulk of an @code{operating-system} declaration is instantiated with the following monadic procedure "
+"(@pxref{The Store Monad}):"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:8915
+#, no-wrap
+msgid "{Monadic Procedure} operating-system-derivation os"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:8918
+msgid "Return a derivation that builds @var{os}, an @code{operating-system} object (@pxref{Derivations})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:8922
+msgid ""
+"The output of the derivation is a single directory that refers to all the packages, configuration files, and other supporting files "
+"needed to instantiate @var{os}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8927
+msgid ""
+"This procedure is provided by the @code{(gnu system)} module. Along with @code{(gnu services)} (@pxref{Services}), this module "
+"contains the guts of GuixSD. Make sure to visit it!"
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:8930
+#, no-wrap
+msgid "@code{operating-system} Reference"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:8935
+msgid ""
+"This section summarizes all the options available in @code{operating-system} declarations (@pxref{Using the Configuration System})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:8936
+#, no-wrap
+msgid "{Data Type} operating-system"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:8940
+msgid ""
+"This is the data type representing an operating system configuration. By that, we mean all the global system configuration, not per-"
+"user configuration (@pxref{Using the Configuration System})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8942
+#, no-wrap
+msgid "@code{kernel} (default: @var{linux-libre})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8946
+msgid ""
+"The package object of the operating system kernel to use@footnote{Currently only the Linux-libre kernel is supported. In the "
+"future, it will be possible to use the GNU@tie{}Hurd.}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8947
+#, no-wrap
+msgid "@code{kernel-arguments} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8950
+msgid ""
+"List of strings or gexps representing additional arguments to pass on the command-line of the kernel---e.g., "
+"@code{(\"console=ttyS0\")}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:8951 doc/guix.texi:20068 doc/guix.texi:20087
+#, no-wrap
+msgid "bootloader"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8953
+msgid "The system bootloader configuration object. @xref{Bootloader Configuration}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8954
+#, no-wrap
+msgid "@code{initrd-modules} (default: @code{%base-initrd-modules})"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:8955 doc/guix.texi:19908 doc/guix.texi:20011 doc/guix.texi:20206
+#, no-wrap
+msgid "initrd"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8956 doc/guix.texi:19909 doc/guix.texi:20012
+#, no-wrap
+msgid "initial RAM disk"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8959
+msgid "The list of Linux kernel modules that need to be available in the initial RAM disk. @xref{Initial RAM Disk}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8960
+#, no-wrap
+msgid "@code{initrd} (default: @code{base-initrd})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8964
+msgid ""
+"A monadic procedure that returns an initial RAM disk for the Linux kernel. This field is provided to support low-level "
+"customization and should rarely be needed for casual use. @xref{Initial RAM Disk}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8965
+#, no-wrap
+msgid "@code{firmware} (default: @var{%base-firmware})"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8966
+#, no-wrap
+msgid "firmware"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8968
+msgid "List of firmware packages loadable by the operating system kernel."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8973
+msgid ""
+"The default includes firmware needed for Atheros- and Broadcom-based WiFi devices (Linux-libre modules @code{ath9k} and @code{b43-"
+"open}, respectively). @xref{Hardware Considerations}, for more info on supported hardware."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:8974
+#, no-wrap
+msgid "host-name"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8976
+msgid "The host name."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:8977
+#, no-wrap
+msgid "hosts-file"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8978
+#, no-wrap
+msgid "hosts file"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8983
+msgid ""
+"A file-like object (@pxref{G-Expressions, file-like objects}) for use as @file{/etc/hosts} (@pxref{Host Names,,, libc, The GNU C "
+"Library Reference Manual}). The default is a file with entries for @code{localhost} and @var{host-name}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8984
+#, no-wrap
+msgid "@code{mapped-devices} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8986
+msgid "A list of mapped devices. @xref{Mapped Devices}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:8987
+#, no-wrap
+msgid "file-systems"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8989
+msgid "A list of file systems. @xref{File Systems}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8990
+#, no-wrap
+msgid "@code{swap-devices} (default: @code{'()})"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:8991
+#, no-wrap
+msgid "swap devices"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:8998
+msgid ""
+"A list of strings identifying devices or files to be used for ``swap space'' (@pxref{Memory Concepts,,, libc, The GNU C Library "
+"Reference Manual}). For example, @code{'(\"/dev/sda3\")} or @code{'(\"/swapfile\")}. It is possible to specify a swap file in a "
+"file system on a mapped device, provided that the necessary device mapping and file system are also specified. @xref{Mapped "
+"Devices} and @ref{File Systems}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:8999
+#, no-wrap
+msgid "@code{users} (default: @code{%base-user-accounts})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:9000
+#, no-wrap
+msgid "@code{groups} (default: @var{%base-groups})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9002
+msgid "List of user accounts and groups. @xref{User Accounts}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9005
+msgid "If the @code{users} list lacks a user account with UID@tie{}0, a ``root'' account with UID@tie{}0 is automatically added."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9006
+#, no-wrap
+msgid "@code{skeletons} (default: @code{(default-skeletons)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9010
+msgid ""
+"A list target file name/file-like object tuples (@pxref{G-Expressions, file-like objects}). These are the skeleton files that will "
+"be added to the home directory of newly-created user accounts."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9012
+msgid "For instance, a valid value may look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9018
+#, no-wrap
+msgid ""
+"`((\".bashrc\" ,(plain-file \"bashrc\" \"echo Hello\\n\"))\n"
+" (\".guile\" ,(plain-file \"guile\"\n"
+" \"(use-modules (ice-9 readline))\n"
+" (activate-readline)\")))\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9020
+#, no-wrap
+msgid "@code{issue} (default: @var{%default-issue})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9023
+msgid "A string denoting the contents of the @file{/etc/issue} file, which is displayed when users log in on a text console."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9024
+#, no-wrap
+msgid "@code{packages} (default: @var{%base-packages})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9027
+msgid "The set of packages installed in the global profile, which is accessible at @file{/run/current-system/profile}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9031
+msgid ""
+"The default set includes core utilities and it is good practice to install non-core utilities in user profiles (@pxref{Invoking guix "
+"package})."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9032
+#, no-wrap
+msgid "timezone"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9034
+msgid "A timezone identifying string---e.g., @code{\"Europe/Paris\"}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9038
+msgid ""
+"You can run the @command{tzselect} command to find out which timezone string corresponds to your region. Choosing an invalid "
+"timezone name causes @command{guix system} to fail."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9039
+#, no-wrap
+msgid "@code{locale} (default: @code{\"en_US.utf8\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9042
+msgid ""
+"The name of the default locale (@pxref{Locale Names,,, libc, The GNU C Library Reference Manual}). @xref{Locales}, for more "
+"information."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9043
+#, no-wrap
+msgid "@code{locale-definitions} (default: @var{%default-locale-definitions})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9046
+msgid "The list of locale definitions to be compiled and that may be used at run time. @xref{Locales}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9047
+#, no-wrap
+msgid "@code{locale-libcs} (default: @code{(list @var{glibc})})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9051
+msgid ""
+"The list of GNU@tie{}libc packages whose locale data and tools are used to build the locale definitions. @xref{Locales}, for "
+"compatibility considerations that justify this option."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9052
+#, no-wrap
+msgid "@code{name-service-switch} (default: @var{%default-nss})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9056
+msgid ""
+"Configuration of the libc name service switch (NSS)---a @code{<name-service-switch>} object. @xref{Name Service Switch}, for "
+"details."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9057
+#, no-wrap
+msgid "@code{services} (default: @var{%base-services})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9059
+msgid "A list of service objects denoting system services. @xref{Services}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9060
+#, no-wrap
+msgid "@code{pam-services} (default: @code{(base-pam-services)})"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9061
+#, no-wrap
+msgid "PAM"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9062
+#, no-wrap
+msgid "pluggable authentication modules"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9065
+msgid "Linux @dfn{pluggable authentication module} (PAM) services."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9066
+#, no-wrap
+msgid "@code{setuid-programs} (default: @var{%setuid-programs})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9069
+msgid "List of string-valued G-expressions denoting setuid programs. @xref{Setuid Programs}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9070
+#, no-wrap
+msgid "@code{sudoers-file} (default: @var{%sudoers-specification})"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9071
+#, no-wrap
+msgid "sudoers file"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9074
+msgid ""
+"The contents of the @file{/etc/sudoers} file as a file-like object (@pxref{G-Expressions, @code{local-file} and @code{plain-file}})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9079
+msgid ""
+"This file specifies which users can use the @command{sudo} command, what they are allowed to do, and what privileges they may gain. "
+"The default is that only @code{root} and members of the @code{wheel} group may use @code{sudo}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9090
+msgid ""
+"The list of file systems to be mounted is specified in the @code{file-systems} field of the operating system declaration "
+"(@pxref{Using the Configuration System}). Each file system is declared using the @code{file-system} form, like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9096
+#, no-wrap
+msgid ""
+"(file-system\n"
+" (mount-point \"/home\")\n"
+" (device \"/dev/sda3\")\n"
+" (type \"ext4\"))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9100
+msgid ""
+"As usual, some of the fields are mandatory---those shown in the example above---while others can be omitted. These are described "
+"below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9101
+#, no-wrap
+msgid "{Data Type} file-system"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9104
+msgid "Objects of this type represent file systems to be mounted. They contain the following members:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9106 doc/guix.texi:9290
+#, no-wrap
+msgid "type"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9109
+msgid "This is a string specifying the type of the file system---e.g., @code{\"ext4\"}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9110
+#, no-wrap
+msgid "mount-point"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9112
+msgid "This designates the place where the file system is to be mounted."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9113
+#, no-wrap
+msgid "device"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9117
+msgid ""
+"This names the ``source'' of the file system. By default it is the name of a node under @file{/dev}, but its meaning depends on the "
+"@code{title} field described below."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9118
+#, no-wrap
+msgid "@code{title} (default: @code{'device})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9121
+msgid "This is a symbol that specifies how the @code{device} field is to be interpreted."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9126
+msgid ""
+"When it is the symbol @code{device}, then the @code{device} field is interpreted as a file name; when it is @code{label}, then "
+"@code{device} is interpreted as a file system label name; when it is @code{uuid}, @code{device} is interpreted as a file system "
+"unique identifier (UUID)."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9134
+msgid ""
+"UUIDs may be converted from their string representation (as shown by the @command{tune2fs -l} command) using the @code{uuid} "
+"form@footnote{The @code{uuid} form expects 16-byte UUIDs as defined in @uref{https://tools.ietf.org/html/rfc4122, RFC@tie{}4122}. "
+"This is the form of UUID used by the ext2 family of file systems and others, but it is different from ``UUIDs'' found in FAT file "
+"systems, for instance.}, like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9141
+#, no-wrap
+msgid ""
+"(file-system\n"
+" (mount-point \"/home\")\n"
+" (type \"ext4\")\n"
+" (title 'uuid)\n"
+" (device (uuid \"4dab5feb-d176-45de-b287-9b0a6e4c01cb\")))\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9150
+msgid ""
+"The @code{label} and @code{uuid} options offer a way to refer to file systems without having to hard-code their actual device "
+"name@footnote{Note that, while it is tempting to use @file{/dev/disk/by-uuid} and similar device names to achieve the same result, "
+"this is not recommended: These special device nodes are created by the udev daemon and may be unavailable at the time the device is "
+"mounted.}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9157
+msgid ""
+"However, when the source of a file system is a mapped device (@pxref{Mapped Devices}), its @code{device} field @emph{must} refer to "
+"the mapped device name---e.g., @file{/dev/mapper/root-partition}---and consequently @code{title} must be set to @code{'device}. "
+"This is required so that the system knows that mounting the file system depends on having the corresponding device mapping "
+"established."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9158
+#, no-wrap
+msgid "@code{flags} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9163
+msgid ""
+"This is a list of symbols denoting mount flags. Recognized flags include @code{read-only}, @code{bind-mount}, @code{no-dev} "
+"(disallow access to special files), @code{no-suid} (ignore setuid and setgid bits), and @code{no-exec} (disallow program execution.)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9164
+#, no-wrap
+msgid "@code{options} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9166
+msgid "This is either @code{#f}, or a string denoting mount options."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9167
+#, no-wrap
+msgid "@code{mount?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9172
+msgid ""
+"This value indicates whether to automatically mount the file system when the system is brought up. When set to @code{#f}, the file "
+"system gets an entry in @file{/etc/fstab} (read by the @command{mount} command) but is not automatically mounted."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9173
+#, no-wrap
+msgid "@code{needed-for-boot?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9178
+msgid ""
+"This Boolean value indicates whether the file system is needed when booting. If that is true, then the file system is mounted when "
+"the initial RAM disk (initrd) is loaded. This is always the case, for instance, for the root file system."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9179
+#, no-wrap
+msgid "@code{check?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9182
+msgid "This Boolean indicates whether the file system needs to be checked for errors before being mounted."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9183
+#, no-wrap
+msgid "@code{create-mount-point?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9185
+msgid "When true, the mount point is created if it does not exist yet."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9186
+#, no-wrap
+msgid "@code{dependencies} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9190
+msgid ""
+"This is a list of @code{<file-system>} or @code{<mapped-device>} objects representing file systems that must be mounted or mapped "
+"devices that must be opened before (and unmounted or closed after) this one."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9194
+msgid ""
+"As an example, consider a hierarchy of mounts: @file{/sys/fs/cgroup} is a dependency of @file{/sys/fs/cgroup/cpu} and @file{/sys/fs/"
+"cgroup/memory}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9197
+msgid ""
+"Another example is a file system that depends on a mapped device, for example for an encrypted partition (@pxref{Mapped Devices})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9202
+msgid "The @code{(gnu system file-systems)} exports the following useful variables."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9203
+#, no-wrap
+msgid "{Scheme Variable} %base-file-systems"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9208
+msgid ""
+"These are essential file systems that are required on normal systems, such as @var{%pseudo-terminal-file-system} and @var{%immutable-"
+"store} (see below.) Operating system declarations should always contain at least these."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9210
+#, no-wrap
+msgid "{Scheme Variable} %pseudo-terminal-file-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9216
+msgid ""
+"This is the file system to be mounted as @file{/dev/pts}. It supports @dfn{pseudo-terminals} created @i{via} @code{openpty} and "
+"similar functions (@pxref{Pseudo-Terminals,,, libc, The GNU C Library Reference Manual}). Pseudo-terminals are used by terminal "
+"emulators such as @command{xterm}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9218
+#, no-wrap
+msgid "{Scheme Variable} %shared-memory-file-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9222
+msgid ""
+"This file system is mounted as @file{/dev/shm} and is used to support memory sharing across processes (@pxref{Memory-mapped I/O, "
+"@code{shm_open},, libc, The GNU C Library Reference Manual})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9224
+#, no-wrap
+msgid "{Scheme Variable} %immutable-store"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9229
+msgid ""
+"This file system performs a read-only ``bind mount'' of @file{/gnu/store}, making it read-only for all the users including "
+"@code{root}. This prevents against accidental modification by software running as @code{root} or by system administrators."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9232
+msgid "The daemon itself is still able to write to the store: it remounts it read-write in its own ``name space.''"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9234
+#, no-wrap
+msgid "{Scheme Variable} %binary-format-file-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9238
+msgid ""
+"The @code{binfmt_misc} file system, which allows handling of arbitrary executable file types to be delegated to user space. This "
+"requires the @code{binfmt.ko} kernel module to be loaded."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9240
+#, no-wrap
+msgid "{Scheme Variable} %fuse-control-file-system"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9244
+msgid ""
+"The @code{fusectl} file system, which allows unprivileged users to mount and unmount user-space FUSE file systems. This requires "
+"the @code{fuse.ko} kernel module to be loaded."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9249
+#, no-wrap
+msgid "device mapping"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9250
+#, no-wrap
+msgid "mapped devices"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9268
+msgid ""
+"The Linux kernel has a notion of @dfn{device mapping}: a block device, such as a hard disk partition, can be @dfn{mapped} into "
+"another device, usually in @code{/dev/mapper/}, with additional processing over the data that flows through it@footnote{Note that "
+"the GNU@tie{}Hurd makes no difference between the concept of a ``mapped device'' and that of a file system: both boil down to "
+"@emph{translating} input/output operations made on a file to operations on its backing store. Thus, the Hurd implements mapped "
+"devices, like file systems, using the generic @dfn{translator} mechanism (@pxref{Translators,,, hurd, The GNU Hurd Reference "
+"Manual}).}. A typical example is encryption device mapping: all writes to the mapped device are encrypted, and all reads are "
+"deciphered, transparently. Guix extends this notion by considering any device or set of devices that are @dfn{transformed} in some "
+"way to create a new device; for instance, RAID devices are obtained by @dfn{assembling} several other devices, such as hard disks or "
+"partitions, into a new one that behaves as one partition. Other examples, not yet implemented, are LVM logical volumes."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9271
+msgid "Mapped devices are declared using the @code{mapped-device} form, defined as follows; for examples, see below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9272
+#, no-wrap
+msgid "{Data Type} mapped-device"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9275
+msgid "Objects of this type represent device mappings that will be made when the system boots up."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9281
+msgid ""
+"This is either a string specifying the name of the block device to be mapped, such as @code{\"/dev/sda3\"}, or a list of such "
+"strings when several devices need to be assembled for creating a new one."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9282 doc/guix.texi:20100
+#, no-wrap
+msgid "target"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9289
+msgid ""
+"This string specifies the name of the resulting mapped device. For kernel mappers such as encrypted devices of type @code{luks-"
+"device-mapping}, specifying @code{\"my-partition\"} leads to the creation of the @code{\"/dev/mapper/my-partition\"} device. For "
+"RAID devices of type @code{raid-device-mapping}, the full device name such as @code{\"/dev/md0\"} needs to be given."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9293
+msgid "This must be a @code{mapped-device-kind} object, which specifies how @var{source} is mapped to @var{target}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9296
+#, no-wrap
+msgid "{Scheme Variable} luks-device-mapping"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9300
+msgid ""
+"This defines LUKS block device encryption using the @command{cryptsetup} command from the package with the same name. It relies on "
+"the @code{dm-crypt} Linux kernel module."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9302
+#, no-wrap
+msgid "{Scheme Variable} raid-device-mapping"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9307
+msgid ""
+"This defines a RAID device, which is assembled using the @code{mdadm} command from the package with the same name. It requires a "
+"Linux kernel module for the appropriate RAID level to be loaded, such as @code{raid456} for RAID-4, RAID-5 or RAID-6, or "
+"@code{raid10} for RAID-10."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9309
+#, no-wrap
+msgid "disk encryption"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9310
+#, no-wrap
+msgid "LUKS"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9318
+msgid ""
+"The following example specifies a mapping from @file{/dev/sda3} to @file{/dev/mapper/home} using LUKS---the @url{https://gitlab.com/"
+"cryptsetup/cryptsetup,Linux Unified Key Setup}, a standard mechanism for disk encryption. The @file{/dev/mapper/home} device can "
+"then be used as the @code{device} of a @code{file-system} declaration (@pxref{File Systems})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9324
+#, no-wrap
+msgid ""
+"(mapped-device\n"
+" (source \"/dev/sda3\")\n"
+" (target \"home\")\n"
+" (type luks-device-mapping))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9329
+msgid ""
+"Alternatively, to become independent of device numbering, one may obtain the LUKS UUID (@dfn{unique identifier}) of the source "
+"device by a command like:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9332
+#, no-wrap
+msgid "cryptsetup luksUUID /dev/sda3\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9335
+msgid "and use it as follows:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9341
+#, no-wrap
+msgid ""
+"(mapped-device\n"
+" (source (uuid \"cb67fc72-0d54-4c88-9d4b-b225f30b0f44\"))\n"
+" (target \"home\")\n"
+" (type luks-device-mapping))\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9343
+#, no-wrap
+msgid "swap encryption"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9349
+msgid ""
+"It is also desirable to encrypt swap space, since swap space may contain sensitive data. One way to accomplish that is to use a "
+"swap file in a file system on a device mapped via LUKS encryption. In this way, the swap file is encrypted because the entire "
+"device is encrypted. @xref{Preparing for Installation,,Disk Partitioning}, for an example."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9352
+msgid "A RAID device formed of the partitions @file{/dev/sda1} and @file{/dev/sdb1} may be declared as follows:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9358
+#, no-wrap
+msgid ""
+"(mapped-device\n"
+" (source (list \"/dev/sda1\" \"/dev/sdb1\"))\n"
+" (target \"/dev/md0\")\n"
+" (type raid-device-mapping))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9365
+msgid ""
+"The @file{/dev/md0} device can then be used as the @code{device} of a @code{file-system} declaration (@pxref{File Systems}). Note "
+"that the RAID level need not be given; it is chosen during the initial creation and formatting of the RAID device and is determined "
+"automatically later."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9370
+#, no-wrap
+msgid "users"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9371
+#, no-wrap
+msgid "accounts"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9372
+#, no-wrap
+msgid "user accounts"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9376
+msgid ""
+"User accounts and groups are entirely managed through the @code{operating-system} declaration. They are specified with the "
+"@code{user-account} and @code{user-group} forms:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9387
+#, no-wrap
+msgid ""
+"(user-account\n"
+" (name \"alice\")\n"
+" (group \"users\")\n"
+" (supplementary-groups '(\"wheel\" ;allow use of sudo, etc.\n"
+" \"audio\" ;sound card\n"
+" \"video\" ;video devices such as webcams\n"
+" \"cdrom\")) ;the good ol' CD-ROM\n"
+" (comment \"Bob's sister\")\n"
+" (home-directory \"/home/alice\"))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9396
+msgid ""
+"When booting or upon completion of @command{guix system reconfigure}, the system ensures that only the user accounts and groups "
+"specified in the @code{operating-system} declaration exist, and with the specified properties. Thus, account or group creations or "
+"modifications made by directly invoking commands such as @command{useradd} are lost upon reconfiguration or reboot. This ensures "
+"that the system remains exactly as declared."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9397
+#, no-wrap
+msgid "{Data Type} user-account"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9400
+msgid "Objects of this type represent user accounts. The following members may be specified:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9404
+msgid "The name of the user account."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:9405 doc/guix.texi:19862
+#, no-wrap
+msgid "group"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9406 doc/guix.texi:9455
+#, no-wrap
+msgid "groups"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9409
+msgid "This is the name (a string) or identifier (a number) of the user group this account belongs to."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9410
+#, no-wrap
+msgid "@code{supplementary-groups} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9413
+msgid "Optionally, this can be defined as a list of group names that this account belongs to."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9414
+#, no-wrap
+msgid "@code{uid} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9418
+msgid ""
+"This is the user ID for this account (a number), or @code{#f}. In the latter case, a number is automatically chosen by the system "
+"when the account is created."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9419
+#, no-wrap
+msgid "@code{comment} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9421
+msgid "A comment about the account, such as the account owner's full name."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9422
+#, no-wrap
+msgid "home-directory"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9424
+msgid "This is the name of the home directory for the account."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9425
+#, no-wrap
+msgid "@code{create-home-directory?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9428
+msgid "Indicates whether the home directory of this account should be created if it does not exist yet."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9429
+#, no-wrap
+msgid "@code{shell} (default: Bash)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9432
+msgid "This is a G-expression denoting the file name of a program to be used as the shell (@pxref{G-Expressions})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9433 doc/guix.texi:9473
+#, no-wrap
+msgid "@code{system?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9437
+msgid ""
+"This Boolean value indicates whether the account is a ``system'' account. System accounts are sometimes treated specially; for "
+"instance, graphical login managers do not list them."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:9439
+msgid "user-account-password"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9439 doc/guix.texi:9477
+#, no-wrap
+msgid "@code{password} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9445
+msgid ""
+"You would normally leave this field to @code{#f}, initialize user passwords as @code{root} with the @command{passwd} command, and "
+"then let users change it with @command{passwd}. Passwords set with @command{passwd} are of course preserved across reboot and "
+"reconfiguration."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9451
+msgid ""
+"If you @emph{do} want to have a preset password for an account, then this field must contain the encrypted password, as a string. "
+"@xref{crypt,,, libc, The GNU C Library Reference Manual}, for more information on password encryption, and @ref{Encryption,,, guile, "
+"GNU Guile Reference Manual}, for information on Guile's @code{crypt} procedure."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9457
+msgid "User group declarations are even simpler:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9460
+#, no-wrap
+msgid "(user-group (name \"students\"))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9462
+#, no-wrap
+msgid "{Data Type} user-group"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9464
+msgid "This type is for, well, user groups. There are just a few fields:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9468
+msgid "The name of the group."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9469
+#, no-wrap
+msgid "@code{id} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9472
+msgid "The group identifier (a number). If @code{#f}, a new number is automatically allocated when the group is created."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9476
+msgid "This Boolean value indicates whether the group is a ``system'' group. System groups have low numerical IDs."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9480
+msgid "What, user groups can have a password? Well, apparently yes. Unless @code{#f}, this field specifies the password of the group."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9486
+msgid "For convenience, a variable lists all the basic user groups one may expect:"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9487
+#, no-wrap
+msgid "{Scheme Variable} %base-groups"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9492
+msgid ""
+"This is the list of basic user groups that users and/or packages expect to be present on the system. This includes groups such as "
+"``root'', ``wheel'', and ``users'', as well as groups used to control access to specific devices such as ``audio'', ``disk'', and "
+"``cdrom''."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9494
+#, no-wrap
+msgid "{Scheme Variable} %base-user-accounts"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9497
+msgid ""
+"This is the list of basic system accounts that programs may expect to find on a GNU/Linux system, such as the ``nobody'' account."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9500
+msgid ""
+"Note that the ``root'' account is not included here. It is a special-case and is automatically added whether or not it is specified."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9505
+#, no-wrap
+msgid "locale"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9512
+msgid ""
+"A @dfn{locale} defines cultural conventions for a particular language and region of the world (@pxref{Locales,,, libc, The GNU C "
+"Library Reference Manual}). Each locale has a name that typically has the form @code{@var{language}_@var{territory}."
+"@var{codeset}}---e.g., @code{fr_LU.utf8} designates the locale for the French language, with cultural conventions from Luxembourg, "
+"and using the UTF-8 encoding."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9513
+#, no-wrap
+msgid "locale definition"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9517
+msgid ""
+"Usually, you will want to specify the default locale for the machine using the @code{locale} field of the @code{operating-system} "
+"declaration (@pxref{operating-system Reference, @code{locale}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9526
+msgid ""
+"The selected locale is automatically added to the @dfn{locale definitions} known to the system if needed, with its codeset inferred "
+"from its name---e.g., @code{bo_CN.utf8} will be assumed to use the @code{UTF-8} codeset. Additional locale definitions can be "
+"specified in the @code{locale-definitions} slot of @code{operating-system}---this is useful, for instance, if the codeset could not "
+"be inferred from the locale name. The default set of locale definitions includes some widely used locales, but not all the "
+"available locales, in order to save space."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9529
+msgid "For instance, to add the North Frisian locale for Germany, the value of that field may be:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9534
+#, no-wrap
+msgid ""
+"(cons (locale-definition\n"
+" (name \"fy_DE.utf8\") (source \"fy_DE\"))\n"
+" %default-locale-definitions)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9538
+msgid "Likewise, to save space, one might want @code{locale-definitions} to list only the locales that are actually used, as in:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9543
+#, no-wrap
+msgid ""
+"(list (locale-definition\n"
+" (name \"ja_JP.eucjp\") (source \"ja_JP\")\n"
+" (charset \"EUC-JP\")))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9552
+msgid ""
+"The compiled locale definitions are available at @file{/run/current-system/locale/X.Y}, where @code{X.Y} is the libc version, which "
+"is the default location where the GNU@tie{}libc provided by Guix looks for locale data. This can be overridden using the "
+"@code{LOCPATH} environment variable (@pxref{locales-and-locpath, @code{LOCPATH} and locale packages})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9555
+msgid "The @code{locale-definition} form is provided by the @code{(gnu system locale)} module. Details are given below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9556
+#, no-wrap
+msgid "{Data Type} locale-definition"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9558
+msgid "This is the data type of a locale definition."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9564
+msgid "The name of the locale. @xref{Locale Names,,, libc, The GNU C Library Reference Manual}, for more information on locale names."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9568
+msgid "The name of the source for that locale. This is typically the @code{@var{language}_@var{territory}} part of the locale name."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9569
+#, no-wrap
+msgid "@code{charset} (default: @code{\"UTF-8\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9573
+msgid ""
+"The ``character set'' or ``code set'' for that locale, @uref{http://www.iana.org/assignments/character-sets, as defined by IANA}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9577
+#, no-wrap
+msgid "{Scheme Variable} %default-locale-definitions"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9581
+msgid ""
+"A list of commonly used UTF-8 locales, used as the default value of the @code{locale-definitions} field of @code{operating-system} "
+"declarations."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9582
+#, no-wrap
+msgid "locale name"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9583
+#, no-wrap
+msgid "normalized codeset in locale names"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9589
+msgid ""
+"These locale definitions use the @dfn{normalized codeset} for the part that follows the dot in the name (@pxref{Using gettextized "
+"software, normalized codeset,, libc, The GNU C Library Reference Manual}). So for instance it has @code{uk_UA.utf8} but @emph{not}, "
+"say, @code{uk_UA.UTF-8}."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:9591
+#, no-wrap
+msgid "Locale Data Compatibility Considerations"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9593
+#, no-wrap
+msgid "incompatibility, of locale data"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9600
+msgid ""
+"@code{operating-system} declarations provide a @code{locale-libcs} field to specify the GNU@tie{}libc packages that are used to "
+"compile locale declarations (@pxref{operating-system Reference}). ``Why would I care?'', you may ask. Well, it turns out that the "
+"binary format of locale data is occasionally incompatible from one libc version to another."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9612
+msgid ""
+"For instance, a program linked against libc version 2.21 is unable to read locale data produced with libc 2.22; worse, that program "
+"@emph{aborts} instead of simply ignoring the incompatible locale data@footnote{Versions 2.23 and later of GNU@tie{}libc will simply "
+"skip the incompatible locale data, which is already an improvement.}. Similarly, a program linked against libc 2.22 can read most, "
+"but not all, of the locale data from libc 2.21 (specifically, @code{LC_COLLATE} data is incompatible); thus calls to "
+"@code{setlocale} may fail, but programs will not abort."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9617
+msgid ""
+"The ``problem'' in GuixSD is that users have a lot of freedom: They can choose whether and when to upgrade software in their "
+"profiles, and might be using a libc version different from the one the system administrator used to build the system-wide locale "
+"data."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9621
+msgid ""
+"Fortunately, unprivileged users can also install their own locale data and define @var{GUIX_LOCPATH} accordingly (@pxref{locales-and-"
+"locpath, @code{GUIX_LOCPATH} and locale packages})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9628
+msgid ""
+"Still, it is best if the system-wide locale data at @file{/run/current-system/locale} is built for all the libc versions actually in "
+"use on the system, so that all the programs can access it---this is especially crucial on a multi-user system. To do that, the "
+"administrator can specify several libc packages in the @code{locale-libcs} field of @code{operating-system}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9631
+#, no-wrap
+msgid ""
+"(use-package-modules base)\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9635
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (locale-libcs (list glibc-2.21 (canonical-package glibc))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9640
+msgid ""
+"This example would lead to a system containing locale definitions for both libc 2.21 and the current version of libc in @file{/run/"
+"current-system/locale}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9645
+#, no-wrap
+msgid "system services"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9651
+msgid ""
+"An important part of preparing an @code{operating-system} declaration is listing @dfn{system services} and their configuration "
+"(@pxref{Using the Configuration System}). System services are typically daemons launched when the system boots, or other actions "
+"needed at that time---e.g., configuring network access."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9658
+msgid ""
+"GuixSD has a broad definition of ``service'' (@pxref{Service Composition}), but many services are managed by the GNU@tie{}Shepherd "
+"(@pxref{Shepherd Services}). On a running system, the @command{herd} command allows you to list the available services, show their "
+"status, start and stop them, or do other specific operations (@pxref{Jump Start,,, shepherd, The GNU Shepherd Manual}). For example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9661
+#, no-wrap
+msgid "# herd status\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9666
+msgid ""
+"The above command, run as @code{root}, lists the currently defined services. The @command{herd doc} command shows a synopsis of the "
+"given service:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9670
+#, no-wrap
+msgid ""
+"# herd doc nscd\n"
+"Run libc's name service cache daemon (nscd).\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9675
+msgid ""
+"The @command{start}, @command{stop}, and @command{restart} sub-commands have the effect you would expect. For instance, the "
+"commands below stop the nscd service and restart the Xorg display server:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9682
+#, no-wrap
+msgid ""
+"# herd stop nscd\n"
+"Service nscd has been stopped.\n"
+"# herd restart xorg-server\n"
+"Service xorg-server has been stopped.\n"
+"Service xorg-server has been started.\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9687
+msgid ""
+"The following sections document the available services, starting with the core services, that may be used in an @code{operating-"
+"system} declaration."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:9722
+msgid ""
+"The @code{(gnu services base)} module provides definitions for the basic services that one expects from the system. The services "
+"exported by this module are listed below."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9723
+#, no-wrap
+msgid "{Scheme Variable} %base-services"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9729
+msgid ""
+"This variable contains a list of basic services (@pxref{Service Types and Services}, for more information on service objects) one "
+"would expect from the system: a login service (mingetty) on each tty, syslogd, the libc name service cache daemon (nscd), the udev "
+"device manager, and more."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9734
+msgid ""
+"This is the default value of the @code{services} field of @code{operating-system} declarations. Usually, when customizing a system, "
+"you will want to append services to @var{%base-services}, like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9737
+#, no-wrap
+msgid "(cons* (avahi-service) (lsh-service) %base-services)\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9740
+#, no-wrap
+msgid "{Scheme Variable} special-files-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9743
+msgid "This is the service that sets up ``special files'' such as @file{/bin/sh}; an instance of it is part of @code{%base-services}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9747
+msgid ""
+"The value associated with @code{special-files-service-type} services must be a list of tuples where the first element is the "
+"``special file'' and the second element is its target. By default it is:"
+msgstr ""
+
+#. type: file{#1}
+#: doc/guix.texi:9748
+#, no-wrap
+msgid "/bin/sh"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9749
+#, no-wrap
+msgid "@file{sh}, in @file{/bin}"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9752
+#, no-wrap
+msgid "`((\"/bin/sh\" ,(file-append @var{bash} \"/bin/sh\")))\n"
+msgstr ""
+
+#. type: file{#1}
+#: doc/guix.texi:9754
+#, no-wrap
+msgid "/usr/bin/env"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9755
+#, no-wrap
+msgid "@file{env}, in @file{/usr/bin}"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9758
+msgid "If you want to add, say, @code{/usr/bin/env} to your system, you can change it to:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9762
+#, no-wrap
+msgid ""
+"`((\"/bin/sh\" ,(file-append @var{bash} \"/bin/sh\"))\n"
+" (\"/usr/bin/env\" ,(file-append @var{coreutils} \"/bin/env\")))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:9769
+msgid ""
+"Since this is part of @code{%base-services}, you can use @code{modify-services} to customize the set of special files "
+"(@pxref{Service Reference, @code{modify-services}}). But the simple way to add a special file is @i{via} the @code{extra-special-"
+"file} procedure (see below.)"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9771
+#, no-wrap
+msgid "{Scheme Procedure} extra-special-file @var{file} @var{target}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9773
+msgid "Use @var{target} as the ``special file'' @var{file}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9777
+msgid ""
+"For example, adding the following lines to the @code{services} field of your operating system declaration leads to a @file{/usr/bin/"
+"env} symlink:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:9781
+#, no-wrap
+msgid ""
+"(extra-special-file \"/usr/bin/env\"\n"
+" (file-append coreutils \"/bin/env\"))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9784
+#, no-wrap
+msgid "{Scheme Procedure} host-name-service @var{name}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9786
+msgid "Return a service that sets the host name to @var{name}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9788
+#, no-wrap
+msgid "{Scheme Procedure} login-service @var{config}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9792
+msgid ""
+"Return a service to run login according to @var{config}, a @code{<login-configuration>} object, which specifies the message of the "
+"day, among other things."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9794
+#, no-wrap
+msgid "{Data Type} login-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9796
+msgid "This is the data type representing the configuration of login."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9799
+#, no-wrap
+msgid "motd"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:9800
+#, no-wrap
+msgid "message of the day"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9802
+msgid "A file-like object containing the ``message of the day''."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9803 doc/guix.texi:11420
+#, no-wrap
+msgid "@code{allow-empty-passwords?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9806
+msgid "Allow empty passwords by default so that first-time users can log in when the 'root' account has just been created."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9810
+#, no-wrap
+msgid "{Scheme Procedure} mingetty-service @var{config}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9814
+msgid ""
+"Return a service to run mingetty according to @var{config}, a @code{<mingetty-configuration>} object, which specifies the tty to "
+"run, among other things."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9816
+#, no-wrap
+msgid "{Data Type} mingetty-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9819
+msgid ""
+"This is the data type representing the configuration of Mingetty, which provides the default implementation of virtual console log-"
+"in."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:9822 doc/guix.texi:9858
+#, no-wrap
+msgid "tty"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9824
+msgid "The name of the console this Mingetty runs on---e.g., @code{\"tty1\"}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9825 doc/guix.texi:9887
+#, no-wrap
+msgid "@code{auto-login} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9829
+msgid ""
+"When true, this field must be a string denoting the user name under which the system automatically logs in. When it is @code{#f}, a "
+"user name and password must be entered to log in."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9830
+#, no-wrap
+msgid "@code{login-program} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9834
+msgid ""
+"This must be either @code{#f}, in which case the default log-in program is used (@command{login} from the Shadow tool suite), or a "
+"gexp denoting the name of the log-in program."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9835
+#, no-wrap
+msgid "@code{login-pause?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9838
+msgid ""
+"When set to @code{#t} in conjunction with @var{auto-login}, the user will have to press a key before the log-in shell is launched."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9839
+#, no-wrap
+msgid "@code{mingetty} (default: @var{mingetty})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9841
+msgid "The Mingetty package to use."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9845
+#, no-wrap
+msgid "{Scheme Procedure} agetty-service @var{config}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:9849
+msgid ""
+"Return a service to run agetty according to @var{config}, an @code{<agetty-configuration>} object, which specifies the tty to run, "
+"among other things."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9851
+#, no-wrap
+msgid "{Data Type} agetty-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:9855
+msgid ""
+"This is the data type representing the configuration of agetty, which implements virtual and serial console log-in. See the "
+"@code{agetty(8)} man page for more information."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9862
+msgid ""
+"The name of the console this agetty runs on, as a string---e.g., @code{\"ttyS0\"}. This argument is optional, it will default to a "
+"reasonable default serial port used by the kernel Linux."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9866
+msgid ""
+"For this, if there is a value for an option @code{agetty.tty} in the kernel command line, agetty will extract the device name of the "
+"serial port from it and use that."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9870
+msgid ""
+"If not and if there is a value for an option @code{console} with a tty in the Linux command line, agetty will extract the device "
+"name of the serial port from it and use that."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9874
+msgid ""
+"In both cases, agetty will leave the other serial device settings (baud rate etc.) alone---in the hope that Linux pinned them to the "
+"correct values."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9875
+#, no-wrap
+msgid "@code{baud-rate} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9878
+msgid "A string containing a comma-separated list of one or more baud rates, in descending order."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9879
+#, no-wrap
+msgid "@code{term} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9882
+msgid "A string containing the value used for the @code{TERM} environment variable."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9883
+#, no-wrap
+msgid "@code{eight-bits?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9886
+msgid "When @code{#t}, the tty is assumed to be 8-bit clean, and parity detection is disabled."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9890
+msgid ""
+"When passed a login name, as a string, the specified user will be logged in automatically without prompting for their login name or "
+"password."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9891
+#, no-wrap
+msgid "@code{no-reset?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9893
+msgid "When @code{#t}, don't reset terminal cflags (control modes)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9894
+#, no-wrap
+msgid "@code{host} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9897
+msgid "This accepts a string containing the \"login_host\", which will be written into the @file{/var/run/utmpx} file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9898
+#, no-wrap
+msgid "@code{remote?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9902
+msgid ""
+"When set to @code{#t} in conjunction with @var{host}, this will add an @code{-r} fakehost option to the command line of the login "
+"program specified in @var{login-program}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9903
+#, no-wrap
+msgid "@code{flow-control?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9905
+msgid "When set to @code{#t}, enable hardware (RTS/CTS) flow control."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9906
+#, no-wrap
+msgid "@code{no-issue?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9909
+msgid "When set to @code{#t}, the contents of the @file{/etc/issue} file will not be displayed before presenting the login prompt."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9910
+#, no-wrap
+msgid "@code{init-string} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9913
+msgid ""
+"This accepts a string that will be sent to the tty or modem before sending anything else. It can be used to initialize a modem."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9914
+#, no-wrap
+msgid "@code{no-clear?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9917
+msgid "When set to @code{#t}, agetty will not clear the screen before showing the login prompt."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9918
+#, no-wrap
+msgid "@code{login-program} (default: (file-append shadow \"/bin/login\"))"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9922
+msgid ""
+"This must be either a gexp denoting the name of a log-in program, or unset, in which case the default value is the @command{login} "
+"from the Shadow tool suite."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9923
+#, no-wrap
+msgid "@code{local-line} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9927
+msgid ""
+"Control the CLOCAL line flag. This accepts one of three symbols as arguments, @code{'auto}, @code{'always}, or @code{'never}. If "
+"@code{#f}, the default value chosen by agetty is @code{'auto}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9928
+#, no-wrap
+msgid "@code{extract-baud?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9931
+msgid ""
+"When set to @code{#t}, instruct agetty to try to extract the baud rate from the status messages produced by certain types of modems."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9932
+#, no-wrap
+msgid "@code{skip-login?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9936
+msgid ""
+"When set to @code{#t}, do not prompt the user for a login name. This can be used with @var{login-program} field to use non-standard "
+"login systems."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9937
+#, no-wrap
+msgid "@code{no-newline?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9940
+msgid "When set to @code{#t}, do not print a newline before printing the @file{/etc/issue} file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9942
+#, no-wrap
+msgid "@code{login-options} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9947
+msgid ""
+"This option accepts a string containing options that are passed to the login program. When used with the @var{login-program}, be "
+"aware that a malicious user could try to enter a login name containing embedded options that could be parsed by the login program."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9948
+#, no-wrap
+msgid "@code{login-pause} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9952
+msgid ""
+"When set to @code{#t}, wait for any key before showing the login prompt. This can be used in conjunction with @var{auto-login} to "
+"save memory by lazily spawning shells."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9953
+#, no-wrap
+msgid "@code{chroot} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9956
+msgid "Change root to the specified directory. This option accepts a directory path as a string."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9957
+#, no-wrap
+msgid "@code{hangup?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9960
+msgid "Use the Linux system call @code{vhangup} to do a virtual hangup of the specified terminal."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9961
+#, no-wrap
+msgid "@code{keep-baud?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9965
+msgid ""
+"When set to @code{#t}, try to keep the existing baud rate. The baud rates from @var{baud-rate} are used when agetty receives a "
+"@key{BREAK} character."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9966
+#, no-wrap
+msgid "@code{timeout} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9969
+msgid "When set to an integer value, terminate if no user name could be read within @var{timeout} seconds."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9970
+#, no-wrap
+msgid "@code{detect-case?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9976
+msgid ""
+"When set to @code{#t}, turn on support for detecting an uppercase-only terminal. This setting will detect a login name containing "
+"only uppercase letters as indicating an uppercase-only terminal and turn on some upper-to-lower case conversions. Note that this "
+"will not support Unicode characters."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9977
+#, no-wrap
+msgid "@code{wait-cr?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9982
+msgid ""
+"When set to @code{#t}, wait for the user or modem to send a carriage-return or linefeed character before displaying @file{/etc/"
+"issue} or login prompt. This is typically used with the @var{init-string} option."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9983
+#, no-wrap
+msgid "@code{no-hints?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9986
+msgid "When set to @code{#t}, do not print hints about Num, Caps, and Scroll locks."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9987
+#, no-wrap
+msgid "@code{no-hostname?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9990
+msgid "By default, the hostname is printed. When this option is set to @code{#t}, no hostname will be shown at all."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9991
+#, no-wrap
+msgid "@code{long-hostname?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9995
+msgid ""
+"By default, the hostname is only printed until the first dot. When this option is set to @code{#t}, the fully qualified hostname by "
+"@code{gethostname} or @code{getaddrinfo} is shown."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:9996
+#, no-wrap
+msgid "@code{erase-characters} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:9999
+msgid ""
+"This option accepts a string of additional characters that should be interpreted as backspace when the user types their login name."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10000
+#, no-wrap
+msgid "@code{kill-characters} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10004
+msgid ""
+"This option accepts a string that should be interpreted to mean \"ignore all previous characters\" (also called a \"kill\" "
+"character) when the types their login name."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10005
+#, no-wrap
+msgid "@code{chdir} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10008
+msgid "This option accepts, as a string, a directory path that will be changed to before login."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10009
+#, no-wrap
+msgid "@code{delay} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10012
+msgid "This options accepts, as an integer, the number of seconds to sleep before opening the tty and displaying the login prompt."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10013
+#, no-wrap
+msgid "@code{nice} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10016
+msgid "This option accepts, as an integer, the nice value with which to run the @command{login} program."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10017 doc/guix.texi:10217
+#, no-wrap
+msgid "@code{extra-options} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10020
+msgid ""
+"This option provides an \"escape hatch\" for the user to provide arbitrary command-line arguments to @command{agetty} as a list of "
+"strings."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10024
+#, no-wrap
+msgid "{Scheme Procedure} kmscon-service-type @var{config}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10028
+msgid ""
+"Return a service to run @uref{https://www.freedesktop.org/wiki/Software/kmscon,kmscon} according to @var{config}, a @code{<kmscon-"
+"configuration>} object, which specifies the tty to run, among other things."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10030
+#, no-wrap
+msgid "{Data Type} kmscon-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10033
+msgid "This is the data type representing the configuration of Kmscon, which implements virtual console log-in."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:10036
+#, no-wrap
+msgid "virtual-terminal"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10038
+msgid "The name of the console this Kmscon runs on---e.g., @code{\"tty1\"}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10039
+#, no-wrap
+msgid "@code{login-program} (default: @code{#~(string-append #$shadow \"/bin/login\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10042
+msgid "A gexp denoting the name of the log-in program. The default log-in program is @command{login} from the Shadow tool suite."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10043
+#, no-wrap
+msgid "@code{login-arguments} (default: @code{'(\"-p\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10045
+msgid "A list of arguments to pass to @command{login}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10046
+#, no-wrap
+msgid "@code{hardware-acceleration?} (default: #f)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10048
+msgid "Whether to use hardware acceleration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10049
+#, no-wrap
+msgid "@code{kmscon} (default: @var{kmscon})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10051
+msgid "The Kmscon package to use."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10055
+#, no-wrap
+msgid "name service cache daemon"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10056
+#, no-wrap
+msgid "nscd"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10057
+#, no-wrap
+msgid "{Scheme Procedure} nscd-service [@var{config}] [#:glibc glibc] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10062
+msgid ""
+"[#:name-services '()] Return a service that runs the libc name service cache daemon (nscd) with the given @var{config}---an "
+"@code{<nscd-configuration>} object. @xref{Name Service Switch}, for an example."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10064
+#, no-wrap
+msgid "{Scheme Variable} %nscd-default-configuration"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10068
+msgid ""
+"This is the default @code{<nscd-configuration>} value (see below) used by @code{nscd-service}. It uses the caches defined by "
+"@var{%nscd-default-caches}; see below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10070
+#, no-wrap
+msgid "{Data Type} nscd-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10073
+msgid "This is the data type representing the name service cache daemon (nscd) configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10076
+#, no-wrap
+msgid "@code{name-services} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10079
+msgid "List of packages denoting @dfn{name services} that must be visible to the nscd---e.g., @code{(list @var{nss-mdns})}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10080
+#, no-wrap
+msgid "@code{glibc} (default: @var{glibc})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10083
+msgid "Package object denoting the GNU C Library providing the @command{nscd} command."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10084
+#, no-wrap
+msgid "@code{log-file} (default: @code{\"/var/log/nscd.log\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10087
+msgid "Name of the nscd log file. This is where debugging output goes when @code{debug-level} is strictly positive."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10088
+#, no-wrap
+msgid "@code{debug-level} (default: @code{0})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10091
+msgid "Integer denoting the debugging levels. Higher numbers mean that more debugging output is logged."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10092
+#, no-wrap
+msgid "@code{caches} (default: @var{%nscd-default-caches})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10095
+msgid "List of @code{<nscd-cache>} objects denoting things to be cached; see below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10099
+#, no-wrap
+msgid "{Data Type} nscd-cache"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10101
+msgid "Data type representing a cache database of nscd and its parameters."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10104 doc/guix.texi:12761
+#, no-wrap
+msgid "database"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10109
+msgid ""
+"This is a symbol representing the name of the database to be cached. Valid values are @code{passwd}, @code{group}, @code{hosts}, "
+"and @code{services}, which designate the corresponding NSS database (@pxref{NSS Basics,,, libc, The GNU C Library Reference Manual})."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:10110
+#, no-wrap
+msgid "positive-time-to-live"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:10111
+#, no-wrap
+msgid "@code{negative-time-to-live} (default: @code{20})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10114
+msgid "A number representing the number of seconds during which a positive or negative lookup result remains in cache."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10115
+#, no-wrap
+msgid "@code{check-files?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10118
+msgid "Whether to check for updates of the files corresponding to @var{database}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10122
+msgid ""
+"For instance, when @var{database} is @code{hosts}, setting this flag instructs nscd to check for updates in @file{/etc/hosts} and to "
+"take them into account."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10123
+#, no-wrap
+msgid "@code{persistent?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10125
+msgid "Whether the cache should be stored persistently on disk."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10126
+#, no-wrap
+msgid "@code{shared?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10128
+msgid "Whether the cache should be shared among users."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10129
+#, no-wrap
+msgid "@code{max-database-size} (default: 32@tie{}MiB)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10131
+msgid "Maximum size in bytes of the database cache."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10138
+#, no-wrap
+msgid "{Scheme Variable} %nscd-default-caches"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10141
+msgid "List of @code{<nscd-cache>} objects used by default by @code{nscd-configuration} (see above)."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10147
+msgid ""
+"It enables persistent and aggressive caching of service and host name lookups. The latter provides better host name lookup "
+"performance, resilience in the face of unreliable name servers, and also better privacy---often the result of host name lookups is "
+"in local cache, so external name servers do not even need to be queried."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:10150
+msgid "syslog-configuration-type"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10150 doc/guix.texi:10166
+#, no-wrap
+msgid "syslog"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10151 doc/guix.texi:10584
+#, no-wrap
+msgid "logging"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10152
+#, no-wrap
+msgid "{Data Type} syslog-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10154
+msgid "This data type represents the configuration of the syslog daemon."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10156
+#, no-wrap
+msgid "@code{syslogd} (default: @code{#~(string-append #$inetutils \"/libexec/syslogd\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10158
+msgid "The syslog daemon to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10159
+#, no-wrap
+msgid "@code{config-file} (default: @code{%default-syslog.conf})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10161
+msgid "The syslog configuration file to use."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:10166
+msgid "syslog-service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10167
+#, no-wrap
+msgid "{Scheme Procedure} syslog-service @var{config}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10169
+msgid "Return a service that runs a syslog daemon according to @var{config}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10172
+msgid "@xref{syslogd invocation,,, inetutils, GNU Inetutils}, for more information on the configuration file syntax."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:10175
+msgid "guix-configuration-type"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10175
+#, no-wrap
+msgid "{Data Type} guix-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10178
+msgid "This data type represents the configuration of the Guix build daemon. @xref{Invoking guix-daemon}, for more information."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10180
+#, no-wrap
+msgid "@code{guix} (default: @var{guix})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10182 doc/guix.texi:10410
+msgid "The Guix package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10183
+#, no-wrap
+msgid "@code{build-group} (default: @code{\"guixbuild\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10185
+msgid "Name of the group for build user accounts."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10186
+#, no-wrap
+msgid "@code{build-accounts} (default: @code{10})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10188
+msgid "Number of build user accounts to create."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10189
+#, no-wrap
+msgid "@code{authorize-key?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10194
+msgid ""
+"Whether to authorize the substitute keys listed in @code{authorized-keys}---by default that of @code{hydra.gnu.org} "
+"(@pxref{Substitutes})."
+msgstr ""
+"Autoriser ou non les clefs de substituts listées dans @code{authorize-keys} — par défaut celle de @code{hydra.gny.org} "
+"(@pxref{Substituts})."
+
+#. type: vindex
+#: doc/guix.texi:10195
+#, no-wrap
+msgid "%default-authorized-guix-keys"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10196
+#, no-wrap
+msgid "@code{authorized-keys} (default: @var{%default-authorized-guix-keys})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10200
+msgid ""
+"The list of authorized key files for archive imports, as a list of string-valued gexps (@pxref{Invoking guix archive}). By default, "
+"it contains that of @code{hydra.gnu.org} (@pxref{Substitutes})."
+msgstr ""
+"La liste des fichiers de clefs autorisées pour les imports d'archives, en tant que liste de gexps sous forme de chaînes "
+"(@pxref{Invoking guix archive}). Par défaut, elle contient celle de @code{hydra.gnu.org} (@pxref{Substituts})."
+
+#. type: item
+#: doc/guix.texi:10201
+#, no-wrap
+msgid "@code{use-substitutes?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10203
+msgid "Whether to use substitutes."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10204
+#, no-wrap
+msgid "@code{substitute-urls} (default: @var{%default-substitute-urls})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10206
+msgid "The list of URLs where to look for substitutes by default."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10207
+#, no-wrap
+msgid "@code{max-silent-time} (default: @code{0})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:10208
+#, no-wrap
+msgid "@code{timeout} (default: @code{0})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10212
+msgid ""
+"The number of seconds of silence and the number of seconds of activity, respectively, after which a build process times out. A "
+"value of zero disables the timeout."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10213
+#, no-wrap
+msgid "@code{log-compression} (default: @code{'bzip2})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10216
+msgid "The type of compression used for build logs---one of @code{gzip}, @code{bzip2}, or @code{none}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10219
+msgid "List of extra command-line options for @command{guix-daemon}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10220
+#, no-wrap
+msgid "@code{log-file} (default: @code{\"/var/log/guix-daemon.log\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10223
+msgid "File where @command{guix-daemon}'s standard output and standard error are written."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10224
+#, no-wrap
+msgid "@code{http-proxy} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10227
+msgid "The HTTP proxy used for downloading fixed-output derivations and substitutes."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10228
+#, no-wrap
+msgid "@code{tmpdir} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10230
+msgid "A directory path where the @command{guix-daemon} will perform builds."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10234
+#, no-wrap
+msgid "{Scheme Procedure} guix-service @var{config}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10237
+msgid "Return a service that runs the Guix build daemon according to @var{config}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10239
+#, no-wrap
+msgid "{Scheme Procedure} udev-service [#:udev @var{eudev} #:rules @code{'()}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10244
+msgid ""
+"Run @var{udev}, which populates the @file{/dev} directory dynamically. udev rules can be provided as a list of files through the "
+"@var{rules} variable. The procedures @var{udev-rule} and @var{file->udev-rule} from @code{(gnu services base)} simplify the "
+"creation of such rule files."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10245
+#, no-wrap
+msgid "{Scheme Procedure} udev-rule [@var{file-name} @var{contents}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10248
+msgid "Return a udev-rule file named @var{file-name} containing the rules defined by the @var{contents} literal."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10252
+msgid ""
+"In the following example, a rule for a USB device is defined to be stored in the file @file{90-usb-thing.rules}. The rule runs a "
+"script upon detecting a USB device with a given product identifier."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10260
+#, no-wrap
+msgid ""
+"(define %example-udev-rule\n"
+" (udev-rule\n"
+" \"90-usb-thing.rules\"\n"
+" (string-append \"ACTION==\\\"add\\\", SUBSYSTEM==\\\"usb\\\", \"\n"
+" \"ATTR@{product@}==\\\"Example\\\", \"\n"
+" \"RUN+=\\\"/path/to/script\\\"\")))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10264
+msgid "Here we show how the default @var{udev-service} can be extended with it."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10274
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (services\n"
+" (modify-services %desktop-services\n"
+" (udev-service-type config =>\n"
+" (udev-configuration (inherit config)\n"
+" (rules (append (udev-configuration-rules config)\n"
+" (list %example-udev-rule))))))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10276
+#, no-wrap
+msgid "{Scheme Procedure} file->udev-rule [@var{file-name} @var{file}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10279
+msgid "Return a udev file named @var{file-name} containing the rules defined within @var{file}, a file-like object."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10281
+msgid "The following example showcases how we can use an existing rule file."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10286
+#, no-wrap
+msgid ""
+"(use-modules (guix download) ;for url-fetch\n"
+" (guix packages) ;for origin\n"
+" ;; @dots{})\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10297
+#, no-wrap
+msgid ""
+"(define %android-udev-rules\n"
+" (file->udev-rule\n"
+" \"51-android-udev.rules\"\n"
+" (let ((version \"20170910\"))\n"
+" (origin\n"
+" (method url-fetch)\n"
+" (uri (string-append \"https://raw.githubusercontent.com/M0Rf30/\"\n"
+" \"android-udev-rules/\" version \"/51-android.rules\"))\n"
+" (sha256\n"
+" (base32 \"0lmmagpyb6xsq6zcr2w1cyx9qmjqmajkvrdbhjx32gqf1d9is003\"))))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10306
+msgid ""
+"Additionally, Guix package definitions can be included in @var{rules} in order to extend the udev rules with the definitions found "
+"under their @file{lib/udev/rules.d} sub-directory. In lieu of the previous @var{file->udev-rule} example, we could have used the "
+"@var{android-udev-rules} package which exists in Guix in the @code{(gnu packages android)} module."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10315
+msgid ""
+"The following example shows how to use the @var{android-udev-rules} package so that the Android tool @command{adb} can detect "
+"devices without root privileges. It also details how to create the @code{adbusers} group, which is required for the proper "
+"functioning of the rules defined within the @var{android-udev-rules} package. To create such a group, we must define it both as "
+"part of the @var{supplementary-groups} of our @var{user-account} declaration, as well as in the @var{groups} field of the "
+"@var{operating-system} record."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10320
+#, no-wrap
+msgid ""
+"(use-modules (gnu packages android) ;for android-udev-rules\n"
+" (gnu system shadow) ;for user-group\n"
+" ;; @dots{})\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10329
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (users (cons (user-acount\n"
+" ;; @dots{}\n"
+" (supplementary-groups\n"
+" '(\"adbusers\" ;for adb\n"
+" \"wheel\" \"netdev\" \"audio\" \"video\"))\n"
+" ;; @dots{})))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10332
+#, no-wrap
+msgid ""
+" (groups (cons (user-group (system? #t) (name \"adbusers\"))\n"
+" %base-groups))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10334
+#, no-wrap
+msgid ""
+" ;; @dots{}\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10341
+#, no-wrap
+msgid ""
+" (services\n"
+" (modify-services %desktop-services\n"
+" (udev-service-type config =>\n"
+" (udev-configuration (inherit config)\n"
+" (rules (cons* android-udev-rules\n"
+" (udev-configuration-rules config))))))))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10344
+#, no-wrap
+msgid "{Scheme Variable} urandom-seed-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10349
+msgid ""
+"Save some entropy in @var{%random-seed-file} to seed @file{/dev/urandom} when rebooting. It also tries to seed @file{/dev/urandom} "
+"from @file{/dev/hwrng} while booting, if @file{/dev/hwrng} exists and is readable."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10351
+#, no-wrap
+msgid "{Scheme Variable} %random-seed-file"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10355
+msgid ""
+"This is the name of the file where some random bytes are saved by @var{urandom-seed-service} to seed @file{/dev/urandom} when "
+"rebooting. It defaults to @file{/var/lib/random-seed}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10357
+#, no-wrap
+msgid "keymap"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10358
+#, no-wrap
+msgid "keyboard"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10359
+#, no-wrap
+msgid "{Scheme Procedure} console-keymap-service @var{files} ..."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10364
+msgid ""
+"Return a service to load console keymaps from @var{files} using @command{loadkeys} command. Most likely, you want to load some "
+"default keymap, which can be done like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10367
+#, no-wrap
+msgid "(console-keymap-service \"dvorak\")\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10371
+msgid "Or, for example, for a Swedish keyboard, you may need to combine the following keymaps:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10373
+#, no-wrap
+msgid "(console-keymap-service \"se-lat6\" \"se-fi-lat6\")\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10377
+msgid "Also you can specify a full file name (or file names) of your keymap(s). See @code{man loadkeys} for details."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10380
+#, no-wrap
+msgid "mouse"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10381
+#, no-wrap
+msgid "gpm"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10382
+#, no-wrap
+msgid "{Scheme Procedure} gpm-service [#:gpm @var{gpm}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10388
+msgid ""
+"[#:options] Run @var{gpm}, the general-purpose mouse daemon, with the given command-line @var{options}. GPM allows users to use the "
+"mouse in the console, notably to select, copy, and paste text. The default value of @var{options} uses the @code{ps2} protocol, "
+"which works for both USB and PS/2 mice."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10390
+msgid "This service is not part of @var{%base-services}."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:10393
+msgid "guix-publish-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10393
+#, no-wrap
+msgid "{Scheme Variable} guix-publish-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10397
+msgid ""
+"This is the service type for @command{guix publish} (@pxref{Invoking guix publish}). Its value must be a @code{guix-configuration} "
+"object, as described below."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10401
+msgid ""
+"This assumes that @file{/etc/guix} already contains a signing key pair as created by @command{guix archive --generate-key} "
+"(@pxref{Invoking guix archive}). If that is not the case, the service will fail to start."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10403
+#, no-wrap
+msgid "{Data Type} guix-publish-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10406
+msgid "Data type representing the configuration of the @code{guix publish} service."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10408
+#, no-wrap
+msgid "@code{guix} (default: @code{guix})"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10411
+#, no-wrap
+msgid "@code{port} (default: @code{80})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10413
+msgid "The TCP port to listen for connections."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10414
+#, no-wrap
+msgid "@code{host} (default: @code{\"localhost\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10417
+msgid "The host (and thus, network interface) to listen to. Use @code{\"0.0.0.0\"} to listen on all the network interfaces."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10422
+msgid ""
+"The gzip compression level at which substitutes are compressed. Use @code{0} to disable compression altogether, and @code{9} to get "
+"the best compression ratio at the expense of increased CPU usage."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10423
+#, no-wrap
+msgid "@code{nar-path} (default: @code{\"nar\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10426
+msgid "The URL path at which ``nars'' can be fetched. @xref{Invoking guix publish, @code{--nar-path}}, for details."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10427
+#, no-wrap
+msgid "@code{cache} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10433
+msgid ""
+"When it is @code{#f}, disable caching and instead generate archives on demand. Otherwise, this should be the name of a directory---"
+"e.g., @code{\"/var/cache/guix/publish\"}---where @command{guix publish} caches archives and meta-data ready to be sent. "
+"@xref{Invoking guix publish, @option{--cache}}, for more information on the tradeoffs involved."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10434
+#, no-wrap
+msgid "@code{workers} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10438
+msgid ""
+"When it is an integer, this is the number of worker threads used for caching; when @code{#f}, the number of processors is used. "
+"@xref{Invoking guix publish, @option{--workers}}, for more information."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10439
+#, no-wrap
+msgid "@code{ttl} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10443
+msgid ""
+"When it is an integer, this denotes the @dfn{time-to-live} in seconds of the published archives. @xref{Invoking guix publish, "
+"@option{--ttl}}, for more information."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:10447
+msgid "rngd-service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10447
+#, no-wrap
+msgid "{Scheme Procedure} rngd-service [#:rng-tools @var{rng-tools}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10452
+msgid ""
+"[#:device \"/dev/hwrng\"] Return a service that runs the @command{rngd} program from @var{rng-tools} to add @var{device} to the "
+"kernel's entropy pool. The service will fail if @var{device} does not exist."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:10455
+msgid "pam-limits-service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10455
+#, no-wrap
+msgid "session limits"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10456
+#, no-wrap
+msgid "ulimit"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10457
+#, no-wrap
+msgid "priority"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10458
+#, no-wrap
+msgid "realtime"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10459
+#, no-wrap
+msgid "jackd"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10460
+#, no-wrap
+msgid "{Scheme Procedure} pam-limits-service [#:limits @code{'()}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10467
+msgid ""
+"Return a service that installs a configuration file for the @uref{http://linux-pam.org/Linux-PAM-html/sag-pam_limits.html, "
+"@code{pam_limits} module}. The procedure optionally takes a list of @code{pam-limits-entry} values, which can be used to specify "
+"@code{ulimit} limits and nice priority limits to user sessions."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10470
+msgid "The following limits definition sets two hard and soft limits for all login sessions of users in the @code{realtime} group:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10476
+#, no-wrap
+msgid ""
+"(pam-limits-service\n"
+" (list\n"
+" (pam-limits-entry \"@@realtime\" 'both 'rtprio 99)\n"
+" (pam-limits-entry \"@@realtime\" 'both 'memlock 'unlimited)))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10482
+msgid ""
+"The first entry increases the maximum realtime priority for non-privileged processes; the second entry lifts any restriction of the "
+"maximum address space that can be locked in memory. These settings are commonly used for real-time audio systems."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10487
+#, no-wrap
+msgid "cron"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10488
+#, no-wrap
+msgid "mcron"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10489
+#, no-wrap
+msgid "scheduling jobs"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:10496
+msgid ""
+"The @code{(gnu services mcron)} module provides an interface to GNU@tie{}mcron, a daemon to run jobs at scheduled times "
+"(@pxref{Top,,, mcron, GNU@tie{}mcron}). GNU@tie{}mcron is similar to the traditional Unix @command{cron} daemon; the main "
+"difference is that it is implemented in Guile Scheme, which provides a lot of flexibility when specifying the scheduling of jobs and "
+"their actions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:10504
+msgid ""
+"The example below defines an operating system that runs the @command{updatedb} (@pxref{Invoking updatedb,,, find, Finding Files}) "
+"and the @command{guix gc} commands (@pxref{Invoking guix gc}) daily, as well as the @command{mkid} command on behalf of an "
+"unprivileged user (@pxref{mkid invocation,,, idutils, ID Database Utilities}). It uses gexps to introduce job definitions that are "
+"passed to mcron (@pxref{G-Expressions})."
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10508
+#, no-wrap
+msgid ""
+"(use-modules (guix) (gnu) (gnu services mcron))\n"
+"(use-package-modules base idutils)\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10517
+#, no-wrap
+msgid ""
+"(define updatedb-job\n"
+" ;; Run 'updatedb' at 3AM every day. Here we write the\n"
+" ;; job's action as a Scheme procedure.\n"
+" #~(job '(next-hour '(3))\n"
+" (lambda ()\n"
+" (execl (string-append #$findutils \"/bin/updatedb\")\n"
+" \"updatedb\"\n"
+" \"--prunepaths=/tmp /var/tmp /gnu/store\"))))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10523
+#, no-wrap
+msgid ""
+"(define garbage-collector-job\n"
+" ;; Collect garbage 5 minutes after midnight every day.\n"
+" ;; The job's action is a shell command.\n"
+" #~(job \"5 0 * * *\" ;Vixie cron syntax\n"
+" \"guix gc -F 1G\"))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10530
+#, no-wrap
+msgid ""
+"(define idutils-job\n"
+" ;; Update the index database as user \"charlie\" at 12:15PM\n"
+" ;; and 19:15PM. This runs from the user's home directory.\n"
+" #~(job '(next-minute-from (next-hour '(12 19)) '(15))\n"
+" (string-append #$idutils \"/bin/mkid src\")\n"
+" #:user \"charlie\"))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10537
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (services (cons (mcron-service (list garbage-collector-job\n"
+" updatedb-job\n"
+" idutils-job))\n"
+" %base-services)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:10542
+msgid ""
+"@xref{Guile Syntax, mcron job specifications,, mcron, GNU@tie{}mcron}, for more information on mcron job specifications. Below is "
+"the reference of the mcron service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10543
+#, no-wrap
+msgid "{Scheme Procedure} mcron-service @var{jobs} [#:mcron @var{mcron}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10546
+msgid "Return an mcron service running @var{mcron} that schedules @var{jobs}, a list of gexps denoting mcron job specifications."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10548
+msgid "This is a shorthand for:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10551
+#, no-wrap
+msgid ""
+"(service mcron-service-type\n"
+" (mcron-configuration (mcron mcron) (jobs jobs)))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10554
+#, no-wrap
+msgid "{Scheme Variable} mcron-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10557
+msgid "This is the type of the @code{mcron} service, whose value is an @code{mcron-configuration} object."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10562
+msgid ""
+"This service type can be the target of a service extension that provides it additional job specifications (@pxref{Service "
+"Composition}). In other words, it is possible to define services that provide additional mcron jobs to run."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10564
+#, no-wrap
+msgid "{Data Type} mcron-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10566
+msgid "Data type representing the configuration of mcron."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10568
+#, no-wrap
+msgid "@code{mcron} (default: @var{mcron})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10570
+msgid "The mcron package to use."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:10571 doc/guix.texi:10630
+#, no-wrap
+msgid "jobs"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10575
+msgid ""
+"This is a list of gexps (@pxref{G-Expressions}), where each gexp corresponds to an mcron job specification (@pxref{Syntax, mcron job "
+"specifications,, mcron, GNU@tie{}mcron})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10582
+#, no-wrap
+msgid "rottlog"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10583
+#, no-wrap
+msgid "log rotation"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:10590
+msgid ""
+"Log files such as those found in @file{/var/log} tend to grow endlessly, so it's a good idea to @dfn{rotate} them once in a while---"
+"i.e., archive their contents in separate files, possibly compressed. The @code{(gnu services admin)} module provides an interface "
+"to GNU@tie{}Rot[t]log, a log rotation tool (@pxref{Top,,, rottlog, GNU Rot[t]log Manual})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:10593
+msgid ""
+"The example below defines an operating system that provides log rotation with the default settings, for commonly encountered log "
+"files."
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10598
+#, no-wrap
+msgid ""
+"(use-modules (guix) (gnu))\n"
+"(use-service-modules admin mcron)\n"
+"(use-package-modules base idutils)\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10603
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (services (cons (service rottlog-service-type)\n"
+" %base-services)))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10605
+#, no-wrap
+msgid "{Scheme Variable} rottlog-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10608
+msgid "This is the type of the Rottlog service, whose value is a @code{rottlog-configuration} object."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10611
+msgid ""
+"Other services can extend this one with new @code{log-rotation} objects (see below), thereby augmenting the set of files to be "
+"rotated."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10614
+msgid "This service type can define mcron jobs (@pxref{Scheduled Job Execution}) to run the rottlog service."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10616
+#, no-wrap
+msgid "{Data Type} rottlog-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10618
+msgid "Data type representing the configuration of rottlog."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10620
+#, no-wrap
+msgid "@code{rottlog} (default: @code{rottlog})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10622
+msgid "The Rottlog package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10623
+#, no-wrap
+msgid "@code{rc-file} (default: @code{(file-append rottlog \"/etc/rc\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10626
+msgid "The Rottlog configuration file to use (@pxref{Mandatory RC Variables,,, rottlog, GNU Rot[t]log Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10627
+#, no-wrap
+msgid "@code{rotations} (default: @code{%default-rotations})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10629
+msgid "A list of @code{log-rotation} objects as defined below."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10633
+msgid "This is a list of gexps where each gexp corresponds to an mcron job specification (@pxref{Scheduled Job Execution})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10636
+#, no-wrap
+msgid "{Data Type} log-rotation"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10638
+msgid "Data type representing the rotation of a group of log files."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10642
+msgid ""
+"Taking an example from the Rottlog manual (@pxref{Period Related File Examples,,, rottlog, GNU Rot[t]log Manual}), a log rotation "
+"might be defined like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10651
+#, no-wrap
+msgid ""
+"(log-rotation\n"
+" (frequency 'daily)\n"
+" (files '(\"/var/log/apache/*\"))\n"
+" (options '(\"storedir apache-archives\"\n"
+" \"rotate 6\"\n"
+" \"notifempty\"\n"
+" \"nocompress\")))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10654
+msgid "The list of fields is as follows:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10656
+#, no-wrap
+msgid "@code{frequency} (default: @code{'weekly})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10658
+msgid "The log rotation frequency, a symbol."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:10659
+#, no-wrap
+msgid "files"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10661
+msgid "The list of files or file glob patterns to rotate."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10662
+#, no-wrap
+msgid "@code{options} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10665
+msgid "The list of rottlog options for this rotation (@pxref{Configuration parameters,,, rottlog, GNU Rot[t]lg Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10666
+#, no-wrap
+msgid "@code{post-rotate} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10668
+msgid "Either @code{#f} or a gexp to execute once the rotation has completed."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10671
+#, no-wrap
+msgid "{Scheme Variable} %default-rotations"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10674
+msgid "Specifies weekly rotation of @var{%rotated-files} and a couple of other files."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10676
+#, no-wrap
+msgid "{Scheme Variable} %rotated-files"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10679
+msgid "The list of syslog-controlled files to be rotated. By default it is: @code{'(\"/var/log/messages\" \"/var/log/secure\")}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:10686
+msgid "The @code{(gnu services networking)} module provides services to configure the network interface."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10687
+#, no-wrap
+msgid "DHCP, networking service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10688
+#, no-wrap
+msgid "{Scheme Procedure} dhcp-client-service [#:dhcp @var{isc-dhcp}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10691
+msgid ""
+"Return a service that runs @var{dhcp}, a Dynamic Host Configuration Protocol (DHCP) client, on all the non-loopback network "
+"interfaces."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10693
+#, no-wrap
+msgid "{Scheme Variable} static-networking-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10696
+msgid "This is the type for statically-configured network interfaces."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10698
+#, no-wrap
+msgid "{Scheme Procedure} static-networking-service @var{interface} @var{ip} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10706
+msgid ""
+"[#:netmask #f] [#:gateway #f] [#:name-servers @code{'()}] [#:requirement @code{'(udev)}] Return a service that starts "
+"@var{interface} with address @var{ip}. If @var{netmask} is true, use it as the network mask. If @var{gateway} is true, it must be "
+"a string specifying the default network gateway. @var{requirement} can be used to declare a dependency on another service before "
+"configuring the interface."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10711
+msgid ""
+"This procedure can be called several times, one for each network interface of interest. Behind the scenes what it does is extend "
+"@code{static-networking-service-type} with additional network interfaces to handle."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10713
+#, no-wrap
+msgid "wicd"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10716
+#, no-wrap
+msgid "network management"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10717
+#, no-wrap
+msgid "{Scheme Procedure} wicd-service [#:wicd @var{wicd}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10720
+msgid ""
+"Return a service that runs @url{https://launchpad.net/wicd,Wicd}, a network management daemon that aims to simplify wired and "
+"wireless networking."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10725
+msgid ""
+"This service adds the @var{wicd} package to the global profile, providing several commands to interact with the daemon and configure "
+"networking: @command{wicd-client}, a graphical user interface, and the @command{wicd-cli} and @command{wicd-curses} user interfaces."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10727
+#, no-wrap
+msgid "NetworkManager"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10729
+#, no-wrap
+msgid "{Scheme Variable} network-manager-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10734
+msgid ""
+"This is the service type for the @uref{https://wiki.gnome.org/Projects/NetworkManager, NetworkManager} service. The value for this "
+"service type is a @code{network-manager-configuration} record."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10737
+msgid "This service is part of @code{%desktop-services} (@pxref{Desktop Services})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10739
+#, no-wrap
+msgid "{Data Type} network-manager-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10741
+msgid "Data type representing the configuration of NetworkManager."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10743
+#, no-wrap
+msgid "@code{network-manager} (default: @code{network-manager})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10745
+msgid "The NetworkManager package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10746
+#, no-wrap
+msgid "@code{dns} (default: @code{\"default\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10749
+msgid "Processing mode for DNS, which affects how NetworkManager uses the @code{resolv.conf} configuration file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10751
+#, no-wrap
+msgid "default"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10754
+msgid "NetworkManager will update @code{resolv.conf} to reflect the nameservers provided by currently active connections."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10755
+#, no-wrap
+msgid "dnsmasq"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10759
+msgid ""
+"NetworkManager will run @code{dnsmasq} as a local caching nameserver, using a \"split DNS\" configuration if you are connected to a "
+"VPN, and then update @code{resolv.conf} to point to the local nameserver."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10760 doc/guix.texi:11746
+#, no-wrap
+msgid "none"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10762
+msgid "NetworkManager will not modify @code{resolv.conf}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10764
+#, no-wrap
+msgid "@code{vpn-plugins} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10768
+msgid ""
+"This is the list of available plugins for virtual private networks (VPNs). An example of this is the @code{network-manager-openvpn} "
+"package, which allows NetworkManager to manage VPNs @i{via} OpenVPN."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10772
+#, no-wrap
+msgid "Connman"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10773
+#, no-wrap
+msgid "{Scheme Variable} connman-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10776
+msgid "This is the service type to run @url{https://01.org/connman,Connman}, a network connection manager."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10779
+msgid "Its value must be an @code{connman-configuration} record as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10784
+#, no-wrap
+msgid ""
+"(service connman-service-type\n"
+" (connman-configuration\n"
+" (disable-vpn? #t)))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10787
+msgid "See below for details about @code{connman-configuration}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10789
+#, no-wrap
+msgid "{Data Type} connman-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10791
+msgid "Data Type representing the configuration of connman."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10793
+#, no-wrap
+msgid "@code{connman} (default: @var{connman})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10795
+msgid "The connman package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10796
+#, no-wrap
+msgid "@code{disable-vpn?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10798
+msgid "When true, enable connman's vpn plugin."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10801
+#, no-wrap
+msgid "WPA Supplicant"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10802
+#, no-wrap
+msgid "{Scheme Variable} wpa-supplicant-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10807
+msgid ""
+"This is the service type to run @url{https://w1.fi/wpa_supplicant/,WPA supplicant}, an authentication daemon required to "
+"authenticate against encrypted WiFi or ethernet networks. It is configured to listen for requests on D-Bus."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10810
+msgid "The value of this service is the @code{wpa-supplicant} package to use. Thus, it can be instantiated like this:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10813
+#, no-wrap
+msgid ""
+"(use-modules (gnu services networking))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:10815
+#, no-wrap
+msgid "(service wpa-supplicant-service-type)\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10818
+#, no-wrap
+msgid "NTP"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10819
+#, no-wrap
+msgid "real time clock"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10820
+#, no-wrap
+msgid "{Scheme Procedure} ntp-service [#:ntp @var{ntp}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10828
+msgid ""
+"[#:servers @var{%ntp-servers}] @ [#:allow-large-adjustment? #f] Return a service that runs the daemon from @var{ntp}, the "
+"@uref{http://www.ntp.org, Network Time Protocol package}. The daemon will keep the system clock synchronized with that of "
+"@var{servers}. @var{allow-large-adjustment?} determines whether @command{ntpd} is allowed to make an initial adjustment of more "
+"than 1,000 seconds."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10830
+#, no-wrap
+msgid "{Scheme Variable} %ntp-servers"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:10832
+msgid "List of host names used as the default NTP servers."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10834
+#, no-wrap
+msgid "OpenNTPD"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10835
+#, no-wrap
+msgid "{Scheme Procedure} openntpd-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10839
+msgid ""
+"Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as implemented by @uref{http://www.openntpd.org, OpenNTPD}. The "
+"daemon will keep the system clock synchronized with that of the given servers."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10849
+#, no-wrap
+msgid ""
+"(service\n"
+" openntpd-service-type\n"
+" (openntpd-configuration\n"
+" (listen-on '(\"127.0.0.1\" \"::1\"))\n"
+" (sensor '(\"udcf0 correction 70000\"))\n"
+" (constraint-from '(\"www.gnu.org\"))\n"
+" (constraints-from '(\"https://www.google.com/\"))\n"
+" (allow-large-adjustment? #t)))\n"
+"\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10853
+#, no-wrap
+msgid "{Data Type} openntpd-configuration"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10855
+#, no-wrap
+msgid "@code{openntpd} (default: @code{(file-append openntpd \"/sbin/ntpd\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10857
+msgid "The openntpd executable to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10857
+#, no-wrap
+msgid "@code{listen-on} (default: @code{'(\"127.0.0.1\" \"::1\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10859
+msgid "A list of local IP addresses or hostnames the ntpd daemon should listen on."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10859
+#, no-wrap
+msgid "@code{query-from} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10861
+msgid "A list of local IP address the ntpd daemon should use for outgoing queries."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10861
+#, no-wrap
+msgid "@code{sensor} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10866
+msgid ""
+"Specify a list of timedelta sensor devices ntpd should use. @code{ntpd} will listen to each sensor that acutally exists and ignore "
+"non-existant ones. See @uref{https://man.openbsd.org/ntpd.conf, upstream documentation} for more information."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10866
+#, no-wrap
+msgid "@code{server} (default: @var{%ntp-servers})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10868
+msgid "Specify a list of IP addresses or hostnames of NTP servers to synchronize to."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10868
+#, no-wrap
+msgid "@code{servers} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10870
+msgid "Specify a list of IP addresses or hostnames of NTP pools to synchronize to."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10870
+#, no-wrap
+msgid "@code{constraint-from} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10877
+msgid ""
+"@code{ntpd} can be configured to query the ‘Date’ from trusted HTTPS servers via TLS. This time information is not used for "
+"precision but acts as an authenticated constraint, thereby reducing the impact of unauthenticated NTP man-in-the-middle attacks. "
+"Specify a list of URLs, IP addresses or hostnames of HTTPS servers to provide a constraint."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10877
+#, no-wrap
+msgid "@code{constraints-from} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10881
+msgid ""
+"As with constraint from, specify a list of URLs, IP addresses or hostnames of HTTPS servers to provide a constraint. Should the "
+"hostname resolve to multiple IP addresses, @code{ntpd} will calculate a median constraint from all of them."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10881
+#, no-wrap
+msgid "@code{allow-large-adjustment?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10884
+msgid "Determines if @code{ntpd} is allowed to make an initial adjustment of more than 180 seconds."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10887
+#, no-wrap
+msgid "inetd"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10888
+#, no-wrap
+msgid "{Scheme variable} inetd-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10893
+msgid ""
+"This service runs the @command{inetd} (@pxref{inetd invocation,,, inetutils, GNU Inetutils}) daemon. @command{inetd} listens for "
+"connections on internet sockets, and lazily starts the specified server program when a connection is made on one of these sockets."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10899
+msgid ""
+"The value of this service is an @code{inetd-configuration} object. The following example configures the @command{inetd} daemon to "
+"provide the built-in @command{echo} service, as well as an smtp service which forwards smtp traffic over ssh to a server @code{smtp-"
+"server} behind a gateway @code{hostname}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10922
+#, no-wrap
+msgid ""
+"(service\n"
+" inetd-service-type\n"
+" (inetd-configuration\n"
+" (entries (list\n"
+" (inetd-entry\n"
+" (name \"echo\")\n"
+" (socket-type 'stream)\n"
+" (protocol \"tcp\")\n"
+" (wait? #f)\n"
+" (user \"root\"))\n"
+" (inetd-entry\n"
+" (node \"127.0.0.1\")\n"
+" (name \"smtp\")\n"
+" (socket-type 'stream)\n"
+" (protocol \"tcp\")\n"
+" (wait? #f)\n"
+" (user \"root\")\n"
+" (program (file-append openssh \"/bin/ssh\"))\n"
+" (arguments\n"
+" '(\"ssh\" \"-qT\" \"-i\" \"/path/to/ssh_key\"\n"
+" \"-W\" \"smtp-server:25\" \"user@@hostname\")))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10925
+msgid "See below for more details about @code{inetd-configuration}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10927
+#, no-wrap
+msgid "{Data Type} inetd-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10929
+msgid "Data type representing the configuration of @command{inetd}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10931
+#, no-wrap
+msgid "@code{program} (default: @code{(file-append inetutils \"/libexec/inetd\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10933
+msgid "The @command{inetd} executable to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10934 doc/guix.texi:16191
+#, no-wrap
+msgid "@code{entries} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10937
+msgid "A list of @command{inetd} service entries. Each entry should be created by the @code{inetd-entry} constructor."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10940
+#, no-wrap
+msgid "{Data Type} inetd-entry"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10944
+msgid ""
+"Data type representing an entry in the @command{inetd} configuration. Each entry corresponds to a socket where @command{inetd} will "
+"listen for requests."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10946
+#, no-wrap
+msgid "@code{node} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10951
+msgid ""
+"Optional string, a comma-separated list of local addresses @command{inetd} should use when listening for this service. "
+"@xref{Configuration file,,, inetutils, GNU Inetutils} for a complete description of all options."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10953
+msgid "A string, the name must correspond to an entry in @code{/etc/services}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:10953
+#, no-wrap
+msgid "socket-type"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10956
+msgid "One of @code{'stream}, @code{'dgram}, @code{'raw}, @code{'rdm} or @code{'seqpacket}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:10956
+#, no-wrap
+msgid "protocol"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10958
+msgid "A string, must correspond to an entry in @code{/etc/protocols}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10958
+#, no-wrap
+msgid "@code{wait?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10961
+msgid "Whether @command{inetd} should wait for the server to exit before listening to new service requests."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10966
+msgid ""
+"A string containing the user (and, optionally, group) name of the user as whom the server should run. The group name can be "
+"specified in a suffix, separated by a colon or period, i.e. @code{\"user\"}, @code{\"user:group\"} or @code{\"user.group\"}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:10966
+#, no-wrap
+msgid "@code{program} (default: @code{\"internal\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10969
+msgid "The server program which will serve the requests, or @code{\"internal\"} if @command{inetd} should use a built-in service."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:10974
+msgid ""
+"A list strings or file-like objects, which are the server program's arguments, starting with the zeroth argument, i.e. the name of "
+"the program itself. For @command{inetd}'s internal services, this entry must be @code{'()} or @code{'(\"internal\")}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:10978
+msgid "@xref{Configuration file,,, inetutils, GNU Inetutils} for a more detailed discussion of each configuration field."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10980
+#, no-wrap
+msgid "Tor"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10981
+#, no-wrap
+msgid "{Scheme Procedure} tor-service [@var{config-file}] [#:tor @var{tor}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10984
+msgid "Return a service to run the @uref{https://torproject.org, Tor} anonymous networking daemon."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10989
+msgid ""
+"The daemon runs as the @code{tor} unprivileged user. It is passed @var{config-file}, a file-like object, with an additional "
+"@code{User tor} line and lines for hidden services added via @code{tor-hidden-service}. Run @command{man tor} for information about "
+"the configuration file."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:10991
+#, no-wrap
+msgid "hidden service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10992
+#, no-wrap
+msgid "{Scheme Procedure} tor-hidden-service @var{name} @var{mapping}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:10995
+msgid ""
+"Define a new Tor @dfn{hidden service} called @var{name} and implementing @var{mapping}. @var{mapping} is a list of port/host "
+"tuples, such as:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:10999
+#, no-wrap
+msgid ""
+" '((22 \"127.0.0.1:22\")\n"
+" (80 \"127.0.0.1:8080\"))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11003
+msgid "In this example, port 22 of the hidden service is mapped to local port 22, and port 80 is mapped to local port 8080."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11007
+msgid ""
+"This creates a @file{/var/lib/tor/hidden-services/@var{name}} directory, where the @file{hostname} file contains the @code{.onion} "
+"host name for the hidden service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11010
+msgid "See @uref{https://www.torproject.org/docs/tor-hidden-service.html.en, the Tor project's documentation} for more information."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11013
+msgid "The @code{(gnu services rsync)} module provides the following services:"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11017
+msgid ""
+"You might want an rsync daemon if you have files that you want available so anyone (or just yourself) can download existing files or "
+"upload new files."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11018
+#, no-wrap
+msgid "{Scheme Variable} rsync-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11021
+msgid ""
+"This is the type for the @uref{https://rsync.samba.org, rsync} rsync daemon, @command{rsync-configuration} record as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11024
+#, no-wrap
+msgid "(service rsync-service-type)\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11027
+msgid "See below for details about @code{rsync-configuration}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11029
+#, no-wrap
+msgid "{Data Type} rsync-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11031
+msgid "Data type representing the configuration for @code{rsync-service}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11033
+#, no-wrap
+msgid "@code{package} (default: @var{rsync})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11035
+msgid "@code{rsync} package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11036
+#, no-wrap
+msgid "@code{port-number} (default: @code{873})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11040
+msgid ""
+"TCP port on which @command{rsync} listens for incoming connections. If port is less than @code{1024} @command{rsync} needs to be "
+"started as the @code{root} user and group."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11041
+#, no-wrap
+msgid "@code{pid-file} (default: @code{\"/var/run/rsyncd/rsyncd.pid\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11043
+msgid "Name of the file where @command{rsync} writes its PID."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11044
+#, no-wrap
+msgid "@code{lock-file} (default: @code{\"/var/run/rsyncd/rsyncd.lock\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11046
+msgid "Name of the file where @command{rsync} writes its lock file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11047
+#, no-wrap
+msgid "@code{log-file} (default: @code{\"/var/log/rsyncd.log\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11049
+msgid "Name of the file where @command{rsync} writes its log file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11050
+#, no-wrap
+msgid "@code{use-chroot?} (default: @var{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11052
+msgid "Whether to use chroot for @command{rsync} shared directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11053
+#, no-wrap
+msgid "@code{share-path} (default: @file{/srv/rsync})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11055
+msgid "Location of the @command{rsync} shared directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11056
+#, no-wrap
+msgid "@code{share-comment} (default: @code{\"Rsync share\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11058
+msgid "Comment of the @command{rsync} shared directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11059
+#, no-wrap
+msgid "@code{read-only?} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11061
+msgid "Read-write permissions to shared directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11062
+#, no-wrap
+msgid "@code{timeout} (default: @code{300})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11064
+msgid "I/O timeout in seconds."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11065
+#, no-wrap
+msgid "@code{user} (default: @var{\"root\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11067
+msgid "Owner of the @code{rsync} process."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11068
+#, no-wrap
+msgid "@code{group} (default: @var{\"root\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11070
+msgid "Group of the @code{rsync} process."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11071
+#, no-wrap
+msgid "@code{uid} (default: @var{\"rsyncd\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11074
+msgid "User name or user ID that file transfers to and from that module should take place as when the daemon was run as @code{root}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11075
+#, no-wrap
+msgid "@code{gid} (default: @var{\"rsyncd\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11077
+msgid "Group name or group ID that will be used when accessing the module."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11082
+msgid "Furthermore, @code{(gnu services ssh)} provides the following services."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11082 doc/guix.texi:11121 doc/guix.texi:20729
+#, no-wrap
+msgid "SSH"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11083 doc/guix.texi:11122 doc/guix.texi:20730
+#, no-wrap
+msgid "SSH server"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11085
+#, no-wrap
+msgid "{Scheme Procedure} lsh-service [#:host-key \"/etc/lsh/host-key\"] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11094
+msgid ""
+"[#:daemonic? #t] [#:interfaces '()] [#:port-number 22] @ [#:allow-empty-passwords? #f] [#:root-login? #f] @ [#:syslog-output? #t] [#:"
+"x11-forwarding? #t] @ [#:tcp/ip-forwarding? #t] [#:password-authentication? #t] @ [#:public-key-authentication? #t] [#:initialize? "
+"#t] Run the @command{lshd} program from @var{lsh} to listen on port @var{port-number}. @var{host-key} must designate a file "
+"containing the host key, and readable only by root."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11100
+msgid ""
+"When @var{daemonic?} is true, @command{lshd} will detach from the controlling terminal and log its output to syslogd, unless one "
+"sets @var{syslog-output?} to false. Obviously, it also makes lsh-service depend on existence of syslogd service. When @var{pid-"
+"file?} is true, @command{lshd} writes its PID to the file called @var{pid-file}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11104
+msgid ""
+"When @var{initialize?} is true, automatically create the seed and host key upon service activation if they do not exist yet. This "
+"may take long and require interaction."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11109
+msgid ""
+"When @var{initialize?} is false, it is up to the user to initialize the randomness generator (@pxref{lsh-make-seed,,, lsh, LSH "
+"Manual}), and to create a key pair with the private key stored in file @var{host-key} (@pxref{lshd basics,,, lsh, LSH Manual})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11113
+msgid ""
+"When @var{interfaces} is empty, lshd listens for connections on all the network interfaces; otherwise, @var{interfaces} must be a "
+"list of host names or addresses."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11117
+msgid ""
+"@var{allow-empty-passwords?} specifies whether to accept log-ins with empty passwords, and @var{root-login?} specifies whether to "
+"accept log-ins as root."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11119
+msgid "The other options should be self-descriptive."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11123
+#, no-wrap
+msgid "{Scheme Variable} openssh-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11127
+msgid ""
+"This is the type for the @uref{http://www.openssh.org, OpenSSH} secure shell daemon, @command{sshd}. Its value must be an "
+"@code{openssh-configuration} record as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11136
+#, no-wrap
+msgid ""
+"(service openssh-service-type\n"
+" (openssh-configuration\n"
+" (x11-forwarding? #t)\n"
+" (permit-root-login 'without-password)\n"
+" (authorized-keys\n"
+" `((\"alice\" ,(local-file \"alice.pub\"))\n"
+" (\"bob\" ,(local-file \"bob.pub\"))))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11139
+msgid "See below for details about @code{openssh-configuration}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11142
+msgid "This service can be extended with extra authorized keys, as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11147
+#, no-wrap
+msgid ""
+"(service-extension openssh-service-type\n"
+" (const `((\"charlie\"\n"
+" ,(local-file \"charlie.pub\")))))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11150
+#, no-wrap
+msgid "{Data Type} openssh-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11152
+msgid "This is the configuration record for OpenSSH's @command{sshd}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11154
+#, no-wrap
+msgid "@code{pid-file} (default: @code{\"/var/run/sshd.pid\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11156
+msgid "Name of the file where @command{sshd} writes its PID."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11157
+#, no-wrap
+msgid "@code{port-number} (default: @code{22})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11159
+msgid "TCP port on which @command{sshd} listens for incoming connections."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11160
+#, no-wrap
+msgid "@code{permit-root-login} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11165
+msgid ""
+"This field determines whether and when to allow logins as root. If @code{#f}, root logins are disallowed; if @code{#t}, they are "
+"allowed. If it's the symbol @code{'without-password}, then root logins are permitted but not with password-based authentication."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11166 doc/guix.texi:11299
+#, no-wrap
+msgid "@code{allow-empty-passwords?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11169
+msgid "When true, users with empty passwords may log in. When false, they may not."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11170 doc/guix.texi:11302
+#, no-wrap
+msgid "@code{password-authentication?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11173
+msgid "When true, users may log in with their password. When false, they have other authentication methods."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11174
+#, no-wrap
+msgid "@code{public-key-authentication?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11177
+msgid "When true, users may log in using public key authentication. When false, users have to use other authentication method."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11180
+msgid "Authorized public keys are stored in @file{~/.ssh/authorized_keys}. This is used only by protocol version 2."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11181
+#, no-wrap
+msgid "@code{x11-forwarding?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11185
+msgid ""
+"When true, forwarding of X11 graphical client connections is enabled---in other words, @command{ssh} options @option{-X} and "
+"@option{-Y} will work."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11186
+#, no-wrap
+msgid "@code{challenge-response-authentication?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11189
+msgid "Specifies whether challenge response authentication is allowed (e.g. via PAM)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11190
+#, no-wrap
+msgid "@code{use-pam?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11196
+msgid ""
+"Enables the Pluggable Authentication Module interface. If set to @code{#t}, this will enable PAM authentication using "
+"@code{challenge-response-authentication?} and @code{password-authentication?}, in addition to PAM account and session module "
+"processing for all authentication types."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11201
+msgid ""
+"Because PAM challenge response authentication usually serves an equivalent role to password authentication, you should disable "
+"either @code{challenge-response-authentication?} or @code{password-authentication?}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11202
+#, no-wrap
+msgid "@code{print-last-log?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11205
+msgid "Specifies whether @command{sshd} should print the date and time of the last user login when a user logs in interactively."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11206
+#, no-wrap
+msgid "@code{subsystems} (default: @code{'((\"sftp\" \"internal-sftp\"))})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11208
+msgid "Configures external subsystems (e.g. file transfer daemon)."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11212
+msgid ""
+"This is a list of two-element lists, each of which containing the subsystem name and a command (with optional arguments) to execute "
+"upon subsystem request."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11215
+msgid ""
+"The command @command{internal-sftp} implements an in-process SFTP server. Alternately, one can specify the @command{sftp-server} "
+"command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11220
+#, no-wrap
+msgid ""
+"(service openssh-service-type\n"
+" (openssh-configuration\n"
+" (subsystems\n"
+" `((\"sftp\" ,(file-append openssh \"/libexec/sftp-server\"))))))\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11222
+#, no-wrap
+msgid "@code{accepted-environment} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11224
+msgid "List of strings describing which environment variables may be exported."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11227
+msgid "Each string gets on its own line. See the @code{AcceptEnv} option in @code{man sshd_config}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11232
+msgid ""
+"This example allows ssh-clients to export the @code{COLORTERM} variable. It is set by terminal emulators, which support colors. "
+"You can use it in your shell's ressource file to enable colors for the prompt and commands if this variable is set."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11237
+#, no-wrap
+msgid ""
+"(service openssh-service-type\n"
+" (openssh-configuration\n"
+" (accepted-environment '(\"COLORTERM\"))))\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11239
+#, no-wrap
+msgid "@code{authorized-keys} (default: @code{'()})"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11240
+#, no-wrap
+msgid "authorized keys, SSH"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11241
+#, no-wrap
+msgid "SSH authorized keys"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11245
+msgid ""
+"This is the list of authorized keys. Each element of the list is a user name followed by one or more file-like objects that "
+"represent SSH public keys. For example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11252
+#, no-wrap
+msgid ""
+"(openssh-configuration\n"
+" (authorized-keys\n"
+" `((\"rekado\" ,(local-file \"rekado.pub\"))\n"
+" (\"chris\" ,(local-file \"chris.pub\"))\n"
+" (\"root\" ,(local-file \"rekado.pub\") ,(local-file \"chris.pub\")))))\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11257
+msgid "registers the specified public keys for user accounts @code{rekado}, @code{chris}, and @code{root}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11260
+msgid "Additional authorized keys can be specified @i{via} @code{service-extension}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11263
+msgid "Note that this does @emph{not} interfere with the use of @file{~/.ssh/authorized_keys}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11266
+#, no-wrap
+msgid "{Scheme Procedure} dropbear-service [@var{config}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11270
+msgid ""
+"Run the @uref{https://matt.ucc.asn.au/dropbear/dropbear.html,Dropbear SSH daemon} with the given @var{config}, a @code{<dropbear-"
+"configuration>} object."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11273
+msgid ""
+"For example, to specify a Dropbear service listening on port 1234, add this call to the operating system's @code{services} field:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11277
+#, no-wrap
+msgid ""
+"(dropbear-service (dropbear-configuration\n"
+" (port-number 1234)))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11280
+#, no-wrap
+msgid "{Data Type} dropbear-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11282
+msgid "This data type represents the configuration of a Dropbear SSH daemon."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11284
+#, no-wrap
+msgid "@code{dropbear} (default: @var{dropbear})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11286
+msgid "The Dropbear package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11287
+#, no-wrap
+msgid "@code{port-number} (default: 22)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11289
+msgid "The TCP port where the daemon waits for incoming connections."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11290
+#, no-wrap
+msgid "@code{syslog-output?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11292
+msgid "Whether to enable syslog output."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11293
+#, no-wrap
+msgid "@code{pid-file} (default: @code{\"/var/run/dropbear.pid\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11295
+msgid "File name of the daemon's PID file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11296
+#, no-wrap
+msgid "@code{root-login?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11298
+msgid "Whether to allow @code{root} logins."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11301
+msgid "Whether to allow empty passwords."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11304
+msgid "Whether to enable password-based authentication."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11307
+#, no-wrap
+msgid "{Scheme Variable} %facebook-host-aliases"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11313
+msgid ""
+"This variable contains a string for use in @file{/etc/hosts} (@pxref{Host Names,,, libc, The GNU C Library Reference Manual}). Each "
+"line contains a entry that maps a known server name of the Facebook on-line service---e.g., @code{www.facebook.com}---to the local "
+"host---@code{127.0.0.1} or its IPv6 equivalent, @code{::1}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11317
+msgid ""
+"This variable is typically used in the @code{hosts-file} field of an @code{operating-system} declaration (@pxref{operating-system "
+"Reference, @file{/etc/hosts}}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11320
+#, no-wrap
+msgid ""
+"(use-modules (gnu) (guix))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11330
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" (host-name \"mymachine\")\n"
+" ;; ...\n"
+" (hosts-file\n"
+" ;; Create a /etc/hosts file with aliases for \"localhost\"\n"
+" ;; and \"mymachine\", as well as for Facebook servers.\n"
+" (plain-file \"hosts\"\n"
+" (string-append (local-host-aliases host-name)\n"
+" %facebook-host-aliases))))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11334
+msgid "This mechanism can prevent programs running locally, such as Web browsers, from accessing Facebook."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11337
+msgid "The @code{(gnu services avahi)} provides the following definition."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11338
+#, no-wrap
+msgid "{Scheme Procedure} avahi-service [#:avahi @var{avahi}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11350
+msgid ""
+"[#:host-name #f] [#:publish? #t] [#:ipv4? #t] @ [#:ipv6? #t] [#:wide-area? #f] @ [#:domains-to-browse '()] [#:debug? #f] Return a "
+"service that runs @command{avahi-daemon}, a system-wide mDNS/DNS-SD responder that allows for service discovery and \"zero-"
+"configuration\" host name lookups (see @uref{http://avahi.org/}), and extends the name service cache daemon (nscd) so that it can "
+"resolve @code{.local} host names using @uref{http://0pointer.de/lennart/projects/nss-mdns/, nss-mdns}. Additionally, add the "
+"@var{avahi} package to the system profile so that commands such as @command{avahi-browse} are directly usable."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11353
+msgid ""
+"If @var{host-name} is different from @code{#f}, use that as the host name to publish for this machine; otherwise, use the machine's "
+"actual host name."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11357
+msgid ""
+"When @var{publish?} is true, publishing of host names and services is allowed; in particular, avahi-daemon will publish the "
+"machine's host name and IP address via mDNS on the local network."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11359
+msgid "When @var{wide-area?} is true, DNS-SD over unicast DNS is enabled."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11362
+msgid "Boolean values @var{ipv4?} and @var{ipv6?} determine whether to use IPv4/IPv6 sockets."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11364
+#, no-wrap
+msgid "{Scheme Variable} openvswitch-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11368
+msgid ""
+"This is the type of the @uref{http://www.openvswitch.org, Open vSwitch} service, whose value should be an @code{openvswitch-"
+"configuration} object."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11370
+#, no-wrap
+msgid "{Data Type} openvswitch-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11374
+msgid ""
+"Data type representing the configuration of Open vSwitch, a multilayer virtual switch which is designed to enable massive network "
+"automation through programmatic extension."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11376
+#, no-wrap
+msgid "@code{package} (default: @var{openvswitch})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11378
+msgid "Package object of the Open vSwitch."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11385
+#, no-wrap
+msgid "X11"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11386
+#, no-wrap
+msgid "X Window System"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11387 doc/guix.texi:11564
+#, no-wrap
+msgid "login manager"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11392
+msgid ""
+"Support for the X Window graphical display system---specifically Xorg---is provided by the @code{(gnu services xorg)} module. Note "
+"that there is no @code{xorg-service} procedure. Instead, the X server is started by the @dfn{login manager}, by default SLiM."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11393
+#, no-wrap
+msgid "window manager"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11398
+msgid ""
+"To use X11, you must install at least one @dfn{window manager}---for example the @code{windowmaker} or @code{openbox} packages---"
+"preferably by adding it to the @code{packages} field of your operating system definition (@pxref{operating-system Reference, system-"
+"wide packages})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11399
+#, no-wrap
+msgid "{Scheme Variable} slim-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11401
+msgid "This is the type for the SLiM graphical login manager for X11."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11402
+#, no-wrap
+msgid "session types (X11)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11403
+#, no-wrap
+msgid "X11 session types"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11410
+msgid ""
+"SLiM looks for @dfn{session types} described by the @file{.desktop} files in @file{/run/current-system/profile/share/xsessions} and "
+"allows users to choose a session from the log-in screen using @kbd{F1}. Packages such as @code{xfce}, @code{sawfish}, and "
+"@code{ratpoison} provide @file{.desktop} files; adding them to the system-wide set of packages automatically makes them available at "
+"the log-in screen."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11414
+msgid ""
+"In addition, @file{~/.xsession} files are honored. When available, @file{~/.xsession} must be an executable that starts a window "
+"manager and/or other X clients."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11416
+#, no-wrap
+msgid "{Data Type} slim-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11418
+msgid "Data type representing the configuration of @code{slim-service-type}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11422
+msgid "Whether to allow logins with empty passwords."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11423
+#, no-wrap
+msgid "@code{auto-login?} (default: @code{#f})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:11424
+#, no-wrap
+msgid "@code{default-user} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11426
+msgid "When @code{auto-login?} is false, SLiM presents a log-in screen."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11429
+msgid "When @code{auto-login?} is true, SLiM logs in directly as @code{default-user}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11430
+#, no-wrap
+msgid "@code{theme} (default: @code{%default-slim-theme})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:11431
+#, no-wrap
+msgid "@code{theme-name} (default: @code{%default-slim-theme-name})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11433
+msgid "The graphical theme to use and its name."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11434
+#, no-wrap
+msgid "@code{auto-login-session} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11437
+msgid ""
+"If true, this must be the name of the executable to start as the default session---e.g., @code{(file-append windowmaker \"/bin/"
+"windowmaker\")}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11441
+msgid ""
+"If false, a session described by one of the available @file{.desktop} files in @code{/run/current-system/profile} and @code{~/.guix-"
+"profile} will be used."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:11446
+msgid ""
+"You must install at least one window manager in the system profile or in your user profile. Failing to do that, if @code{auto-login-"
+"session} is false, you will be unable to log in."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11448
+#, no-wrap
+msgid "@code{startx} (default: @code{(xorg-start-command)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11450
+msgid "The command used to start the X11 graphical server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11451
+#, no-wrap
+msgid "@code{xauth} (default: @code{xauth})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11453
+msgid "The XAuth package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11454
+#, no-wrap
+msgid "@code{shepherd} (default: @code{shepherd})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11457
+msgid "The Shepherd package used when invoking @command{halt} and @command{reboot}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11458
+#, no-wrap
+msgid "@code{sessreg} (default: @code{sessreg})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11460
+msgid "The sessreg package used in order to register the session."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11461
+#, no-wrap
+msgid "@code{slim} (default: @code{slim})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11463
+msgid "The SLiM package to use."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11466 doc/guix.texi:20226
+#, no-wrap
+msgid "{Scheme Variable} %default-theme"
+msgstr ""
+
+#. type: defvrx
+#: doc/guix.texi:11467
+#, no-wrap
+msgid "{Scheme Variable} %default-theme-name"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:11469
+msgid "The default SLiM theme and its name."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11472
+#, no-wrap
+msgid "{Data Type} sddm-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:11474
+msgid "This is the data type representing the sddm service configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11476
+#, no-wrap
+msgid "@code{display-server} (default: \"x11\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11479
+msgid "Select display server to use for the greeter. Valid values are \"x11\" or \"wayland\"."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11480
+#, no-wrap
+msgid "@code{numlock} (default: \"on\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11482
+msgid "Valid values are \"on\", \"off\" or \"none\"."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11483
+#, no-wrap
+msgid "@code{halt-command} (default @code{#~(string-apppend #$shepherd \"/sbin/halt\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11485
+msgid "Command to run when halting."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11486
+#, no-wrap
+msgid "@code{reboot-command} (default @code{#~(string-append #$shepherd \"/sbin/reboot\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11488
+msgid "Command to run when rebooting."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11489
+#, no-wrap
+msgid "@code{theme} (default \"maldives\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11491
+msgid "Theme to use. Default themes provided by SDDM are \"elarun\" or \"maldives\"."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11492
+#, no-wrap
+msgid "@code{themes-directory} (default \"/run/current-system/profile/share/sddm/themes\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11494
+msgid "Directory to look for themes."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11495
+#, no-wrap
+msgid "@code{faces-directory} (default \"/run/current-system/profile/share/sddm/faces\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11497
+msgid "Directory to look for faces."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11498
+#, no-wrap
+msgid "@code{default-path} (default \"/run/current-system/profile/bin\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11500
+msgid "Default PATH to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11501
+#, no-wrap
+msgid "@code{minimum-uid} (default 1000)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11503
+msgid "Minimum UID to display in SDDM."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11504
+#, no-wrap
+msgid "@code{maximum-uid} (default 2000)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11506
+msgid "Maximum UID to display in SDDM"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11507
+#, no-wrap
+msgid "@code{remember-last-user?} (default #t)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11509
+msgid "Remember last user."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11510
+#, no-wrap
+msgid "@code{remember-last-session?} (default #t)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11512
+msgid "Remember last session."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11513
+#, no-wrap
+msgid "@code{hide-users} (default \"\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11515
+msgid "Usernames to hide from SDDM greeter."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11516
+#, no-wrap
+msgid "@code{hide-shells} (default @code{#~(string-append #$shadow \"/sbin/nologin\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11518
+msgid "Users with shells listed will be hidden from the SDDM greeter."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11519
+#, no-wrap
+msgid "@code{session-command} (default @code{#~(string-append #$sddm \"/share/sddm/scripts/wayland-session\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11521
+msgid "Script to run before starting a wayland session."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11522
+#, no-wrap
+msgid "@code{sessions-directory} (default \"/run/current-system/profile/share/wayland-sessions\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11524
+msgid "Directory to look for desktop files starting wayland sessions."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11525
+#, no-wrap
+msgid "@code{xorg-server-path} (default @code{xorg-start-command})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11527
+msgid "Path to xorg-server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11528
+#, no-wrap
+msgid "@code{xauth-path} (default @code{#~(string-append #$xauth \"/bin/xauth\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11530
+msgid "Path to xauth."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11531
+#, no-wrap
+msgid "@code{xephyr-path} (default @code{#~(string-append #$xorg-server \"/bin/Xephyr\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11533
+msgid "Path to Xephyr."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11534
+#, no-wrap
+msgid "@code{xdisplay-start} (default @code{#~(string-append #$sddm \"/share/sddm/scripts/Xsetup\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11536
+msgid "Script to run after starting xorg-server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11537
+#, no-wrap
+msgid "@code{xdisplay-stop} (default @code{#~(string-append #$sddm \"/share/sddm/scripts/Xstop\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11539
+msgid "Script to run before stopping xorg-server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11540
+#, no-wrap
+msgid "@code{xsession-command} (default: @code{xinitr })"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11542
+msgid "Script to run before starting a X session."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11543
+#, no-wrap
+msgid "@code{xsessions-directory} (default: \"/run/current-system/profile/share/xsessions\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11545
+msgid "Directory to look for desktop files starting X sessions."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11546
+#, no-wrap
+msgid "@code{minimum-vt} (default: 7)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11548
+msgid "Minimum VT to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11549
+#, no-wrap
+msgid "@code{xserver-arguments} (default \"-nolisten tcp\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11551
+msgid "Arguments to pass to xorg-server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11552
+#, no-wrap
+msgid "@code{auto-login-user} (default \"\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11554
+msgid "User to use for auto-login."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11555
+#, no-wrap
+msgid "@code{auto-login-session} (default \"\")"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11557
+msgid "Desktop file to use for auto-login."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11558
+#, no-wrap
+msgid "@code{relogin?} (default #f)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11560
+msgid "Relogin after logout."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11565
+#, no-wrap
+msgid "X11 login"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11566
+#, no-wrap
+msgid "{Scheme Procedure} sddm-service config"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11569
+msgid "Return a service that spawns the SDDM graphical login manager for config of type @code{<sddm-configuration>}."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11574
+#, no-wrap
+msgid ""
+" (sddm-service (sddm-configuration\n"
+" (auto-login-user \"Alice\")\n"
+" (auto-login-session \"xfce.desktop\")))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11577
+#, no-wrap
+msgid "{Scheme Procedure} xorg-start-command [#:guile] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11586
+msgid ""
+"[#:modules %default-xorg-modules] @ [#:fonts %default-xorg-fonts] @ [#:configuration-file (xorg-configuration-file @dots{})] @ [#:"
+"xorg-server @var{xorg-server}] Return a @code{startx} script in which @var{modules}, a list of X module packages, and @var{fonts}, a "
+"list of X font directories, are available. See @code{xorg-wrapper} for more details on the arguments. The result should be used in "
+"place of @code{startx}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11588
+msgid "Usually the X server is started by a login manager."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11590
+#, no-wrap
+msgid "{Scheme Procedure} xorg-configuration-file @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11596
+msgid ""
+"[#:modules %default-xorg-modules] @ [#:fonts %default-xorg-fonts] @ [#:drivers '()] [#:resolutions '()] [#:extra-config '()] Return "
+"a configuration file for the Xorg server containing search paths for all the common drivers."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11601
+msgid ""
+"@var{modules} must be a list of @dfn{module packages} loaded by the Xorg server---e.g., @code{xf86-video-vesa}, @code{xf86-input-"
+"keyboard}, and so on. @var{fonts} must be a list of font directories to add to the server's @dfn{font path}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11605
+msgid ""
+"@var{drivers} must be either the empty list, in which case Xorg chooses a graphics driver automatically, or a list of driver names "
+"that will be tried in this order---e.g., @code{(\"modesetting\" \"vesa\")}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11609
+msgid ""
+"Likewise, when @var{resolutions} is the empty list, Xorg chooses an appropriate screen resolution; otherwise, it must be a list of "
+"resolutions---e.g., @code{((1024 768) (640 480))}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11613
+msgid ""
+"Last, @var{extra-config} is a list of strings or objects appended to the configuration file. It is used to pass extra text to be "
+"added verbatim to the configuration file."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11615
+#, no-wrap
+msgid "{Scheme Procedure} screen-locker-service @var{package} [@var{program}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11619
+msgid ""
+"Add @var{package}, a package for a screen locker or screen saver whose command is @var{program}, to the set of setuid programs and "
+"add a PAM entry for it. For example:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:11622
+#, no-wrap
+msgid "(screen-locker-service xlockmore \"xlock\")\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11625
+msgid "makes the good ol' XlockMore usable."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:11631
+#, no-wrap
+msgid "printer support with CUPS"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11635
+msgid ""
+"The @code{(gnu services cups)} module provides a Guix service definition for the CUPS printing service. To add printer support to a "
+"GuixSD system, add a @code{cups-service} to the operating system definition:"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11636
+#, no-wrap
+msgid "{Scheme Variable} cups-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:11640
+msgid ""
+"The service type for the CUPS print server. Its value should be a valid CUPS configuration (see below). To use the default "
+"settings, simply write:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11642
+#, no-wrap
+msgid "(service cups-service-type)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11652
+msgid ""
+"The CUPS configuration controls the basic things about your CUPS installation: what interfaces it listens on, what to do if a print "
+"job fails, how much logging to do, and so on. To actually add a printer, you have to visit the @url{http://localhost:631} URL, or "
+"use a tool such as GNOME's printer configuration services. By default, configuring a CUPS service will generate a self-signed "
+"certificate if needed, for secure connections to the print server."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11657
+msgid ""
+"Suppose you want to enable the Web interface of CUPS and also add support for Epson printers @i{via} the @code{escpr} package and "
+"for HP printers @i{via} the @code{hplip} package. You can do that directly, like this (you need to use the @code{(gnu packages "
+"cups)} module):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:11664
+#, no-wrap
+msgid ""
+"(service cups-service-type\n"
+" (cups-configuration\n"
+" (web-interface? #t)\n"
+" (extensions\n"
+" (list cups-filters escpr hplip))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11672
+msgid ""
+"The available configuration parameters follow. Each parameter definition is preceded by its type; for example, @samp{string-list "
+"foo} indicates that the @code{foo} parameter should be specified as a list of strings. There is also a way to specify the "
+"configuration as a string, if you have an old @code{cupsd.conf} file that you want to port over from some other system; see the end "
+"for more details."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:11683
+msgid "Available @code{cups-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11684
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} package cups"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11686 doc/guix.texi:12443
+msgid "The CUPS package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11688
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} package-list extensions"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11690
+msgid "Drivers and other extensions to the CUPS package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11692
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} files-configuration files-configuration"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11695
+msgid ""
+"Configuration of where to write logs, what directories to use for print spools, and related privileged configuration parameters."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11697
+msgid "Available @code{files-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11698
+#, no-wrap
+msgid "{@code{files-configuration} parameter} log-location access-log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11706
+msgid ""
+"Defines the access log filename. Specifying a blank filename disables access log generation. The value @code{stderr} causes log "
+"entries to be sent to the standard error file when the scheduler is running in the foreground, or to the system log daemon when run "
+"in the background. The value @code{syslog} causes log entries to be sent to the system log daemon. The server name may be included "
+"in filenames using the string @code{%s}, as in @code{/var/log/cups/%s-access_log}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11708
+msgid "Defaults to @samp{\"/var/log/cups/access_log\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11710
+#, no-wrap
+msgid "{@code{files-configuration} parameter} file-name cache-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11712
+msgid "Where CUPS should cache data."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11714
+msgid "Defaults to @samp{\"/var/cache/cups\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11716
+#, no-wrap
+msgid "{@code{files-configuration} parameter} string config-file-perm"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11719
+msgid "Specifies the permissions for all configuration files that the scheduler writes."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11725
+msgid ""
+"Note that the permissions for the printers.conf file are currently masked to only allow access from the scheduler user (typically "
+"root). This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally "
+"known on the system. There is no way to disable this security feature."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11727
+msgid "Defaults to @samp{\"0640\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11729
+#, no-wrap
+msgid "{@code{files-configuration} parameter} log-location error-log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11737
+msgid ""
+"Defines the error log filename. Specifying a blank filename disables access log generation. The value @code{stderr} causes log "
+"entries to be sent to the standard error file when the scheduler is running in the foreground, or to the system log daemon when run "
+"in the background. The value @code{syslog} causes log entries to be sent to the system log daemon. The server name may be included "
+"in filenames using the string @code{%s}, as in @code{/var/log/cups/%s-error_log}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11739
+msgid "Defaults to @samp{\"/var/log/cups/error_log\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11741
+#, no-wrap
+msgid "{@code{files-configuration} parameter} string fatal-errors"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11744
+msgid "Specifies which errors are fatal, causing the scheduler to exit. The kind strings are:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11748
+msgid "No errors are fatal."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11751
+msgid "All of the errors below are fatal."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11752
+#, no-wrap
+msgid "browse"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11755
+msgid "Browsing initialization errors are fatal, for example failed connections to the DNS-SD daemon."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11756
+#, no-wrap
+msgid "config"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11758
+msgid "Configuration file syntax errors are fatal."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11759
+#, no-wrap
+msgid "listen"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11762
+msgid "Listen or Port errors are fatal, except for IPv6 failures on the loopback or @code{any} addresses."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11763
+#, no-wrap
+msgid "log"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11765
+msgid "Log file creation or write errors are fatal."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:11766
+#, no-wrap
+msgid "permissions"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:11769
+msgid "Bad startup file permissions are fatal, for example shared TLS certificate and key files with world-read permissions."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11772
+msgid "Defaults to @samp{\"all -browse\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11774
+#, no-wrap
+msgid "{@code{files-configuration} parameter} boolean file-device?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11777
+msgid ""
+"Specifies whether the file pseudo-device can be used for new printer queues. The URI @uref{file:///dev/null} is always allowed."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11779 doc/guix.texi:11849 doc/guix.texi:11885 doc/guix.texi:11897 doc/guix.texi:11903 doc/guix.texi:11919
+#: doc/guix.texi:12007 doc/guix.texi:12101 doc/guix.texi:12417 doc/guix.texi:12430 doc/guix.texi:16557 doc/guix.texi:16571
+#: doc/guix.texi:16693 doc/guix.texi:16714 doc/guix.texi:16735 doc/guix.texi:16742 doc/guix.texi:16787 doc/guix.texi:16794
+#: doc/guix.texi:17197 doc/guix.texi:17211 doc/guix.texi:17383 doc/guix.texi:17428 doc/guix.texi:17515 doc/guix.texi:17644
+#: doc/guix.texi:17677 doc/guix.texi:17817 doc/guix.texi:17828 doc/guix.texi:18078 doc/guix.texi:18717 doc/guix.texi:18726
+#: doc/guix.texi:18734 doc/guix.texi:18742 doc/guix.texi:18758 doc/guix.texi:18774 doc/guix.texi:18782 doc/guix.texi:18790
+#: doc/guix.texi:18799 doc/guix.texi:18808 doc/guix.texi:18824 doc/guix.texi:18888 doc/guix.texi:18994 doc/guix.texi:19002
+#: doc/guix.texi:19010 doc/guix.texi:19026 doc/guix.texi:19080 doc/guix.texi:19128 doc/guix.texi:19281 doc/guix.texi:19289
+#: doc/guix.texi:19297 doc/guix.texi:19305 doc/guix.texi:19313 doc/guix.texi:19321 doc/guix.texi:19329 doc/guix.texi:19336
+msgid "Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11781
+#, no-wrap
+msgid "{@code{files-configuration} parameter} string group"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11784
+msgid "Specifies the group name or ID that will be used when executing external programs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11786 doc/guix.texi:11866
+msgid "Defaults to @samp{\"lp\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11788
+#, no-wrap
+msgid "{@code{files-configuration} parameter} string log-file-perm"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11790
+msgid "Specifies the permissions for all log files that the scheduler writes."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11792
+msgid "Defaults to @samp{\"0644\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11794
+#, no-wrap
+msgid "{@code{files-configuration} parameter} log-location page-log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11802
+msgid ""
+"Defines the page log filename. Specifying a blank filename disables access log generation. The value @code{stderr} causes log "
+"entries to be sent to the standard error file when the scheduler is running in the foreground, or to the system log daemon when run "
+"in the background. The value @code{syslog} causes log entries to be sent to the system log daemon. The server name may be included "
+"in filenames using the string @code{%s}, as in @code{/var/log/cups/%s-page_log}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11804
+msgid "Defaults to @samp{\"/var/log/cups/page_log\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11806
+#, no-wrap
+msgid "{@code{files-configuration} parameter} string remote-root"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11809
+msgid ""
+"Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user. The default is "
+"@code{remroot}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11811
+msgid "Defaults to @samp{\"remroot\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11813
+#, no-wrap
+msgid "{@code{files-configuration} parameter} file-name request-root"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11816
+msgid "Specifies the directory that contains print jobs and other HTTP request data."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11818
+msgid "Defaults to @samp{\"/var/spool/cups\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11820
+#, no-wrap
+msgid "{@code{files-configuration} parameter} sandboxing sandboxing"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11825
+msgid ""
+"Specifies the level of security sandboxing that is applied to print filters, backends, and other child processes of the scheduler; "
+"either @code{relaxed} or @code{strict}. This directive is currently only used/supported on macOS."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11827
+msgid "Defaults to @samp{strict}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11829
+#, no-wrap
+msgid "{@code{files-configuration} parameter} file-name server-keychain"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11834
+msgid ""
+"Specifies the location of TLS certificates and private keys. CUPS will look for public and private keys in this directory: a @code{."
+"crt} files for PEM-encoded certificates and corresponding @code{.key} files for PEM-encoded private keys."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11836
+msgid "Defaults to @samp{\"/etc/cups/ssl\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11838
+#, no-wrap
+msgid "{@code{files-configuration} parameter} file-name server-root"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11840
+msgid "Specifies the directory containing the server configuration files."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11842
+msgid "Defaults to @samp{\"/etc/cups\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11844
+#, no-wrap
+msgid "{@code{files-configuration} parameter} boolean sync-on-close?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11847
+msgid "Specifies whether the scheduler calls fsync(2) after writing configuration or state files."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11851
+#, no-wrap
+msgid "{@code{files-configuration} parameter} space-separated-string-list system-group"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11853
+msgid "Specifies the group(s) to use for @code{@@SYSTEM} group authentication."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11855
+#, no-wrap
+msgid "{@code{files-configuration} parameter} file-name temp-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11857
+msgid "Specifies the directory where temporary files are stored."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11859
+msgid "Defaults to @samp{\"/var/spool/cups/tmp\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11861
+#, no-wrap
+msgid "{@code{files-configuration} parameter} string user"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11864
+msgid "Specifies the user name or ID that is used when running external programs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11869
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} access-log-level access-log-level"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11876
+msgid ""
+"Specifies the logging level for the AccessLog file. The @code{config} level logs when printers and classes are added, deleted, or "
+"modified and when configuration files are accessed or updated. The @code{actions} level logs when print jobs are submitted, held, "
+"released, modified, or canceled, and any of the conditions for @code{config}. The @code{all} level logs all requests."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11878
+msgid "Defaults to @samp{actions}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11880
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean auto-purge-jobs?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11883
+msgid "Specifies whether to purge job history data automatically when it is no longer required for quotas."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11887
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} browse-local-protocols browse-local-protocols"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11889
+msgid "Specifies which protocols to use for local printer sharing."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11891
+msgid "Defaults to @samp{dnssd}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11893
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean browse-web-if?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11895
+msgid "Specifies whether the CUPS web interface is advertised."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11899
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean browsing?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11901
+msgid "Specifies whether shared printers are advertised."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11905
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string classification"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11910
+msgid ""
+"Specifies the security classification of the server. Any valid banner name can be used, including \"classified\", \"confidential\", "
+"\"secret\", \"topsecret\", and \"unclassified\", or the banner can be omitted to disable secure printing functions."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11912 doc/guix.texi:12249 doc/guix.texi:13608 doc/guix.texi:13620 doc/guix.texi:17783 doc/guix.texi:17791
+#: doc/guix.texi:17799 doc/guix.texi:17807 doc/guix.texi:18085 doc/guix.texi:18560 doc/guix.texi:18568 doc/guix.texi:18576
+#: doc/guix.texi:18684 doc/guix.texi:18709 doc/guix.texi:18840 doc/guix.texi:18848 doc/guix.texi:18856 doc/guix.texi:18864
+#: doc/guix.texi:18872 doc/guix.texi:18880 doc/guix.texi:18903 doc/guix.texi:18911 doc/guix.texi:18963 doc/guix.texi:18979
+#: doc/guix.texi:18987 doc/guix.texi:19017 doc/guix.texi:19040 doc/guix.texi:19062 doc/guix.texi:19069 doc/guix.texi:19104
+#: doc/guix.texi:19112 doc/guix.texi:19136 doc/guix.texi:19168 doc/guix.texi:19197 doc/guix.texi:19204 doc/guix.texi:19211
+#: doc/guix.texi:19219 doc/guix.texi:19233 doc/guix.texi:19242 doc/guix.texi:19252 doc/guix.texi:19259 doc/guix.texi:19266
+#: doc/guix.texi:19273 doc/guix.texi:19344 doc/guix.texi:19351 doc/guix.texi:19358 doc/guix.texi:19367 doc/guix.texi:19383
+#: doc/guix.texi:19390 doc/guix.texi:19397 doc/guix.texi:19404 doc/guix.texi:19412 doc/guix.texi:19420
+msgid "Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11914
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean classify-override?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11917
+msgid ""
+"Specifies whether users may override the classification (cover page) of individual print jobs using the @code{job-sheets} option."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11921
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} default-auth-type default-auth-type"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11923
+msgid "Specifies the default type of authentication to use."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11925
+msgid "Defaults to @samp{Basic}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11927
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} default-encryption default-encryption"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11929
+msgid "Specifies whether encryption will be used for authenticated requests."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11931
+msgid "Defaults to @samp{Required}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11933
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string default-language"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11935
+msgid "Specifies the default language to use for text and web content."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11937
+msgid "Defaults to @samp{\"en\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11939
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string default-paper-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11944
+msgid ""
+"Specifies the default paper size for new print queues. @samp{\"Auto\"} uses a locale-specific default, while @samp{\"None\"} "
+"specifies there is no default paper size. Specific size names are typically @samp{\"Letter\"} or @samp{\"A4\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11946
+msgid "Defaults to @samp{\"Auto\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11948
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string default-policy"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11950
+msgid "Specifies the default access policy to use."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11952
+msgid "Defaults to @samp{\"default\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11954
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean default-shared?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11956
+msgid "Specifies whether local printers are shared by default."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11958 doc/guix.texi:12038 doc/guix.texi:12334 doc/guix.texi:16527 doc/guix.texi:16534 doc/guix.texi:16542
+#: doc/guix.texi:16564 doc/guix.texi:16578 doc/guix.texi:16663 doc/guix.texi:16670 doc/guix.texi:16678 doc/guix.texi:17064
+#: doc/guix.texi:17204 doc/guix.texi:17390 doc/guix.texi:17397 doc/guix.texi:17419 doc/guix.texi:17458 doc/guix.texi:17478
+#: doc/guix.texi:17492 doc/guix.texi:17632 doc/guix.texi:18662 doc/guix.texi:18750 doc/guix.texi:18766 doc/guix.texi:18816
+msgid "Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11960
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer dirty-clean-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11964
+msgid ""
+"Specifies the delay for updating of configuration and state files, in seconds. A value of 0 causes the update to happen as soon as "
+"possible, typically within a few milliseconds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11966 doc/guix.texi:12014 doc/guix.texi:12023 doc/guix.texi:12044 doc/guix.texi:12341
+msgid "Defaults to @samp{30}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11968
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} error-policy error-policy"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11974
+msgid ""
+"Specifies what to do when an error occurs. Possible values are @code{abort-job}, which will discard the failed print job; "
+"@code{retry-job}, which will retry the job at a later time; @code{retry-this-job}, which retries the failed job immediately; and "
+"@code{stop-printer}, which stops the printer."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11976
+msgid "Defaults to @samp{stop-printer}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11978
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer filter-limit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11986
+msgid ""
+"Specifies the maximum cost of filters that are run concurrently, which can be used to minimize disk, memory, and CPU resource "
+"problems. A limit of 0 disables filter limiting. An average print to a non-PostScript printer needs a filter limit of about 200. "
+"A PostScript printer needs about half that (100). Setting the limit below these thresholds will effectively limit the scheduler to "
+"printing a single job at any time."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11988 doc/guix.texi:11996 doc/guix.texi:12051 doc/guix.texi:12167 doc/guix.texi:12181 doc/guix.texi:12188
+#: doc/guix.texi:13712 doc/guix.texi:13724 doc/guix.texi:17080 doc/guix.texi:17405 doc/guix.texi:18655 doc/guix.texi:18955
+#: doc/guix.texi:19120
+msgid "Defaults to @samp{0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11990
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer filter-nice"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11994
+msgid ""
+"Specifies the scheduling priority of filters that are run to print a job. The nice value ranges from 0, the highest priority, to "
+"19, the lowest priority."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:11998
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} host-name-lookups host-name-lookups"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12005
+msgid ""
+"Specifies whether to do reverse lookups on connecting clients. The @code{double} setting causes @code{cupsd} to verify that the "
+"hostname resolved from the address matches one of the addresses returned for that hostname. Double lookups also prevent clients "
+"with unregistered addresses from connecting to your server. Only set this option to @code{#t} or @code{double} if absolutely "
+"required."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12009
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer job-kill-delay"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12012
+msgid "Specifies the number of seconds to wait before killing the filters and backend associated with a canceled or held job."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12016
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer job-retry-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12021
+msgid ""
+"Specifies the interval between retries of jobs in seconds. This is typically used for fax queues but can also be used with normal "
+"print queues whose error policy is @code{retry-job} or @code{retry-current-job}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12025
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer job-retry-limit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12030
+msgid ""
+"Specifies the number of retries that are done for jobs. This is typically used for fax queues but can also be used with normal "
+"print queues whose error policy is @code{retry-job} or @code{retry-current-job}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12032 doc/guix.texi:17884 doc/guix.texi:17904 doc/guix.texi:17920 doc/guix.texi:17934 doc/guix.texi:17941
+#: doc/guix.texi:17948 doc/guix.texi:17955 doc/guix.texi:18114 doc/guix.texi:18130 doc/guix.texi:18137 doc/guix.texi:18144
+#: doc/guix.texi:18155 doc/guix.texi:18607 doc/guix.texi:18615 doc/guix.texi:18623 doc/guix.texi:18647
+msgid "Defaults to @samp{5}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12034
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean keep-alive?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12036
+msgid "Specifies whether to support HTTP keep-alive connections."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12040
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer keep-alive-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12042
+msgid "Specifies how long an idle client connection remains open, in seconds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12046
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer limit-request-body"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12049
+msgid "Specifies the maximum size of print files, IPP requests, and HTML form data. A limit of 0 disables the limit check."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12053
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} multiline-string-list listen"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12060
+msgid ""
+"Listens on the specified interfaces for connections. Valid values are of the form @var{address}:@var{port}, where @var{address} is "
+"either an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate all addresses. Values can also be file names "
+"of local UNIX domain sockets. The Listen directive is similar to the Port directive but allows you to restrict access to specific "
+"interfaces or networks."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12062
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer listen-back-log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12069
+msgid ""
+"Specifies the number of pending connections that will be allowed. This normally only affects very busy servers that have reached "
+"the MaxClients limit, but can also be triggered by large numbers of simultaneous connections. When the limit is reached, the "
+"operating system will refuse additional connections until the scheduler can accept the pending ones."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12071
+msgid "Defaults to @samp{128}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12073
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} location-access-control-list location-access-controls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12075
+msgid "Specifies a set of additional access controls."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12077
+msgid "Available @code{location-access-controls} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12078
+#, no-wrap
+msgid "{@code{location-access-controls} parameter} file-name path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12080
+msgid "Specifies the URI path to which the access control applies."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12082
+#, no-wrap
+msgid "{@code{location-access-controls} parameter} access-control-list access-controls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12085
+msgid ""
+"Access controls for all access to this path, in the same format as the @code{access-controls} of @code{operation-access-control}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12087 doc/guix.texi:12093 doc/guix.texi:12107 doc/guix.texi:12114 doc/guix.texi:12256 doc/guix.texi:12315
+#: doc/guix.texi:12399 doc/guix.texi:12410 doc/guix.texi:14198 doc/guix.texi:16585 doc/guix.texi:16773 doc/guix.texi:17775
+#: doc/guix.texi:17835 doc/guix.texi:17843 doc/guix.texi:18670 doc/guix.texi:18677 doc/guix.texi:19088 doc/guix.texi:19182
+#: doc/guix.texi:19190 doc/guix.texi:19226 doc/guix.texi:19376 doc/guix.texi:19427 doc/guix.texi:19436
+msgid "Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12089
+#, no-wrap
+msgid "{@code{location-access-controls} parameter} method-access-control-list method-access-controls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12091
+msgid "Access controls for method-specific access to this path."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12095
+msgid "Available @code{method-access-controls} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12096
+#, no-wrap
+msgid "{@code{method-access-controls} parameter} boolean reverse?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12099
+msgid "If @code{#t}, apply access controls to all methods except the listed methods. Otherwise apply to only the listed methods."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12103
+#, no-wrap
+msgid "{@code{method-access-controls} parameter} method-list methods"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12105
+msgid "Methods to which this access control applies."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12109
+#, no-wrap
+msgid "{@code{method-access-controls} parameter} access-control-list access-controls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12112
+msgid "Access control directives, as a list of strings. Each string should be one directive, such as \"Order allow,deny\"."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12118
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer log-debug-history"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12122
+msgid ""
+"Specifies the number of debugging messages that are retained for logging if an error occurs in a print job. Debug messages are "
+"logged regardless of the LogLevel setting."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12124 doc/guix.texi:12145 doc/guix.texi:12152 doc/guix.texi:13958 doc/guix.texi:16758
+msgid "Defaults to @samp{100}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12126
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} log-level log-level"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12129
+msgid ""
+"Specifies the level of logging for the ErrorLog file. The value @code{none} stops all logging while @code{debug2} logs everything."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12131
+msgid "Defaults to @samp{info}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12133
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} log-time-format log-time-format"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12136
+msgid ""
+"Specifies the format of the date and time in the log files. The value @code{standard} logs whole seconds while @code{usecs} logs "
+"microseconds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12138
+msgid "Defaults to @samp{standard}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12140
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12143
+msgid "Specifies the maximum number of simultaneous clients that are allowed by the scheduler."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12147
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-clients-per-host"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12150
+msgid "Specifies the maximum number of simultaneous clients that are allowed from a single address."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12154
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-copies"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12157
+msgid "Specifies the maximum number of copies that a user can print of each job."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12159
+msgid "Defaults to @samp{9999}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12161
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-hold-time"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12165
+msgid ""
+"Specifies the maximum time a job may remain in the @code{indefinite} hold state before it is canceled. A value of 0 disables "
+"cancellation of held jobs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12169
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-jobs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12172
+msgid "Specifies the maximum number of simultaneous jobs that are allowed. Set to 0 to allow an unlimited number of jobs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12174
+msgid "Defaults to @samp{500}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12176
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-jobs-per-printer"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12179
+msgid ""
+"Specifies the maximum number of simultaneous jobs that are allowed per printer. A value of 0 allows up to MaxJobs jobs per printer."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12183
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-jobs-per-user"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12186
+msgid "Specifies the maximum number of simultaneous jobs that are allowed per user. A value of 0 allows up to MaxJobs jobs per user."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12190
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-job-time"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12193
+msgid ""
+"Specifies the maximum time a job may take to print before it is canceled, in seconds. Set to 0 to disable cancellation of \"stuck\" "
+"jobs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12195
+msgid "Defaults to @samp{10800}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12197
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer max-log-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12200
+msgid "Specifies the maximum size of the log files before they are rotated, in bytes. The value 0 disables log rotation."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12202
+msgid "Defaults to @samp{1048576}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12204
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer multiple-operation-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12207
+msgid "Specifies the maximum amount of time to allow between files in a multiple file print job, in seconds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12209 doc/guix.texi:12423
+msgid "Defaults to @samp{300}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12211
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string page-log-format"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12216
+msgid ""
+"Specifies the format of PageLog lines. Sequences beginning with percent (@samp{%}) characters are replaced with the corresponding "
+"information, while all other characters are copied literally. The following percent sequences are recognized:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12218
+#, no-wrap
+msgid "%%"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12220
+msgid "insert a single percent character"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12221
+#, no-wrap
+msgid "%@{name@}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12223
+msgid "insert the value of the specified IPP attribute"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12224
+#, no-wrap
+msgid "%C"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12226
+msgid "insert the number of copies for the current page"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12227
+#, no-wrap
+msgid "%P"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12229
+msgid "insert the current page number"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12230
+#, no-wrap
+msgid "%T"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12232
+msgid "insert the current date and time in common log format"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12233
+#, no-wrap
+msgid "%j"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12235
+msgid "insert the job ID"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12236 doc/guix.texi:13568
+#, no-wrap
+msgid "%p"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12238
+msgid "insert the printer name"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12239 doc/guix.texi:13591
+#, no-wrap
+msgid "%u"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12241
+msgid "insert the username"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12247
+msgid ""
+"A value of the empty string disables page logging. The string @code{%p %u %j %T %P %C %@{job-billing@} %@{job-originating-host-"
+"name@} %@{job-name@} %@{media@} %@{sides@}} creates a page log with the standard items."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12251
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} environment-variables environment-variables"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12254
+msgid "Passes the specified environment variable(s) to child processes; a list of strings."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12258
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} policy-configuration-list policies"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12260
+msgid "Specifies named access control policies."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12262
+msgid "Available @code{policy-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12263
+#, no-wrap
+msgid "{@code{policy-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12265
+msgid "Name of the policy."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12267
+#, no-wrap
+msgid "{@code{policy-configuration} parameter} string job-private-access"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12277
+msgid ""
+"Specifies an access list for a job's private values. @code{@@ACL} maps to the printer's requesting-user-name-allowed or requesting-"
+"user-name-denied values. @code{@@OWNER} maps to the job's owner. @code{@@SYSTEM} maps to the groups listed for the @code{system-"
+"group} field of the @code{files-config} configuration, which is reified into the @code{cups-files.conf(5)} file. Other possible "
+"elements of the access list include specific user names, and @code{@@@var{group}} to indicate members of a specific group. The "
+"access list may also be simply @code{all} or @code{default}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12279 doc/guix.texi:12301
+msgid "Defaults to @samp{\"@@OWNER @@SYSTEM\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12281
+#, no-wrap
+msgid "{@code{policy-configuration} parameter} string job-private-values"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12284 doc/guix.texi:12306
+msgid "Specifies the list of job values to make private, or @code{all}, @code{default}, or @code{none}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12287
+msgid "Defaults to @samp{\"job-name job-originating-host-name job-originating-user-name phone\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12289
+#, no-wrap
+msgid "{@code{policy-configuration} parameter} string subscription-private-access"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12299
+msgid ""
+"Specifies an access list for a subscription's private values. @code{@@ACL} maps to the printer's requesting-user-name-allowed or "
+"requesting-user-name-denied values. @code{@@OWNER} maps to the job's owner. @code{@@SYSTEM} maps to the groups listed for the "
+"@code{system-group} field of the @code{files-config} configuration, which is reified into the @code{cups-files.conf(5)} file. Other "
+"possible elements of the access list include specific user names, and @code{@@@var{group}} to indicate members of a specific group. "
+"The access list may also be simply @code{all} or @code{default}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12303
+#, no-wrap
+msgid "{@code{policy-configuration} parameter} string subscription-private-values"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12309
+msgid "Defaults to @samp{\"notify-events notify-pull-method notify-recipient-uri notify-subscriber-user-name notify-user-data\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12311
+#, no-wrap
+msgid "{@code{policy-configuration} parameter} operation-access-control-list access-controls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12313
+msgid "Access control by IPP operation."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12318
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-files"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12323
+msgid ""
+"Specifies whether job files (documents) are preserved after a job is printed. If a numeric value is specified, job files are "
+"preserved for the indicated number of seconds after printing. Otherwise a boolean value applies indefinitely."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12325
+msgid "Defaults to @samp{86400}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12327
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean-or-non-negative-integer preserve-job-history"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12332
+msgid ""
+"Specifies whether the job history is preserved after a job is printed. If a numeric value is specified, the job history is "
+"preserved for the indicated number of seconds after printing. If @code{#t}, the job history is preserved until the MaxJobs limit is "
+"reached."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12336
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer reload-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12339
+msgid "Specifies the amount of time to wait for job completion before restarting the scheduler."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12343
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string rip-cache"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12346
+msgid "Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12348
+msgid "Defaults to @samp{\"128m\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12350
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string server-admin"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12352
+msgid "Specifies the email address of the server administrator."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12354
+msgid "Defaults to @samp{\"root@@localhost.localdomain\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12356
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} host-name-list-or-* server-alias"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12364
+msgid ""
+"The ServerAlias directive is used for HTTP Host header validation when clients connect to the scheduler from external interfaces. "
+"Using the special name @code{*} can expose your system to known browser-based DNS rebinding attacks, even when accessing sites "
+"through a firewall. If the auto-discovery of alternate names does not work, we recommend listing each alternate name with a "
+"ServerAlias directive instead of using @code{*}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12366
+msgid "Defaults to @samp{*}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12368
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string server-name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12370
+msgid "Specifies the fully-qualified host name of the server."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12372
+msgid "Defaults to @samp{\"localhost\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12374
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} server-tokens server-tokens"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12382
+msgid ""
+"Specifies what information is included in the Server header of HTTP responses. @code{None} disables the Server header. "
+"@code{ProductOnly} reports @code{CUPS}. @code{Major} reports @code{CUPS 2}. @code{Minor} reports @code{CUPS 2.0}. @code{Minimal} "
+"reports @code{CUPS 2.0.0}. @code{OS} reports @code{CUPS 2.0.0 (@var{uname})} where @var{uname} is the output of the @code{uname} "
+"command. @code{Full} reports @code{CUPS 2.0.0 (@var{uname}) IPP/2.0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12384
+msgid "Defaults to @samp{Minimal}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12386
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} string set-env"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12388
+msgid "Set the specified environment variable to be passed to child processes."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12390
+msgid "Defaults to @samp{\"variable value\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12392
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} multiline-string-list ssl-listen"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12397
+msgid ""
+"Listens on the specified interfaces for encrypted connections. Valid values are of the form @var{address}:@var{port}, where "
+"@var{address} is either an IPv6 address enclosed in brackets, an IPv4 address, or @code{*} to indicate all addresses."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12401
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} ssl-options ssl-options"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12408
+msgid ""
+"Sets encryption options. By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. The "
+"@code{AllowRC4} option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer "
+"ones. The @code{AllowSSL3} option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12412
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean strict-conformance?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12415
+msgid "Specifies whether the scheduler requires clients to strictly adhere to the IPP specifications."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12419
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} non-negative-integer timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12421
+msgid "Specifies the HTTP request timeout, in seconds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12426
+#, no-wrap
+msgid "{@code{cups-configuration} parameter} boolean web-interface?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12428
+msgid "Specifies whether the web interface is enabled."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12438
+msgid ""
+"At this point you're probably thinking ``oh dear, Guix manual, I like you but you can stop already with the configuration "
+"options''. Indeed. However, one more point: it could be that you have an existing @code{cupsd.conf} that you want to use. In that "
+"case, you can pass an @code{opaque-cups-configuration} as the configuration of a @code{cups-service-type}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12440
+msgid "Available @code{opaque-cups-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12441
+#, no-wrap
+msgid "{@code{opaque-cups-configuration} parameter} package cups"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12445
+#, no-wrap
+msgid "{@code{opaque-cups-configuration} parameter} string cupsd.conf"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12447
+msgid "The contents of the @code{cupsd.conf}, as a string."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12449
+#, no-wrap
+msgid "{@code{opaque-cups-configuration} parameter} string cups-files.conf"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12451
+msgid "The contents of the @code{cups-files.conf} file, as a string."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12456
+msgid ""
+"For example, if your @code{cupsd.conf} and @code{cups-files.conf} are in strings of the same name, you could instantiate a CUPS "
+"service like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:12462
+#, no-wrap
+msgid ""
+"(service cups-service-type\n"
+" (opaque-cups-configuration\n"
+" (cupsd.conf cupsd.conf)\n"
+" (cups-files.conf cups-files.conf)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12473
+msgid ""
+"The @code{(gnu services desktop)} module provides services that are usually useful in the context of a ``desktop'' setup---that is, "
+"on a machine running a graphical display server, possibly with graphical user interfaces, etc. It also defines services that "
+"provide specific desktop environments like GNOME, XFCE or MATE."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12477
+msgid ""
+"To simplify things, the module defines a variable containing the set of services that users typically expect on a machine with a "
+"graphical environment and networking:"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12478
+#, no-wrap
+msgid "{Scheme Variable} %desktop-services"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12481
+msgid "This is a list of services that builds upon @var{%base-services} and adds or adjusts services for a typical ``desktop'' setup."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12491
+msgid ""
+"In particular, it adds a graphical login manager (@pxref{X Window, @code{slim-service}}), screen lockers, a network management tool "
+"(@pxref{Networking Services, @code{network-manager-service-type}}), energy and color management services, the @code{elogind} login "
+"and seat manager, the Polkit privilege service, the GeoClue location service, the AccountsService daemon that allows authorized "
+"users change system passwords, an NTP client (@pxref{Networking Services}), the Avahi daemon, and has the name service switch "
+"service configured to be able to use @code{nss-mdns} (@pxref{Name Service Switch, mDNS})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12496
+msgid ""
+"The @var{%desktop-services} variable can be used as the @code{services} field of an @code{operating-system} declaration "
+"(@pxref{operating-system Reference, @code{services}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12516
+msgid ""
+"Additionally, the @code{gnome-desktop-service}, @code{xfce-desktop-service} and @code{mate-desktop-service} procedures can add "
+"GNOME, XFCE and/or MATE to a system. To ``add GNOME'' means that system-level services like the backlight adjustment helpers and "
+"the power management utilities are added to the system, extending @code{polkit} and @code{dbus} appropriately, allowing GNOME to "
+"operate with elevated privileges on a limited number of special-purpose system interfaces. Additionally, adding a service made by "
+"@code{gnome-desktop-service} adds the GNOME metapackage to the system profile. Likewise, adding the XFCE service not only adds the "
+"@code{xfce} metapackage to the system profile, but it also gives the Thunar file manager the ability to open a ``root-mode'' file "
+"management window, if the user authenticates using the administrator's password via the standard polkit graphical interface. To "
+"``add MATE'' means that @code{polkit} and @code{dbus} are extended appropriately, allowing MATE to operate with elevated privileges "
+"on a limited number of special-purpose system interfaces. Additionally, adding a service made by @code{mate-desktop-service} adds "
+"the MATE metapackage to the system profile."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12525
+msgid ""
+"The desktop environments in Guix use the Xorg display server by default. If you'd like to use the newer display server protocol "
+"called Wayland, you need to use the @code{sddm-service} instead of the @code{slim-service} for the graphical login manager. You "
+"should then select the ``GNOME (Wayland)'' session in SDDM. Alternatively you can also try starting GNOME on Wayland manually from "
+"a TTY with the command ``XDG_SESSION_TYPE=wayland exec dbus-run-session gnome-session``. Currently only GNOME has support for "
+"Wayland."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12526
+#, no-wrap
+msgid "{Scheme Procedure} gnome-desktop-service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12530
+msgid ""
+"Return a service that adds the @code{gnome} package to the system profile, and extends polkit with the actions from @code{gnome-"
+"settings-daemon}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12532
+#, no-wrap
+msgid "{Scheme Procedure} xfce-desktop-service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12537
+msgid ""
+"Return a service that adds the @code{xfce} package to the system profile, and extends polkit with the ability for @code{thunar} to "
+"manipulate the file system as root from within a user session, after the user has authenticated with the administrator's password."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12539
+#, no-wrap
+msgid "{Scheme Procedure} mate-desktop-service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12543
+msgid ""
+"Return a service that adds the @code{mate} package to the system profile, and extends polkit with the actions from @code{mate-"
+"settings-daemon}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12550
+msgid ""
+"Because the GNOME, XFCE and MATE desktop services pull in so many packages, the default @code{%desktop-services} variable doesn't "
+"include either of them by default. To add GNOME, XFCE or MATE, just @code{cons} them onto @code{%desktop-services} in the "
+"@code{services} field of your @code{operating-system}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:12561
+#, no-wrap
+msgid ""
+"(use-modules (gnu))\n"
+"(use-service-modules desktop)\n"
+"(operating-system\n"
+" ...\n"
+" ;; cons* adds items to the list given as its last argument.\n"
+" (services (cons* (gnome-desktop-service)\n"
+" (xfce-desktop-service)\n"
+" %desktop-services))\n"
+" ...)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12565
+msgid "These desktop environments will then be available as options in the graphical login window."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12569
+msgid ""
+"The actual service definitions included in @code{%desktop-services} and provided by @code{(gnu services dbus)} and @code{(gnu "
+"services desktop)} are described below."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12570
+#, no-wrap
+msgid "{Scheme Procedure} dbus-service [#:dbus @var{dbus}] [#:services '()]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12573
+msgid "Return a service that runs the ``system bus'', using @var{dbus}, with support for @var{services}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12577
+msgid ""
+"@uref{http://dbus.freedesktop.org/, D-Bus} is an inter-process communication facility. Its system bus is used to allow system "
+"services to communicate and to be notified of system-wide events."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12582
+msgid ""
+"@var{services} must be a list of packages that provide an @file{etc/dbus-1/system.d} directory containing additional D-Bus "
+"configuration and policy files. For example, to allow avahi-daemon to use the system bus, @var{services} must be equal to "
+"@code{(list avahi)}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12584
+#, no-wrap
+msgid "{Scheme Procedure} elogind-service [#:config @var{config}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12590
+msgid ""
+"Return a service that runs the @code{elogind} login and seat management daemon. @uref{https://github.com/elogind/elogind, Elogind} "
+"exposes a D-Bus interface that can be used to know which users are logged in, know what kind of sessions they have open, suspend the "
+"system, inhibit system suspend, reboot the system, and other tasks."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12594
+msgid ""
+"Elogind handles most system-level power events for a computer, for example suspending the system when a lid is closed, or shutting "
+"it down when the power button is pressed."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12599
+msgid ""
+"The @var{config} keyword argument specifies the configuration for elogind, and should be the result of an @code{(elogind-"
+"configuration (@var{parameter} @var{value})...)} invocation. Available parameters and their default values are:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12601
+#, no-wrap
+msgid "kill-user-processes?"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12603 doc/guix.texi:12621 doc/guix.texi:12623 doc/guix.texi:12625 doc/guix.texi:12637
+msgid "#f"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12603
+#, no-wrap
+msgid "kill-only-users"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12605 doc/guix.texi:12643
+msgid "()"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12605
+#, no-wrap
+msgid "kill-exclude-users"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12607
+msgid "(\"root\")"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12607
+#, no-wrap
+msgid "inhibit-delay-max-seconds"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12609
+msgid "5"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12609
+#, no-wrap
+msgid "handle-power-key"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12611
+msgid "poweroff"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12611
+#, no-wrap
+msgid "handle-suspend-key"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12613 doc/guix.texi:12617
+msgid "suspend"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12613
+#, no-wrap
+msgid "handle-hibernate-key"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12615
+msgid "hibernate"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12615
+#, no-wrap
+msgid "handle-lid-switch"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12617
+#, no-wrap
+msgid "handle-lid-switch-docked"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12619 doc/guix.texi:12631
+msgid "ignore"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12619
+#, no-wrap
+msgid "power-key-ignore-inhibited?"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12621
+#, no-wrap
+msgid "suspend-key-ignore-inhibited?"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12623
+#, no-wrap
+msgid "hibernate-key-ignore-inhibited?"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12625
+#, no-wrap
+msgid "lid-switch-ignore-inhibited?"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12627 doc/guix.texi:12639
+msgid "#t"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12627
+#, no-wrap
+msgid "holdoff-timeout-seconds"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12629
+msgid "30"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12629
+#, no-wrap
+msgid "idle-action"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12631
+#, no-wrap
+msgid "idle-action-seconds"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12633
+msgid "(* 30 60)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12633
+#, no-wrap
+msgid "runtime-directory-size-percent"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12635
+msgid "10"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12635
+#, no-wrap
+msgid "runtime-directory-size"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12637
+#, no-wrap
+msgid "remove-ipc?"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12639
+#, no-wrap
+msgid "suspend-state"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12641
+msgid "(\"mem\" \"standby\" \"freeze\")"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12641
+#, no-wrap
+msgid "suspend-mode"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12643
+#, no-wrap
+msgid "hibernate-state"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12645 doc/guix.texi:12649
+msgid "(\"disk\")"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12645
+#, no-wrap
+msgid "hibernate-mode"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12647
+msgid "(\"platform\" \"shutdown\")"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12647
+#, no-wrap
+msgid "hybrid-sleep-state"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12649
+#, no-wrap
+msgid "hybrid-sleep-mode"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12651
+msgid "(\"suspend\" \"platform\" \"shutdown\")"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12654
+#, no-wrap
+msgid "{Scheme Procedure} accountsservice-service @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12662
+msgid ""
+"[#:accountsservice @var{accountsservice}] Return a service that runs AccountsService, a system service that can list available "
+"accounts, change their passwords, and so on. AccountsService integrates with PolicyKit to enable unprivileged users to acquire the "
+"capability to modify their system configuration. @uref{https://www.freedesktop.org/wiki/Software/AccountsService/, the "
+"accountsservice web site} for more information."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12665
+msgid "The @var{accountsservice} keyword argument is the @code{accountsservice} package to expose as a service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12667
+#, no-wrap
+msgid "{Scheme Procedure} polkit-service @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12676
+msgid ""
+"[#:polkit @var{polkit}] Return a service that runs the @uref{http://www.freedesktop.org/wiki/Software/polkit/, Polkit privilege "
+"management service}, which allows system administrators to grant access to privileged operations in a structured way. By querying "
+"the Polkit service, a privileged system component can know when it should grant additional capabilities to ordinary users. For "
+"example, an ordinary user can be granted the capability to suspend the system if the user is logged in locally."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12678
+#, no-wrap
+msgid "{Scheme Procedure} upower-service [#:upower @var{upower}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12695
+msgid ""
+"[#:watts-up-pro? #f] @ [#:poll-batteries? #t] @ [#:ignore-lid? #f] @ [#:use-percentage-for-policy? #f] @ [#:percentage-low 10] @ [#:"
+"percentage-critical 3] @ [#:percentage-action 2] @ [#:time-low 1200] @ [#:time-critical 300] @ [#:time-action 120] @ [#:critical-"
+"power-action 'hybrid-sleep] Return a service that runs @uref{http://upower.freedesktop.org/, @command{upowerd}}, a system-wide "
+"monitor for power consumption and battery levels, with the given configuration settings. It implements the @code{org.freedesktop."
+"UPower} D-Bus interface, and is notably used by GNOME."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12697
+#, no-wrap
+msgid "{Scheme Procedure} udisks-service [#:udisks @var{udisks}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12702
+msgid ""
+"Return a service for @uref{http://udisks.freedesktop.org/docs/latest/, UDisks}, a @dfn{disk management} daemon that provides user "
+"interfaces with notifications and ways to mount/unmount disks. Programs that talk to UDisks include the @command{udisksctl} "
+"command, part of UDisks, and GNOME Disks."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12704
+#, no-wrap
+msgid "{Scheme Procedure} colord-service [#:colord @var{colord}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12710
+msgid ""
+"Return a service that runs @command{colord}, a system service with a D-Bus interface to manage the color profiles of input and "
+"output devices such as screens and scanners. It is notably used by the GNOME Color Manager graphical tool. See @uref{http://www."
+"freedesktop.org/software/colord/, the colord web site} for more information."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12712
+#, no-wrap
+msgid "{Scheme Procedure} geoclue-application name [#:allowed? #t] [#:system? #f] [#:users '()]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12721
+msgid ""
+"Return a configuration allowing an application to access GeoClue location data. @var{name} is the Desktop ID of the application, "
+"without the @code{.desktop} part. If @var{allowed?} is true, the application will have access to location information by default. "
+"The boolean @var{system?} value indicates whether an application is a system component or not. Finally @var{users} is a list of "
+"UIDs of all users for which this application is allowed location info access. An empty users list means that all users are allowed."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12723
+#, no-wrap
+msgid "{Scheme Variable} %standard-geoclue-applications"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12730
+msgid ""
+"The standard list of well-known GeoClue application configurations, granting authority to the GNOME date-and-time utility to ask for "
+"the current location in order to set the time zone, and allowing the IceCat and Epiphany web browsers to request location "
+"information. IceCat and Epiphany both query the user before allowing a web page to know the user's location."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12732
+#, no-wrap
+msgid "{Scheme Procedure} geoclue-service [#:colord @var{colord}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12745
+msgid ""
+"[#:whitelist '()] @ [#:wifi-geolocation-url \"https://location.services.mozilla.com/v1/geolocate?key=geoclue\"] @ [#:submit-data? "
+"#f] [#:wifi-submission-url \"https://location.services.mozilla.com/v1/submit?key=geoclue\"] @ [#:submission-nick \"geoclue\"] @ [#:"
+"applications %standard-geoclue-applications] Return a service that runs the GeoClue location service. This service provides a D-Bus "
+"interface to allow applications to request access to a user's physical location, and optionally to add information to online "
+"location databases. See @uref{https://wiki.freedesktop.org/www/Software/GeoClue/, the GeoClue web site} for more information."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12747
+#, no-wrap
+msgid "{Scheme Procedure} bluetooth-service [#:bluez @var{bluez}] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12754
+msgid ""
+"[@w{#:auto-enable? #f}] Return a service that runs the @command{bluetoothd} daemon, which manages all the Bluetooth devices and "
+"provides a number of D-Bus interfaces. When AUTO-ENABLE? is true, the bluetooth controller is powered automatically at boot, which "
+"can be useful when using a bluetooth keyboard or mouse."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12756
+msgid "Users need to be in the @code{lp} group to access the D-Bus service."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:12762
+#, no-wrap
+msgid "SQL"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12764
+msgid "The @code{(gnu services databases)} module provides the following services."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12765
+#, no-wrap
+msgid "{Scheme Procedure} postgresql-service [#:postgresql postgresql] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12770
+msgid ""
+"[#:config-file] [#:data-directory ``/var/lib/postgresql/data''] @ [#:port 5432] [#:locale ``en_US.utf8''] Return a service that runs "
+"@var{postgresql}, the PostgreSQL database server."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12774
+msgid ""
+"The PostgreSQL daemon loads its runtime configuration from @var{config-file}, creates a database cluster with @var{locale} as the "
+"default locale, stored in @var{data-directory}. It then listens on @var{port}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12776
+#, no-wrap
+msgid "{Scheme Procedure} mysql-service [#:config (mysql-configuration)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12779
+msgid "Return a service that runs @command{mysqld}, the MySQL or MariaDB database server."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12782
+msgid ""
+"The optional @var{config} argument specifies the configuration for @command{mysqld}, which should be a @code{<mysql-configuration>} "
+"object."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12784
+#, no-wrap
+msgid "{Data Type} mysql-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12786
+msgid "Data type representing the configuration of @var{mysql-service}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12788
+#, no-wrap
+msgid "@code{mysql} (default: @var{mariadb})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12791
+msgid "Package object of the MySQL database server, can be either @var{mariadb} or @var{mysql}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12794
+msgid "For MySQL, a temporary root password will be displayed at activation time. For MariaDB, the root password is empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12795
+#, no-wrap
+msgid "@code{port} (default: @code{3306})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12797
+msgid "TCP port on which the database server listens for incoming connections."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12800
+#, no-wrap
+msgid "{Scheme Variable} memcached-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12804
+msgid ""
+"This is the service type for the @uref{https://memcached.org/, Memcached} service, which provides a distributed in memory cache. "
+"The value for the service type is a @code{memcached-configuration} object."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:12808
+#, no-wrap
+msgid "(service memcached-service-type)\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12810
+#, no-wrap
+msgid "{Data Type} memcached-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12812
+msgid "Data type representing the configuration of memcached."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12814
+#, no-wrap
+msgid "@code{memcached} (default: @code{memcached})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12816
+msgid "The Memcached package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12817
+#, no-wrap
+msgid "@code{interfaces} (default: @code{'(\"0.0.0.0\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12819
+msgid "Network interfaces on which to listen."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12820
+#, no-wrap
+msgid "@code{tcp-port} (default: @code{11211})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12822
+msgid "Port on which to accept connections on,"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12823
+#, no-wrap
+msgid "@code{udp-port} (default: @code{11211})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12826
+msgid "Port on which to accept UDP connections on, a value of 0 will disable listening on a UDP socket."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12827
+#, no-wrap
+msgid "@code{additional-options} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12829
+msgid "Additional command line options to pass to @code{memcached}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12832
+#, no-wrap
+msgid "{Scheme Variable} mongodb-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12835
+msgid ""
+"This is the service type for @uref{https://www.mongodb.com/, MongoDB}. The value for the service type is a @code{mongodb-"
+"configuration} object."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:12839
+#, no-wrap
+msgid "(service mongodb-service-type)\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12841
+#, no-wrap
+msgid "{Data Type} mongodb-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12843
+msgid "Data type representing the configuration of mongodb."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12845
+#, no-wrap
+msgid "@code{mongodb} (default: @code{mongodb})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12847
+msgid "The MongoDB package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12848
+#, no-wrap
+msgid "@code{config-file} (default: @code{%default-mongodb-configuration-file})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12850
+msgid "The configuration file for MongoDB."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12851
+#, no-wrap
+msgid "@code{data-directory} (default: @code{\"/var/lib/mongodb\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12855
+msgid ""
+"This value is used to create the directory, so that it exists and is owned by the mongodb user. It should match the data-directory "
+"which MongoDB is configured to use through the configuration file."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12858
+#, no-wrap
+msgid "{Scheme Variable} redis-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:12861
+msgid ""
+"This is the service type for the @uref{https://redis.io/, Redis} key/value store, whose value is a @code{redis-configuration} object."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12863
+#, no-wrap
+msgid "{Data Type} redis-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:12865
+msgid "Data type representing the configuration of redis."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12867
+#, no-wrap
+msgid "@code{redis} (default: @code{redis})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12869
+msgid "The Redis package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12870
+#, no-wrap
+msgid "@code{bind} (default: @code{\"127.0.0.1\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12872
+msgid "Network interface on which to listen."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12873
+#, no-wrap
+msgid "@code{port} (default: @code{6379})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12876
+msgid "Port on which to accept connections on, a value of 0 will disable listening on a TCP socket."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:12877
+#, no-wrap
+msgid "@code{working-directory} (default: @code{\"/var/lib/redis\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:12879
+msgid "Directory in which to store the database and related files."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:12885
+#, no-wrap
+msgid "mail"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:12886 doc/guix.texi:15981
+#, no-wrap
+msgid "email"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12891
+msgid ""
+"The @code{(gnu services mail)} module provides Guix service definitions for email services: IMAP, POP3, and LMTP servers, as well as "
+"mail transport agents (MTAs). Lots of acronyms! These services are detailed in the subsections below."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:12892
+#, no-wrap
+msgid "Dovecot Service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12894
+#, no-wrap
+msgid "{Scheme Procedure} dovecot-service [#:config (dovecot-configuration)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:12896
+msgid "Return a service that runs the Dovecot IMAP/POP3/LMTP mail server."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12906
+msgid ""
+"By default, Dovecot does not need much configuration; the default configuration object created by @code{(dovecot-configuration)} "
+"will suffice if your mail is delivered to @code{~/Maildir}. A self-signed certificate will be generated for TLS-protected "
+"connections, though Dovecot will also listen on cleartext ports by default. There are a number of options, though, which mail "
+"administrators might need to change, and as is the case with other services, Guix allows the system administrator to specify these "
+"parameters via a uniform Scheme interface."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12909
+msgid "For example, to specify that mail is located at @code{maildir~/.mail}, one would instantiate the Dovecot service like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:12914
+#, no-wrap
+msgid ""
+"(dovecot-service #:config\n"
+" (dovecot-configuration\n"
+" (mail-location \"maildir:~/.mail\")))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12922
+msgid ""
+"The available configuration parameters follow. Each parameter definition is preceded by its type; for example, @samp{string-list "
+"foo} indicates that the @code{foo} parameter should be specified as a list of strings. There is also a way to specify the "
+"configuration as a string, if you have an old @code{dovecot.conf} file that you want to port over from some other system; see the "
+"end for more details."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:12932
+msgid "Available @code{dovecot-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12933
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} package dovecot"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12935 doc/guix.texi:14222
+msgid "The dovecot package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12937
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} comma-separated-string-list listen"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12943
+msgid ""
+"A list of IPs or hosts where to listen for connections. @samp{*} listens on all IPv4 interfaces, @samp{::} listens on all IPv6 "
+"interfaces. If you want to specify non-default ports or anything more complex, customize the address and port fields of the "
+"@samp{inet-listener} of the specific services you are interested in."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12945
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} protocol-configuration-list protocols"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12948
+msgid "List of protocols we want to serve. Available protocols include @samp{imap}, @samp{pop3}, and @samp{lmtp}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12950
+msgid "Available @code{protocol-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12951
+#, no-wrap
+msgid "{@code{protocol-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12953
+msgid "The name of the protocol."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12955
+#, no-wrap
+msgid "{@code{protocol-configuration} parameter} string auth-socket-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12959
+msgid ""
+"UNIX socket path to the master authentication server to find users. This is used by imap (for shared users) and lda. It defaults "
+"to @samp{\"/var/run/dovecot/auth-userdb\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12961
+#, no-wrap
+msgid "{@code{protocol-configuration} parameter} space-separated-string-list mail-plugins"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12963
+msgid "Space separated list of plugins to load."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12965
+#, no-wrap
+msgid "{@code{protocol-configuration} parameter} non-negative-integer mail-max-userip-connections"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12969
+msgid ""
+"Maximum number of IMAP connections allowed for a user from each IP address. NOTE: The username is compared case-sensitively. "
+"Defaults to @samp{10}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12973
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} service-configuration-list services"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12977
+msgid ""
+"List of services to enable. Available services include @samp{imap}, @samp{imap-login}, @samp{pop3}, @samp{pop3-login}, @samp{auth}, "
+"and @samp{lmtp}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12979
+msgid "Available @code{service-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12980
+#, no-wrap
+msgid "{@code{service-configuration} parameter} string kind"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12985
+msgid ""
+"The service kind. Valid values include @code{director}, @code{imap-login}, @code{pop3-login}, @code{lmtp}, @code{imap}, "
+"@code{pop3}, @code{auth}, @code{auth-worker}, @code{dict}, @code{tcpwrap}, @code{quota-warning}, or anything else."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12987
+#, no-wrap
+msgid "{@code{service-configuration} parameter} listener-configuration-list listeners"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12992
+msgid ""
+"Listeners for the service. A listener is either a @code{unix-listener-configuration}, a @code{fifo-listener-configuration}, or an "
+"@code{inet-listener-configuration}. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12994
+msgid "Available @code{unix-listener-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12995
+#, no-wrap
+msgid "{@code{unix-listener-configuration} parameter} string path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:12998 doc/guix.texi:13021
+msgid "Path to the file, relative to @code{base-dir} field. This is also used as the section name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13000
+#, no-wrap
+msgid "{@code{unix-listener-configuration} parameter} string mode"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13003 doc/guix.texi:13026
+msgid "The access mode for the socket. Defaults to @samp{\"0600\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13005
+#, no-wrap
+msgid "{@code{unix-listener-configuration} parameter} string user"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13008 doc/guix.texi:13031
+msgid "The user to own the socket. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13010
+#, no-wrap
+msgid "{@code{unix-listener-configuration} parameter} string group"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13013 doc/guix.texi:13036
+msgid "The group to own the socket. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13017
+msgid "Available @code{fifo-listener-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13018
+#, no-wrap
+msgid "{@code{fifo-listener-configuration} parameter} string path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13023
+#, no-wrap
+msgid "{@code{fifo-listener-configuration} parameter} string mode"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13028
+#, no-wrap
+msgid "{@code{fifo-listener-configuration} parameter} string user"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13033
+#, no-wrap
+msgid "{@code{fifo-listener-configuration} parameter} string group"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13040
+msgid "Available @code{inet-listener-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13041
+#, no-wrap
+msgid "{@code{inet-listener-configuration} parameter} string protocol"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13043
+msgid "The protocol to listen for."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13045
+#, no-wrap
+msgid "{@code{inet-listener-configuration} parameter} string address"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13048
+msgid "The address on which to listen, or empty for all addresses. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13050
+#, no-wrap
+msgid "{@code{inet-listener-configuration} parameter} non-negative-integer port"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13052
+msgid "The port on which to listen."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13054
+#, no-wrap
+msgid "{@code{inet-listener-configuration} parameter} boolean ssl?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13058
+msgid "Whether to use SSL for this service; @samp{yes}, @samp{no}, or @samp{required}. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13062
+#, no-wrap
+msgid "{@code{service-configuration} parameter} non-negative-integer service-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13067
+msgid ""
+"Number of connections to handle before starting a new process. Typically the only useful values are 0 (unlimited) or 1. 1 is more "
+"secure, but 0 is faster. <doc/wiki/LoginProcess.txt>. Defaults to @samp{1}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13069
+#, no-wrap
+msgid "{@code{service-configuration} parameter} non-negative-integer process-min-avail"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13072
+msgid "Number of processes to always keep waiting for more connections. Defaults to @samp{0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13074
+#, no-wrap
+msgid "{@code{service-configuration} parameter} non-negative-integer vsz-limit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13078
+msgid "If you set @samp{service-count 0}, you probably need to grow this. Defaults to @samp{256000000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13082
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} dict-configuration dict"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13085
+msgid "Dict configuration, as created by the @code{dict-configuration} constructor."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13087
+msgid "Available @code{dict-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13088
+#, no-wrap
+msgid "{@code{dict-configuration} parameter} free-form-fields entries"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13091
+msgid "A list of key-value pairs that this dict should hold. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13095
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} passdb-configuration-list passdbs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13098
+msgid "A list of passdb configurations, each one created by the @code{passdb-configuration} constructor."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13100
+msgid "Available @code{passdb-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13101
+#, no-wrap
+msgid "{@code{passdb-configuration} parameter} string driver"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13106
+msgid ""
+"The driver that the passdb should use. Valid values include @samp{pam}, @samp{passwd}, @samp{shadow}, @samp{bsdauth}, and "
+"@samp{static}. Defaults to @samp{\"pam\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13108
+#, no-wrap
+msgid "{@code{passdb-configuration} parameter} space-separated-string-list args"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13111
+msgid "Space separated list of arguments to the passdb driver. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13115
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} userdb-configuration-list userdbs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13118
+msgid "List of userdb configurations, each one created by the @code{userdb-configuration} constructor."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13120
+msgid "Available @code{userdb-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13121
+#, no-wrap
+msgid "{@code{userdb-configuration} parameter} string driver"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13125
+msgid "The driver that the userdb should use. Valid values include @samp{passwd} and @samp{static}. Defaults to @samp{\"passwd\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13127
+#, no-wrap
+msgid "{@code{userdb-configuration} parameter} space-separated-string-list args"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13130
+msgid "Space separated list of arguments to the userdb driver. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13132
+#, no-wrap
+msgid "{@code{userdb-configuration} parameter} free-form-args override-fields"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13135
+msgid "Override fields from passwd. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13139
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} plugin-configuration plugin-configuration"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13142
+msgid "Plug-in configuration, created by the @code{plugin-configuration} constructor."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13144
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} list-of-namespace-configuration namespaces"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13147
+msgid "List of namespaces. Each item in the list is created by the @code{namespace-configuration} constructor."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13149
+msgid "Available @code{namespace-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13150
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13152
+msgid "Name for this namespace."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13154
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} string type"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13157
+msgid "Namespace type: @samp{private}, @samp{shared} or @samp{public}. Defaults to @samp{\"private\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13159
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} string separator"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13165
+msgid ""
+"Hierarchy separator to use. You should use the same separator for all namespaces or some clients get confused. @samp{/} is usually "
+"a good one. The default however depends on the underlying mail storage format. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13167
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} string prefix"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13171
+msgid ""
+"Prefix required to access this namespace. This needs to be different for all namespaces. For example @samp{Public/}. Defaults to "
+"@samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13173
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} string location"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13177
+msgid ""
+"Physical location of the mailbox. This is in the same format as mail_location, which is also the default for it. Defaults to "
+"@samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13179
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} boolean inbox?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13183
+msgid "There can be only one INBOX, and this setting defines which namespace has it. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13185
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} boolean hidden?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13193
+msgid ""
+"If namespace is hidden, it's not advertised to clients via NAMESPACE extension. You'll most likely also want to set @samp{list? "
+"#f}. This is mostly useful when converting from another server with different namespaces which you want to deprecate but still keep "
+"working. For example you can create hidden namespaces with prefixes @samp{~/mail/}, @samp{~%u/mail/} and @samp{mail/}. Defaults to "
+"@samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13195
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} boolean list?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13201
+msgid ""
+"Show the mailboxes under this namespace with the LIST command. This makes the namespace visible for clients that do not support the "
+"NAMESPACE extension. The special @code{children} value lists child mailboxes, but hides the namespace prefix. Defaults to "
+"@samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13203
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} boolean subscriptions?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13208
+msgid ""
+"Namespace handles its own subscriptions. If set to @code{#f}, the parent namespace handles them. The empty prefix should always "
+"have this as @code{#t}). Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13210
+#, no-wrap
+msgid "{@code{namespace-configuration} parameter} mailbox-configuration-list mailboxes"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13213
+msgid "List of predefined mailboxes in this namespace. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13215
+msgid "Available @code{mailbox-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13216
+#, no-wrap
+msgid "{@code{mailbox-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13218
+msgid "Name for this mailbox."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13220
+#, no-wrap
+msgid "{@code{mailbox-configuration} parameter} string auto"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13224
+msgid ""
+"@samp{create} will automatically create this mailbox. @samp{subscribe} will both create and subscribe to the mailbox. Defaults to "
+"@samp{\"no\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13226
+#, no-wrap
+msgid "{@code{mailbox-configuration} parameter} space-separated-string-list special-use"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13231
+msgid ""
+"List of IMAP @code{SPECIAL-USE} attributes as specified by RFC 6154. Valid values are @code{\\All}, @code{\\Archive}, "
+"@code{\\Drafts}, @code{\\Flagged}, @code{\\Junk}, @code{\\Sent}, and @code{\\Trash}. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13237
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} file-name base-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13240
+msgid "Base directory where to store runtime data. Defaults to @samp{\"/var/run/dovecot/\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13242
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string login-greeting"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13245
+msgid "Greeting message for clients. Defaults to @samp{\"Dovecot ready.\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13247
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list login-trusted-networks"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13254
+msgid ""
+"List of trusted network ranges. Connections from these IPs are allowed to override their IP addresses and ports (for logging and "
+"for authentication checks). @samp{disable-plaintext-auth} is also ignored for these networks. Typically you would specify your "
+"IMAP proxy servers here. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13256
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list login-access-sockets"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13259
+msgid "List of login access check sockets (e.g. tcpwrap). Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13261
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean verbose-proctitle?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13267
+msgid ""
+"Show more verbose process titles (in ps). Currently shows user name and IP address. Useful for seeing who is actually using the "
+"IMAP processes (e.g. shared mailboxes or if the same uid is used for multiple accounts). Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13269
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean shutdown-clients?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13275
+msgid ""
+"Should all processes be killed when Dovecot master process shuts down. Setting this to @code{#f} means that Dovecot can be upgraded "
+"without forcing existing client connections to close (although that could also be a problem if the upgrade is e.g. due to a security "
+"fix). Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13277
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer doveadm-worker-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13281
+msgid ""
+"If non-zero, run mail commands via this many connections to doveadm server, instead of running them directly in the same process. "
+"Defaults to @samp{0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13283
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string doveadm-socket-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13286
+msgid "UNIX socket or host:port used for connecting to doveadm server. Defaults to @samp{\"doveadm-server\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13288
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list import-environment"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13292
+msgid ""
+"List of environment variables that are preserved on Dovecot startup and passed down to all of its child processes. You can also "
+"give key=value pairs to always set specific settings."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13294
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean disable-plaintext-auth?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13301
+msgid ""
+"Disable LOGIN command and all other plaintext authentications unless SSL/TLS is used (LOGINDISABLED capability). Note that if the "
+"remote IP matches the local IP (i.e. you're connecting from the same computer), the connection is considered secure and plaintext "
+"authentication is allowed. See also ssl=required setting. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13303
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer auth-cache-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13308
+msgid ""
+"Authentication cache size (e.g. @samp{#e10e6}). 0 means it's disabled. Note that bsdauth, PAM and vpopmail require @samp{cache-"
+"key} to be set for caching to be used. Defaults to @samp{0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13310
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-cache-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13318
+msgid ""
+"Time to live for cached data. After TTL expires the cached record is no longer used, *except* if the main database lookup returns "
+"internal failure. We also try to handle password changes automatically: If user's previous authentication was successful, but this "
+"one wasn't, the cache isn't used. For now this works only with plaintext authentication. Defaults to @samp{\"1 hour\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13320
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-cache-negative-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13324
+msgid "TTL for negative hits (user not found, password mismatch). 0 disables caching them completely. Defaults to @samp{\"1 hour\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13326
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list auth-realms"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13332
+msgid ""
+"List of realms for SASL authentication mechanisms that need them. You can leave it empty if you don't want to support multiple "
+"realms. Many clients simply use the first one listed here, so keep the default realm first. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13334
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-default-realm"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13339
+msgid ""
+"Default realm/domain to use if none was specified. This is used for both SASL realms and appending @@domain to username in "
+"plaintext logins. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13341
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-username-chars"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13348
+msgid ""
+"List of allowed characters in username. If the user-given username contains a character not listed in here, the login automatically "
+"fails. This is just an extra check to make sure user can't exploit any potential quote escaping vulnerabilities with SQL/LDAP "
+"databases. If you want to allow all characters, set this value to empty. Defaults to "
+"@samp{\"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@@\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13350
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-username-translation"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13356
+msgid ""
+"Username character translations before it's looked up from databases. The value contains series of from -> to characters. For "
+"example @samp{#@@/@@} means that @samp{#} and @samp{/} characters are translated to @samp{@@}. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13358
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-username-format"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13365
+msgid ""
+"Username formatting before it's looked up from databases. You can use the standard variables here, e.g. %Lu would lowercase the "
+"username, %n would drop away the domain if it was given, or @samp{%n-AT-%d} would change the @samp{@@} into @samp{-AT-}. This "
+"translation is done after @samp{auth-username-translation} changes. Defaults to @samp{\"%Lu\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13367
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-master-user-separator"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13375
+msgid ""
+"If you want to allow master users to log in by specifying the master username within the normal username string (i.e. not using SASL "
+"mechanism's support for it), you can specify the separator character here. The format is then <username><separator><master "
+"username>. UW-IMAP uses @samp{*} as the separator, so that could be a good choice. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13377
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-anonymous-username"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13381
+msgid "Username to use for users logging in with ANONYMOUS SASL mechanism. Defaults to @samp{\"anonymous\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13383
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer auth-worker-max-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13388
+msgid ""
+"Maximum number of dovecot-auth worker processes. They're used to execute blocking passdb and userdb queries (e.g. MySQL and PAM). "
+"They're automatically created and destroyed as needed. Defaults to @samp{30}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13390
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-gssapi-hostname"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13395
+msgid ""
+"Host name to use in GSSAPI principal names. The default is to use the name returned by gethostname(). Use @samp{$ALL} (with "
+"quotes) to allow all keytab entries. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13397
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-krb5-keytab"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13403
+msgid ""
+"Kerberos keytab to use for the GSSAPI mechanism. Will use the system default (usually @file{/etc/krb5.keytab}) if not specified. "
+"You may need to change the auth service to run as root to be able to read this file. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13405
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-use-winbind?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13410
+msgid ""
+"Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and @samp{ntlm-auth} helper. <doc/wiki/Authentication/Mechanisms/"
+"Winbind.txt>. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13412
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} file-name auth-winbind-helper-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13415
+msgid "Path for Samba's @samp{ntlm-auth} helper binary. Defaults to @samp{\"/usr/bin/ntlm_auth\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13417
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string auth-failure-delay"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13420
+msgid "Time to delay before replying to failed authentications. Defaults to @samp{\"2 secs\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13422
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-ssl-require-client-cert?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13426
+msgid "Require a valid SSL client certificate or the authentication fails. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13428
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-ssl-username-from-cert?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13433
+msgid ""
+"Take the username from client's SSL certificate, using @code{X509_NAME_get_text_by_NID()} which returns the subject's DN's "
+"CommonName. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13435
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list auth-mechanisms"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13441
+msgid ""
+"List of wanted authentication mechanisms. Supported mechanisms are: @samp{plain}, @samp{login}, @samp{digest-md5}, @samp{cram-md5}, "
+"@samp{ntlm}, @samp{rpa}, @samp{apop}, @samp{anonymous}, @samp{gssapi}, @samp{otp}, @samp{skey}, and @samp{gss-spnego}. NOTE: See "
+"also @samp{disable-plaintext-auth} setting."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13443
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list director-servers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13448
+msgid ""
+"List of IPs or hostnames to all director servers, including ourself. Ports can be specified as ip:port. The default port is the "
+"same as what director service's @samp{inet-listener} is using. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13450
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list director-mail-servers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13454
+msgid ""
+"List of IPs or hostnames to all backend mail servers. Ranges are allowed too, like 10.0.0.10-10.0.0.30. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13456
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string director-user-expire"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13460
+msgid "How long to redirect users to a specific server after it no longer has any connections. Defaults to @samp{\"15 min\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13462
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string director-username-hash"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13467
+msgid ""
+"How the username is translated before being hashed. Useful values include %Ln if user can log in with or without @@domain, %Ld if "
+"mailboxes are shared within domain. Defaults to @samp{\"%Lu\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13469
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string log-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13473
+msgid ""
+"Log file to use for error messages. @samp{syslog} logs to syslog, @samp{/dev/stderr} logs to stderr. Defaults to @samp{\"syslog\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13475
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string info-log-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13479
+msgid "Log file to use for informational messages. Defaults to @samp{log-path}. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13481
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string debug-log-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13485
+msgid "Log file to use for debug messages. Defaults to @samp{info-log-path}. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13487
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string syslog-facility"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13492
+msgid ""
+"Syslog facility to use if you're logging to syslog. Usually if you don't want to use @samp{mail}, you'll use local0..local7. Also "
+"other standard facilities are supported. Defaults to @samp{\"mail\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13494
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-verbose?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13498
+msgid "Log unsuccessful authentication attempts and the reasons why they failed. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13500
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-verbose-passwords?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13507
+msgid ""
+"In case of password mismatches, log the attempted password. Valid values are no, plain and sha1. sha1 can be useful for detecting "
+"brute force password attempts vs. user simply trying the same password over and over again. You can also truncate the value to n "
+"chars by appending \":n\" (e.g. sha1:6). Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13509
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-debug?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13513
+msgid "Even more verbose logging for debugging purposes. Shows for example SQL queries. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13515
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean auth-debug-passwords?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13520
+msgid ""
+"In case of password mismatches, log the passwords and used scheme so the problem can be debugged. Enabling this also enables "
+"@samp{auth-debug}. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13522
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mail-debug?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13526
+msgid "Enable mail process debugging. This can help you figure out why Dovecot isn't finding your mails. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13528
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean verbose-ssl?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13531
+msgid "Show protocol level SSL errors. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13533
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string log-timestamp"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13537
+msgid "Prefix for each line written to log file. % codes are in strftime(3) format. Defaults to @samp{\"\\\"%b %d %H:%M:%S \\\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13539
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list login-log-format-elements"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13543
+msgid ""
+"List of elements we want to log. The elements which have a non-empty variable value are joined together to form a comma-separated "
+"string."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13545
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string login-log-format"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13549
+msgid ""
+"Login log format. %s contains @samp{login-log-format-elements} string, %$ contains the data we want to log. Defaults to @samp{\"%"
+"$: %s\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13551
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-log-prefix"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13555
+msgid ""
+"Log prefix for mail processes. See doc/wiki/Variables.txt for list of possible variables you can use. Defaults to @samp{\"\\"
+"\"%s(%u)<%@{pid@}><%@{session@}>: \\\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13557
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string deliver-log-format"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13559
+msgid "Format to use for logging mail deliveries. You can use variables:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13560
+#, no-wrap
+msgid "%$"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13562
+msgid "Delivery status message (e.g. @samp{saved to INBOX})"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13562
+#, no-wrap
+msgid "%m"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13564
+msgid "Message-ID"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13564 doc/guix.texi:14096
+#, no-wrap
+msgid "%s"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13566
+msgid "Subject"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13566
+#, no-wrap
+msgid "%f"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13568
+msgid "From address"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13570
+msgid "Physical size"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13570
+#, no-wrap
+msgid "%w"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13572
+msgid "Virtual size."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13574
+msgid "Defaults to @samp{\"msgid=%m: %$\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13576
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-location"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13581
+msgid ""
+"Location for users' mailboxes. The default is empty, which means that Dovecot tries to find the mailboxes automatically. This "
+"won't work if the user doesn't yet have any mail, so you should explicitly tell Dovecot the full location."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13587
+msgid ""
+"If you're using mbox, giving a path to the INBOX file (e.g. /var/mail/%u) isn't enough. You'll also need to tell Dovecot where the "
+"other mailboxes are kept. This is called the \"root mail directory\", and it must be the first path given in the @samp{mail-"
+"location} setting."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13589
+msgid "There are a few special variables you can use, eg.:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13593
+msgid "username"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13593 doc/guix.texi:14092
+#, no-wrap
+msgid "%n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13595
+msgid "user part in user@@domain, same as %u if there's no domain"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13595
+#, no-wrap
+msgid "%d"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13597
+msgid "domain part in user@@domain, empty if there's no domain"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13597
+#, no-wrap
+msgid "%h"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13599
+msgid "home director"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13602
+msgid "See doc/wiki/Variables.txt for full list. Some examples:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13603
+#, no-wrap
+msgid "maildir:~/Maildir"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13604
+#, no-wrap
+msgid "mbox:~/mail:INBOX=/var/mail/%u"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13605
+#, no-wrap
+msgid "mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13610
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-uid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13615
+msgid ""
+"System user and group used to access mails. If you use multiple, userdb can override these by returning uid or gid fields. You can "
+"use either numbers or names. <doc/wiki/UserIds.txt>. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13617
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-gid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13622
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-privileged-group"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13628
+msgid ""
+"Group to enable temporarily for privileged operations. Currently this is used only with INBOX when either its initial creation or "
+"dotlocking fails. Typically this is set to \"mail\" to give access to /var/mail. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13630
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-access-groups"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13638
+msgid ""
+"Grant access to these supplementary groups for mail processes. Typically these are used to set up access to shared mailboxes. Note "
+"that it may be dangerous to set these if users can create symlinks (e.g. if \"mail\" group is set here, ln -s /var/mail ~/mail/var "
+"could allow a user to delete others' mailboxes, or ln -s /secret/shared/box ~/mail/mybox would allow reading it). Defaults to "
+"@samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13640
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mail-full-filesystem-access?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13646
+msgid ""
+"Allow full file system access to clients. There's no access checks other than what the operating system does for the active UID/"
+"GID. It works with both maildir and mboxes, allowing you to prefix mailboxes names with e.g. /path/ or ~user/. Defaults to "
+"@samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13648
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mmap-disable?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13652
+msgid ""
+"Don't use mmap() at all. This is required if you store indexes to shared file systems (NFS or clustered file system). Defaults to "
+"@samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13654
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean dotlock-use-excl?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13659
+msgid ""
+"Rely on @samp{O_EXCL} to work when creating dotlock files. NFS supports @samp{O_EXCL} since version 3, so this should be safe to "
+"use nowadays by default. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13661
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-fsync"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13663
+msgid "When to use fsync() or fdatasync() calls:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13664
+#, no-wrap
+msgid "optimized"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13666
+msgid "Whenever necessary to avoid losing important data"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13668
+msgid "Useful with e.g. NFS when write()s are delayed"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13670
+msgid "Never use it (best performance, but crashes can lose data)."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13672
+msgid "Defaults to @samp{\"optimized\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13674
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mail-nfs-storage?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13679
+msgid ""
+"Mail storage exists in NFS. Set this to yes to make Dovecot flush NFS caches whenever needed. If you're using only a single mail "
+"server this isn't needed. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13681
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mail-nfs-index?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13685
+msgid ""
+"Mail index files also exist in NFS. Setting this to yes requires @samp{mmap-disable? #t} and @samp{fsync-disable? #f}. Defaults to "
+"@samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13687
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string lock-method"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13693
+msgid ""
+"Locking method for index files. Alternatives are fcntl, flock and dotlock. Dotlocking uses some tricks which may create more disk "
+"I/O than other locking methods. NFS users: flock doesn't work, remember to change @samp{mmap-disable}. Defaults to @samp{\"fcntl"
+"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13695
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} file-name mail-temp-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13699
+msgid "Directory in which LDA/LMTP temporarily stores incoming mails >128 kB. Defaults to @samp{\"/tmp\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13701
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer first-valid-uid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13707
+msgid ""
+"Valid UID range for users. This is mostly to make sure that users can't log in as daemons or other system users. Note that denying "
+"root logins is hardcoded to dovecot binary and can't be done even if @samp{first-valid-uid} is set to 0. Defaults to @samp{500}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13709
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer last-valid-uid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13714
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer first-valid-gid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13719
+msgid ""
+"Valid GID range for users. Users having non-valid GID as primary group ID aren't allowed to log in. If user belongs to "
+"supplementary groups with non-valid GIDs, those groups are not set. Defaults to @samp{1}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13721
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer last-valid-gid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13726
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer mail-max-keyword-length"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13730
+msgid "Maximum allowed length for mail keyword name. It's only forced when trying to create new keywords. Defaults to @samp{50}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13732
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} colon-separated-file-name-list valid-chroot-dirs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13742
+msgid ""
+"List of directories under which chrooting is allowed for mail processes (i.e. /var/mail will allow chrooting to /var/mail/foo/bar "
+"too). This setting doesn't affect @samp{login-chroot} @samp{mail-chroot} or auth chroot settings. If this setting is empty, \"/./"
+"\" in home dirs are ignored. WARNING: Never add directories here which local users can modify, that may lead to root exploit. "
+"Usually this should be done only if you don't allow shell access for users. <doc/wiki/Chrooting.txt>. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13744
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-chroot"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13753
+msgid ""
+"Default chroot directory for mail processes. This can be overridden for specific users in user database by giving /./ in user's "
+"home directory (e.g. /home/./user chroots into /home). Note that usually there is no real need to do chrooting, Dovecot doesn't "
+"allow users to access files outside their mail directory anyway. If your home directories are prefixed with the chroot directory, "
+"append \"/.\" to @samp{mail-chroot}. <doc/wiki/Chrooting.txt>. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13755
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} file-name auth-socket-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13759
+msgid ""
+"UNIX socket path to master authentication server to find users. This is used by imap (for shared users) and lda. Defaults to "
+"@samp{\"/var/run/dovecot/auth-userdb\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13761
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} file-name mail-plugin-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13764
+msgid "Directory where to look up mail plugins. Defaults to @samp{\"/usr/lib/dovecot\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13766
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list mail-plugins"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13770
+msgid ""
+"List of plugins to load for all services. Plugins specific to IMAP, LDA, etc. are added to this list in their own .conf files. "
+"Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13772
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer mail-cache-min-mail-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13777
+msgid ""
+"The minimum number of mails in a mailbox before updates are done to cache file. This allows optimizing Dovecot's behavior to do "
+"less disk writes at the cost of more disk reads. Defaults to @samp{0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13779
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mailbox-idle-check-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13786
+msgid ""
+"When IDLE command is running, mailbox is checked once in a while to see if there are any new mails or other changes. This setting "
+"defines the minimum time to wait between those checks. Dovecot can also use dnotify, inotify and kqueue to find out immediately "
+"when changes occur. Defaults to @samp{\"30 secs\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13788
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mail-save-crlf?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13795
+msgid ""
+"Save mails with CR+LF instead of plain LF. This makes sending those mails take less CPU, especially with sendfile() syscall with "
+"Linux and FreeBSD. But it also creates a bit more disk I/O which may just make it slower. Also note that if other software reads "
+"the mboxes/maildirs, they may handle the extra CRs wrong and cause problems. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13797
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean maildir-stat-dirs?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13805
+msgid ""
+"By default LIST command returns all entries in maildir beginning with a dot. Enabling this option makes Dovecot return only entries "
+"which are directories. This is done by stat()ing each entry, so it causes more disk I/O. (For systems setting struct @samp{dirent-"
+">d_type} this check is free and it's done always regardless of this setting). Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13807
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean maildir-copy-with-hardlinks?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13812
+msgid ""
+"When copying a message, do it with hard links whenever possible. This makes the performance much better, and it's unlikely to have "
+"any side effects. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13814
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean maildir-very-dirty-syncs?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13819
+msgid ""
+"Assume Dovecot is the only MUA accessing Maildir: Scan cur/ directory only when its mtime changes unexpectedly or when we can't find "
+"the mail otherwise. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13821
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list mbox-read-locks"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13824
+msgid "Which locking methods to use for locking mbox. There are four available:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13826
+#, no-wrap
+msgid "dotlock"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13830
+msgid ""
+"Create <mailbox>.lock file. This is the oldest and most NFS-safe solution. If you want to use /var/mail/ like directory, the users "
+"will need write access to that directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13830
+#, no-wrap
+msgid "dotlock-try"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13833
+msgid "Same as dotlock, but if it fails because of permissions or because there isn't enough disk space, just skip it."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13833
+#, no-wrap
+msgid "fcntl"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13835
+msgid "Use this if possible. Works with NFS too if lockd is used."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13835
+#, no-wrap
+msgid "flock"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13837 doc/guix.texi:13839
+msgid "May not exist in all systems. Doesn't work with NFS."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13837
+#, no-wrap
+msgid "lockf"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13845
+msgid ""
+"You can use multiple locking methods; if you do the order they're declared in is important to avoid deadlocks if other MTAs/MUAs are "
+"using multiple locking methods as well. Some operating systems don't allow using some of them simultaneously."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13847
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list mbox-write-locks"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13851
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mbox-lock-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13854
+msgid "Maximum time to wait for lock (all of them) before aborting. Defaults to @samp{\"5 mins\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13856
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mbox-dotlock-change-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13860
+msgid ""
+"If dotlock exists but the mailbox isn't modified in any way, override the lock file after this much time. Defaults to @samp{\"2 mins"
+"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13862
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mbox-dirty-syncs?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13873
+msgid ""
+"When mbox changes unexpectedly we have to fully read it to find out what changed. If the mbox is large this can take a long time. "
+"Since the change is usually just a newly appended mail, it'd be faster to simply read the new mails. If this setting is enabled, "
+"Dovecot does this but still safely fallbacks to re-reading the whole mbox file whenever something in mbox isn't how it's expected to "
+"be. The only real downside to this setting is that if some other MUA changes message flags, Dovecot doesn't notice it immediately. "
+"Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK commands. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13875
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mbox-very-dirty-syncs?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13880
+msgid ""
+"Like @samp{mbox-dirty-syncs}, but don't do full syncs even with SELECT, EXAMINE, EXPUNGE or CHECK commands. If this is set, "
+"@samp{mbox-dirty-syncs} is ignored. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13882
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mbox-lazy-writes?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13888
+msgid ""
+"Delay writing mbox headers until doing a full write sync (EXPUNGE and CHECK commands and when closing the mailbox). This is "
+"especially useful for POP3 where clients often delete all mails. The downside is that our changes aren't immediately visible to "
+"other MUAs. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13890
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer mbox-min-index-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13895
+msgid ""
+"If mbox size is smaller than this (e.g. 100k), don't write index files. If an index file already exists it's still read, just not "
+"updated. Defaults to @samp{0}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13897
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer mdbox-rotate-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13900
+msgid "Maximum dbox file size until it's rotated. Defaults to @samp{10000000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13902
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mdbox-rotate-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13907
+msgid ""
+"Maximum dbox file age until it's rotated. Typically in days. Day begins from midnight, so 1d = today, 2d = yesterday, etc. 0 = "
+"check disabled. Defaults to @samp{\"1d\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13909
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean mdbox-preallocate-space?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13914
+msgid ""
+"When creating new mdbox files, immediately preallocate their size to @samp{mdbox-rotate-size}. This setting currently works only in "
+"Linux with some file systems (ext4, xfs). Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13916
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-attachment-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13920
+msgid ""
+"sdbox and mdbox support saving mail attachments to external files, which also allows single instance storage for them. Other "
+"backends don't support this for now."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13922
+msgid "WARNING: This feature hasn't been tested much yet. Use at your own risk."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13925
+msgid "Directory root where to store mail attachments. Disabled, if empty. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13927
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer mail-attachment-min-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13932
+msgid ""
+"Attachments smaller than this aren't saved externally. It's also possible to write a plugin to disable saving specific attachments "
+"externally. Defaults to @samp{128000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13934
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-attachment-fs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13936
+msgid "File system backend to use for saving attachments:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13937
+#, no-wrap
+msgid "posix"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13939
+msgid "No SiS done by Dovecot (but this might help FS's own deduplication)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13939
+#, no-wrap
+msgid "sis posix"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13941
+msgid "SiS with immediate byte-by-byte comparison during saving"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:13941
+#, no-wrap
+msgid "sis-queue posix"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:13943
+msgid "SiS with delayed comparison and deduplication."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13945
+msgid "Defaults to @samp{\"sis posix\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13947
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string mail-attachment-hash"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13953
+msgid ""
+"Hash format to use in attachment filenames. You can add any text and variables: @code{%@{md4@}}, @code{%@{md5@}}, @code{%@{sha1@}}, "
+"@code{%@{sha256@}}, @code{%@{sha512@}}, @code{%@{size@}}. Variables can be truncated, e.g. @code{%@{sha256:80@}} returns only first "
+"80 bits. Defaults to @samp{\"%@{sha1@}\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13955
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer default-process-limit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13960
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer default-client-limit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13963 doc/guix.texi:17869
+msgid "Defaults to @samp{1000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13965
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer default-vsz-limit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13970
+msgid ""
+"Default VSZ (virtual memory size) limit for service processes. This is mainly intended to catch and kill processes that leak memory "
+"before they eat up everything. Defaults to @samp{256000000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13972
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string default-login-user"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13977
+msgid ""
+"Login user is internally used by login processes. This is the most untrusted user in Dovecot system. It shouldn't have access to "
+"anything at all. Defaults to @samp{\"dovenull\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13979
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string default-internal-user"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13984
+msgid ""
+"Internal user is used by unprivileged processes. It should be separate from login user, so that login processes can't disturb other "
+"processes. Defaults to @samp{\"dovecot\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13986
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13989
+msgid "SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>. Defaults to @samp{\"required\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13991
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-cert"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13994
+msgid "PEM encoded X.509 SSL/TLS certificate (public key). Defaults to @samp{\"</etc/dovecot/default.pem\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:13996
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-key"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14001
+msgid ""
+"PEM encoded SSL/TLS private key. The key is opened before dropping root privileges, so keep the key file unreadable by anyone but "
+"root. Defaults to @samp{\"</etc/dovecot/private/default.pem\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14003
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-key-password"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14009
+msgid ""
+"If key file is password protected, give the password here. Alternatively give it when starting dovecot with -p parameter. Since "
+"this file is often world-readable, you may want to place this setting instead to a different. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14011
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-ca"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14017
+msgid ""
+"PEM encoded trusted certificate authority. Set this only if you intend to use @samp{ssl-verify-client-cert? #t}. The file should "
+"contain the CA certificate(s) followed by the matching CRL(s). (e.g. @samp{ssl-ca </etc/ssl/certs/ca.pem}). Defaults to "
+"@samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14019
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean ssl-require-crl?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14022
+msgid "Require that CRL check succeeds for client certificates. Defaults to @samp{#t}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14024
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean ssl-verify-client-cert?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14028
+msgid ""
+"Request client to send a certificate. If you also want to require it, set @samp{auth-ssl-require-client-cert? #t} in auth section. "
+"Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14030
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-cert-username-field"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14035
+msgid ""
+"Which field from certificate to use for username. commonName and x500UniqueIdentifier are the usual choices. You'll also need to "
+"set @samp{auth-ssl-username-from-cert? #t}. Defaults to @samp{\"commonName\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14037
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-min-protocol"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14040
+msgid "Minimum SSL protocol version to accept. Defaults to @samp{\"TLSv1\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14042
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-cipher-list"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14045
+msgid ""
+"SSL ciphers to use. Defaults to @samp{\"ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!"
+"LOW@@STRENGTH\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14047
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string ssl-crypto-device"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14050
+msgid "SSL crypto device to use, for valid values run \"openssl engine\". Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14052
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string postmaster-address"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14056
+msgid "Address to use when sending rejection mails. %d expands to recipient domain. Defaults to @samp{\"postmaster@@%d\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14058
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string hostname"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14062
+msgid ""
+"Hostname to use in various parts of sent mails (e.g. in Message-Id) and in LMTP replies. Default is the system's real "
+"hostname@@domain. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14064
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean quota-full-tempfail?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14068
+msgid "If user is over quota, return with temporary failure instead of bouncing the mail. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14070
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} file-name sendmail-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14073
+msgid "Binary to use for sending mails. Defaults to @samp{\"/usr/sbin/sendmail\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14075
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string submission-host"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14079
+msgid "If non-empty, send mails via this SMTP host[:port] instead of sendmail. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14081
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string rejection-subject"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14085
+msgid ""
+"Subject: header to use for rejection mails. You can use the same variables as for @samp{rejection-reason} below. Defaults to "
+"@samp{\"Rejected: %s\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14087
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string rejection-reason"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14090
+msgid "Human readable error message for rejection mails. You can use variables:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14094
+msgid "CRLF"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14094
+#, no-wrap
+msgid "%r"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14096
+msgid "reason"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14098
+msgid "original subject"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14098
+#, no-wrap
+msgid "%t"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14100
+msgid "recipient"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14102
+msgid "Defaults to @samp{\"Your message to <%t> was automatically rejected:%n%r\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14104
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string recipient-delimiter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14108
+msgid "Delimiter character between local-part and detail in email address. Defaults to @samp{\"+\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14110
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string lda-original-recipient-header"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14116
+msgid ""
+"Header where the original recipient address (SMTP's RCPT TO: address) is taken from if not available elsewhere. With dovecot-lda -a "
+"parameter overrides this. A commonly used header for this is X-Original-To. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14118
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean lda-mailbox-autocreate?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14122
+msgid "Should saving a mail to a nonexistent mailbox automatically create it?. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14124
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} boolean lda-mailbox-autosubscribe?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14128
+msgid "Should automatically created mailboxes be also automatically subscribed?. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14130
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} non-negative-integer imap-max-line-length"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14136
+msgid ""
+"Maximum IMAP command line length. Some clients generate very long command lines with huge mailboxes, so you may need to raise this "
+"if you get \"Too long argument\" or \"IMAP command line too large\" errors often. Defaults to @samp{64000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14138
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string imap-logout-format"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14140
+msgid "IMAP logout format string:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14141
+#, no-wrap
+msgid "%i"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14143
+msgid "total number of bytes read from client"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14143
+#, no-wrap
+msgid "%o"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14145
+msgid "total number of bytes sent to client."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14148
+msgid ""
+"See @file{doc/wiki/Variables.txt} for a list of all the variables you can use. Defaults to @samp{\"in=%i out=%o deleted="
+"%@{deleted@} expunged=%@{expunged@} trashed=%@{trashed@} hdr_count=%@{fetch_hdr_count@} hdr_bytes=%@{fetch_hdr_bytes@} body_count="
+"%@{fetch_body_count@} body_bytes=%@{fetch_body_bytes@}\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14150
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string imap-capability"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14154
+msgid ""
+"Override the IMAP CAPABILITY response. If the value begins with '+', add the given capabilities on top of the defaults (e.g. +XFOO "
+"XBAR). Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14156
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string imap-idle-notify-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14160
+msgid "How long to wait between \"OK Still here\" notifications when client is IDLEing. Defaults to @samp{\"2 mins\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14162
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string imap-id-send"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14168
+msgid ""
+"ID field names and values to send to clients. Using * as the value makes Dovecot use the default value. The following fields have "
+"default values currently: name, version, os, os-version, support-url, support-email. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14170
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string imap-id-log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14173
+msgid "ID fields sent by client to log. * means everything. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14175
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} space-separated-string-list imap-client-workarounds"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14177
+msgid "Workarounds for various client bugs:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14179
+#, no-wrap
+msgid "delay-newmail"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14186
+msgid ""
+"Send EXISTS/RECENT new mail notifications only when replying to NOOP and CHECK commands. Some clients ignore them otherwise, for "
+"example OSX Mail (<v2.1). Outlook Express breaks more badly though, without this it may show user \"Message no longer in server\" "
+"errors. Note that OE6 still breaks even with this workaround if synchronization is set to \"Headers Only\"."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14187
+#, no-wrap
+msgid "tb-extra-mailbox-sep"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14191
+msgid ""
+"Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and adds extra @samp{/} suffixes to mailbox names. This option "
+"causes Dovecot to ignore the extra @samp{/} instead of treating it as invalid mailbox name."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14192
+#, no-wrap
+msgid "tb-lsub-flags"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14196
+msgid ""
+"Show \\Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox). This makes Thunderbird realize they aren't selectable and show "
+"them greyed out, instead of only later giving \"not selectable\" popup error."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14200
+#, no-wrap
+msgid "{@code{dovecot-configuration} parameter} string imap-urlauth-host"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14203
+msgid "Host allowed in URLAUTH URLs sent by client. \"*\" allows all. Defaults to @samp{\"\"}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14211
+msgid ""
+"Whew! Lots of configuration options. The nice thing about it though is that GuixSD has a complete interface to Dovecot's "
+"configuration language. This allows not only a nice way to declare configurations, but also offers reflective capabilities as well: "
+"users can write code to inspect and transform configurations from within Scheme."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14217
+msgid ""
+"However, it could be that you just want to get a @code{dovecot.conf} up and running. In that case, you can pass an @code{opaque-"
+"dovecot-configuration} as the @code{#:config} parameter to @code{dovecot-service}. As its name indicates, an opaque configuration "
+"does not have easy reflective capabilities."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14219
+msgid "Available @code{opaque-dovecot-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14220
+#, no-wrap
+msgid "{@code{opaque-dovecot-configuration} parameter} package dovecot"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14224
+#, no-wrap
+msgid "{@code{opaque-dovecot-configuration} parameter} string string"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14226
+msgid "The contents of the @code{dovecot.conf}, as a string."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14230
+msgid "For example, if your @code{dovecot.conf} is just the empty string, you could instantiate a dovecot service like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14235
+#, no-wrap
+msgid ""
+"(dovecot-service #:config\n"
+" (opaque-dovecot-configuration\n"
+" (string \"\")))\n"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:14237
+#, no-wrap
+msgid "OpenSMTPD Service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14239
+#, no-wrap
+msgid "{Scheme Variable} opensmtpd-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14243
+msgid ""
+"This is the type of the @uref{https://www.opensmtpd.org, OpenSMTPD} service, whose value should be an @code{opensmtpd-configuration} "
+"object as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14248
+#, no-wrap
+msgid ""
+"(service opensmtpd-service-type\n"
+" (opensmtpd-configuration\n"
+" (config-file (local-file \"./my-smtpd.conf\"))))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14251
+#, no-wrap
+msgid "{Data Type} opensmtpd-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14253
+msgid "Data type representing the configuration of opensmtpd."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14255
+#, no-wrap
+msgid "@code{package} (default: @var{opensmtpd})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14257
+msgid "Package object of the OpenSMTPD SMTP server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14258
+#, no-wrap
+msgid "@code{config-file} (default: @var{%default-opensmtpd-file})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14263
+msgid ""
+"File-like object of the OpenSMTPD configuration file to use. By default it listens on the loopback network interface, and allows "
+"for mail from users and daemons on the local machine, as well as permitting email to remote servers. Run @command{man smtpd.conf} "
+"for more information."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:14267
+#, no-wrap
+msgid "Exim Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14269
+#, no-wrap
+msgid "mail transfer agent (MTA)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14270
+#, no-wrap
+msgid "MTA (mail transfer agent)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14271
+#, no-wrap
+msgid "SMTP"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14273
+#, no-wrap
+msgid "{Scheme Variable} exim-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14277
+msgid ""
+"This is the type of the @uref{https://exim.org, Exim} mail transfer agent (MTA), whose value should be an @code{exim-configuration} "
+"object as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14282
+#, no-wrap
+msgid ""
+"(service exim-service-type\n"
+" (exim-configuration\n"
+" (config-file (local-file \"./my-exim.conf\"))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14288
+msgid ""
+"In order to use an @code{exim-service-type} service you must also have a @code{mail-aliases-service-type} service present in your "
+"@code{operating-system} (even if it has no aliases)."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14289
+#, no-wrap
+msgid "{Data Type} exim-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14291
+msgid "Data type representing the configuration of exim."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14293
+#, no-wrap
+msgid "@code{package} (default: @var{exim})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14295
+msgid "Package object of the Exim server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14296
+#, no-wrap
+msgid "@code{config-file} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14302
+msgid ""
+"File-like object of the Exim configuration file to use. If its value is @code{#f} then use the default configuration file from the "
+"package provided in @code{package}. The resulting configuration file is loaded after setting the @code{exim_user} and "
+"@code{exim_group} configuration variables."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:14306
+#, no-wrap
+msgid "Mail Aliases Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14308
+#, no-wrap
+msgid "email aliases"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14309
+#, no-wrap
+msgid "aliases, for email addresses"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14311
+#, no-wrap
+msgid "{Scheme Variable} mail-aliases-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14314
+msgid "This is the type of the service which provides @code{/etc/aliases}, specifying how to deliver mail to users on this system."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14319
+#, no-wrap
+msgid ""
+"(service mail-aliases-service-type\n"
+" '((\"postmaster\" \"bob\")\n"
+" (\"bob\" \"bob@@example.com\" \"bob@@example2.com\")))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14327
+msgid ""
+"The configuration for a @code{mail-aliases-service-type} service is an association list denoting how to deliver mail that comes to "
+"this system. Each entry is of the form @code{(alias addresses ...)}, with @code{alias} specifying the local alias and "
+"@code{addresses} specifying where to deliver this user's mail."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14333
+msgid ""
+"The aliases aren't required to exist as users on the local system. In the above example, there doesn't need to be a "
+"@code{postmaster} entry in the @code{operating-system}'s @code{user-accounts} in order to deliver the @code{postmaster} mail to "
+"@code{bob} (which subsequently would deliver mail to @code{bob@@example.com} and @code{bob@@example2.com})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14337
+#, no-wrap
+msgid "messaging"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14338
+#, no-wrap
+msgid "jabber"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14339
+#, no-wrap
+msgid "XMPP"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14342
+msgid ""
+"The @code{(gnu services messaging)} module provides Guix service definitions for messaging services: currently only Prosody is "
+"supported."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:14343
+#, no-wrap
+msgid "Prosody Service"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14345
+#, no-wrap
+msgid "{Scheme Variable} prosody-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14349
+msgid ""
+"This is the type for the @uref{https://prosody.im, Prosody XMPP communication server}. Its value must be a @code{prosody-"
+"configuration} record as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14364
+#, no-wrap
+msgid ""
+"(service prosody-service-type\n"
+" (prosody-configuration\n"
+" (modules-enabled (cons \"groups\" \"mam\" %default-modules-enabled))\n"
+" (int-components\n"
+" (list\n"
+" (int-component-configuration\n"
+" (hostname \"conference.example.net\")\n"
+" (plugin \"muc\")\n"
+" (mod-muc (mod-muc-configuration)))))\n"
+" (virtualhosts\n"
+" (list\n"
+" (virtualhost-configuration\n"
+" (domain \"example.net\"))))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:14367
+msgid "See below for details about @code{prosody-configuration}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14373
+msgid ""
+"By default, Prosody does not need much configuration. Only one @code{virtualhosts} field is needed: it specifies the domain you "
+"wish Prosody to serve."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14376
+msgid "You can perform various sanity checks on the generated configuration with the @code{prosodyctl check} command."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14380
+msgid ""
+"Prosodyctl will also help you to import certificates from the @code{letsencrypt} directory so that the @code{prosody} user can "
+"access them. See @url{https://prosody.im/doc/letsencrypt}."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14383
+#, no-wrap
+msgid "prosodyctl --root cert import /etc/letsencrypt/live\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14390
+msgid ""
+"The available configuration parameters follow. Each parameter definition is preceded by its type; for example, @samp{string-list "
+"foo} indicates that the @code{foo} parameter should be specified as a list of strings. Types starting with @code{maybe-} denote "
+"parameters that won't show up in @code{prosody.cfg.lua} when their value is @code{'disabled}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14394
+msgid ""
+"There is also a way to specify the configuration as a string, if you have an old @code{prosody.cfg.lua} file that you want to port "
+"over from some other system; see the end for more details."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14397
+msgid "The @code{file-object} type designates either a file-like object (@pxref{G-Expressions, file-like objects}) or a file name."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14407
+msgid "Available @code{prosody-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14408
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} package prosody"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14410
+msgid "The Prosody package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14412
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} file-name data-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14416
+msgid ""
+"Location of the Prosody data storage directory. See @url{https://prosody.im/doc/configure}. Defaults to @samp{\"/var/lib/prosody"
+"\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14418
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} file-object-list plugin-paths"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14422
+msgid ""
+"Additional plugin directories. They are searched in all the specified paths in order. See @url{https://prosody.im/doc/"
+"plugins_directory}. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14424
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} file-name certificates"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14429
+msgid ""
+"Every virtual host and component needs a certificate so that clients and servers can securely verify its identity. Prosody will "
+"automatically load certificates/keys from the directory specified here. Defaults to @samp{\"/etc/prosody/certs\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14431
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string-list admins"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14437
+msgid ""
+"This is a list of accounts that are admins for the server. Note that you must create the accounts separately. See @url{https://"
+"prosody.im/doc/admins} and @url{https://prosody.im/doc/creating_accounts}. Example: @code{(admins '(\"user1@@example.com\" "
+"\"user2@@example.net\"))} Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14439
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} boolean use-libevent?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14443
+msgid ""
+"Enable use of libevent for better performance under high load. See @url{https://prosody.im/doc/libevent}. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14445
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} module-list modules-enabled"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14451
+msgid ""
+"This is the list of modules Prosody will load on startup. It looks for @code{mod_modulename.lua} in the plugins folder, so make "
+"sure that exists too. Documentation on modules can be found at: @url{https://prosody.im/doc/modules}. Defaults to @samp{(\"roster"
+"\" \"saslauth\" \"tls\" \"dialback\" \"disco\" \"carbons\" \"private\" \"blocklist\" \"vcard\" \"version\" \"uptime\" \"time\" \"ping"
+"\" \"pep\" \"register\" \"admin_adhoc\")}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14453
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string-list modules-disabled"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14457
+msgid ""
+"@samp{\"offline\"}, @samp{\"c2s\"} and @samp{\"s2s\"} are auto-loaded, but should you want to disable them then add them to this "
+"list. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14459
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} file-object groups-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14464
+msgid ""
+"Path to a text file where the shared groups are defined. If this path is empty then @samp{mod_groups} does nothing. See "
+"@url{https://prosody.im/doc/modules/mod_groups}. Defaults to @samp{\"/var/lib/prosody/sharedgroups.txt\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14466
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} boolean allow-registration?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14470
+msgid "Disable account creation by default, for security. See @url{https://prosody.im/doc/creating_accounts}. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14472
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} maybe-ssl-configuration ssl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14477
+msgid ""
+"These are the SSL/TLS-related settings. Most of them are disabled so to use Prosody's defaults. If you do not completely "
+"understand these options, do not add them to your config, it is easy to lower the security of your server using them. See "
+"@url{https://prosody.im/doc/advanced_ssl_config}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14479
+msgid "Available @code{ssl-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14480
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string protocol"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14482
+msgid "This determines what handshake to use."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14484
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-file-name key"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14486
+msgid "Path to your private key file."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14488
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-file-name certificate"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14490
+msgid "Path to your certificate file."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14492
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} file-object capath"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14496
+msgid ""
+"Path to directory containing root certificates that you wish Prosody to trust when verifying the certificates of remote servers. "
+"Defaults to @samp{\"/etc/ssl/certs\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14498
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-file-object cafile"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14501
+msgid ""
+"Path to a file containing root certificates that you wish Prosody to trust. Similar to @code{capath} but with all certificates "
+"concatenated together."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14503
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string-list verify"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14506
+msgid "A list of verification options (these mostly map to OpenSSL's @code{set_verify()} flags)."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14508
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string-list options"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14512
+msgid ""
+"A list of general options relating to SSL/TLS. These map to OpenSSL's @code{set_options()}. For a full list of options available "
+"in LuaSec, see the LuaSec source."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14514
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-non-negative-integer depth"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14517
+msgid "How long a chain of certificate authorities to check when looking for a trusted root certificate."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14519
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string ciphers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14522
+msgid "An OpenSSL cipher string. This selects what ciphers Prosody will offer to clients, and in what order."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14524
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-file-name dhparam"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14528
+msgid ""
+"A path to a file containing parameters for Diffie-Hellman key exchange. You can create such a file with: @code{openssl dhparam -"
+"out /etc/prosody/certs/dh-2048.pem 2048}"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14530
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string curve"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14533
+msgid "Curve for Elliptic curve Diffie-Hellman. Prosody's default is @samp{\"secp384r1\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14535
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string-list verifyext"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14537
+msgid "A list of \"extra\" verification options."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14539
+#, no-wrap
+msgid "{@code{ssl-configuration} parameter} maybe-string password"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14541
+msgid "Password for encrypted private keys."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14545
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} boolean c2s-require-encryption?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14549
+msgid ""
+"Whether to force all client-to-server connections to be encrypted or not. See @url{https://prosody.im/doc/modules/mod_tls}. "
+"Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14551
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string-list disable-sasl-mechanisms"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14555
+msgid ""
+"Set of mechanisms that will never be offered. See @url{https://prosody.im/doc/modules/mod_saslauth}. Defaults to @samp{(\"DIGEST-"
+"MD5\")}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14557
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} boolean s2s-require-encryption?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14561
+msgid ""
+"Whether to force all server-to-server connections to be encrypted or not. See @url{https://prosody.im/doc/modules/mod_tls}. "
+"Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14563
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} boolean s2s-secure-auth?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14569
+msgid ""
+"Whether to require encryption and certificate authentication. This provides ideal security, but requires servers you communicate "
+"with to support encryption AND present valid, trusted certificates. See @url{https://prosody.im/doc/s2s#security}. Defaults to "
+"@samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14571
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string-list s2s-insecure-domains"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14577
+msgid ""
+"Many servers don't support encryption or have invalid or self-signed certificates. You can list domains here that will not be "
+"required to authenticate using certificates. They will be authenticated using DNS. See @url{https://prosody.im/doc/s2s#security}. "
+"Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14579
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string-list s2s-secure-domains"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14584
+msgid ""
+"Even if you leave @code{s2s-secure-auth?} disabled, you can still require valid certificates for some domains by specifying a list "
+"here. See @url{https://prosody.im/doc/s2s#security}. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14586
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string authentication"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14594
+msgid ""
+"Select the authentication backend to use. The default provider stores passwords in plaintext and uses Prosody's configured data "
+"storage to store the authentication data. If you do not trust your server please see @url{https://prosody.im/doc/modules/"
+"mod_auth_internal_hashed} for information about using the hashed backend. See also @url{https://prosody.im/doc/authentication} "
+"Defaults to @samp{\"internal_plain\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14596
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} maybe-string log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14600
+msgid ""
+"Set logging options. Advanced logging configuration is not yet supported by the GuixSD Prosody Service. See @url{https://prosody."
+"im/doc/logging}. Defaults to @samp{\"*syslog\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14602
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} file-name pidfile"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14605
+msgid ""
+"File to write pid in. See @url{https://prosody.im/doc/modules/mod_posix}. Defaults to @samp{\"/var/run/prosody/prosody.pid\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14607
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} maybe-non-negative-integer http-max-content-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14609
+msgid "Maximum allowed size of the HTTP body (in bytes)."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14611
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} maybe-string http-external-url"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14616
+msgid ""
+"Some modules expose their own URL in various ways. This URL is built from the protocol, host and port used. If Prosody sits behind "
+"a proxy, the public URL will be @code{http-external-url} instead. See @url{https://prosody.im/doc/http#external_url}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14618
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} virtualhost-configuration-list virtualhosts"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14623
+msgid ""
+"A host in Prosody is a domain on which user accounts can be created. For example if you want your users to have addresses like "
+"@samp{\"john.smith@@example.com\"} then you need to add a host @samp{\"example.com\"}. All options in this list will apply only to "
+"this host."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14629
+msgid ""
+"Note: the name \"virtual\" host is used in configuration to avoid confusion with the actual physical host that Prosody is installed "
+"on. A single Prosody instance can serve many domains, each one defined as a VirtualHost entry in Prosody's configuration. "
+"Conversely a server that hosts a single domain would have just one VirtualHost entry."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14631
+msgid "See @url{https://prosody.im/doc/configure#virtual_host_settings}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14633
+msgid "Available @code{virtualhost-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14635 doc/guix.texi:14657 doc/guix.texi:14710
+msgid ""
+"all these @code{prosody-configuration} fields: @code{admins}, @code{use-libevent?}, @code{modules-enabled}, @code{modules-disabled}, "
+"@code{groups-file}, @code{allow-registration?}, @code{ssl}, @code{c2s-require-encryption?}, @code{disable-sasl-mechanisms}, "
+"@code{s2s-require-encryption?}, @code{s2s-secure-auth?}, @code{s2s-insecure-domains}, @code{s2s-secure-domains}, "
+"@code{authentication}, @code{log}, @code{http-max-content-size}, @code{http-external-url}, @code{raw-content}, plus:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14635
+#, no-wrap
+msgid "{@code{virtualhost-configuration} parameter} string domain"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14637
+msgid "Domain you wish Prosody to serve."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14641
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} int-component-configuration-list int-components"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14646
+msgid ""
+"Components are extra services on a server which are available to clients, usually on a subdomain of the main server (such as "
+"@samp{\"mycomponent.example.com\"}). Example components might be chatroom servers, user directories, or gateways to other protocols."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14650
+msgid ""
+"Internal components are implemented with Prosody-specific plugins. To add an internal component, you simply fill the hostname "
+"field, and the plugin you wish to use for the component."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14653
+msgid "See @url{https://prosody.im/doc/components}. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14655
+msgid "Available @code{int-component-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14657
+#, no-wrap
+msgid "{@code{int-component-configuration} parameter} string hostname"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14659 doc/guix.texi:14716
+msgid "Hostname of the component."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14661
+#, no-wrap
+msgid "{@code{int-component-configuration} parameter} string plugin"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14663
+msgid "Plugin you wish to use for the component."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14665
+#, no-wrap
+msgid "{@code{int-component-configuration} parameter} maybe-mod-muc-configuration mod-muc"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14668
+msgid "Multi-user chat (MUC) is Prosody's module for allowing you to create hosted chatrooms/conferences for XMPP users."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14672
+msgid ""
+"General information on setting up and using multi-user chatrooms can be found in the \"Chatrooms\" documentation (@url{https://"
+"prosody.im/doc/chatrooms}), which you should read if you are new to XMPP chatrooms."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14674
+msgid "See also @url{https://prosody.im/doc/modules/mod_muc}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14676
+msgid "Available @code{mod-muc-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14677
+#, no-wrap
+msgid "{@code{mod-muc-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14680
+msgid "The name to return in service discovery responses. Defaults to @samp{\"Prosody Chatrooms\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14682
+#, no-wrap
+msgid "{@code{mod-muc-configuration} parameter} string-or-boolean restrict-room-creation"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14689
+msgid ""
+"If @samp{#t}, this will only allow admins to create new chatrooms. Otherwise anyone can create a room. The value @samp{\"local\"} "
+"restricts room creation to users on the service's parent domain. E.g. @samp{user@@example.com} can create rooms on @samp{rooms."
+"example.com}. The value @samp{\"admin\"} restricts to service administrators only. Defaults to @samp{#f}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14691
+#, no-wrap
+msgid "{@code{mod-muc-configuration} parameter} non-negative-integer max-history-messages"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14695
+msgid "Maximum number of history messages that will be sent to the member that has just joined the room. Defaults to @samp{20}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14701
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} ext-component-configuration-list ext-components"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14706
+msgid ""
+"External components use XEP-0114, which most standalone components support. To add an external component, you simply fill the "
+"hostname field. See @url{https://prosody.im/doc/components}. Defaults to @samp{()}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14708
+msgid "Available @code{ext-component-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14710
+#, no-wrap
+msgid "{@code{ext-component-configuration} parameter} string component-secret"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14712
+msgid "Password which the component will use to log in."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14714
+#, no-wrap
+msgid "{@code{ext-component-configuration} parameter} string hostname"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14720
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} non-negative-integer-list component-ports"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14723
+msgid "Port(s) Prosody listens on for component connections. Defaults to @samp{(5347)}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14725
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} string component-interface"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14728
+msgid "Interface Prosody listens on for component connections. Defaults to @samp{\"127.0.0.1\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14730
+#, no-wrap
+msgid "{@code{prosody-configuration} parameter} maybe-raw-content raw-content"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14732
+msgid "Raw content that will be added to the configuration file."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14740
+msgid ""
+"It could be that you just want to get a @code{prosody.cfg.lua} up and running. In that case, you can pass an @code{opaque-prosody-"
+"configuration} record as the value of @code{prosody-service-type}. As its name indicates, an opaque configuration does not have "
+"easy reflective capabilities. Available @code{opaque-prosody-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14741
+#, no-wrap
+msgid "{@code{opaque-prosody-configuration} parameter} package prosody"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14743
+msgid "The prosody package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14745
+#, no-wrap
+msgid "{@code{opaque-prosody-configuration} parameter} string prosody.cfg.lua"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:14747
+msgid "The contents of the @code{prosody.cfg.lua} to use."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14751
+msgid "For example, if your @code{prosody.cfg.lua} is just the empty string, you could instantiate a prosody service like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14756
+#, no-wrap
+msgid ""
+"(service prosody-service-type\n"
+" (opaque-prosody-configuration\n"
+" (prosody.cfg.lua \"\")))\n"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:14760
+#, no-wrap
+msgid "BitlBee Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14762
+#, no-wrap
+msgid "IRC (Internet Relay Chat)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14763
+#, no-wrap
+msgid "IRC gateway"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14766
+msgid "@url{http://bitlbee.org,BitlBee} is a gateway that provides an IRC interface to a variety of messaging protocols such as XMPP."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:14767
+#, no-wrap
+msgid "{Scheme Variable} bitlbee-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:14771
+msgid ""
+"This is the service type for the @url{http://bitlbee.org,BitlBee} IRC gateway daemon. Its value is a @code{bitlbee-configuration} "
+"(see below)."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:14774
+msgid "To have BitlBee listen on port 6667 on localhost, add this line to your services:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14777
+#, no-wrap
+msgid "(service bitlbee-service-type)\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14780
+#, no-wrap
+msgid "{Data Type} bitlbee-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14782
+msgid "This is the configuration for BitlBee, with the following fields:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14784
+#, no-wrap
+msgid "@code{interface} (default: @code{\"127.0.0.1\"})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:14785
+#, no-wrap
+msgid "@code{port} (default: @code{6667})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14788
+msgid "Listen on the network interface corresponding to the IP address specified in @var{interface}, on @var{port}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14792
+msgid ""
+"When @var{interface} is @code{127.0.0.1}, only local clients can connect; when it is @code{0.0.0.0}, connections can come from any "
+"networking interface."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14793
+#, no-wrap
+msgid "@code{package} (default: @code{bitlbee})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14795
+msgid "The BitlBee package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14796
+#, no-wrap
+msgid "@code{extra-settings} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14798
+msgid "Configuration snippet added as-is to the BitlBee configuration file."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14805
+#, no-wrap
+msgid "Murmur (VoIP server)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:14806
+#, no-wrap
+msgid "VoIP server"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:14810
+msgid ""
+"This section describes how to set up and run a Murmur server. Murmur is the server of the @uref{https://mumble.info, Mumble} voice-"
+"over-IP (VoIP) suite."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14811
+#, no-wrap
+msgid "{Data Type} murmur-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14814
+msgid "The service type for the Murmur server. An example configuration can look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14823
+#, no-wrap
+msgid ""
+"(service murmur-service-type\n"
+" (murmur-configuration\n"
+" (welcome-text\n"
+" \"Welcome to this Mumble server running on GuixSD!\")\n"
+" (cert-required? #t) ;disallow text password logins\n"
+" (ssl-cert \"/etc/letsencrypt/live/mumble.example.com/fullchain.pem\")\n"
+" (ssl-key \"/etc/letsencrypt/live/mumble.example.com/privkey.pem\")))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14827
+msgid ""
+"After reconfiguring your system, you can manually set the murmur @code{SuperUser} password with the command that is printed during "
+"the activation phase."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14836
+msgid ""
+"It is recommended to register a normal Mumble user account and grant it admin or moderator rights. You can use the @code{mumble} "
+"client to login as new normal user, register yourself, and log out. For the next step login with the name @code{SuperUser} use the "
+"@code{SuperUser} password that you set previously, and grant your newly registered mumble user administrator or moderator rights and "
+"create some channels."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14838
+msgid "Available @code{murmur-configuration} fields are:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14840
+#, no-wrap
+msgid "@code{package} (default: @code{mumble})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14842
+msgid "Package that contains @code{bin/murmurd}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14843
+#, no-wrap
+msgid "@code{user} (default: @code{\"murmur\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14845
+msgid "User who will run the Murmur server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14846
+#, no-wrap
+msgid "@code{group} (default: @code{\"murmur\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14848
+msgid "Group of the user who will run the murmur server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14849
+#, no-wrap
+msgid "@code{port} (default: @code{64738})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14851
+msgid "Port on which the server will listen."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14852
+#, no-wrap
+msgid "@code{welcome-text} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14854
+msgid "Welcome text sent to clients when they connect."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14855
+#, no-wrap
+msgid "@code{server-password} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14857
+msgid "Password the clients have to enter in order to connect."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14858
+#, no-wrap
+msgid "@code{max-users} (default: @code{100})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14860
+msgid "Maximum of users that can be connected to the server at once."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14861
+#, no-wrap
+msgid "@code{max-user-bandwidth} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14863
+msgid "Maximum voice traffic a user can send per second."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14864
+#, no-wrap
+msgid "@code{database-file} (default: @code{\"/var/lib/murmur/db.sqlite\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14867
+msgid "File name of the sqlite database. The service's user will become the owner of the directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14868
+#, no-wrap
+msgid "@code{log-file} (default: @code{\"/var/log/murmur/murmur.log\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14871
+msgid "File name of the log file. The service's user will become the owner of the directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14872
+#, no-wrap
+msgid "@code{autoban-attempts} (default: @code{10})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14875
+msgid "Maximum number of logins a user can make in @code{autoban-timeframe} without getting auto banned for @code{autoban-time}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14876
+#, no-wrap
+msgid "@code{autoban-timeframe} (default: @code{120})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14878
+msgid "Timeframe for autoban in seconds."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14879
+#, no-wrap
+msgid "@code{autoban-time} (default: @code{300})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14882
+msgid "Amount of time in seconds for which a client gets banned when violating the autoban limits."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14883
+#, no-wrap
+msgid "@code{opus-threshold} (default: @code{100})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14886
+msgid "Percentage of clients that need to support opus before switching over to opus audio codec."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14887
+#, no-wrap
+msgid "@code{channel-nesting-limit} (default: @code{10})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14889
+msgid "How deep channels can be nested at maximum."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14890
+#, no-wrap
+msgid "@code{channelname-regex} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14892
+msgid "A string in from of a Qt regular expression that channel names must conform to."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14893
+#, no-wrap
+msgid "@code{username-regex} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14895
+msgid "A string in from of a Qt regular expression that user names must conform to."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14896
+#, no-wrap
+msgid "@code{text-message-length} (default: @code{5000})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14898
+msgid "Maximum size in bytes that a user can send in one text chat message."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14899
+#, no-wrap
+msgid "@code{image-message-length} (default: @code{(* 128 1024)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14901
+msgid "Maximum size in bytes that a user can send in one image message."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14902
+#, no-wrap
+msgid "@code{cert-required?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14905
+msgid ""
+"If it is set to @code{#t} clients that use weak password authentification will not be accepted. Users must have completed the "
+"certificate wizard to join."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14906
+#, no-wrap
+msgid "@code{remember-channel?} (defualt @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14909
+msgid ""
+"Should murmur remember the last channel each user was in when they disconnected and put them into the remembered channel when they "
+"rejoin."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14910
+#, no-wrap
+msgid "@code{allow-html?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14912
+msgid "Should html be allowed in text messages, user comments, and channel descriptions."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14913
+#, no-wrap
+msgid "@code{allow-ping?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14917
+msgid ""
+"Setting to true exposes the current user count, the maximum user count, and the server's maximum bandwidth per client to "
+"unauthenticated users. In the Mumble client, this information is shown in the Connect dialog."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14919
+msgid "Disabling this setting will prevent public listing of the server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14920
+#, no-wrap
+msgid "@code{bonjour?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14922
+msgid "Should the server advertise itself in the local network through the bonjour protocol."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14923
+#, no-wrap
+msgid "@code{send-version?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14925
+msgid "Should the murmur server version be exposed in ping requests."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14926
+#, no-wrap
+msgid "@code{log-days} (default: @code{31})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14930
+msgid ""
+"Murmur also stores logs in the database, which are accessible via RPC. The default is 31 days of months, but you can set this "
+"setting to 0 to keep logs forever, or -1 to disable logging to the database."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14931
+#, no-wrap
+msgid "@code{obfuscate-ips?} (default @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14933
+msgid "Should logged ips be obfuscated to protect the privacy of users."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14934
+#, no-wrap
+msgid "@code{ssl-cert} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14936
+msgid "File name of the SSL/TLS certificate used for encrypted connections."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14939
+#, no-wrap
+msgid "(ssl-cert \"/etc/letsencrypt/live/example.com/fullchain.pem\")\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14940
+#, no-wrap
+msgid "@code{ssl-key} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14942
+msgid "Filepath to the ssl private key used for encrypted connections."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:14944
+#, no-wrap
+msgid "(ssl-key \"/etc/letsencrypt/live/example.com/privkey.pem\")\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14946
+#, no-wrap
+msgid "@code{ssl-dh-params} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14951
+msgid ""
+"File name of a PEM-encoded file with Diffie-Hellman parameters for the SSL/TLS encryption. Alternatively you set it to "
+"@code{\"@@ffdhe2048\"}, @code{\"@@ffdhe3072\"}, @code{\"@@ffdhe4096\"}, @code{\"@@ffdhe6144\"} or @code{\"@@ffdhe8192\"} to use "
+"bundled parameters from RFC 7919."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14952
+#, no-wrap
+msgid "@code{ssl-ciphers} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14955
+msgid "The @code{ssl-ciphers} option chooses the cipher suites to make available for use in SSL/TLS."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14959
+msgid ""
+"This option is specified using @uref{https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT, OpenSSL cipher list "
+"notation}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14964
+msgid ""
+"It is recommended that you try your cipher string using 'openssl ciphers <string>' before setting it here, to get a feel for which "
+"cipher suites you will get. After setting this option, it is recommend that you inspect your Murmur log to ensure that Murmur is "
+"using the cipher suites that you expected it to."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14968
+msgid ""
+"Note: Changing this option may impact the backwards compatibility of your Murmur server, and can remove the ability for older Mumble "
+"clients to be able to connect to it."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14969
+#, no-wrap
+msgid "@code{public-registration} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14971
+msgid "Must be a @code{<murmur-public-registration-configuration>} record or @code{#f}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14976
+msgid ""
+"You can optionally register your server in the public server list that the @code{mumble} client shows on startup. You cannot "
+"register your server if you have set a @code{server-password}, or set @code{allow-ping} to @code{#f}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14978
+msgid "It might take a few hours until it shows up in the public list."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14979 doc/guix.texi:15550
+#, no-wrap
+msgid "@code{file} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14981
+msgid "Optional alternative override for this configuration."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14984
+#, no-wrap
+msgid "{Data Type} murmur-public-registration-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:14986
+msgid "Configuration for public registration of a murmur service."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14990
+msgid "This is a display name for your server. Not to be confused with the hostname."
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:14991 doc/guix.texi:19868
+#, no-wrap
+msgid "password"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14994
+msgid "A password to identify your registration. Subsequent updates will need the same password. Don't lose your password."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:14995
+#, no-wrap
+msgid "url"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:14998
+msgid "This should be a @code{http://} or @code{https://} link to your web site."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:14999
+#, no-wrap
+msgid "@code{hostname} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15002
+msgid "By default your server will be listed by its IP address. If it is set your server will be linked by this host name instead."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:15010
+#, no-wrap
+msgid "Tailon Service"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15014
+msgid "@uref{https://tailon.readthedocs.io/, Tailon} is a web application for viewing and searching log files."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15017
+msgid ""
+"The following example will configure the service with default values. By default, Tailon can be accessed on port 8080 (@code{http://"
+"localhost:8080})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15020
+#, no-wrap
+msgid "(service tailon-service-type)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15024
+msgid "The following example customises more of the Tailon configuration, adding @command{sed} to the list of allowed commands."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15031
+#, no-wrap
+msgid ""
+"(service tailon-service-type\n"
+" (tailon-configuration\n"
+" (config-file\n"
+" (tailon-configuration-file\n"
+" (allowed-commands '(\"tail\" \"grep\" \"awk\" \"sed\"))))))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15034
+#, no-wrap
+msgid "{Data Type} tailon-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15037
+msgid "Data type representing the configuration of Tailon. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15039
+#, no-wrap
+msgid "@code{config-file} (default: @code{(tailon-configuration-file)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15043
+msgid ""
+"The configuration file to use for Tailon. This can be set to a @dfn{tailon-configuration-file} record value, or any gexp (@pxref{G-"
+"Expressions})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15046
+msgid "For example, to instead use a local file, the @code{local-file} function can be used:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15051
+#, no-wrap
+msgid ""
+"(service tailon-service-type\n"
+" (tailon-configuration\n"
+" (config-file (local-file \"./my-tailon.conf\"))))\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15053
+#, no-wrap
+msgid "@code{package} (default: @code{tailon})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15055
+msgid "The tailon package to use."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15059
+#, no-wrap
+msgid "{Data Type} tailon-configuration-file"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15062
+msgid "Data type representing the configuration options for Tailon. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15064
+#, no-wrap
+msgid "@code{files} (default: @code{(list \"/var/log\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15069
+msgid ""
+"List of files to display. The list can include strings for a single file or directory, or a list, where the first item is the name "
+"of a subsection, and the remaining items are the files or directories in that subsection."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15070
+#, no-wrap
+msgid "@code{bind} (default: @code{\"localhost:8080\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15072
+msgid "Address and port to which Tailon should bind on."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15073
+#, no-wrap
+msgid "@code{relative-root} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15075
+msgid "URL path to use for Tailon, set to @code{#f} to not use a path."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15076
+#, no-wrap
+msgid "@code{allow-transfers?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15078
+msgid "Allow downloading the log files in the web interface."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15079
+#, no-wrap
+msgid "@code{follow-names?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15081
+msgid "Allow tailing of not-yet existent files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15082
+#, no-wrap
+msgid "@code{tail-lines} (default: @code{200})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15084
+msgid "Number of lines to read initially from each file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15085
+#, no-wrap
+msgid "@code{allowed-commands} (default: @code{(list \"tail\" \"grep\" \"awk\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15087
+msgid "Commands to allow running. By default, @code{sed} is disabled."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15088
+#, no-wrap
+msgid "@code{debug?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15090
+msgid "Set @code{debug?} to @code{#t} to show debug messages."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15091
+#, no-wrap
+msgid "@code{wrap-lines} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15095
+msgid ""
+"Initial line wrapping state in the web interface. Set to @code{#t} to initially wrap lines (the default), or to @code{#f} to "
+"initially not wrap lines."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15096
+#, no-wrap
+msgid "@code{http-auth} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15100
+msgid ""
+"HTTP authentication type to use. Set to @code{#f} to disable authentication (the default). Supported values are @code{\"digest\"} or "
+"@code{\"basic\"}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15101
+#, no-wrap
+msgid "@code{users} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15106
+msgid ""
+"If HTTP authentication is enabled (see @code{http-auth}), access will be restricted to the credentials provided here. To configure "
+"users, use a list of pairs, where the first element of the pair is the username, and the 2nd element of the pair is the password."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15112
+#, no-wrap
+msgid ""
+"(tailon-configuration-file\n"
+" (http-auth \"basic\")\n"
+" (users '((\"user1\" . \"password1\")\n"
+" (\"user2\" . \"password2\"))))\n"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:15118
+#, no-wrap
+msgid "Darkstat Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15119
+#, no-wrap
+msgid "darkstat"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15122
+msgid "Darkstat is a packet sniffer that captures network traffic, calculates statistics about usage, and serves reports over HTTP."
+msgstr ""
+
+#. type: defvar
+#: doc/guix.texi:15123
+#, no-wrap
+msgid "{Scheme Variable} darkstat-service-type"
+msgstr ""
+
+#. type: defvar
+#: doc/guix.texi:15128
+msgid ""
+"This is the service type for the @uref{https://unix4lyfe.org/darkstat/, darkstat} service, its value must be a @code{darkstat-"
+"configuration} record as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15133
+#, no-wrap
+msgid ""
+"(service darkstat-service-type\n"
+" (darkstat-configuration\n"
+" (interface \"eno1\")))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15136
+#, no-wrap
+msgid "{Data Type} darkstat-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15138
+msgid "Data type representing the configuration of @command{darkstat}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15140
+#, no-wrap
+msgid "@code{package} (default: @code{darkstat})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15142
+msgid "The darkstat package to use."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15143
+#, no-wrap
+msgid "interface"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15145
+msgid "Capture traffic on the specified network interface."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15146
+#, no-wrap
+msgid "@code{port} (default: @code{\"667\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15148
+msgid "Bind the web interface to the specified port."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15149
+#, no-wrap
+msgid "@code{bind-address} (default: @code{\"127.0.0.1\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15151
+msgid "Bind the web interface to the specified address."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15152
+#, no-wrap
+msgid "@code{base} (default: @code{\"/\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15155
+msgid "Specify the path of the base URL. This can be useful if @command{darkstat} is accessed via a reverse proxy."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15162
+#, no-wrap
+msgid "Kerberos"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15166
+msgid "The @code{(gnu services kerberos)} module provides services relating to the authentication protocol @dfn{Kerberos}."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:15167
+#, no-wrap
+msgid "Krb5 Service"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15174
+msgid ""
+"Programs using a Kerberos client library normally expect a configuration file in @file{/etc/krb5.conf}. This service generates such "
+"a file from a definition provided in the operating system declaration. It does not cause any daemon to be started."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15178
+msgid ""
+"No ``keytab'' files are provided by this service---you must explicitly create them. This service is known to work with the MIT "
+"client library, @code{mit-krb5}. Other implementations have not been tested."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15179
+#, no-wrap
+msgid "{Scheme Variable} krb5-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15181
+msgid "A service type for Kerberos 5 clients."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15185
+msgid "Here is an example of its use:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:15199
+#, no-wrap
+msgid ""
+"(service krb5-service-type\n"
+" (krb5-configuration\n"
+" (default-realm \"EXAMPLE.COM\")\n"
+" (allow-weak-crypto? #t)\n"
+" (realms (list\n"
+" (krb5-realm\n"
+" (name \"EXAMPLE.COM\")\n"
+" (admin-server \"groucho.example.com\")\n"
+" (kdc \"karl.example.com\"))\n"
+" (krb5-realm\n"
+" (name \"ARGRX.EDU\")\n"
+" (admin-server \"kerb-admin.argrx.edu\")\n"
+" (kdc \"keys.argrx.edu\"))))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15203
+msgid "This example provides a Kerberos@tie{}5 client configuration which:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15204
+#, no-wrap
+msgid "Recognizes two realms, @i{viz:} ``EXAMPLE.COM'' and ``ARGRX.EDU'', both"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:15206
+msgid "of which have distinct administration servers and key distribution centers;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15206
+#, no-wrap
+msgid "Will default to the realm ``EXAMPLE.COM'' if the realm is not explicitly"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:15208
+msgid "specified by clients;"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15208
+#, no-wrap
+msgid "Accepts services which only support encryption types known to be weak."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15216
+msgid ""
+"The @code{krb5-realm} and @code{krb5-configuration} types have many fields. Only the most commonly used ones are described here. "
+"For a full list, and more detailed explanation of each, see the MIT @uref{http://web.mit.edu/kerberos/krb5-devel/doc/admin/"
+"conf_files/krb5_conf.html,,krb5.conf} documentation."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15218
+#, no-wrap
+msgid "{Data Type} krb5-realm"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15219
+#, no-wrap
+msgid "realm, kerberos"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15225
+msgid ""
+"This field is a string identifying the name of the realm. A common convention is to use the fully qualified DNS name of your "
+"organization, converted to upper case."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15226
+#, no-wrap
+msgid "admin-server"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15229
+msgid "This field is a string identifying the host where the administration server is running."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15230
+#, no-wrap
+msgid "kdc"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15233
+msgid "This field is a string identifying the key distribution center for the realm."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15236
+#, no-wrap
+msgid "{Data Type} krb5-configuration"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15239
+#, no-wrap
+msgid "@code{allow-weak-crypto?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15242
+msgid "If this flag is @code{#t} then services which only offer encryption algorithms known to be weak will be accepted."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15243
+#, no-wrap
+msgid "@code{default-realm} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15250
+msgid ""
+"This field should be a string identifying the default Kerberos realm for the client. You should set this field to the name of your "
+"Kerberos realm. If this value is @code{#f} then a realm must be specified with every Kerberos principal when invoking programs such "
+"as @command{kinit}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15251
+#, no-wrap
+msgid "realms"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15256
+msgid ""
+"This should be a non-empty list of @code{krb5-realm} objects, which clients may access. Normally, one of them will have a "
+"@code{name} field matching the @code{default-realm} field."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:15260
+#, no-wrap
+msgid "PAM krb5 Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15261
+#, no-wrap
+msgid "pam-krb5"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15267
+msgid ""
+"The @code{pam-krb5} service allows for login authentication and password management via Kerberos. You will need this service if you "
+"want PAM enabled applications to authenticate users using Kerberos."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15268
+#, no-wrap
+msgid "{Scheme Variable} pam-krb5-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15270
+msgid "A service type for the Kerberos 5 PAM module."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15272
+#, no-wrap
+msgid "{Data Type} pam-krb5-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15275
+msgid "Data type representing the configuration of the Kerberos 5 PAM module This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15276
+#, no-wrap
+msgid "@code{pam-krb5} (default: @code{pam-krb5})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15278
+msgid "The pam-krb5 package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15279
+#, no-wrap
+msgid "@code{minimum-uid} (default: @code{1000})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15282
+msgid ""
+"The smallest user ID for which Kerberos authentications should be attempted. Local accounts with lower values will silently fail to "
+"authenticate."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15289
+#, no-wrap
+msgid "web"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15290
+#, no-wrap
+msgid "www"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15291
+#, no-wrap
+msgid "HTTP"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15294
+msgid "The @code{(gnu services web)} module provides the Apache HTTP Server, the nginx web server, and also a fastcgi wrapper daemon."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:15295
+#, no-wrap
+msgid "Apache HTTP Server"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15297
+#, no-wrap
+msgid "{Scheme Variable} httpd-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15301
+msgid ""
+"Service type for the @uref{https://httpd.apache.org/,Apache HTTP} server (@dfn{httpd}). The value for this service type is a "
+"@code{https-configuration} record."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15303 doc/guix.texi:15454
+msgid "A simple example configuration is given below."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15311
+#, no-wrap
+msgid ""
+"(service httpd-service-type\n"
+" (httpd-configuration\n"
+" (config\n"
+" (httpd-config-file\n"
+" (server-name \"www.example.com\")\n"
+" (document-root \"/srv/http/www.example.com\")))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15315
+msgid "Other services can also extend the @code{httpd-service-type} to add to the configuration."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15324 doc/guix.texi:15434
+#, no-wrap
+msgid ""
+"(simple-service 'my-extra-server httpd-service-type\n"
+" (list\n"
+" (httpd-virtualhost\n"
+" \"*:80\"\n"
+" (list (string-append\n"
+" \"ServerName \"www.example.com\n"
+" DocumentRoot \\\"/srv/http/www.example.com\\\"\")))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15330
+msgid ""
+"The details for the @code{httpd-configuration}, @code{httpd-module}, @code{httpd-config-file} and @code{httpd-virtualhost} record "
+"types are given below."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15331
+#, no-wrap
+msgid "{Data Type} httpd-configuration"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15333
+msgid "This data type represents the configuration for the httpd service."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15335
+#, no-wrap
+msgid "@code{package} (default: @code{httpd})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15337
+msgid "The httpd package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15338 doc/guix.texi:15397
+#, no-wrap
+msgid "@code{pid-file} (default: @code{\"/var/run/httpd\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15340
+msgid "The pid file used by the shepherd-service."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15341
+#, no-wrap
+msgid "@code{config} (default: @code{(httpd-config-file)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15346
+msgid ""
+"The configuration file to use with the httpd service. The default value is a @code{httpd-config-file} record, but this can also be a "
+"different G-expression that generates a file, for example a @code{plain-file}. A file outside of the store can also be specified "
+"through a string."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15350
+#, no-wrap
+msgid "{Data Type} httpd-module"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15352
+msgid "This data type represents a module for the httpd service."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15356
+msgid "The name of the module."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15362
+msgid ""
+"The file for the module. This can be relative to the httpd package being used, the absolute location of a file, or a G-expression "
+"for a file within the store, for example @code{(file-append mod-wsgi \"/modules/mod_wsgi.so\")}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15366
+#, no-wrap
+msgid "{Data Type} httpd-config-file"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15368
+msgid "This data type represents a configuration file for the httpd service."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15370
+#, no-wrap
+msgid "@code{modules} (default: @code{%default-httpd-modules})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15373
+msgid "The modules to load. Additional modules can be added here, or loaded by additional configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15374
+#, no-wrap
+msgid "@code{server-root} (default: @code{httpd})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15378
+msgid ""
+"The @code{ServerRoot} in the configuration file, defaults to the httpd package. Directives including @code{Include} and "
+"@code{LoadModule} are taken as relative to the server root."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15379
+#, no-wrap
+msgid "@code{server-name} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15383
+msgid ""
+"The @code{ServerName} in the configuration file, used to specify the request scheme, hostname and port that the server uses to "
+"identify itself."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15387
+msgid ""
+"This doesn't need to be set in the server config, and can be specifyed in virtual hosts. The default is @code{#f} to not specify a "
+"@code{ServerName}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15388
+#, no-wrap
+msgid "@code{document-root} (default: @code{\"/srv/http\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15390
+msgid "The @code{DocumentRoot} from which files will be served."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15391
+#, no-wrap
+msgid "@code{listen} (default: @code{'(\"80\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15396
+msgid ""
+"The list of values for the @code{Listen} directives in the config file. The value should be a list of strings, when each string can "
+"specify the port number to listen on, and optionally the IP address and protocol to use."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15401
+msgid ""
+"The @code{PidFile} to use. This should match the @code{pid-file} set in the @code{httpd-configuration} so that the Shepherd service "
+"is configured correctly."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15402
+#, no-wrap
+msgid "@code{error-log} (default: @code{\"/var/log/httpd/error_log\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15404
+msgid "The @code{ErrorLog} to which the server will log errors."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15405
+#, no-wrap
+msgid "@code{user} (default: @code{\"httpd\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15407
+msgid "The @code{User} which the server will answer requests as."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15408
+#, no-wrap
+msgid "@code{group} (default: @code{\"httpd\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15410
+msgid "The @code{Group} which the server will answer requests as."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15411
+#, no-wrap
+msgid "@code{extra-config} (default: @code{(list \"TypesConfig etc/httpd/mime.types\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15414
+msgid "A flat list of strings and G-expressions which will be added to the end of the configuration file."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15417
+msgid "Any values which the service is extended with will be appended to this list."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15421
+#, no-wrap
+msgid "{Data Type} httpd-virtualhost"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15423
+msgid "This data type represents a virtualhost configuration block for the httpd service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15425
+msgid "These should be added to the extra-config for the httpd-service."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15437
+#, no-wrap
+msgid "addresses-and-ports"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15439
+msgid "The addresses and ports for the @code{VirtualHost} directive."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15440
+#, no-wrap
+msgid "contents"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15443
+msgid "The contents of the @code{VirtualHost} directive, this should be a list of strings and G-expressions."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:15447
+#, no-wrap
+msgid "NGINX"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15449
+#, no-wrap
+msgid "{Scheme Variable} nginx-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15452
+msgid ""
+"Service type for the @uref{https://nginx.org/,NGinx} web server. The value for this service type is a @code{<nginx-configuration>} "
+"record."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15462 doc/guix.texi:15516
+#, no-wrap
+msgid ""
+"(service nginx-service-type\n"
+" (nginx-configuration\n"
+" (server-blocks\n"
+" (list (nginx-server-configuration\n"
+" (server-name '(\"www.example.com\"))\n"
+" (root \"/srv/http/www.example.com\"))))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15467
+msgid ""
+"In addition to adding server blocks to the service configuration directly, this service can be extended by other services to add "
+"server blocks, as in this example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15473
+#, no-wrap
+msgid ""
+"(simple-service 'my-extra-server nginx-service-type\n"
+" (list (nginx-server-configuration\n"
+" (root \"/srv/http/extra-website\")\n"
+" (try-files (list \"$uri\" \"$uri/index.html\")))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15484
+msgid ""
+"At startup, @command{nginx} has not yet read its configuration file, so it uses a default file to log error messages. If it fails "
+"to load its configuration file, that is where error messages are logged. After the configuration file is loaded, the default error "
+"log file changes as per configuration. In our case, startup error messages can be found in @file{/var/run/nginx/logs/error.log}, "
+"and after configuration in @file{/var/log/nginx/error.log}. The second location can be changed with the @var{log-directory} "
+"configuration option."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15485
+#, no-wrap
+msgid "{Data Type} nginx-configuration"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15489
+msgid ""
+"This data type represents the configuration for NGinx. Some configuration can be done through this and the other provided record "
+"types, or alternatively, a config file can be provided."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15491
+#, no-wrap
+msgid "@code{nginx} (default: @code{nginx})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15493
+msgid "The nginx package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15494
+#, no-wrap
+msgid "@code{log-directory} (default: @code{\"/var/log/nginx\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15496
+msgid "The directory to which NGinx will write log files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15497
+#, no-wrap
+msgid "@code{run-directory} (default: @code{\"/var/run/nginx\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15500
+msgid "The directory in which NGinx will create a pid file, and write temporary files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15501
+#, no-wrap
+msgid "@code{server-blocks} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15505
+msgid ""
+"A list of @dfn{server blocks} to create in the generated configuration file, the elements should be of type @code{<nginx-server-"
+"configuration>}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15509
+msgid ""
+"The following example would setup NGinx to serve @code{www.example.com} from the @code{/srv/http/www.example.com} directory, without "
+"using HTTPS."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15518
+#, no-wrap
+msgid "@code{upstream-blocks} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15522
+msgid ""
+"A list of @dfn{upstream blocks} to create in the generated configuration file, the elements should be of type @code{<nginx-upstream-"
+"configuration>}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15529
+msgid ""
+"Configuring upstreams through the @code{upstream-blocks} can be useful when combined with @code{locations} in the @code{<nginx-"
+"server-configuration>} records. The following example creates a server configuration with one location configuration, that will "
+"proxy requests to a upstream configuration, which will handle requests with two servers."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15548
+#, no-wrap
+msgid ""
+"(service\n"
+" nginx-service-type\n"
+" (nginx-configuration\n"
+" (server-blocks\n"
+" (list (nginx-server-configuration\n"
+" (server-name '(\"www.example.com\"))\n"
+" (root \"/srv/http/www.example.com\")\n"
+" (locations\n"
+" (list\n"
+" (nginx-location-configuration\n"
+" (uri \"/path1\")\n"
+" (body '(\"proxy_pass http://server-proxy;\"))))))))\n"
+" (upstream-blocks\n"
+" (list (nginx-upstream-configuration\n"
+" (name \"server-proxy\")\n"
+" (servers (list \"server1.example.com\"\n"
+" \"server2.example.com\")))))))\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15556
+msgid ""
+"If a configuration @var{file} is provided, this will be used, rather than generating a configuration file from the provided "
+"@code{log-directory}, @code{run-directory}, @code{server-blocks} and @code{upstream-blocks}. For proper operation, these arguments "
+"should match what is in @var{file} to ensure that the directories are created when the service is activated."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15560
+msgid ""
+"This can be useful if you have an existing configuration file, or it's not possible to do what is required through the other parts "
+"of the nginx-configuration record."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15561
+#, no-wrap
+msgid "@code{server-names-hash-bucket-size} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15564
+msgid "Bucket size for the server names hash tables, defaults to @code{#f} to use the size of the processors cache line."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15565
+#, no-wrap
+msgid "@code{server-names-hash-bucket-max-size} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15567
+msgid "Maximum bucket size for the server names hash tables."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15571
+#, no-wrap
+msgid "{Data Type} nginx-server-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15574
+msgid "Data type representing the configuration of an nginx server block. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15576
+#, no-wrap
+msgid "@code{listen} (default: @code{'(\"80\" \"443 ssl\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15581
+msgid ""
+"Each @code{listen} directive sets the address and port for IP, or the path for a UNIX-domain socket on which the server will accept "
+"requests. Both address and port, or only address or only port can be specified. An address may also be a hostname, for example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15584
+#, no-wrap
+msgid "'(\"127.0.0.1:8000\" \"127.0.0.1\" \"8000\" \"*:8000\" \"localhost:8000\")\n"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15586
+#, no-wrap
+msgid "@code{server-name} (default: @code{(list 'default)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15589
+msgid ""
+"A list of server names this server represents. @code{'default} represents the default server for connections matching no other "
+"server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15590
+#, no-wrap
+msgid "@code{root} (default: @code{\"/srv/http\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15592
+msgid "Root of the website nginx will serve."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15593
+#, no-wrap
+msgid "@code{locations} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15597
+msgid ""
+"A list of @dfn{nginx-location-configuration} or @dfn{nginx-named-location-configuration} records to use within this server block."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15598
+#, no-wrap
+msgid "@code{index} (default: @code{(list \"index.html\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15601
+msgid ""
+"Index files to look for when clients ask for a directory. If it cannot be found, Nginx will send the list of files in the directory."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15602
+#, no-wrap
+msgid "@code{try-files} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15605
+msgid ""
+"A list of files whose existence is checked in the specified order. @code{nginx} will use the first file it finds to process the "
+"request."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15606
+#, no-wrap
+msgid "@code{ssl-certificate} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15609
+msgid ""
+"Where to find the certificate for secure connections. Set it to @code{#f} if you don't have a certificate or you don't want to use "
+"HTTPS."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15610
+#, no-wrap
+msgid "@code{ssl-certificate-key} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15613
+msgid ""
+"Where to find the private key for secure connections. Set it to @code{#f} if you don't have a key or you don't want to use HTTPS."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15614
+#, no-wrap
+msgid "@code{server-tokens?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15616
+msgid "Whether the server should add its configuration to response."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15617
+#, no-wrap
+msgid "@code{raw-content} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15619
+msgid "A list of raw lines added to the server block."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15623
+#, no-wrap
+msgid "{Data Type} nginx-upstream-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15626
+msgid "Data type representing the configuration of an nginx @code{upstream} block. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15630
+msgid "Name for this group of servers."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15631
+#, no-wrap
+msgid "servers"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15638
+msgid ""
+"Specify the addresses of the servers in the group. The address can be specified as a IP address (e.g. @samp{127.0.0.1}), domain "
+"name (e.g. @samp{backend1.example.com}) or a path to a UNIX socket using the prefix @samp{unix:}. For addresses using an IP address "
+"or domain name, the default port is 80, and a different port can be specified explicitly."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15642
+#, no-wrap
+msgid "{Data Type} nginx-location-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15645
+msgid "Data type representing the configuration of an nginx @code{location} block. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15649
+msgid "URI which this location block matches."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:15651
+msgid "nginx-location-configuration body"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15651 doc/guix.texi:15672
+#, no-wrap
+msgid "body"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15658
+msgid ""
+"Body of the location block, specified as a list of strings. This can contain many configuration directives. For example, to pass "
+"requests to a upstream server group defined using an @code{nginx-upstream-configuration} block, the following directive would be "
+"specified in the body @samp{(list \"proxy_pass http://upstream-name;\")}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15662
+#, no-wrap
+msgid "{Data Type} nginx-named-location-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15667
+msgid ""
+"Data type representing the configuration of an nginx named location block. Named location blocks are used for request redirection, "
+"and not used for regular request processing. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15671
+msgid "Name to identify this location block."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15677
+msgid ""
+"@xref{nginx-location-configuration body}, as the body for named location blocks can be used in a similar way to the @code{nginx-"
+"location-configuration body}. One restriction is that the body of a named location block cannot contain location blocks."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15681
+#, no-wrap
+msgid "fastcgi"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15682
+#, no-wrap
+msgid "fcgiwrap"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15689
+msgid ""
+"FastCGI is an interface between the front-end and the back-end of a web service. It is a somewhat legacy facility; new web services "
+"should generally just talk HTTP between the front-end and the back-end. However there are a number of back-end services such as PHP "
+"or the optimized HTTP Git repository access that use FastCGI, so we have support for it in Guix."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15696
+msgid ""
+"To use FastCGI, you configure the front-end web server (e.g., nginx) to dispatch some subset of its requests to the fastcgi backend, "
+"which listens on a local TCP or UNIX socket. There is an intermediary @code{fcgiwrap} program that sits between the actual backend "
+"process and the web server. The front-end indicates which backend program to run, passing that information to the @code{fcgiwrap} "
+"process."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15697
+#, no-wrap
+msgid "{Scheme Variable} fcgiwrap-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15699
+msgid "A service type for the @code{fcgiwrap} FastCGI proxy."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15701
+#, no-wrap
+msgid "{Data Type} fcgiwrap-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15704
+msgid "Data type representing the configuration of the @code{fcgiwrap} serice. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15705
+#, no-wrap
+msgid "@code{package} (default: @code{fcgiwrap})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15707
+msgid "The fcgiwrap package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15708
+#, no-wrap
+msgid "@code{socket} (default: @code{tcp:127.0.0.1:9000})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15714
+msgid ""
+"The socket on which the @code{fcgiwrap} process should listen, as a string. Valid @var{socket} values include @code{unix:@var{/path/"
+"to/unix/socket}}, @code{tcp:@var{dot.ted.qu.ad}:@var{port}} and @code{tcp6:[@var{ipv6_addr}]:port}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15715
+#, no-wrap
+msgid "@code{user} (default: @code{fcgiwrap})"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:15716
+#, no-wrap
+msgid "@code{group} (default: @code{fcgiwrap})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15721
+msgid ""
+"The user and group names, as strings, under which to run the @code{fcgiwrap} process. The @code{fastcgi} service will ensure that "
+"if the user asks for the specific user or group names @code{fcgiwrap} that the corresponding user and/or group is present on the "
+"system."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15728
+msgid ""
+"It is possible to configure a FastCGI-backed web service to pass HTTP authentication information from the front-end to the back-end, "
+"and to allow @code{fcgiwrap} to run the back-end process as a corresponding local user. To enable this capability on the back-end., "
+"run @code{fcgiwrap} as the @code{root} user and group. Note that this capability also has to be configured on the front-end as well."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15731
+#, no-wrap
+msgid "php-fpm"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15734
+msgid ""
+"PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any "
+"size."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15736
+msgid "These features include:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15737
+#, no-wrap
+msgid "Adaptive process spawning"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15738
+#, no-wrap
+msgid "Basic statistics (similar to Apache's mod_status)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15739
+#, no-wrap
+msgid "Advanced process management with graceful stop/start"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15740
+#, no-wrap
+msgid "Ability to start workers with different uid/gid/chroot/environment"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:15742
+msgid "and different php.ini (replaces safe_mode)"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15742
+#, no-wrap
+msgid "Stdout & stderr logging"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15743
+#, no-wrap
+msgid "Emergency restart in case of accidental opcode cache destruction"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15744
+#, no-wrap
+msgid "Accelerated upload support"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15745
+#, no-wrap
+msgid "Support for a \"slowlog\""
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15746
+#, no-wrap
+msgid "Enhancements to FastCGI, such as fastcgi_finish_request() -"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:15749
+msgid ""
+"a special function to finish request & flush all data while continuing to do something time-consuming (video converting, stats "
+"processing, etc.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15751
+msgid "... and much more."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15752
+#, no-wrap
+msgid "{Scheme Variable} php-fpm-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15754
+msgid "A Service type for @code{php-fpm}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15756
+#, no-wrap
+msgid "{Data Type} php-fpm-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15758
+msgid "Data Type for php-fpm service configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15759
+#, no-wrap
+msgid "@code{php} (default: @code{php})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15761
+msgid "The php package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15761
+#, no-wrap
+msgid "@code{socket} (default: @code{(string-append \"/var/run/php\" (version-major (package-version php)) \"-fpm.sock\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15763
+msgid "The address on which to accept FastCGI requests. Valid syntaxes are:"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15764
+#, no-wrap
+msgid "\"ip.add.re.ss:port\""
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15766
+msgid "Listen on a TCP socket to a specific address on a specific port."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15766
+#, no-wrap
+msgid "\"port\""
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15768
+msgid "Listen on a TCP socket to all addresses on a specific port."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15768
+#, no-wrap
+msgid "\"/path/to/unix/socket\""
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15770
+msgid "Listen on a unix socket."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15772
+#, no-wrap
+msgid "@code{user} (default: @code{php-fpm})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15774
+msgid "User who will own the php worker processes."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15774
+#, no-wrap
+msgid "@code{group} (default: @code{php-fpm})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15776
+msgid "Group of the worker processes."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15776
+#, no-wrap
+msgid "@code{socket-user} (default: @code{php-fpm})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15778
+msgid "User who can speak to the php-fpm socket."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15778
+#, no-wrap
+msgid "@code{socket-group} (default: @code{php-fpm})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15780
+msgid "Group that can speak to the php-fpm socket."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15780
+#, no-wrap
+msgid "@code{pid-file} (default: @code{(string-append \"/var/run/php\" (version-major (package-version php)) \"-fpm.pid\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15783
+msgid "The process id of the php-fpm process is written to this file once the service has started."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15783
+#, no-wrap
+msgid "@code{log-file} (default: @code{(string-append \"/var/log/php\" (version-major (package-version php)) \"-fpm.log\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15785
+msgid "Log for the php-fpm master process."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15785
+#, no-wrap
+msgid "@code{process-manager} (default: @code{(php-fpm-dynamic-process-manager-configuration)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15788
+msgid "Detailed settings for the php-fpm process manager. Must be either:"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15789
+#, no-wrap
+msgid "<php-fpm-dynamic-process-manager-configuration>"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15790
+#, no-wrap
+msgid "<php-fpm-static-process-manager-configuration>"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:15791
+#, no-wrap
+msgid "<php-fpm-on-demand-process-manager-configuration>"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15793
+#, no-wrap
+msgid "@code{display-errors} (default @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15798
+msgid ""
+"Determines whether php errors and warning should be sent to clients and displayed in their browsers. This is useful for local php "
+"development, but a security risk for public sites, as error messages can reveal passwords and personal data."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15798
+#, no-wrap
+msgid "@code{workers-logfile} (default @code{(string-append \"/var/log/php\" (version-major (package-version php)) \"-fpm.www.log\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15801
+msgid "This file will log the @code{stderr} outputs of php worker processes. Can be set to @code{#f} to disable logging."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15801
+#, no-wrap
+msgid "@code{file} (default @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15804
+msgid ""
+"An optional override of the whole configuration. You can use the @code{mixed-text-file} function or an absolute filepath for it."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15807
+#, no-wrap
+msgid "{Data type} php-fpm-dynamic-process-manager-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15811
+msgid ""
+"Data Type for the @code{dynamic} php-fpm process manager. With the @code{dynamic} process manager, spare worker processes are kept "
+"around based on it's configured limits."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15812 doc/guix.texi:15828 doc/guix.texi:15838
+#, no-wrap
+msgid "@code{max-children} (default: @code{5})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15814 doc/guix.texi:15830 doc/guix.texi:15840
+msgid "Maximum of worker processes."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15814
+#, no-wrap
+msgid "@code{start-servers} (default: @code{2})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15816
+msgid "How many worker processes should be started on start-up."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15816
+#, no-wrap
+msgid "@code{min-spare-servers} (default: @code{1})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15818
+msgid "How many spare worker processes should be kept around at minimum."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15818
+#, no-wrap
+msgid "@code{max-spare-servers} (default: @code{3})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15820
+msgid "How many spare worker processes should be kept around at maximum."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15823
+#, no-wrap
+msgid "{Data type} php-fpm-static-process-manager-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15827
+msgid ""
+"Data Type for the @code{static} php-fpm process manager. With the @code{static} process manager, an unchanging number of worker "
+"processes are created."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15833
+#, no-wrap
+msgid "{Data type} php-fpm-on-demand-process-manager-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15837
+msgid ""
+"Data Type for the @code{on-demand} php-fpm process manager. With the @code{on-demand} process manager, worker processes are only "
+"created as requests arrive."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15840
+#, no-wrap
+msgid "@code{process-idle-timeout} (default: @code{10})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15842
+msgid "The time in seconds after which a process with no requests is killed."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15846
+#, no-wrap
+msgid "{Scheme Procedure} nginx-php-fpm-location @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15852
+msgid ""
+"[#:nginx-package nginx] @ [socket (string-append \"/var/run/php\" @ (version-major (package-version php)) @ \"-fpm.sock\")] A helper "
+"function to quickly add php to an @code{nginx-server-configuration}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15855
+msgid "A simple services setup for nginx with php can look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15868
+#, no-wrap
+msgid ""
+"(services (cons* (dhcp-client-service)\n"
+" (service php-fpm-service-type)\n"
+" (service nginx-service-type\n"
+" (nginx-server-configuration\n"
+" (server-name '(\"example.com\"))\n"
+" (root \"/srv/http/\")\n"
+" (locations\n"
+" (list (nginx-php-location)))\n"
+" (https-port #f)\n"
+" (ssl-certificate #f)\n"
+" (ssl-certificate-key #f)))\n"
+" %base-services))\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15870
+#, no-wrap
+msgid "cat-avatar-generator"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15874
+msgid ""
+"The cat avatar generator is a simple service to demonstrate the use of php-fpm in @code{Nginx}. It is used to generate cat avatar "
+"from a seed, for instance the hash of a user's email address."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15875
+#, no-wrap
+msgid "{Scheme Procedure} cat-avatar-generator-serice @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:15883
+msgid ""
+"[#:cache-dir \"/var/cache/cat-avatar-generator\"] @ [#:package cat-avatar-generator] @ [#:configuration (nginx-server-"
+"configuration)] Returns an nginx-server-configuration that inherits @code{configuration}. It extends the nginx configuration to add "
+"a server block that serves @code{package}, a version of cat-avatar-generator. During execution, cat-avatar-generator will be able "
+"to use @code{cache-dir} as its cache directory."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15886
+msgid "A simple setup for cat-avatar-generator can look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15893
+#, no-wrap
+msgid ""
+"(services (cons* (cat-avatar-generator-service\n"
+" #:configuration\n"
+" (nginx-server-configuration\n"
+" (server-name '(\"example.com\"))))\n"
+" ...\n"
+" %base-services))\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15898
+#, no-wrap
+msgid "Web"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15899
+#, no-wrap
+msgid "HTTP, HTTPS"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15900
+#, no-wrap
+msgid "Let's Encrypt"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:15901
+#, no-wrap
+msgid "TLS certificates"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15908
+msgid ""
+"The @code{(gnu services certbot)} module provides a service to automatically obtain a valid TLS certificate from the Let's Encrypt "
+"certificate authority. These certificates can then be used to serve content securely over HTTPS or other TLS-based protocols, with "
+"the knowledge that the client will be able to verify the server's authenticity."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15920
+msgid ""
+"@url{https://letsencrypt.org/, Let's Encrypt} provides the @code{certbot} tool to automate the certification process. This tool "
+"first securely generates a key on the server. It then makes a request to the Let's Encrypt certificate authority (CA) to sign the "
+"key. The CA checks that the request originates from the host in question by using a challenge-response protocol, requiring the "
+"server to provide its response over HTTP. If that protocol completes successfully, the CA signs the key, resulting in a "
+"certificate. That certificate is valid for a limited period of time, and therefore to continue to provide TLS services, the server "
+"needs to periodically ask the CA to renew its signature."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15927
+msgid ""
+"The certbot service automates this process: the initial key generation, the initial certification request to the Let's Encrypt "
+"service, the web server challenge/response integration, writing the certificate to disk, the automated periodic renewals, and the "
+"deployment tasks associated with the renewal (e.g. reloading services, copying keys with different permissions)."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15933
+msgid ""
+"Certbot is run twice a day, at a random minute within the hour. It won't do anything until your certificates are due for renewal or "
+"revoked, but running it regularly would give your service a chance of staying online in case a Let's Encrypt-initiated revocation "
+"happened for some reason."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:15937
+msgid ""
+"By using this service, you agree to the ACME Subscriber Agreement, which can be found there: @url{https://acme-v01.api.letsencrypt."
+"org/directory}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15938
+#, no-wrap
+msgid "{Scheme Variable} certbot-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15941
+msgid ""
+"A service type for the @code{certbot} Let's Encrypt client. Its value must be a @code{certbot-configuration} record as in this "
+"example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15948
+#, no-wrap
+msgid ""
+"(define %nginx-deploy-hook\n"
+" (program-file\n"
+" \"nginx-deploy-hook\"\n"
+" #~(let ((pid (call-with-input-file \"/var/run/nginx/pid\" read)))\n"
+" (kill pid SIGHUP))))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:15959
+#, no-wrap
+msgid ""
+"(service certbot-service-type\n"
+" (certbot-configuration\n"
+" (email \"foo@@example.net\")\n"
+" (certificates\n"
+" (list\n"
+" (certificate-configuration\n"
+" (domains '(\"example.net\" \"www.example.net\"))\n"
+" (deploy-hook %nginx-deploy-hook))\n"
+" (certificate-configuration\n"
+" (domains '(\"bar.example.net\")))))))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:15962
+msgid "See below for details about @code{certbot-configuration}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15964
+#, no-wrap
+msgid "{Data Type} certbot-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:15967
+msgid "Data type representing the configuration of the @code{certbot} service. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15969
+#, no-wrap
+msgid "@code{package} (default: @code{certbot})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15971
+msgid "The certbot package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15972
+#, no-wrap
+msgid "@code{webroot} (default: @code{/var/www})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15975
+msgid "The directory from which to serve the Let's Encrypt challenge/response files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15976
+#, no-wrap
+msgid "@code{certificates} (default: @code{()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15980
+msgid ""
+"A list of @code{certificates-configuration}s for which to generate certificates and request signatures. Each certificate has a "
+"@code{name} and several @code{domains}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15984
+msgid "Mandatory email used for registration, recovery contact, and important account notifications."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15985
+#, no-wrap
+msgid "@code{rsa-key-size} (default: @code{2048})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15987
+msgid "Size of the RSA key."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:15988
+#, no-wrap
+msgid "@code{default-location} (default: @i{see below})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:15997
+msgid ""
+"The default @code{nginx-location-configuration}. Because @code{certbot} needs to be able to serve challenges and responses, it "
+"needs to be able to run a web server. It does so by extending the @code{nginx} web service with an @code{nginx-server-"
+"configuration} listening on the @var{domains} on port 80, and which has a @code{nginx-location-configuration} for the @code{/.well-"
+"known/} URI path subspace used by Let's Encrypt. @xref{Web Services}, for more on these nginx configuration data types."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16001
+msgid ""
+"Requests to other URL paths will be matched by the @code{default-location}, which if present is added to all @code{nginx-server-"
+"configuration}s."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16005
+msgid ""
+"By default, the @code{default-location} will issue a redirect from @code{http://@var{domain}/...} to @code{https://"
+"@var{domain}/...}, leaving you to define what to serve on your site via @code{https}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16007
+msgid "Pass @code{#f} to not issue a default location."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16010
+#, no-wrap
+msgid "{Data Type} certificate-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16013
+msgid "Data type representing the configuration of a certificate. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16015
+#, no-wrap
+msgid "@code{name} (default: @i{see below})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16019
+msgid ""
+"This name is used by Certbot for housekeeping and in file paths; it doesn't affect the content of the certificate itself. To see "
+"certificate names, run @code{certbot certificates}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16021
+msgid "Its default is the first provided domain."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16022
+#, no-wrap
+msgid "@code{domains} (default: @code{()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16025
+msgid ""
+"The first domain provided will be the subject CN of the certificate, and all domains will be Subject Alternative Names on the "
+"certificate."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16026
+#, no-wrap
+msgid "@code{deploy-hook} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16034
+msgid ""
+"Command to be run in a shell once for each successfully issued certificate. For this command, the shell variable "
+"@code{$RENEWED_LINEAGE} will point to the config live subdirectory (for example, @samp{\"/etc/letsencrypt/live/example.com\"}) "
+"containing the new certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will contain a space-delimited list of renewed "
+"certificate domains (for example, @samp{\"example.com www.example.com\"}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16041
+msgid ""
+"For each @code{certificate-configuration}, the certificate is saved to @code{/etc/letsencrypt/live/@var{name}/fullchain.pem} and the "
+"key is saved to @code{/etc/letsencrypt/live/@var{name}/privkey.pem}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16043
+#, no-wrap
+msgid "DNS (domain name system)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16044
+#, no-wrap
+msgid "domain name system (DNS)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16050
+msgid ""
+"The @code{(gnu services dns)} module provides services related to the @dfn{domain name system} (DNS). It provides a server service "
+"for hosting an @emph{authoritative} DNS server for multiple zones, slave or master. This service uses @uref{https://www.knot-dns."
+"cz/, Knot DNS}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16053
+msgid "An example configuration of an authoritative server for two zones, one master and one slave, is:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:16060
+#, no-wrap
+msgid ""
+"(define-zone-entries example.org.zone\n"
+";; Name TTL Class Type Data\n"
+" (\"@@\" \"\" \"IN\" \"A\" \"127.0.0.1\")\n"
+" (\"@@\" \"\" \"IN\" \"NS\" \"ns\")\n"
+" (\"ns\" \"\" \"IN\" \"A\" \"127.0.0.1\"))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:16067
+#, no-wrap
+msgid ""
+"(define master-zone\n"
+" (knot-zone-configuration\n"
+" (domain \"example.org\")\n"
+" (zone (zone-file\n"
+" (origin \"example.org\")\n"
+" (entries example.org.zone)))))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:16073
+#, no-wrap
+msgid ""
+"(define slave-zone\n"
+" (knot-zone-configuration\n"
+" (domain \"plop.org\")\n"
+" (dnssec-policy \"default\")\n"
+" (master (list \"plop-master\"))))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:16078
+#, no-wrap
+msgid ""
+"(define plop-master\n"
+" (knot-remote-configuration\n"
+" (id \"plop-master\")\n"
+" (address (list \"208.76.58.171\"))))\n"
+"\n"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:16087
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; ...\n"
+" (services (cons* (service knot-service-type\n"
+" (knot-configuration\n"
+" (remotes (list plop-master))\n"
+" (zones (list master-zone slave-zone))))\n"
+" ;; ...\n"
+" %base-services)))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16089
+#, no-wrap
+msgid "{Scheme Variable} knot-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16091
+msgid "This is the type for the Knot DNS server."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16099
+msgid ""
+"Knot DNS is an authoritative DNS server, meaning that it can serve multiple zones, that is to say domain names you would buy from a "
+"registrar. This server is not a resolver, meaning that it can only resolve names for which it is authoritative. This server can be "
+"configured to serve zones as a master server or a slave server as a per-zone basis. Slave zones will get their data from masters, "
+"and will serve it as an authoritative server. From the point of view of a resolver, there is no difference between master and slave."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16101
+msgid "The following data types are used to configure the Knot DNS server:"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16103
+#, no-wrap
+msgid "{Data Type} knot-key-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16106
+msgid "Data type representing a key. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16108 doc/guix.texi:16128 doc/guix.texi:16243 doc/guix.texi:16269 doc/guix.texi:16304
+#, no-wrap
+msgid "@code{id} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16111
+msgid "An identifier for other configuration fields to refer to this key. IDs must be unique and must not be empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16112
+#, no-wrap
+msgid "@code{algorithm} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16116
+msgid ""
+"The algorithm to use. Choose between @code{#f}, @code{'hmac-md5}, @code{'hmac-sha1}, @code{'hmac-sha224}, @code{'hmac-sha256}, "
+"@code{'hmac-sha384} and @code{'hmac-sha512}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16117
+#, no-wrap
+msgid "@code{secret} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16119
+msgid "The secret key itself."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16123
+#, no-wrap
+msgid "{Data Type} knot-acl-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16126
+msgid "Data type representing an Access Control List (ACL) configuration. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16131
+msgid "An identifier for ether configuration fields to refer to this key. IDs must be unique and must not be empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16132 doc/guix.texi:16247
+#, no-wrap
+msgid "@code{address} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16136
+msgid ""
+"An ordered list of IP addresses, network subnets, or network ranges represented with strings. The query must match one of them. "
+"Empty value means that address match is not required."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16137
+#, no-wrap
+msgid "@code{key} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16141
+msgid ""
+"An ordered list of references to keys represented with strings. The string must match a key ID defined in a @code{knot-key-"
+"configuration}. No key means that a key is not require to match that ACL."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16142
+#, no-wrap
+msgid "@code{action} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16146
+msgid ""
+"An ordered list of actions that are permitted or forbidden by this ACL. Possible values are lists of zero or more elements from "
+"@code{'transfer}, @code{'notify} and @code{'update}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16147
+#, no-wrap
+msgid "@code{deny?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16150
+msgid "When true, the ACL defines restrictions. Listed actions are forbidden. When false, listed actions are allowed."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16154
+#, no-wrap
+msgid "{Data Type} zone-entry"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16157
+msgid "Data type represnting a record entry in a zone file. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16159
+#, no-wrap
+msgid "@code{name} (default: @code{\"@@\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16165
+msgid ""
+"The name of the record. @code{\"@@\"} refers to the origin of the zone. Names are relative to the origin of the zone. For "
+"example, in the @code{example.org} zone, @code{\"ns.example.org\"} actually refers to @code{ns.example.org.example.org}. Names "
+"ending with a dot are absolute, which means that @code{\"ns.example.org.\"} refers to @code{ns.example.org}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16166
+#, no-wrap
+msgid "@code{ttl} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16168
+msgid "The Time-To-Live (TTL) of this record. If not set, the default TTL is used."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16169
+#, no-wrap
+msgid "@code{class} (default: @code{\"IN\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16172
+msgid "The class of the record. Knot currently supports only @code{\"IN\"} and partially @code{\"CH\"}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16173
+#, no-wrap
+msgid "@code{type} (default: @code{\"A\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16177
+msgid ""
+"The type of the record. Common types include A (IPv4 address), AAAA (IPv6 address), NS (Name Server) and MX (Mail eXchange). Many "
+"other types are defined."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16178
+#, no-wrap
+msgid "@code{data} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16182
+msgid ""
+"The data contained in the record. For instance an IP address associated with an A record, or a domain name associated with an NS "
+"record. Remember that domain names are relative to the origin unless they end with a dot."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16186
+#, no-wrap
+msgid "{Data Type} zone-file"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16189
+msgid "Data type representing the content of a zone file. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16198
+msgid ""
+"The list of entries. The SOA record is taken care of, so you don't need to put it in the list of entries. This list should "
+"probably contain an entry for your primary authoritative DNS server. Other than using a list of entries directly, you can use "
+"@code{define-zone-entries} to define a object containing the list of entries more easily, that you can later pass to the "
+"@code{entries} field of the @code{zone-file}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16199
+#, no-wrap
+msgid "@code{origin} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16201
+msgid "The name of your zone. This parameter cannot be empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16202
+#, no-wrap
+msgid "@code{ns} (default: @code{\"ns\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16207
+msgid ""
+"The domain of your primary authoritative DNS server. The name is relative to the origin, unless it ends with a dot. It is "
+"mandatory that this primary DNS server corresponds to an NS record in the zone and that it is associated to an IP address in the "
+"list of entries."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16208
+#, no-wrap
+msgid "@code{mail} (default: @code{\"hostmaster\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16211
+msgid "An email address people can contact you at, as the owner of the zone. This is translated as @code{<mail>@@<origin>}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16212
+#, no-wrap
+msgid "@code{serial} (default: @code{1})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16216
+msgid ""
+"The serial number of the zone. As this is used to keep track of changes by both slaves and resolvers, it is mandatory that it "
+"@emph{never} decreases. Always increment it when you make a change in your zone."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16217
+#, no-wrap
+msgid "@code{refresh} (default: @code{(* 2 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16221
+msgid ""
+"The frequency at which slaves will do a zone transfer. This value is a number of seconds. It can be computed by multiplications or "
+"with @code{(string->duration)}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16222
+#, no-wrap
+msgid "@code{retry} (default: @code{(* 15 60)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16225
+msgid "The period after which a slave will retry to contact its master when it fails to do so a first time."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16226
+#, no-wrap
+msgid "@code{expiry} (default: @code{(* 14 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16230
+msgid ""
+"Default TTL of records. Existing records are considered correct for at most this amount of time. After this period, resolvers will "
+"invalidate their cache and check again that it still exists."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16231
+#, no-wrap
+msgid "@code{nx} (default: @code{3600})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16234
+msgid "Default TTL of inexistant records. This delay is usually short because you want your new domains to reach everyone quickly."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16238
+#, no-wrap
+msgid "{Data Type} knot-remote-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16241
+msgid "Data type representing a remote configuration. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16246
+msgid "An identifier for other configuration fields to refer to this remote. IDs must be unique and must not be empty."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16251
+msgid ""
+"An ordered list of destination IP addresses. Addresses are tried in sequence. An optional port can be given with the @@ "
+"separator. For instance: @code{(list \"1.2.3.4\" \"2.3.4.5@@53\")}. Default port is 53."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16252
+#, no-wrap
+msgid "@code{via} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16256
+msgid ""
+"An ordered list of source IP addresses. An empty list will have Knot choose an appropriate source IP. An optional port can be "
+"given with the @@ separator. The default is to choose at random."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16257
+#, no-wrap
+msgid "@code{key} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16260
+msgid "A reference to a key, that is a string containing the identifier of a key defined in a @code{knot-key-configuration} field."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16264
+#, no-wrap
+msgid "{Data Type} knot-keystore-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16267
+msgid "Data type representing a keystore to hold dnssec keys. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16271
+msgid "The id of the keystore. It must not be empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16272
+#, no-wrap
+msgid "@code{backend} (default: @code{'pem})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16274
+msgid "The backend to store the keys in. Can be @code{'pem} or @code{'pkcs11}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16275
+#, no-wrap
+msgid "@code{config} (default: @code{\"/var/lib/knot/keys/keys\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16279
+msgid ""
+"The configuration string of the backend. An example for the PKCS#11 is: @code{\"pkcs11:token=knot;pin-value=1234 /gnu/store/.../lib/"
+"pkcs11/libsofthsm2.so\"}. For the pem backend, the string reprensents a path in the file system."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16283
+#, no-wrap
+msgid "{Data Type} knot-policy-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16287
+msgid ""
+"Data type representing a dnssec policy. Knot DNS is able to automatically sign your zones. It can either generate and manage your "
+"keys automatically or use keys that you generate."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16294
+msgid ""
+"Dnssec is usually implemented using two keys: a Key Signing Key (KSK) that is used to sign the second, and a Zone Signing Key (ZSK) "
+"that is used to sign the zone. In order to be trusted, the KSK needs to be present in the parent zone (usually a top-level "
+"domain). If your registrar supports dnssec, you will have to send them your KSK's hash so they can add a DS record in their zone. "
+"This is not automated and need to be done each time you change your KSK."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16300
+msgid ""
+"The policy also defines the lifetime of keys. Usually, ZSK can be changed easily and use weaker cryptographic functions (they use "
+"lower parameters) in order to sign records quickly, so they are changed often. The KSK however requires manual interaction with the "
+"registrar, so they are changed less often and use stronger parameters because they sign only one record."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16302
+msgid "This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16306
+msgid "The id of the policy. It must not be empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16307
+#, no-wrap
+msgid "@code{keystore} (default: @code{\"default\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16312
+msgid ""
+"A reference to a keystore, that is a string containing the identifier of a keystore defined in a @code{knot-keystore-configuration} "
+"field. The @code{\"default\"} identifier means the default keystore (a kasp database that was setup by this service)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16313
+#, no-wrap
+msgid "@code{manual?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16315
+msgid "Whether the key management is manual or automatic."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16316
+#, no-wrap
+msgid "@code{single-type-signing?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16318
+msgid "When @code{#t}, use the Single-Type Signing Scheme."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16319
+#, no-wrap
+msgid "@code{algorithm} (default: @code{\"ecdsap256sha256\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16321
+msgid "An algorithm of signing keys and issued signatures."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16322
+#, no-wrap
+msgid "@code{ksk-size} (default: @code{256})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16325
+msgid "The length of the KSK. Note that this value is correct for the default algorithm, but would be unsecure for other algorithms."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16326
+#, no-wrap
+msgid "@code{zsk-size} (default: @code{256})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16329
+msgid "The length of the ZSK. Note that this value is correct for the default algorithm, but would be unsecure for other algorithms."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16330
+#, no-wrap
+msgid "@code{dnskey-ttl} (default: @code{'default})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16333
+msgid "The TTL value for DNSKEY records added into zone apex. The special @code{'default} value means same as the zone SOA TTL."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16334
+#, no-wrap
+msgid "@code{zsk-lifetime} (default: @code{(* 30 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16336
+msgid "The period between ZSK publication and the next rollover initiation."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16337
+#, no-wrap
+msgid "@code{propagation-delay} (default: @code{(* 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16340
+msgid ""
+"An extra delay added for each key rollover step. This value should be high enough to cover propagation of data from the master "
+"server to all slaves."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16341
+#, no-wrap
+msgid "@code{rrsig-lifetime} (default: @code{(* 14 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16343
+msgid "A validity period of newly issued signatures."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16344
+#, no-wrap
+msgid "@code{rrsig-refresh} (default: @code{(* 7 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16346
+msgid "A period how long before a signature expiration the signature will be refreshed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16347
+#, no-wrap
+msgid "@code{nsec3?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16349
+msgid "When @code{#t}, NSEC3 will be used instead of NSEC."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16350
+#, no-wrap
+msgid "@code{nsec3-iterations} (default: @code{5})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16352
+msgid "The number of additional times the hashing is performed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16353
+#, no-wrap
+msgid "@code{nsec3-salt-length} (default: @code{8})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16356
+msgid "The length of a salt field in octets, which is appended to the original owner name before hashing."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16357
+#, no-wrap
+msgid "@code{nsec3-salt-lifetime} (default: @code{(* 30 24 3600)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16359
+msgid "The validity period of newly issued salt field."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16363
+#, no-wrap
+msgid "{Data Type} knot-zone-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16366
+msgid "Data type representing a zone served by Knot. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16368
+#, no-wrap
+msgid "@code{domain} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16370
+msgid "The domain served by this configuration. It must not be empty."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16371
+#, no-wrap
+msgid "@code{file} (default: @code{\"\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16374
+msgid ""
+"The file where this zone is saved. This parameter is ignored by master zones. Empty means default location that depends on the "
+"domain name."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16375
+#, no-wrap
+msgid "@code{zone} (default: @code{(zone-file)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16378
+msgid "The content of the zone file. This parameter is ignored by slave zones. It must contain a zone-file record."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16379
+#, no-wrap
+msgid "@code{master} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16382
+msgid ""
+"A list of master remotes. When empty, this zone is a master. When set, this zone is a slave. This is a list of remotes "
+"identifiers."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16383
+#, no-wrap
+msgid "@code{ddns-master} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16386
+msgid "The main master. When empty, it defaults to the first master in the list of masters."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16387
+#, no-wrap
+msgid "@code{notify} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16389
+msgid "A list of slave remote identifiers."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16390
+#, no-wrap
+msgid "@code{acl} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16392
+msgid "A list of acl identifiers."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16393
+#, no-wrap
+msgid "@code{semantic-checks?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16395
+msgid "When set, this adds more semantic checks to the zone."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16396
+#, no-wrap
+msgid "@code{disable-any?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16398
+msgid "When set, this forbids queries of the ANY type."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16399
+#, no-wrap
+msgid "@code{zonefile-sync} (default: @code{0})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16402
+msgid "The delay between a modification in memory and on disk. 0 means immediate synchronization."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16403
+#, no-wrap
+msgid "@code{serial-policy} (default: @code{'increment})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16405
+msgid "A policy between @code{'increment} and @code{'unixtime}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16409
+#, no-wrap
+msgid "{Data Type} knot-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16412
+msgid "Data type representing the Knot configuration. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16414
+#, no-wrap
+msgid "@code{knot} (default: @code{knot})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16416
+msgid "The Knot package."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16417
+#, no-wrap
+msgid "@code{run-directory} (default: @code{\"/var/run/knot\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16419
+msgid "The run directory. This directory will be used for pid file and sockets."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16420
+#, no-wrap
+msgid "@code{listen-v4} (default: @code{\"0.0.0.0\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16422 doc/guix.texi:16425
+msgid "An ip address on which to listen."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16423
+#, no-wrap
+msgid "@code{listen-v6} (default: @code{\"::\"})"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16426
+#, no-wrap
+msgid "@code{listen-port} (default: @code{53})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16428
+msgid "A port on which to listen."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16429
+#, no-wrap
+msgid "@code{keys} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16431
+msgid "The list of knot-key-configuration used by this configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16432
+#, no-wrap
+msgid "@code{acls} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16434
+msgid "The list of knot-acl-configuration used by this configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16435
+#, no-wrap
+msgid "@code{remotes} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16437
+msgid "The list of knot-remote-configuration used by this configuration."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16438
+#, no-wrap
+msgid "@code{zones} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16440
+msgid "The list of knot-zone-configuration used by this configuration."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16447
+#, no-wrap
+msgid "VPN (virtual private network)"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16448
+#, no-wrap
+msgid "virtual private network (VPN)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16454
+msgid ""
+"The @code{(gnu services vpn)} module provides services related to @dfn{virtual private networks} (VPNs). It provides a "
+"@emph{client} service for your machine to connect to a VPN, and a @emph{servire} service for your machine to host a VPN. Both "
+"services use @uref{https://openvpn.net/, OpenVPN}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16455
+#, no-wrap
+msgid "{Scheme Procedure} openvpn-client-service @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16457
+msgid "[#:config (openvpn-client-configuration)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16459
+msgid "Return a service that runs @command{openvpn}, a VPN daemon, as a client."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16461
+#, no-wrap
+msgid "{Scheme Procedure} openvpn-server-service @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16463
+msgid "[#:config (openvpn-server-configuration)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16465
+msgid "Return a service that runs @command{openvpn}, a VPN daemon, as a server."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:16467
+msgid "Both can be run simultaneously."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16472
+msgid "Available @code{openvpn-client-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16473
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} package openvpn"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16475 doc/guix.texi:16611
+msgid "The OpenVPN package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16478
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} string pid-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16480 doc/guix.texi:16616
+msgid "The OpenVPN pid file."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16482 doc/guix.texi:16618
+msgid "Defaults to @samp{\"/var/run/openvpn/openvpn.pid\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16485
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} proto proto"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16488 doc/guix.texi:16624
+msgid "The protocol (UDP or TCP) used to open a channel between clients and servers."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16490 doc/guix.texi:16626
+msgid "Defaults to @samp{udp}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16493
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} dev dev"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16495 doc/guix.texi:16631
+msgid "The device type used to represent the VPN connection."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16497 doc/guix.texi:16633
+msgid "Defaults to @samp{tun}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16500
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} string ca"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16502 doc/guix.texi:16638
+msgid "The certificate authority to check connections against."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16504 doc/guix.texi:16640
+msgid "Defaults to @samp{\"/etc/openvpn/ca.crt\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16507
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} string cert"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16510 doc/guix.texi:16646
+msgid "The certificate of the machine the daemon is running on. It should be signed by the authority given in @code{ca}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16512 doc/guix.texi:16648
+msgid "Defaults to @samp{\"/etc/openvpn/client.crt\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16515
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} string key"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16518 doc/guix.texi:16654
+msgid "The key of the machine the daemon is running on. It must be the key whose certificate is @code{cert}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16520 doc/guix.texi:16656
+msgid "Defaults to @samp{\"/etc/openvpn/client.key\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16523
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} boolean comp-lzo?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16525 doc/guix.texi:16661
+msgid "Whether to use the lzo compression algorithm."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16530
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} boolean persist-key?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16532 doc/guix.texi:16668
+msgid "Don't re-read key files across SIGUSR1 or --ping-restart."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16537
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} boolean persist-tun?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16540 doc/guix.texi:16676
+msgid "Don't close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or --ping-restart restarts."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16545
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} number verbosity"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16547 doc/guix.texi:16683
+msgid "Verbosity level."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16549 doc/guix.texi:16685 doc/guix.texi:17962 doc/guix.texi:18185
+msgid "Defaults to @samp{3}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16552
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} tls-auth-client tls-auth"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16555 doc/guix.texi:16691
+msgid "Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16560
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} key-usage verify-key-usage?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16562
+msgid "Whether to check the server certificate has server usage extension."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16567
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} bind bind?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16569
+msgid "Bind to a specific local port number."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16574
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} resolv-retry resolv-retry?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16576
+msgid "Retry resolving server address."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16581
+#, no-wrap
+msgid "{@code{openvpn-client-configuration} parameter} openvpn-remote-list remote"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16583
+msgid "A list of remote servers to connect to."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16587
+msgid "Available @code{openvpn-remote-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16588
+#, no-wrap
+msgid "{@code{openvpn-remote-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16590
+msgid "Server name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16592
+msgid "Defaults to @samp{\"my-server\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16595
+#, no-wrap
+msgid "{@code{openvpn-remote-configuration} parameter} number port"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16597
+msgid "Port number the server listens to."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16599 doc/guix.texi:16700
+msgid "Defaults to @samp{1194}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16608
+msgid "Available @code{openvpn-server-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16609
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} package openvpn"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16614
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string pid-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16621
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} proto proto"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16629
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} dev dev"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16636
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string ca"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16643
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string cert"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16651
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string key"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16659
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} boolean comp-lzo?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16666
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} boolean persist-key?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16673
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} boolean persist-tun?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16681
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} number verbosity"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16688
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} tls-auth-server tls-auth"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16696
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} number port"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16698
+msgid "Specifies the port number on which the server listens."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16703
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} ip-mask server"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16705
+msgid "An ip and mask specifying the subnet inside the virtual network."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16707
+msgid "Defaults to @samp{\"10.8.0.0 255.255.255.0\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16710
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} cidr6 server-ipv6"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16712
+msgid "A CIDR notation specifying the IPv6 subnet inside the virtual network."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16717
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string dh"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16719
+msgid "The Diffie-Hellman parameters file."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16721
+msgid "Defaults to @samp{\"/etc/openvpn/dh2048.pem\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16724
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string ifconfig-pool-persist"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16726
+msgid "The file that records client IPs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16728
+msgid "Defaults to @samp{\"/etc/openvpn/ipp.txt\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16731
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} gateway redirect-gateway?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16733
+msgid "When true, the server will act as a gateway for its clients."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16738
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} boolean client-to-client?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16740
+msgid "When true, clients are allowed to talk to each other inside the VPN."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16745
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} keepalive keepalive"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16751
+msgid ""
+"Causes ping-like messages to be sent back and forth over the link so that each side knows when the other side has gone down. "
+"@code{keepalive} requires a pair. The first element is the period of the ping sending, and the second element is the timeout before "
+"considering the other side down."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16754
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} number max-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16756
+msgid "The maximum number of clients."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16761
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} string status"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16764
+msgid "The status file. This file shows a small report on current connection. It is truncated and rewritten every minute."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16766
+msgid "Defaults to @samp{\"/var/run/openvpn/status\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16769
+#, no-wrap
+msgid "{@code{openvpn-server-configuration} parameter} openvpn-ccd-list client-config-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16771
+msgid "The list of configuration for some clients."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16775
+msgid "Available @code{openvpn-ccd-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16776
+#, no-wrap
+msgid "{@code{openvpn-ccd-configuration} parameter} string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16778
+msgid "Client name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16780
+msgid "Defaults to @samp{\"client\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16783
+#, no-wrap
+msgid "{@code{openvpn-ccd-configuration} parameter} ip-mask iroute"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16785
+msgid "Client own network"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16790
+#, no-wrap
+msgid "{@code{openvpn-ccd-configuration} parameter} ip-mask ifconfig-push"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:16792
+msgid "Client VPN IP."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16805
+#, no-wrap
+msgid "NFS"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16810
+msgid ""
+"The @code{(gnu services nfs)} module provides the following services, which are most commonly used in relation to mounting or "
+"exporting directory trees as @dfn{network file systems} (NFS)."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:16811
+#, no-wrap
+msgid "RPC Bind Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16812
+#, no-wrap
+msgid "rpcbind"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16818
+msgid ""
+"The RPC Bind service provides a facility to map program numbers into universal addresses. Many NFS related services use this "
+"facility. Hence it is automatically started when a dependent service starts."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16819
+#, no-wrap
+msgid "{Scheme Variable} rpcbind-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16821
+msgid "A service type for the RPC portmapper daemon."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16824
+#, no-wrap
+msgid "{Data Type} rpcbind-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16827
+msgid "Data type representing the configuration of the RPC Bind Service. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16828
+#, no-wrap
+msgid "@code{rpcbind} (default: @code{rpcbind})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16830
+msgid "The rpcbind package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16831
+#, no-wrap
+msgid "@code{warm-start?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16835
+msgid ""
+"If this parameter is @code{#t}, then the daemon will read a state file on startup thus reloading state information saved by a "
+"previous instance."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:16839
+#, no-wrap
+msgid "Pipefs Pseudo File System"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16840
+#, no-wrap
+msgid "pipefs"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16841
+#, no-wrap
+msgid "rpc_pipefs"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16845
+msgid "The pipefs file system is used to transfer NFS related data between the kernel and user space programs."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16846
+#, no-wrap
+msgid "{Scheme Variable} pipefs-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16848
+msgid "A service type for the pipefs pseudo file system."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16850
+#, no-wrap
+msgid "{Data Type} pipefs-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16853
+msgid "Data type representing the configuration of the pipefs pseudo file system service. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16854
+#, no-wrap
+msgid "@code{mount-point} (default: @code{\"/var/lib/nfs/rpc_pipefs\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16856
+msgid "The directory to which the file system is to be attached."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:16860
+#, no-wrap
+msgid "GSS Daemon Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16861
+#, no-wrap
+msgid "GSSD"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16862
+#, no-wrap
+msgid "GSS"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16863
+#, no-wrap
+msgid "global security system"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16870
+msgid ""
+"The @dfn{global security system} (GSS) daemon provides strong security for RPC based protocols. Before exchanging RPC requests an "
+"RPC client must establish a security context. Typically this is done using the Kerberos command @command{kinit} or automatically at "
+"login time using PAM services (@pxref{Kerberos Services})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16871
+#, no-wrap
+msgid "{Scheme Variable} gss-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16873
+msgid "A service type for the Global Security System (GSS) daemon."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16875
+#, no-wrap
+msgid "{Data Type} gss-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16878
+msgid "Data type representing the configuration of the GSS daemon service. This type has the following parameters:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16879 doc/guix.texi:16904
+#, no-wrap
+msgid "@code{nfs-utils} (default: @code{nfs-utils})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16881
+msgid "The package in which the @command{rpc.gssd} command is to be found."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16882 doc/guix.texi:16907
+#, no-wrap
+msgid "@code{pipefs-directory} (default: @code{\"/var/lib/nfs/rpc_pipefs\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16884 doc/guix.texi:16909
+msgid "The directory where the pipefs file system is mounted."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:16889
+#, no-wrap
+msgid "IDMAP Daemon Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16890
+#, no-wrap
+msgid "idmapd"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16891
+#, no-wrap
+msgid "name mapper"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16895
+msgid ""
+"The idmap daemon service provides mapping between user IDs and user names. Typically it is required in order to access file systems "
+"mounted via NFSv4."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16896
+#, no-wrap
+msgid "{Scheme Variable} idmap-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16898
+msgid "A service type for the Identity Mapper (IDMAP) daemon."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16900
+#, no-wrap
+msgid "{Data Type} idmap-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16903
+msgid "Data type representing the configuration of the IDMAP daemon service. This type has the following parameters:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16906
+msgid "The package in which the @command{rpc.idmapd} command is to be found."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16910
+#, no-wrap
+msgid "@code{domain} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16914
+msgid ""
+"The local NFSv4 domain name. This must be a string or @code{#f}. If it is @code{#f} then the daemon will use the host's fully "
+"qualified domain name."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:16921
+#, no-wrap
+msgid "continuous integration"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16925
+msgid ""
+"@uref{https://notabug.org/mthl/cuirass, Cuirass} is a continuous integration tool for Guix. It can be used both for development and "
+"for providing substitutes to others (@pxref{Substitutes})."
+msgstr ""
+"@uref{https://notabug.org/mthl/cuirass, Cuirass} est un outil d'intégration continue pour Guix. On peut l'utiliser aussi bien pour "
+"le développement que pour fournir des substituts à d'autres (@pxref{Substituts})."
+
+#. type: Plain text
+#: doc/guix.texi:16927
+msgid "The @code{(gnu services cuirass)} module provides the following service."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16928
+#, no-wrap
+msgid "{Scheme Procedure} cuirass-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:16931
+msgid "The type of the Cuirass service. Its value must be a @code{cuirass-configuration} object, as described below."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16938
+msgid ""
+"To add build jobs, you have to set the @code{specifications} field of the configuration. Here is an example of a service defining a "
+"build job based on a specification that can be found in Cuirass source tree. This service polls the Guix repository and builds a "
+"subset of the Guix packages, as prescribed in the @file{gnu-system.scm} example spec:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:16950
+#, no-wrap
+msgid ""
+"(let ((spec #~((#:name . \"guix\")\n"
+" (#:url . \"git://git.savannah.gnu.org/guix.git\")\n"
+" (#:load-path . \".\")\n"
+" (#:file . \"build-aux/cuirass/gnu-system.scm\")\n"
+" (#:proc . cuirass-jobs)\n"
+" (#:arguments (subset . \"hello\"))\n"
+" (#:branch . \"master\"))))\n"
+" (service cuirass-service-type\n"
+" (cuirass-configuration\n"
+" (specifications #~(list '#$spec)))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:16955
+msgid ""
+"While information related to build jobs is located directly in the specifications, global settings for the @command{cuirass} process "
+"are accessible in other @code{cuirass-configuration} fields."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16956
+#, no-wrap
+msgid "{Data Type} cuirass-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:16958
+msgid "Data type representing the configuration of Cuirass."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16960
+#, no-wrap
+msgid "@code{log-file} (default: @code{\"/var/log/cuirass.log\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16962
+msgid "Location of the log file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16963
+#, no-wrap
+msgid "@code{cache-directory} (default: @code{\"/var/cache/cuirass\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16965
+msgid "Location of the repository cache."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16966
+#, no-wrap
+msgid "@code{user} (default: @code{\"cuirass\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16968
+msgid "Owner of the @code{cuirass} process."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16969
+#, no-wrap
+msgid "@code{group} (default: @code{\"cuirass\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16971
+msgid "Owner's group of the @code{cuirass} process."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16972
+#, no-wrap
+msgid "@code{interval} (default: @code{60})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16975
+msgid "Number of seconds between the poll of the repositories followed by the Cuirass jobs."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16976
+#, no-wrap
+msgid "@code{database} (default: @code{\"/var/run/cuirass/cuirass.db\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16979
+msgid "Location of sqlite database which contains the build results and previously added specifications."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16980
+#, no-wrap
+msgid "@code{port} (default: @code{8081})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16982
+msgid "Port number used by the HTTP server."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16986
+msgid "Listen on the network interface for @var{host}. The default is to accept connections from localhost."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16987
+#, no-wrap
+msgid "@code{specifications} (default: @code{#~'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16993
+msgid ""
+"A gexp (@pxref{G-Expressions}) that evaluates to a list of specifications, where a specification is an association list "
+"(@pxref{Associations Lists,,, guile, GNU Guile Reference Manual}) whose keys are keywords (@code{#:keyword-example}) as shown in the "
+"example above."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16994
+#, no-wrap
+msgid "@code{use-substitutes?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:16997
+msgid "This allows using substitutes to avoid building every dependencies of a job from source."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:16998
+#, no-wrap
+msgid "@code{one-shot?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17000
+msgid "Only evaluate specifications and build derivations once."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17001
+#, no-wrap
+msgid "@code{fallback?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17004
+msgid "When substituting a pre-built binary fails, fall back to building packages locally."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17005
+#, no-wrap
+msgid "@code{load-path} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17008
+msgid "This allows users to define their own packages and make them visible to cuirass as in @command{guix build} command."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17009
+#, no-wrap
+msgid "@code{cuirass} (default: @code{cuirass})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17011
+msgid "The Cuirass package to use."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:17017
+#, no-wrap
+msgid "power management with TLP"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17020
+msgid "The @code{(gnu services pm)} module provides a Guix service definition for the Linux power management tool TLP."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17026
+msgid ""
+"TLP enables various powersaving modes in userspace and kernel. Contrary to @code{upower-service}, it is not a passive, monitoring "
+"tool, as it will apply custom settings each time a new power source is detected. More information can be found at @uref{http://"
+"linrunner.de/en/tlp/tlp.html, TLP home page}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:17027
+#, no-wrap
+msgid "{Scheme Variable} tlp-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:17031
+msgid ""
+"The service type for the TLP tool. Its value should be a valid TLP configuration (see below). To use the default settings, simply "
+"write:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:17033
+#, no-wrap
+msgid "(service tlp-service-type)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17038
+msgid "By default TLP does not need much configuration but most TLP parameters can be tweaked using @code{tlp-configuration}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17044
+msgid ""
+"Each parameter definition is preceded by its type; for example, @samp{boolean foo} indicates that the @code{foo} parameter should be "
+"specified as a boolean. Types starting with @code{maybe-} denote parameters that won't show up in TLP config file when their value "
+"is @code{'disabled}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17054
+msgid "Available @code{tlp-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17055
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} package tlp"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17057
+msgid "The TLP package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17060
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean tlp-enable?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17062
+msgid "Set to true if you wish to enable TLP."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17067
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string tlp-default-mode"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17070
+msgid "Default mode when no power supply can be detected. Alternatives are AC and BAT."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17072
+msgid "Defaults to @samp{\"AC\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17075
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer disk-idle-secs-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17078
+msgid "Number of seconds Linux kernel has to wait after the disk goes idle, before syncing on AC."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17083
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer disk-idle-secs-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17085
+msgid "Same as @code{disk-idle-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17087
+msgid "Defaults to @samp{2}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17090
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer max-lost-work-secs-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17092
+msgid "Dirty pages flushing periodicity, expressed in seconds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17094 doc/guix.texi:17317 doc/guix.texi:18631 doc/guix.texi:18639
+msgid "Defaults to @samp{15}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17097
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer max-lost-work-secs-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17099
+msgid "Same as @code{max-lost-work-secs-on-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17101
+msgid "Defaults to @samp{60}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17104
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-space-separated-string-list cpu-scaling-governor-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17108
+msgid ""
+"CPU frequency scaling governor on AC mode. With intel_pstate driver, alternatives are powersave and performance. With acpi-cpufreq "
+"driver, alternatives are ondemand, powersave, performance and conservative."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17110 doc/guix.texi:17117 doc/guix.texi:17124 doc/guix.texi:17131 doc/guix.texi:17138 doc/guix.texi:17145
+#: doc/guix.texi:17153 doc/guix.texi:17161 doc/guix.texi:17168 doc/guix.texi:17175 doc/guix.texi:17182 doc/guix.texi:17189
+#: doc/guix.texi:17219 doc/guix.texi:17257 doc/guix.texi:17264 doc/guix.texi:17273 doc/guix.texi:17295 doc/guix.texi:17303
+#: doc/guix.texi:17310 doc/guix.texi:17465 doc/guix.texi:17485 doc/guix.texi:17500 doc/guix.texi:17507
+msgid "Defaults to @samp{disabled}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17113
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-space-separated-string-list cpu-scaling-governor-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17115
+msgid "Same as @code{cpu-scaling-governor-on-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17120
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-min-freq-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17122
+msgid "Set the min available frequency for the scaling governor on AC."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17127
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-max-freq-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17129
+msgid "Set the max available frequency for the scaling governor on AC."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17134
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-min-freq-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17136
+msgid "Set the min available frequency for the scaling governor on BAT."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17141
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-scaling-max-freq-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17143
+msgid "Set the max available frequency for the scaling governor on BAT."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17148
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-min-perf-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17151
+msgid ""
+"Limit the min P-state to control the power dissipation of the CPU, in AC mode. Values are stated as a percentage of the available "
+"performance."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17156
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-max-perf-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17159
+msgid ""
+"Limit the max P-state to control the power dissipation of the CPU, in AC mode. Values are stated as a percentage of the available "
+"performance."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17164
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-min-perf-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17166
+msgid "Same as @code{cpu-min-perf-on-ac} on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17171
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-non-negative-integer cpu-max-perf-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17173
+msgid "Same as @code{cpu-max-perf-on-ac} on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17178
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-boolean cpu-boost-on-ac?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17180
+msgid "Enable CPU turbo boost feature on AC mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17185
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-boolean cpu-boost-on-bat?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17187
+msgid "Same as @code{cpu-boost-on-ac?} on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17192
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean sched-powersave-on-ac?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17195
+msgid "Allow Linux kernel to minimize the number of CPU cores/hyper-threads used under light load conditions."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17200
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean sched-powersave-on-bat?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17202
+msgid "Same as @code{sched-powersave-on-ac?} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17207
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean nmi-watchdog?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17209
+msgid "Enable Linux kernel NMI watchdog."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17214
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-string phc-controls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17217
+msgid "For Linux kernels with PHC patch applied, change CPU voltages. An example value would be @samp{\"F:V F:V F:V F:V\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17222
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string energy-perf-policy-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17225
+msgid "Set CPU performance versus energy saving policy on AC. Alternatives are performance, normal, powersave."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17227 doc/guix.texi:17325 doc/guix.texi:17355
+msgid "Defaults to @samp{\"performance\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17230
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string energy-perf-policy-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17232
+msgid "Same as @code{energy-perf-policy-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17234 doc/guix.texi:17332
+msgid "Defaults to @samp{\"powersave\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17237
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} space-separated-string-list disks-devices"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17239
+msgid "Hard disk devices."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17242
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} space-separated-string-list disk-apm-level-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17244
+msgid "Hard disk advanced power management level."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17247
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} space-separated-string-list disk-apm-level-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17249
+msgid "Same as @code{disk-apm-bat} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17252
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-spindown-timeout-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17255
+msgid "Hard disk spin down timeout. One value has to be specified for each declared hard disk."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17260
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-spindown-timeout-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17262
+msgid "Same as @code{disk-spindown-timeout-on-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17267
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-space-separated-string-list disk-iosched"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17271
+msgid ""
+"Select IO scheduler for disk devices. One value has to be specified for each declared hard disk. Example alternatives are cfq, "
+"deadline and noop."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17276
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string sata-linkpwr-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17279
+msgid "SATA aggressive link power management (ALPM) level. Alternatives are min_power, medium_power, max_performance."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17281
+msgid "Defaults to @samp{\"max_performance\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17284
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string sata-linkpwr-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17286
+msgid "Same as @code{sata-linkpwr-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17288
+msgid "Defaults to @samp{\"min_power\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17291
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-string sata-linkpwr-blacklist"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17293
+msgid "Exclude specified SATA host devices for link power management."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17298
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-on-off-boolean ahci-runtime-pm-on-ac?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17301
+msgid "Enable Runtime Power Management for AHCI controller and disks on AC mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17306
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-on-off-boolean ahci-runtime-pm-on-bat?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17308
+msgid "Same as @code{ahci-runtime-pm-on-ac} on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17313
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer ahci-runtime-pm-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17315
+msgid "Seconds of inactivity before disk is suspended."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17320
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string pcie-aspm-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17323
+msgid "PCI Express Active State Power Management level. Alternatives are default, performance, powersave."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17328
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string pcie-aspm-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17330
+msgid "Same as @code{pcie-aspm-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17335
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string radeon-power-profile-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17338
+msgid "Radeon graphics clock speed level. Alternatives are low, mid, high, auto, default."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17340
+msgid "Defaults to @samp{\"high\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17343
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string radeon-power-profile-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17345
+msgid "Same as @code{radeon-power-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17347
+msgid "Defaults to @samp{\"low\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17350
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string radeon-dpm-state-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17353
+msgid "Radeon dynamic power management method (DPM). Alternatives are battery, performance."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17358
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string radeon-dpm-state-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17360
+msgid "Same as @code{radeon-dpm-state-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17362
+msgid "Defaults to @samp{\"battery\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17365
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string radeon-dpm-perf-level-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17367
+msgid "Radeon DPM performance level. Alternatives are auto, low, high."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17369 doc/guix.texi:17376 doc/guix.texi:17450
+msgid "Defaults to @samp{\"auto\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17372
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string radeon-dpm-perf-level-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17374
+msgid "Same as @code{radeon-dpm-perf-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17379
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} on-off-boolean wifi-pwr-on-ac?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17381
+msgid "Wifi power saving mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17386
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} on-off-boolean wifi-pwr-on-bat?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17388
+msgid "Same as @code{wifi-power-ac?} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17393
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} y-n-boolean wol-disable?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17395
+msgid "Disable wake on LAN."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17400
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer sound-power-save-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17403
+msgid ""
+"Timeout duration in seconds before activating audio power saving on Intel HDA and AC97 devices. A value of 0 disables power saving."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17408
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} non-negative-integer sound-power-save-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17410
+msgid "Same as @code{sound-powersave-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17412 doc/guix.texi:17927 doc/guix.texi:18071
+msgid "Defaults to @samp{1}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17415
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} y-n-boolean sound-power-save-controller?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17417
+msgid "Disable controller in powersaving mode on Intel HDA devices."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17422
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean bay-poweroff-on-bat?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17426
+msgid ""
+"Enable optical drive in UltraBay/MediaBay on BAT mode. Drive can be powered on again by releasing (and reinserting) the eject lever "
+"or by pressing the disc eject button on newer models."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17431
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string bay-device"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17433
+msgid "Name of the optical drive device to power off."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17435
+msgid "Defaults to @samp{\"sr0\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17438
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string runtime-pm-on-ac"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17441
+msgid "Runtime Power Management for PCI(e) bus devices. Alternatives are on and auto."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17443
+msgid "Defaults to @samp{\"on\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17446
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} string runtime-pm-on-bat"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17448
+msgid "Same as @code{runtime-pm-ac} but on BAT mode."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17453
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean runtime-pm-all?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17456
+msgid "Runtime Power Management for all PCI(e) bus devices, except blacklisted ones."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17461
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-space-separated-string-list runtime-pm-blacklist"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17463
+msgid "Exclude specified PCI(e) device addresses from Runtime Power Management."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17468
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} space-separated-string-list runtime-pm-driver-blacklist"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17471
+msgid "Exclude PCI(e) devices assigned to the specified drivers from Runtime Power Management."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17474
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean usb-autosuspend?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17476
+msgid "Enable USB autosuspend feature."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17481
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-string usb-blacklist"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17483
+msgid "Exclude specified devices from USB autosuspend."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17488
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean usb-blacklist-wwan?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17490
+msgid "Exclude WWAN devices from USB autosuspend."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17495
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-string usb-whitelist"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17498
+msgid ""
+"Include specified devices into USB autosuspend, even if they are already excluded by the driver or via @code{usb-blacklist-wwan?}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17503
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} maybe-boolean usb-autosuspend-disable-on-shutdown?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17505
+msgid "Enable USB autosuspend before shutdown."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17510
+#, no-wrap
+msgid "{@code{tlp-configuration} parameter} boolean restore-device-state-on-startup?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17513
+msgid "Restore radio device state (bluetooth, wifi, wwan) from previous shutdown on system startup."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17521
+msgid ""
+"The @code{(gnu services pm)} module provides an interface to thermald, a CPU frequency scaling service which helps prevent "
+"overheating."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:17522
+#, no-wrap
+msgid "{Scheme Variable} thermald-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:17527
+msgid ""
+"This is the service type for @uref{https://01.org/linux-thermal-daemon/, thermald}, the Linux Thermal Daemon, which is responsible "
+"for controlling the thermal state of processors and preventing overheating."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:17529
+#, no-wrap
+msgid "{Data Type} thermald-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:17531
+msgid "Data type representing the configuration of @code{thermald-service-type}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17533
+#, no-wrap
+msgid "@code{ignore-cpuid-check?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17535
+msgid "Ignore cpuid check for supported CPU models."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17536
+#, no-wrap
+msgid "@code{thermald} (default: @var{thermald})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17538
+msgid "Package object of thermald."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17547
+msgid "The @code{(gnu services audio)} module provides a service to start MPD (the Music Player Daemon)."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:17548
+#, no-wrap
+msgid "mpd"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:17549
+#, no-wrap
+msgid "Music Player Daemon"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17554
+msgid ""
+"The Music Player Daemon (MPD) is a service that can play music while being controlled from the local machine or over the network by "
+"a variety of clients."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17557
+msgid ""
+"The following example shows how one might run @code{mpd} as user @code{\"bob\"} on port @code{6666}. It uses pulseaudio for output."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:17563
+#, no-wrap
+msgid ""
+"(service mpd-service-type\n"
+" (mpd-configuration\n"
+" (user \"bob\")\n"
+" (port \"6666\")))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:17565
+#, no-wrap
+msgid "{Scheme Variable} mpd-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:17567
+msgid "The service type for @command{mpd}"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:17569
+#, no-wrap
+msgid "{Data Type} mpd-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:17571
+msgid "Data type representing the configuration of @command{mpd}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17573
+#, no-wrap
+msgid "@code{user} (default: @code{\"mpd\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17575
+msgid "The user to run mpd as."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17576
+#, no-wrap
+msgid "@code{music-dir} (default: @code{\"~/Music\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17578
+msgid "The directory to scan for music files."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17579
+#, no-wrap
+msgid "@code{playlist-dir} (default: @code{\"~/.mpd/playlists\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17581
+msgid "The directory to store playlists."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17582
+#, no-wrap
+msgid "@code{port} (default: @code{\"6600\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17584
+msgid "The port to run mpd on."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:17585
+#, no-wrap
+msgid "@code{address} (default: @code{\"any\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:17588
+msgid "The address that mpd will bind to. To use a Unix domain socket, an absolute path can be specified here."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:17593
+#, no-wrap
+msgid "Virtualization services"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17598
+msgid ""
+"The @code{(gnu services virtualization)} module provides services for the libvirt and virtlog daemons, as well as other "
+"virtualization-related services."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:17599
+#, no-wrap
+msgid "Libvirt daemon"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17603
+msgid ""
+"@code{libvirtd} is the server side daemon component of the libvirt virtualization management system. This daemon runs on host "
+"servers and performs required management tasks for virtualized guests."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:17604
+#, no-wrap
+msgid "{Scheme Variable} libvirt-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:17607
+msgid "This is the type of the @uref{https://libvirt.org, libvirt daemon}. Its value must be a @code{libvirt-configuration}."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:17613
+#, no-wrap
+msgid ""
+"(service libvirt-service-type\n"
+" (libvirt-configuration\n"
+" (unix-sock-group \"libvirt\")\n"
+" (tls-port \"16555\")))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:17618
+msgid "Available @code{libvirt-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17619
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} package libvirt"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17621
+msgid "Libvirt package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17624
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} boolean listen-tls?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17627
+msgid "Flag listening for secure TLS connections on the public TCP/IP port. must set @code{listen} for this to have any effect."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17630
+msgid "It is necessary to setup a CA and issue server certificates before using this capability."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17635
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} boolean listen-tcp?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17638
+msgid "Listen for unencrypted TCP connections on the public TCP/IP port. must set @code{listen} for this to have any effect."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17642
+msgid ""
+"Using the TCP socket requires SASL authentication by default. Only SASL mechanisms which support data encryption are allowed. This "
+"is DIGEST_MD5 and GSSAPI (Kerberos5)"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17647
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string tls-port"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17650
+msgid "Port for accepting secure TLS connections This can be a port number, or service name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17652
+msgid "Defaults to @samp{\"16514\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17655
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string tcp-port"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17658
+msgid "Port for accepting insecure TCP connections This can be a port number, or service name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17660
+msgid "Defaults to @samp{\"16509\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17663
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string listen-addr"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17665
+msgid "IP address or hostname used for client connections."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17667
+msgid "Defaults to @samp{\"0.0.0.0\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17670
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} boolean mdns-adv?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17672
+msgid "Flag toggling mDNS advertisement of the libvirt service."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17675
+msgid "Alternatively can disable for all services on a host by stopping the Avahi daemon."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17680
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string mdns-name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17683
+msgid "Default mDNS advertisement name. This must be unique on the immediate broadcast network."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17685
+msgid "Defaults to @samp{\"Virtualization Host <hostname>\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17688
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string unix-sock-group"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17692
+msgid ""
+"UNIX domain socket group ownership. This can be used to allow a 'trusted' set of users access to management capabilities without "
+"becoming root."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17694
+msgid "Defaults to @samp{\"root\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17697
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string unix-sock-ro-perms"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17700
+msgid "UNIX socket permissions for the R/O socket. This is used for monitoring VM status only."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17702 doc/guix.texi:17720
+msgid "Defaults to @samp{\"0777\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17705
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string unix-sock-rw-perms"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17709
+msgid ""
+"UNIX socket permissions for the R/W socket. Default allows only root. If PolicyKit is enabled on the socket, the default will "
+"change to allow everyone (eg, 0777)"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17711
+msgid "Defaults to @samp{\"0770\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17714
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string unix-sock-admin-perms"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17718
+msgid ""
+"UNIX socket permissions for the admin socket. Default allows only owner (root), do not change it unless you are sure to whom you "
+"are exposing the access to."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17723
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string unix-sock-dir"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17725
+msgid "The directory in which sockets will be found/created."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17727
+msgid "Defaults to @samp{\"/var/run/libvirt\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17730
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string auth-unix-ro"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17733
+msgid "Authentication scheme for UNIX read-only sockets. By default socket permissions allow anyone to connect"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17735 doc/guix.texi:17744
+msgid "Defaults to @samp{\"polkit\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17738
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string auth-unix-rw"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17742
+msgid ""
+"Authentication scheme for UNIX read-write sockets. By default socket permissions only allow root. If PolicyKit support was "
+"compiled into libvirt, the default will be to use 'polkit' auth."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17747
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string auth-tcp"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17751
+msgid ""
+"Authentication scheme for TCP sockets. If you don't enable SASL, then all TCP traffic is cleartext. Don't do this outside of a dev/"
+"test scenario."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17753
+msgid "Defaults to @samp{\"sasl\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17756
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string auth-tls"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17760
+msgid ""
+"Authentication scheme for TLS sockets. TLS sockets already have encryption provided by the TLS layer, and limited authentication is "
+"done by certificates."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17763
+msgid "It is possible to make use of any SASL authentication mechanism as well, by using 'sasl' for this option"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17765
+msgid "Defaults to @samp{\"none\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17768
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} optional-list access-drivers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17770
+msgid "API access control scheme."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17773
+msgid "By default an authenticated user is allowed access to all APIs. Access drivers can place restrictions on this."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17778
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string key-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17781
+msgid "Server key file path. If set to an empty string, then no private key is loaded."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17786
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string cert-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17789
+msgid "Server key file path. If set to an empty string, then no certificate is loaded."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17794
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string ca-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17797
+msgid "Server key file path. If set to an empty string, then no CA certificate is loaded."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17802
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string crl-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17805
+msgid "Certificate revocation list path. If set to an empty string, then no CRL is loaded."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17810
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} boolean tls-no-sanity-cert"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17812
+msgid "Disable verification of our own server certificates."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17815
+msgid "When libvirtd starts it performs some sanity checks against its own certificates."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17820
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} boolean tls-no-verify-cert"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17822
+msgid "Disable verification of client certificates."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17826
+msgid ""
+"Client certificate verification is the primary authentication mechanism. Any client which does not present a certificate signed by "
+"the CA will be rejected."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17831
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} optional-list tls-allowed-dn-list"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17833
+msgid "Whitelist of allowed x509 Distinguished Name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17838
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} optional-list sasl-allowed-usernames"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17841
+msgid "Whitelist of allowed SASL usernames. The format for username depends on the SASL authentication mechanism."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17846
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string tls-priority"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17850
+msgid ""
+"Override the compile time default TLS priority string. The default is usually \"NORMAL\" unless overridden at build time. Only set "
+"this is it is desired for libvirt to deviate from the global default settings."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17852
+msgid "Defaults to @samp{\"NORMAL\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17855
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer max-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17858 doc/guix.texi:18281
+msgid "Maximum number of concurrent client connections to allow over all sockets combined."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17860
+msgid "Defaults to @samp{5000}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17863
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer max-queued-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17867
+msgid ""
+"Maximum length of queue of connections waiting to be accepted by the daemon. Note, that some protocols supporting retransmission "
+"may obey this so that a later reattempt at connection succeeds."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17872
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer max-anonymous-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17875
+msgid "Maximum length of queue of accepted but not yet authenticated clients. Set this to zero to turn this feature off"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17877 doc/guix.texi:17895 doc/guix.texi:17911
+msgid "Defaults to @samp{20}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17880
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer min-workers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17882
+msgid "Number of workers to start up initially."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17887
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer max-workers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17889
+msgid "Maximum number of worker threads."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17893
+msgid ""
+"If the number of active clients exceeds @code{min-workers}, then more threads are spawned, up to max_workers limit. Typically you'd "
+"want max_workers to equal maximum number of clients allowed."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17898
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer prio-workers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17902
+msgid ""
+"Number of priority workers. If all workers from above pool are stuck, some calls marked as high priority (notably domainDestroy) "
+"can be executed in this pool."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17907
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer max-requests"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17909
+msgid "Total global limit on concurrent RPC calls."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17914
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer max-client-requests"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17918
+msgid ""
+"Limit on concurrent requests from a single client connection. To avoid one client monopolizing the server this should be a small "
+"fraction of the global max_requests and max_workers parameter."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17923
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-min-workers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17925
+msgid "Same as @code{min-workers} but for the admin interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17930
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-max-workers"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17932
+msgid "Same as @code{max-workers} but for the admin interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17937
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-max-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17939
+msgid "Same as @code{max-clients} but for the admin interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17944
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-max-queued-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17946
+msgid "Same as @code{max-queued-clients} but for the admin interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17951
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-max-client-requests"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17953
+msgid "Same as @code{max-client-requests} but for the admin interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17958
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer log-level"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17960 doc/guix.texi:18183
+msgid "Logging level. 4 errors, 3 warnings, 2 information, 1 debug."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17965
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string log-filters"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17967 doc/guix.texi:18190
+msgid "Logging filters."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17970 doc/guix.texi:18193
+msgid "A filter allows to select a different logging level for a given category of logs The format for a filter is one of:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:17974 doc/guix.texi:18197
+msgid "x:name"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:17977 doc/guix.texi:18200
+msgid "x:+name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:17987 doc/guix.texi:18210
+msgid ""
+"where @code{name} is a string which is matched against the category given in the @code{VIR_LOG_INIT()} at the top of each libvirt "
+"source file, e.g., \"remote\", \"qemu\", or \"util.json\" (the name in the filter can be a substring of the full category name, in "
+"order to match multiple similar categories), the optional \"+\" prefix tells libvirt to log stack trace for each message matching "
+"name, and @code{x} is the minimal level where matching messages should be logged:"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:17991 doc/guix.texi:18036 doc/guix.texi:18214 doc/guix.texi:18259
+msgid "1: DEBUG"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:17994 doc/guix.texi:18039 doc/guix.texi:18217 doc/guix.texi:18262
+msgid "2: INFO"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:17997 doc/guix.texi:18042 doc/guix.texi:18220 doc/guix.texi:18265
+msgid "3: WARNING"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:18000 doc/guix.texi:18045 doc/guix.texi:18223 doc/guix.texi:18268
+msgid "4: ERROR"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18005 doc/guix.texi:18228
+msgid "Multiple filters can be defined in a single filters statement, they just need to be separated by spaces."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18007 doc/guix.texi:18230
+msgid "Defaults to @samp{\"3:remote 4:event\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18010
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string log-outputs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18012 doc/guix.texi:18235
+msgid "Logging outputs."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18015 doc/guix.texi:18238
+msgid "An output is one of the places to save logging information The format for an output can be:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18017 doc/guix.texi:18240
+#, no-wrap
+msgid "x:stderr"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18019 doc/guix.texi:18242
+msgid "output goes to stderr"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18020 doc/guix.texi:18243
+#, no-wrap
+msgid "x:syslog:name"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18022 doc/guix.texi:18245
+msgid "use syslog for the output and use the given name as the ident"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18023 doc/guix.texi:18246
+#, no-wrap
+msgid "x:file:file_path"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18025 doc/guix.texi:18248
+msgid "output to a file, with the given filepath"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18026 doc/guix.texi:18249
+#, no-wrap
+msgid "x:journald"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18028 doc/guix.texi:18251
+msgid "output to journald logging system"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18032 doc/guix.texi:18255
+msgid "In all case the x prefix is the minimal level, acting as a filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18050 doc/guix.texi:18273
+msgid "Multiple outputs can be defined, they just need to be separated by spaces."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18052 doc/guix.texi:18275
+msgid "Defaults to @samp{\"3:stderr\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18055
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer audit-level"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18057
+msgid "Allows usage of the auditing subsystem to be altered"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:18061
+msgid "0: disable all auditing"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:18064
+msgid "1: enable auditing, only if enabled on host"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:18067
+msgid "2: enable auditing, and exit if disabled on host."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18074
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} boolean audit-logging"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18076
+msgid "Send audit messages via libvirt logging infrastructure."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18081
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} optional-string host-uuid"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18083
+msgid "Host UUID. UUID must not have all digits be the same."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18088
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} string host-uuid-source"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18090
+msgid "Source to read host UUID."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:18094
+msgid "@code{smbios}: fetch the UUID from @code{dmidecode -s system-uuid}"
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:18097
+msgid "@code{machine-id}: fetch the UUID from @code{/etc/machine-id}"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18102
+msgid "If @code{dmidecode} does not provide a valid UUID a temporary UUID will be generated."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18104
+msgid "Defaults to @samp{\"smbios\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18107
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer keepalive-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18112
+msgid ""
+"A keepalive message is sent to a client after @code{keepalive_interval} seconds of inactivity to check if the client is still "
+"responding. If set to -1, libvirtd will never send keepalive requests; however clients can still send them and the daemon will send "
+"responses."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18117
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer keepalive-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18121
+msgid ""
+"Maximum number of keepalive messages that are allowed to be sent to the client without getting any response before the connection is "
+"considered broken."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18128
+msgid ""
+"In other words, the connection is automatically closed approximately after @code{keepalive_interval * (keepalive_count + 1)} seconds "
+"since the last message received from the client. When @code{keepalive-count} is set to 0, connections will be automatically closed "
+"after @code{keepalive-interval} seconds of inactivity without sending any keepalive messages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18133
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-keepalive-interval"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18135 doc/guix.texi:18142
+msgid "Same as above but for admin interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18140
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer admin-keepalive-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18147
+#, no-wrap
+msgid "{@code{libvirt-configuration} parameter} integer ovs-timeout"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18149
+msgid "Timeout for Open vSwitch calls."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18153
+msgid ""
+"The @code{ovs-vsctl} utility is used for the configuration and its timeout option is set by default to 5 seconds to avoid potential "
+"infinite waits blocking libvirt."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:18160
+#, no-wrap
+msgid "Virtlog daemon"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18163
+msgid "The virtlogd service is a server side daemon component of libvirt that is used to manage logs from virtual machine consoles."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18169
+msgid ""
+"This daemon is not used directly by libvirt client applications, rather it is called on their behalf by @code{libvirtd}. By "
+"maintaining the logs in a standalone daemon, the main @code{libvirtd} daemon can be restarted without risk of losing logs. The "
+"@code{virtlogd} daemon has the ability to re-exec() itself upon receiving @code{SIGUSR1}, to allow live upgrades without downtime."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18170
+#, no-wrap
+msgid "{Scheme Variable} virtlog-service-type"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18173
+msgid "This is the type of the virtlog daemon. Its value must be a @code{virtlog-configuration}."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:18178
+#, no-wrap
+msgid ""
+"(service virtlog-service-type\n"
+" (virtlog-configuration\n"
+" (max-clients 1000)))\n"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18181
+#, no-wrap
+msgid "{@code{virtlog-configuration} parameter} integer log-level"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18188
+#, no-wrap
+msgid "{@code{virtlog-configuration} parameter} string log-filters"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18233
+#, no-wrap
+msgid "{@code{virtlog-configuration} parameter} string log-outputs"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18278
+#, no-wrap
+msgid "{@code{virtlog-configuration} parameter} integer max-clients"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18283
+msgid "Defaults to @samp{1024}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18286
+#, no-wrap
+msgid "{@code{virtlog-configuration} parameter} integer max-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18288
+msgid "Maximum file size before rolling over."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18290
+msgid "Defaults to @samp{2MB}"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18293
+#, no-wrap
+msgid "{@code{virtlog-configuration} parameter} integer max-backups"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18295
+msgid "Maximum number of backup files to keep."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18297
+msgid "Defaults to @samp{3}"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:18300
+#, no-wrap
+msgid "Transparent Emulation with QEMU"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:18302
+#, no-wrap
+msgid "emulation"
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:18303
+#, no-wrap
+msgid "binfmt_misc"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18309
+msgid ""
+"@code{qemu-binfmt-service-type} provides support for transparent emulation of program binaries built for different architectures---e."
+"g., it allows you to transparently execute an ARMv7 program on an x86_64 machine. It achieves this by combining the @uref{https://"
+"www.qemu.org, QEMU} emulator and the @code{binfmt_misc} feature of the kernel Linux."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:18310
+#, no-wrap
+msgid "{Scheme Variable} qemu-binfmt-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:18315
+msgid ""
+"This is the type of the QEMU/binfmt service for transparent emulation. Its value must be a @code{qemu-binfmt-configuration} object, "
+"which specifies the QEMU package to use as well as the architecture we want to emulated:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:18320
+#, no-wrap
+msgid ""
+"(service qemu-binfmt-service-type\n"
+" (qemu-binfmt-configuration\n"
+" (platforms (lookup-qemu-platforms \"arm\" \"aarch64\" \"ppc\"))))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:18326
+msgid ""
+"In this example, we enable transparent emulation for the ARM and aarch64 platforms. Running @code{herd stop qemu-binfmt} turns it "
+"off, and running @code{herd start qemu-binfmt} turns it back on (@pxref{Invoking herd, the @command{herd} command,, shepherd, The "
+"GNU Shepherd Manual})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:18328
+#, no-wrap
+msgid "{Data Type} qemu-binfmt-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:18330
+msgid "This is the configuration for the @code{qemu-binfmt} service."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18332
+#, no-wrap
+msgid "@code{platforms} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18335
+msgid ""
+"The list of emulated QEMU platforms. Each item must be a @dfn{platform object} as returned by @code{lookup-qemu-platforms} (see "
+"below)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18336
+#, no-wrap
+msgid "@code{guix-support?} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18342
+msgid ""
+"When it is true, QEMU and all its dependencies are added to the build environment of @command{guix-daemon} (@pxref{Invoking guix-"
+"daemon, @code{--chroot-directory} option}). This allows the @code{binfmt_misc} handlers to be used within the build environment, "
+"which in turn means that you can transparently build programs for another architecture."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18345
+msgid "For example, let's suppose you're on an x86_64 machine and you have this service:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:18351
+#, no-wrap
+msgid ""
+"(service qemu-binfmt-service-type\n"
+" (qemu-binfmt-configuration\n"
+" (platforms (lookup-qemu-platforms \"arm\"))\n"
+" (guix-support? #t)))\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18354
+msgid "You can run:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:18357
+#, no-wrap
+msgid "guix build -s armhf-linux inkscape\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18364
+msgid ""
+"and it will build Inkscape for ARMv7 @emph{as if it were a native build}, transparently using QEMU to emulate the ARMv7 CPU. Pretty "
+"handy if you'd like to test a package build for an architecture you don't have access to!"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18365
+#, no-wrap
+msgid "@code{qemu} (default: @code{qemu})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18367
+msgid "The QEMU package to use."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18370
+#, no-wrap
+msgid "{Scheme Procedure} lookup-qemu-platforms @var{platforms}@dots{}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18375
+msgid ""
+"Return the list of QEMU platform objects corresponding to @var{platforms}@dots{}. @var{platforms} must be a list of strings "
+"corresponding to platform names, such as @code{\"arm\"}, @code{\"sparc\"}, @code{\"mips64el\"}, and so on."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18377
+#, no-wrap
+msgid "{Scheme Procedure} qemu-platform? @var{obj}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18379
+msgid "Return true if @var{obj} is a platform object."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18381
+#, no-wrap
+msgid "{Scheme Procedure} qemu-platform-name @var{platform}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18383
+msgid "Return the name of @var{platform}---a string such as @code{\"arm\"}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18395
+msgid ""
+"The @code{(gnu services version-control)} module provides a service to allow remote access to local Git repositories. There are "
+"three options: the @code{git-daemon-service}, which provides access to repositories via the @code{git://} unsecured TCP-based "
+"protocol, extending the @code{nginx} web server to proxy some requests to @code{git-http-backend}, or providing a web interface with "
+"@code{cgit-service-type}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18396
+#, no-wrap
+msgid "{Scheme Procedure} git-daemon-service [#:config (git-daemon-configuration)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18400
+msgid ""
+"Return a service that runs @command{git daemon}, a simple TCP server to expose repositories over the Git protocol for anonymous "
+"access."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18406
+msgid ""
+"The optional @var{config} argument should be a @code{<git-daemon-configuration>} object, by default it allows read-only access to "
+"exported@footnote{By creating the magic file \"git-daemon-export-ok\" in the repository directory.} repositories under @file{/srv/"
+"git}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:18409
+#, no-wrap
+msgid "{Data Type} git-daemon-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:18411
+msgid "Data type representing the configuration for @code{git-daemon-service}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18413 doc/guix.texi:18469
+#, no-wrap
+msgid "@code{package} (default: @var{git})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18415 doc/guix.texi:18471
+msgid "Package object of the Git distributed version control system."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18416 doc/guix.texi:18475
+#, no-wrap
+msgid "@code{export-all?} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18419
+msgid "Whether to allow access for all Git repositories, even if they do not have the @file{git-daemon-export-ok} file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18420
+#, no-wrap
+msgid "@code{base-path} (default: @file{/srv/git})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18425
+msgid ""
+"Whether to remap all the path requests as relative to the given path. If you run git daemon with @var{(base-path \"/srv/git\")} on "
+"example.com, then if you later try to pull @code{git://example.com/hello.git}, git daemon will interpret the path as @code{/srv/git/"
+"hello.git}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18426
+#, no-wrap
+msgid "@code{user-path} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18433
+msgid ""
+"Whether to allow @code{~user} notation to be used in requests. When specified with empty string, requests to @code{git://host/"
+"~alice/foo} is taken as a request to access @code{foo} repository in the home directory of user @code{alice}. If @var{(user-path "
+"\"path\")} is specified, the same request is taken as a request to access @code{path/foo} repository in the home directory of user "
+"@code{alice}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18434
+#, no-wrap
+msgid "@code{listen} (default: @var{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18437
+msgid "Whether to listen on specific IP addresses or hostnames, defaults to all."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18438
+#, no-wrap
+msgid "@code{port} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18440
+msgid "Whether to listen on an alternative port, which defaults to 9418."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18441
+#, no-wrap
+msgid "@code{whitelist} (default: @var{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18443
+msgid "If not empty, only allow access to this list of directories."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18444
+#, no-wrap
+msgid "@code{extra-options} (default: @var{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18447
+msgid "Extra options will be passed to @code{git daemon}, please run @command{man git-daemon} for more information."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18461
+msgid ""
+"The @code{git://} protocol lacks authentication. When you pull from a repository fetched via @code{git://}, you don't know that the "
+"data you receive was modified is really coming from the specified host, and you have your connection is subject to eavesdropping. "
+"It's better to use an authenticated and encrypted transport, such as @code{https}. Although Git allows you to serve repositories "
+"using unsophisticated file-based web servers, there is a faster protocol implemented by the @code{git-http-backend} program. This "
+"program is the back-end of a proper Git web service. It is designed to sit behind a FastCGI proxy. @xref{Web Services}, for more "
+"on running the necessary @code{fcgiwrap} daemon."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18464
+msgid "Guix has a separate configuration data type for serving Git repositories over HTTP."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:18465
+#, no-wrap
+msgid "{Data Type} git-http-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:18467
+msgid "Data type representing the configuration for @code{git-http-service}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18472
+#, no-wrap
+msgid "@code{git-root} (default: @file{/srv/git})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18474
+msgid "Directory containing the Git repositories to expose to the world."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18478
+msgid ""
+"Whether to expose access for all Git repositories in @var{git-root}, even if they do not have the @file{git-daemon-export-ok} file."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18479
+#, no-wrap
+msgid "@code{uri-path} (default: @file{/git/})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18484
+msgid ""
+"Path prefix for Git access. With the default @code{/git/} prefix, this will map @code{http://@var{server}/git/@var{repo}.git} to "
+"@code{/srv/git/@var{repo}.git}. Requests whose URI paths do not begin with this prefix are not passed on to this Git instance."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:18485
+#, no-wrap
+msgid "@code{fcgiwrap-socket} (default: @code{127.0.0.1:9000})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:18488
+msgid "The socket on which the @code{fcgiwrap} daemon is listening. @xref{Web Services}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18495
+msgid ""
+"There is no @code{git-http-service-type}, currently; instead you can create an @code{nginx-location-configuration} from a @code{git-"
+"http-configuration} and then add that location to a web server."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18496
+#, no-wrap
+msgid "{Scheme Procedure} git-http-nginx-location-configuration @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18501
+msgid ""
+"[config=(git-http-configuration)] Compute an @code{nginx-location-configuration} that corresponds to the given Git http "
+"configuration. An example nginx service definition to serve the default @file{/srv/git} over HTTPS might be:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:18518
+#, no-wrap
+msgid ""
+"(service nginx-service-type\n"
+" (nginx-configuration\n"
+" (server-blocks\n"
+" (list\n"
+" (nginx-server-configuration\n"
+" (listen '(\"443 ssl\"))\n"
+" (server-name \"git.my-host.org\")\n"
+" (ssl-certificate\n"
+" \"/etc/letsencrypt/live/git.my-host.org/fullchain.pem\")\n"
+" (ssl-certificate-key\n"
+" \"/etc/letsencrypt/live/git.my-host.org/privkey.pem\")\n"
+" (locations\n"
+" (list\n"
+" (git-http-nginx-location-configuration\n"
+" (git-http-configuration (uri-path \"/\"))))))))))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:18525
+msgid ""
+"This example assumes that you are using Let's Encrypt to get your TLS certificate. @xref{Certificate Services}. The default "
+"@code{certbot} service will redirect all HTTP traffic on @code{git.my-host.org} to HTTPS. You will also need to add an "
+"@code{fcgiwrap} proxy to your system services. @xref{Web Services}."
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:18527
+#, no-wrap
+msgid "Cgit Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:18529
+#, no-wrap
+msgid "Cgit service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:18530
+#, no-wrap
+msgid "Git, web interface"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18533
+msgid "@uref{https://git.zx2c4.com/cgit/, Cgit} is a web frontend for Git repositories written in C."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18536
+msgid ""
+"The following example will configure the service with default values. By default, Cgit can be accessed on port 80 (@code{http://"
+"localhost:80})."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:18539
+#, no-wrap
+msgid "(service cgit-service-type)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:18544
+msgid "Available @code{cgit-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18545
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} package package"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18547
+msgid "The CGIT package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18550
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} nginx-server-configuration-list nginx"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18552
+msgid "NGINX configuration."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18555
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string about-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18558
+msgid "Specifies a command which will be invoked to format the content of about pages (both top-level and for each repository)."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18563
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string agefile"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18566
+msgid ""
+"Specifies a path, relative to each repository path, which can be used to specify the date and time of the youngest commit in the "
+"repository."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18571
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string auth-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18574
+msgid "Specifies a command that will be invoked for authenticating repository access."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18579
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string branch-sort"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18582
+msgid ""
+"Flag which, when set to @samp{age}, enables date ordering in the branch ref list, and when set @samp{name} enables ordering by "
+"branch name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18584
+msgid "Defaults to @samp{\"name\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18587
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string cache-root"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18589
+msgid "Path used to store the cgit cache entries."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18591
+msgid "Defaults to @samp{\"/var/cache/cgit\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18594
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-static-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18597
+msgid "Number which specifies the time-to-live, in minutes, for the cached version of repository pages accessed with a fixed SHA1."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18599 doc/guix.texi:19033
+msgid "Defaults to @samp{-1}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18602
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-dynamic-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18605
+msgid "Number which specifies the time-to-live, in minutes, for the cached version of repository pages accessed without a fixed SHA1."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18610
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-repo-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18613
+msgid "Number which specifies the time-to-live, in minutes, for the cached version of the repository summary page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18618
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-root-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18621
+msgid "Number which specifies the time-to-live, in minutes, for the cached version of the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18626
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-scanrc-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18629
+msgid "Number which specifies the time-to-live, in minutes, for the result of scanning a path for Git repositories."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18634
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-about-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18637
+msgid "Number which specifies the time-to-live, in minutes, for the cached version of the repository about page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18642
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-snapshot-ttl"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18645
+msgid "Number which specifies the time-to-live, in minutes, for the cached version of snapshots."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18650
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer cache-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18653
+msgid "The maximum number of entries in the cgit cache. When set to @samp{0}, caching is disabled."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18658
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean case-sensitive-sort?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18660
+msgid "Sort items in the repo list case sensitively."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18665
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} list clone-prefix"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18668
+msgid "List of common prefixes which, when combined with a repository URL, generates valid clone URLs for the repository."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18673
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} list clone-url"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18675
+msgid "List of @code{clone-url} templates."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18680
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string commit-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18682
+msgid "Command which will be invoked to format commit messages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18687
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string commit-sort"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18691 doc/guix.texi:19240
+msgid ""
+"Flag which, when set to @samp{date}, enables strict date ordering in the commit log, and when set to @samp{topo} enables strict "
+"topological ordering."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18693
+msgid "Defaults to @samp{\"git log\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18696
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string css"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18698
+msgid "URL which specifies the css document to include in all cgit pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18700
+msgid "Defaults to @samp{\"/share/cgit/cgit.css\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18703
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string email-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18707
+msgid ""
+"Specifies a command which will be invoked to format names and email address of committers, authors, and taggers, as represented in "
+"various places throughout the cgit interface."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18712
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean embedded?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18715
+msgid "Flag which, when set to @samp{#t}, will make cgit generate a HTML fragment suitable for embedding in other HTML pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18720
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-commit-graph?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18724
+msgid ""
+"Flag which, when set to @samp{#t}, will make cgit print an ASCII-art commit history graph to the left of the commit messages in the "
+"repository log page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18729
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-filter-overrides?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18732
+msgid "Flag which, when set to @samp{#t}, allows all filter settings to be overridden in repository-specific cgitrc files."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18737
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-follow-links?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18740
+msgid "Flag which, when set to @samp{#t}, allows users to follow a file in the log view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18745
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-http-clone?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18748
+msgid "If set to @samp{#t}, cgit will act as an dumb HTTP endpoint for Git clones."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18753
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-index-links?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18756
+msgid ""
+"Flag which, when set to @samp{#t}, will make cgit generate extra links \"summary\", \"commit\", \"tree\" for each repo in the "
+"repository index."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18761
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-index-owner?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18764
+msgid "Flag which, when set to @samp{#t}, will make cgit display the owner of each repo in the repository index."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18769
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-log-filecount?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18772
+msgid ""
+"Flag which, when set to @samp{#t}, will make cgit print the number of modified files for each commit on the repository log page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18777
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-log-linecount?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18780
+msgid ""
+"Flag which, when set to @samp{#t}, will make cgit print the number of added and removed lines for each commit on the repository log "
+"page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18785
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-remote-branches?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18788 doc/guix.texi:19303
+msgid "Flag which, when set to @code{#t}, will make cgit display remote branches in the summary and refs views."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18793
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-subject-links?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18797
+msgid ""
+"Flag which, when set to @code{1}, will make cgit use the subject of the parent commit as link text when generating links to parent "
+"commits in commit view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18802
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-html-serving?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18806
+msgid ""
+"Flag which, when set to @samp{#t}, will make cgit use the subject of the parent commit as link text when generating links to parent "
+"commits in commit view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18811
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-tree-linenumbers?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18814
+msgid "Flag which, when set to @samp{#t}, will make cgit generate linenumber links for plaintext blobs printed in the tree view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18819
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean enable-git-config?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18822
+msgid "Flag which, when set to @samp{#f}, will allow cgit to use Git config to set any repo specific settings."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18827
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string favicon"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18829
+msgid "URL used as link to a shortcut icon for cgit."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18831
+msgid "Defaults to @samp{\"/favicon.ico\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18834
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string footer"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18838
+msgid ""
+"The content of the file specified with this option will be included verbatim at the bottom of all pages (i.e. it replaces the "
+"standard \"generated by...\" message)."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18843
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string head-include"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18846
+msgid "The content of the file specified with this option will be included verbatim in the HTML HEAD section on all pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18851
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string header"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18854
+msgid "The content of the file specified with this option will be included verbatim at the top of all pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18859
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string include"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18862
+msgid "Name of a configfile to include before the rest of the current config- file is parsed."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18867
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string index-header"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18870
+msgid "The content of the file specified with this option will be included verbatim above the repository index."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18875
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string index-info"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18878
+msgid "The content of the file specified with this option will be included verbatim below the heading on the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18883
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean local-time?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18886
+msgid "Flag which, if set to @samp{#t}, makes cgit print commit and tag times in the servers timezone."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18891
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string logo"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18894
+msgid "URL which specifies the source of an image which will be used as a logo on all cgit pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18896
+msgid "Defaults to @samp{\"/share/cgit/cgit.png\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18899
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string logo-link"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18901 doc/guix.texi:19349
+msgid "URL loaded when clicking on the cgit logo image."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18906
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string owner-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18909
+msgid "Command which will be invoked to format the Owner column of the main page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18914
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer max-atom-items"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18916
+msgid "Number of items to display in atom feeds view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18918 doc/guix.texi:19144 doc/guix.texi:19152 doc/guix.texi:19160
+msgid "Defaults to @samp{10}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18921
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer max-commit-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18923
+msgid "Number of entries to list per page in \"log\" view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18925 doc/guix.texi:18940
+msgid "Defaults to @samp{50}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18928
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer max-message-length"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18930
+msgid "Number of commit message characters to display in \"log\" view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18932 doc/guix.texi:18948
+msgid "Defaults to @samp{80}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18935
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer max-repo-count"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18938
+msgid "Specifies the number of entries to list per page on the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18943
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer max-repodesc-length"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18946
+msgid "Specifies the maximum number of repo description characters to display on the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18951
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer max-blob-size"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18953
+msgid "Specifies the maximum size of a blob to display HTML for in KBytes."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18958
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string max-stats"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18961
+msgid "Maximum statistics period. Valid values are @samp{week},@samp{month}, @samp{quarter} and @samp{year}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18966
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} mimetype-alist mimetype"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18968
+msgid "Mimetype for the specified filename extension."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18972
+msgid ""
+"Defaults to @samp{((gif \"image/gif\") (html \"text/html\") (jpg \"image/jpeg\") (jpeg \"image/jpeg\") (pdf \"application/pdf\") "
+"(png \"image/png\") (svg \"image/svg+xml\"))}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18975
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string mimetype-file"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18977
+msgid "Specifies the file to use for automatic mimetype lookup."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18982
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string module-link"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18985
+msgid "Text which will be used as the formatstring for a hyperlink when a submodule is printed in a directory listing."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18990
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean nocache?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18992
+msgid "If set to the value @samp{#t} caching will be disabled."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:18997
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean noplainemail?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19000
+msgid "If set to @samp{#t} showing full author email addresses will be disabled."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19005
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean noheader?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19008
+msgid "Flag which, when set to @samp{#t}, will make cgit omit the standard header on all pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19013
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string readme"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19015
+msgid "Text which will be used as default value for @code{cgit-repo-readme}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19020
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean remove-suffix?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19024
+msgid ""
+"If set to @code{#t} and @code{repository-directory} is enabled, if any repositories are found with a suffix of @code{.git}, this "
+"suffix will be removed for the URL and name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19029
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer renamelimit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19031
+msgid "Maximum number of files to consider when detecting renames."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19036
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string repository-sort"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19038
+msgid "The way in which repositories in each section are sorted."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19043
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} robots-list robots"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19045
+msgid "Text used as content for the @code{robots} meta-tag."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19047
+msgid "Defaults to @samp{(\"noindex\" \"nofollow\")}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19050
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string root-desc"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19052
+msgid "Text printed below the heading on the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19054
+msgid "Defaults to @samp{\"a fast webinterface for the git dscm\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19057
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string root-readme"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19060
+msgid ""
+"The content of the file specified with this option will be included verbatim below thef \"about\" link on the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19065
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string root-title"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19067
+msgid "Text printed as heading on the repository index page."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19072
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean scan-hidden-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19078
+msgid ""
+"If set to @samp{#t} and repository-directory is enabled, repository-directory will recurse into directories whose name starts with a "
+"period. Otherwise, repository-directory will stay away from such directories, considered as \"hidden\". Note that this does not "
+"apply to the \".git\" directory in non-bare repos."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19083
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} list snapshots"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19086
+msgid "Text which specifies the default set of snapshot formats that cgit generates links for."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19091
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} repository-directory repository-directory"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19094
+msgid "Name of the directory to scan for repositories (represents @code{scan-path})."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19096
+msgid "Defaults to @samp{\"/srv/git\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19099
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string section"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19102 doc/guix.texi:19418
+msgid "The name of the current repository section - all repositories defined after this option will inherit the current section name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19107
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string section-sort"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19110
+msgid "Flag which, when set to @samp{1}, will sort the sections on the repository listing by name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19115
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer section-from-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19118
+msgid ""
+"A number which, if defined prior to repository-directory, specifies how many path elements from each repo path to use as a default "
+"section name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19123
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} boolean side-by-side-diffs?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19126
+msgid "If set to @samp{#t} shows side-by-side diffs instead of unidiffs per default."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19131
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string source-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19134
+msgid "Specifies a command which will be invoked to format plaintext blobs in the tree view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19139
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer summary-branches"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19142
+msgid "Specifies the number of branches to display in the repository \"summary\" view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19147
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer summary-log"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19150
+msgid "Specifies the number of log entries to display in the repository \"summary\" view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19155
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} integer summary-tags"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19158
+msgid "Specifies the number of tags to display in the repository \"summary\" view."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19163
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string strict-export"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19166
+msgid "Filename which, if specified, needs to be present within the repository for cgit to allow access to that repository."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19171
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} string virtual-root"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19173
+msgid "URL which, if specified, will be used as root for all cgit links."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19175
+msgid "Defaults to @samp{\"/\"}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19178
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} repository-cgit-configuration-list repositories"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19180
+msgid "A list of @dfn{cgit-repo} records to use with config."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19184
+msgid "Available @code{repository-cgit-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19185
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-list snapshots"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19188
+msgid "A mask of snapshot formats for this repo that cgit generates links for, restricted by the global @code{snapshots} setting."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19193
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string source-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19195
+msgid "Override the default @code{source-filter}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19200
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string url"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19202
+msgid "The relative URL used to access the repository."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19207
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string about-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19209
+msgid "Override the default @code{about-filter}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19214
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string branch-sort"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19217
+msgid ""
+"Flag which, when set to @samp{age}, enables date ordering in the branch ref list, and when set to @samp{name} enables ordering by "
+"branch name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19222
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-list clone-url"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19224
+msgid "A list of URLs which can be used to clone repo."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19229
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string commit-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19231
+msgid "Override the default @code{commit-filter}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19236
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string commit-sort"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19245
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string defbranch"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19250
+msgid ""
+"The name of the default branch for this repository. If no such branch exists in the repository, the first branch name (when sorted) "
+"is used as default instead. By default branch pointed to by HEAD, or \"master\" if there is no suitable HEAD."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19255
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string desc"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19257
+msgid "The value to show as repository description."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19262
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string homepage"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19264
+msgid "The value to show as repository homepage."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19269
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string email-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19271
+msgid "Override the default @code{email-filter}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19276
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean enable-commit-graph?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19279
+msgid "A flag which can be used to disable the global setting @code{enable-commit-graph?}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19284
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean enable-log-filecount?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19287
+msgid "A flag which can be used to disable the global setting @code{enable-log-filecount?}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19292
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean enable-log-linecount?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19295
+msgid "A flag which can be used to disable the global setting @code{enable-log-linecount?}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19300
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean enable-remote-branches?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19308
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean enable-subject-links?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19311
+msgid "A flag which can be used to override the global setting @code{enable-subject-links?}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19316
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean enable-html-serving?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19319
+msgid "A flag which can be used to override the global setting @code{enable-html-serving?}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19324
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean hide?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19327
+msgid "Flag which, when set to @code{#t}, hides the repository from the repository index."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19332
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-boolean ignore?"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19334
+msgid "Flag which, when set to @samp{#t}, ignores the repository."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19339
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string logo"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19342
+msgid "URL which specifies the source of an image which will be used as a logo on this repo’s pages."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19347
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string logo-link"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19354
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string owner-filter"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19356
+msgid "Override the default @code{owner-filter}."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19361
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string module-link"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19365
+msgid ""
+"Text which will be used as the formatstring for a hyperlink when a submodule is printed in a directory listing. The arguments for "
+"the formatstring are the path and SHA1 of the submodule commit."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19370
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} module-link-path module-link-path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19374
+msgid ""
+"Text which will be used as the formatstring for a hyperlink when a submodule with the specified subdirectory path is printed in a "
+"directory listing."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19379
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string max-stats"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19381
+msgid "Override the default maximum statistics period."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19386
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string name"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19388
+msgid "The value to show as repository name."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19393
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string owner"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19395
+msgid "A value used to identify the owner of the repository."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19400
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string path"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19402
+msgid "An absolute path to the repository directory."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19407
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string readme"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19410
+msgid "A path (relative to repo) which specifies a file to include verbatim as the \"About\" page for this repo."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19415
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-string section"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19423
+#, no-wrap
+msgid "{@code{repository-cgit-configuration} parameter} repo-list extra-options"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19425 doc/guix.texi:19434
+msgid "Extra options will be appended to cgitrc file."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19432
+#, no-wrap
+msgid "{@code{cgit-configuration} parameter} list extra-options"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19445
+msgid ""
+"However, it could be that you just want to get a @code{cgitrc} up and running. In that case, you can pass an @code{opaque-cgit-"
+"configuration} as a record to @code{cgit-service-type}. As its name indicates, an opaque configuration does not have easy "
+"reflective capabilities."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19447
+msgid "Available @code{opaque-cgit-configuration} fields are:"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19448
+#, no-wrap
+msgid "{@code{opaque-cgit-configuration} parameter} package cgit"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19450
+msgid "The cgit package."
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19452
+#, no-wrap
+msgid "{@code{opaque-cgit-configuration} parameter} string string"
+msgstr ""
+
+#. type: deftypevr
+#: doc/guix.texi:19454
+msgid "The contents of the @code{cgitrc}, as a string."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19458
+msgid "For example, if your @code{cgitrc} is just the empty string, you could instantiate a cgit service like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19463
+#, no-wrap
+msgid ""
+"(service cgit-service-type\n"
+" (opaque-cgit-configuration\n"
+" (cgitrc \"\")))\n"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:19469
+#, no-wrap
+msgid "The Battle for Wesnoth Service"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19470
+#, no-wrap
+msgid "wesnothd"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19474
+msgid ""
+"@uref{https://wesnoth.org, The Battle for Wesnoth} is a fantasy, turn based tactical strategy game, with several single player "
+"campaigns, and multiplayer games (both networked and local)."
+msgstr ""
+
+#. type: defvar
+#: doc/guix.texi:19475
+#, no-wrap
+msgid "{Scheme Variable} wesnothd-service-type"
+msgstr ""
+
+#. type: defvar
+#: doc/guix.texi:19479
+msgid ""
+"Service type for the wesnothd service. Its value must be a @code{wesnothd-configuration} object. To run wesnothd in the default "
+"configuration, instantiate it as:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19482
+#, no-wrap
+msgid "(service wesnothd-service-type)\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19485
+#, no-wrap
+msgid "{Data Type} wesnothd-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19487
+msgid "Data type representing the configuration of @command{wesnothd}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19489
+#, no-wrap
+msgid "@code{package} (default: @code{wesnoth-server})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19491
+msgid "The wesnoth server package to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19492
+#, no-wrap
+msgid "@code{port} (default: @code{15000})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19494
+msgid "The port to bind the server to."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19500
+#, no-wrap
+msgid "sysctl"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:19501
+#, no-wrap
+msgid "System Control Service"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19505
+msgid "The @code{(gnu services sysctl)} provides a service to configure kernel parameters at boot."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19506
+#, no-wrap
+msgid "{Scheme Variable} sysctl-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19510
+msgid ""
+"The service type for @command{sysctl}, which modifies kernel parameters under @file{/proc/sys/}. To enable IPv4 forwarding, it can "
+"be instantiated as:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19515
+#, no-wrap
+msgid ""
+"(service sysctl-service-type\n"
+" (sysctl-configuration\n"
+" (settings '((\"net.ipv4.ip_forward\" . \"1\")))))\n"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19518
+#, no-wrap
+msgid "{Data Type} sysctl-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19520
+msgid "The data type representing the configuration of @command{sysctl}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19522
+#, no-wrap
+msgid "@code{sysctl} (default: @code{(file-append procps \"/sbin/sysctl\"})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19524
+msgid "The @command{sysctl} executable to use."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19525
+#, no-wrap
+msgid "@code{settings} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19527
+msgid "An association list specifies kernel parameters and their values."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19530
+#, no-wrap
+msgid "lirc"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:19531
+#, no-wrap
+msgid "Lirc Service"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19534
+msgid "The @code{(gnu services lirc)} module provides the following service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19535
+#, no-wrap
+msgid "{Scheme Procedure} lirc-service [#:lirc lirc] @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19540
+msgid ""
+"[#:device #f] [#:driver #f] [#:config-file #f] @ [#:extra-options '()] Return a service that runs @url{http://www.lirc.org,LIRC}, a "
+"daemon that decodes infrared signals from remote controls."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19544
+msgid ""
+"Optionally, @var{device}, @var{driver} and @var{config-file} (configuration file name) may be specified. See @command{lircd} manual "
+"for details."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19547
+msgid "Finally, @var{extra-options} is a list of additional command-line options passed to @command{lircd}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19549
+#, no-wrap
+msgid "spice"
+msgstr ""
+
+#. type: subsubheading
+#: doc/guix.texi:19550
+#, no-wrap
+msgid "Spice Service"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19553
+msgid "The @code{(gnu services spice)} module provides the following service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19554
+#, no-wrap
+msgid "{Scheme Procedure} spice-vdagent-service [#:spice-vdagent]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19558
+msgid ""
+"Returns a service that runs @url{http://www.spice-space.org,VDAGENT}, a daemon that enables sharing the clipboard with a vm and "
+"setting the guest display resolution when the graphical console window resizes."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:19560
+#, no-wrap
+msgid "Dictionary Services"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19561
+#, no-wrap
+msgid "dictionary"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19563
+msgid "The @code{(gnu services dict)} module provides the following service:"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19564
+#, no-wrap
+msgid "{Scheme Procedure} dicod-service [#:config (dicod-configuration)]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19567
+msgid ""
+"Return a service that runs the @command{dicod} daemon, an implementation of DICT server (@pxref{Dicod,,, dico, GNU Dico Manual})."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19571
+msgid ""
+"The optional @var{config} argument specifies the configuration for @command{dicod}, which should be a @code{<dicod-configuration>} "
+"object, by default it serves the GNU Collaborative International Dictonary of English."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:19575
+msgid ""
+"You can add @command{open localhost} to your @file{~/.dico} file to make @code{localhost} the default server for @command{dico} "
+"client (@pxref{Initialization File,,, dico, GNU Dico Manual})."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19577
+#, no-wrap
+msgid "{Data Type} dicod-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19579
+msgid "Data type representing the configuration of dicod."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19581
+#, no-wrap
+msgid "@code{dico} (default: @var{dico})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19583
+msgid "Package object of the GNU Dico dictionary server."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19584
+#, no-wrap
+msgid "@code{interfaces} (default: @var{'(\"localhost\")})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19588
+msgid ""
+"This is the list of IP addresses and ports and possibly socket file names to listen to (@pxref{Server Settings, @code{listen} "
+"directive,, dico, GNU Dico Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19589
+#, no-wrap
+msgid "@code{handlers} (default: @var{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19591
+msgid "List of @code{<dicod-handler>} objects denoting handlers (module instances)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19592
+#, no-wrap
+msgid "@code{databases} (default: @var{(list %dicod-database:gcide)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19594
+msgid "List of @code{<dicod-database>} objects denoting dictionaries to be served."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19597
+#, no-wrap
+msgid "{Data Type} dicod-handler"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19599
+msgid "Data type representing a dictionary handler (module instance)."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19603
+msgid "Name of the handler (module instance)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19604
+#, no-wrap
+msgid "@code{module} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19608
+msgid ""
+"Name of the dicod module of the handler (instance). If it is @code{#f}, the module has the same name as the handler. "
+"(@pxref{Modules,,, dico, GNU Dico Manual})."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:19609 doc/guix.texi:19629
+#, no-wrap
+msgid "options"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19611
+msgid "List of strings or gexps representing the arguments for the module handler"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19614
+#, no-wrap
+msgid "{Data Type} dicod-database"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19616
+msgid "Data type representing a dictionary database."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19620
+msgid "Name of the database, will be used in DICT commands."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:19621
+#, no-wrap
+msgid "handler"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19624
+msgid "Name of the dicod handler (module instance) used by this database (@pxref{Handlers,,, dico, GNU Dico Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19625
+#, no-wrap
+msgid "@code{complex?} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19628
+msgid ""
+"Whether the database configuration complex. The complex configuration will need a corresponding @code{<dicod-handler>} object, "
+"otherwise not."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19632
+msgid "List of strings or gexps representing the arguments for the database (@pxref{Databases,,, dico, GNU Dico Manual})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19635
+#, no-wrap
+msgid "{Scheme Variable} %dicod-database:gcide"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19638
+msgid ""
+"A @code{<dicod-database>} object serving the GNU Collaborative International Dictionary of English using the @code{gcide} package."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19641
+msgid "The following is an example @code{dicod-service} configuration."
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19656
+#, no-wrap
+msgid ""
+"(dicod-service #:config\n"
+" (dicod-configuration\n"
+" (handlers (list (dicod-handler\n"
+" (name \"wordnet\")\n"
+" (module \"dictorg\")\n"
+" (options\n"
+" (list #~(string-append \"dbdir=\" #$wordnet))))))\n"
+" (databases (list (dicod-database\n"
+" (name \"wordnet\")\n"
+" (complex? #t)\n"
+" (handler \"wordnet\")\n"
+" (options '(\"database=wn\")))\n"
+" %dicod-database:gcide))))\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19661
+#, no-wrap
+msgid "setuid programs"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19671
+msgid ""
+"Some programs need to run with ``root'' privileges, even when they are launched by unprivileged users. A notorious example is the "
+"@command{passwd} program, which users can run to change their password, and which needs to access the @file{/etc/passwd} and @file{/"
+"etc/shadow} files---something normally restricted to root, for obvious security reasons. To address that, these executables are "
+"@dfn{setuid-root}, meaning that they always run with root privileges (@pxref{How Change Persona,,, libc, The GNU C Library Reference "
+"Manual}, for more info about the setuid mechanism.)"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19678
+msgid ""
+"The store itself @emph{cannot} contain setuid programs: that would be a security issue since any user on the system can write "
+"derivations that populate the store (@pxref{The Store}). Thus, a different mechanism is used: instead of changing the setuid bit "
+"directly on files that are in the store, we let the system administrator @emph{declare} which programs should be setuid root."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19684
+msgid ""
+"The @code{setuid-programs} field of an @code{operating-system} declaration contains a list of G-expressions denoting the names of "
+"programs to be setuid-root (@pxref{Using the Configuration System}). For instance, the @command{passwd} program, which is part of "
+"the Shadow package, can be designated by this G-expression (@pxref{G-Expressions}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19687
+#, no-wrap
+msgid "#~(string-append #$shadow \"/bin/passwd\")\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19691
+msgid "A default set of setuid programs is defined by the @code{%setuid-programs} variable of the @code{(gnu system)} module."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19692
+#, no-wrap
+msgid "{Scheme Variable} %setuid-programs"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19694
+msgid "A list of G-expressions denoting common programs that are setuid-root."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19697
+msgid "The list includes commands such as @command{passwd}, @command{ping}, @command{su}, and @command{sudo}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19703
+msgid ""
+"Under the hood, the actual setuid programs are created in the @file{/run/setuid-programs} directory at system activation time. The "
+"files in this directory refer to the ``real'' binaries, which are in the store."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19707
+#, no-wrap
+msgid "HTTPS, certificates"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19708
+#, no-wrap
+msgid "X.509 certificates"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19709
+#, no-wrap
+msgid "TLS"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19716
+msgid ""
+"Web servers available over HTTPS (that is, HTTP over the transport-layer security mechanism, TLS) send client programs an @dfn{X.509 "
+"certificate} that the client can then use to @emph{authenticate} the server. To do that, clients verify that the server's "
+"certificate is signed by a so-called @dfn{certificate authority} (CA). But to verify the CA's signature, clients must have first "
+"acquired the CA's certificate."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19720
+msgid ""
+"Web browsers such as GNU@tie{}IceCat include their own set of CA certificates, such that they are able to verify CA signatures out-"
+"of-the-box."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19724
+msgid ""
+"However, most other programs that can talk HTTPS---@command{wget}, @command{git}, @command{w3m}, etc.---need to be told where CA "
+"certificates can be found."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19731
+msgid ""
+"In GuixSD, this is done by adding a package that provides certificates to the @code{packages} field of the @code{operating-system} "
+"declaration (@pxref{operating-system Reference}). GuixSD includes one such package, @code{nss-certs}, which is a set of CA "
+"certificates provided as part of Mozilla's Network Security Services."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19736
+msgid ""
+"Note that it is @emph{not} part of @var{%base-packages}, so you need to explicitly add it. The @file{/etc/ssl/certs} directory, "
+"which is where most applications and libraries look for certificates by default, points to the certificates installed globally."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19746
+msgid ""
+"Unprivileged users, including users of Guix on a foreign distro, can also install their own certificate package in their profile. A "
+"number of environment variables need to be defined so that applications and libraries know where to find them. Namely, the OpenSSL "
+"library honors the @code{SSL_CERT_DIR} and @code{SSL_CERT_FILE} variables. Some applications add their own environment variables; "
+"for instance, the Git version control system honors the certificate bundle pointed to by the @code{GIT_SSL_CAINFO} environment "
+"variable. Thus, you would typically run something like:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19752
+#, no-wrap
+msgid ""
+"$ guix package -i nss-certs\n"
+"$ export SSL_CERT_DIR=\"$HOME/.guix-profile/etc/ssl/certs\"\n"
+"$ export SSL_CERT_FILE=\"$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt\"\n"
+"$ export GIT_SSL_CAINFO=\"$SSL_CERT_FILE\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19757
+msgid ""
+"As another example, R requires the @code{CURL_CA_BUNDLE} environment variable to point to a certificate bundle, so you would have to "
+"run something like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19761
+#, no-wrap
+msgid ""
+"$ guix package -i nss-certs\n"
+"$ export CURL_CA_BUNDLE=\"$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19765
+msgid "For other applications you may want to look up the required environment variable in the relevant documentation."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19770
+#, no-wrap
+msgid "name service switch"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19771
+#, no-wrap
+msgid "NSS"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19780
+msgid ""
+"The @code{(gnu system nss)} module provides bindings to the configuration file of the libc @dfn{name service switch} or @dfn{NSS} "
+"(@pxref{NSS Configuration File,,, libc, The GNU C Library Reference Manual}). In a nutshell, the NSS is a mechanism that allows "
+"libc to be extended with new ``name'' lookup methods for system databases, which includes host names, service names, user accounts, "
+"and more (@pxref{Name Service Switch, System Databases and Name Service Switch,, libc, The GNU C Library Reference Manual})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19787
+msgid ""
+"The NSS configuration specifies, for each system database, which lookup method is to be used, and how the various methods are "
+"chained together---for instance, under which circumstances NSS should try the next method in the list. The NSS configuration is "
+"given in the @code{name-service-switch} field of @code{operating-system} declarations (@pxref{operating-system Reference, @code{name-"
+"service-switch}})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19788
+#, no-wrap
+msgid "nss-mdns"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19789
+#, no-wrap
+msgid ".local, host name lookup"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19794
+msgid ""
+"As an example, the declaration below configures the NSS to use the @uref{http://0pointer.de/lennart/projects/nss-mdns/, @code{nss-"
+"mdns} back-end}, which supports host name lookups over multicast DNS (mDNS) for host names ending in @code{.local}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19798
+#, no-wrap
+msgid ""
+"(name-service-switch\n"
+" (hosts (list %files ;first, check /etc/hosts\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19803
+#, no-wrap
+msgid ""
+" ;; If the above did not succeed, try\n"
+" ;; with 'mdns_minimal'.\n"
+" (name-service\n"
+" (name \"mdns_minimal\")\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19809
+#, no-wrap
+msgid ""
+" ;; 'mdns_minimal' is authoritative for\n"
+" ;; '.local'. When it returns \"not found\",\n"
+" ;; no need to try the next methods.\n"
+" (reaction (lookup-specification\n"
+" (not-found => return))))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19813
+#, no-wrap
+msgid ""
+" ;; Then fall back to DNS.\n"
+" (name-service\n"
+" (name \"dns\"))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19817
+#, no-wrap
+msgid ""
+" ;; Finally, try with the \"full\" 'mdns'.\n"
+" (name-service\n"
+" (name \"mdns\")))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19822
+msgid ""
+"Do not worry: the @code{%mdns-host-lookup-nss} variable (see below) contains this configuration, so you will not have to type it if "
+"all you want is to have @code{.local} host lookup working."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19830
+msgid ""
+"Note that, in this case, in addition to setting the @code{name-service-switch} of the @code{operating-system} declaration, you also "
+"need to use @code{avahi-service} (@pxref{Networking Services, @code{avahi-service}}), or @var{%desktop-services}, which includes it "
+"(@pxref{Desktop Services}). Doing this makes @code{nss-mdns} accessible to the name service cache daemon (@pxref{Base Services, "
+"@code{nscd-service}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19833
+msgid "For convenience, the following variables provide typical NSS configurations."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19834
+#, no-wrap
+msgid "{Scheme Variable} %default-nss"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19837
+msgid "This is the default name service switch configuration, a @code{name-service-switch} object."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19839
+#, no-wrap
+msgid "{Scheme Variable} %mdns-host-lookup-nss"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19842
+msgid ""
+"This is the name service switch configuration with support for host name lookup over multicast DNS (mDNS) for host names ending in "
+"@code{.local}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19852
+msgid ""
+"The reference for name service switch configuration is given below. It is a direct mapping of the configuration file format of the "
+"C library , so please refer to the C library manual for more information (@pxref{NSS Configuration File,,, libc, The GNU C Library "
+"Reference Manual}). Compared to the configuration file format of libc NSS, it has the advantage not only of adding this warm "
+"parenthetic feel that we like, but also static checks: you will know about syntax errors and typos as soon as you run @command{guix "
+"system}."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19853
+#, no-wrap
+msgid "{Data Type} name-service-switch"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19858
+msgid ""
+"This is the data type representation the configuration of libc's name service switch (NSS). Each field below represents one of the "
+"supported system databases."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19860
+#, no-wrap
+msgid "aliases"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19861
+#, no-wrap
+msgid "ethers"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19863
+#, no-wrap
+msgid "gshadow"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19864
+#, no-wrap
+msgid "hosts"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19865
+#, no-wrap
+msgid "initgroups"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19866
+#, no-wrap
+msgid "netgroup"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19867
+#, no-wrap
+msgid "networks"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19869
+#, no-wrap
+msgid "public-key"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19870
+#, no-wrap
+msgid "rpc"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:19872
+#, no-wrap
+msgid "shadow"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19875
+msgid "The system databases handled by the NSS. Each of these fields must be a list of @code{<name-service>} objects (see below)."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19878
+#, no-wrap
+msgid "{Data Type} name-service"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:19882
+msgid "This is the data type representing an actual name service and the associated lookup action."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19887
+msgid "A string denoting the name service (@pxref{Services in the NSS configuration,,, libc, The GNU C Library Reference Manual})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19892
+msgid ""
+"Note that name services listed here must be visible to nscd. This is achieved by passing the @code{#:name-services} argument to "
+"@code{nscd-service} the list of packages providing the needed name services (@pxref{Base Services, @code{nscd-service}})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19893
+#, no-wrap
+msgid "reaction"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19897
+msgid ""
+"An action specified using the @code{lookup-specification} macro (@pxref{Actions in the NSS configuration,,, libc, The GNU C Library "
+"Reference Manual}). For example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19901
+#, no-wrap
+msgid ""
+"(lookup-specification (unavailable => continue)\n"
+" (success => return))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19915
+msgid ""
+"For bootstrapping purposes, the Linux-Libre kernel is passed an @dfn{initial RAM disk}, or @dfn{initrd}. An initrd contains a "
+"temporary root file system as well as an initialization script. The latter is responsible for mounting the real root file system, "
+"and for loading any kernel modules that may be needed to achieve that."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19924
+msgid ""
+"The @code{initrd-modules} field of an @code{operating-system} declaration allows you to specify Linux-libre kernel modules that must "
+"be available in the initrd. In particular, this is where you would list modules needed to actually drive the hard disk where your "
+"root partition is---although the default value of @code{initrd-modules} should cover most use cases. For example, assuming you need "
+"the @code{megaraid_sas} module in addition to the default modules to be able to access your root file system, you would write:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19929
+#, no-wrap
+msgid ""
+"(operating-system\n"
+" ;; @dots{}\n"
+" (initrd-modules (cons \"megaraid_sas\" %base-initrd-modules)))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19931
+#, no-wrap
+msgid "{Scheme Variable} %base-initrd-modules"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:19933
+msgid "This is the list of kernel modules included in the initrd by default."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19941
+msgid ""
+"Furthermore, if you need lower-level customization, the @code{initrd} field of an @code{operating-system} declaration allows you to "
+"specify which initrd you would like to use. The @code{(gnu system linux-initrd)} module provides three ways to build an initrd: the "
+"high-level @code{base-initrd} procedure and the low-level @code{raw-initrd} and @code{expression->initrd} procedures."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19946
+msgid ""
+"The @code{base-initrd} procedure is intended to cover most common uses. For example, if you want to add a bunch of kernel modules "
+"to be loaded at boot time, you can define the @code{initrd} field of the operating system declaration like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:19954
+#, no-wrap
+msgid ""
+"(initrd (lambda (file-systems . rest)\n"
+" ;; Create a standard initrd but set up networking\n"
+" ;; with the parameters QEMU expects by default.\n"
+" (apply base-initrd file-systems\n"
+" #:qemu-networking? #t\n"
+" rest)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19959
+msgid ""
+"The @code{base-initrd} procedure also handles common use cases that involves using the system as a QEMU guest, or as a ``live'' "
+"system with volatile root file system."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19966
+msgid ""
+"The @code{base-initrd} procedure is built from @code{raw-initrd} procedure. Unlike @code{base-initrd}, @code{raw-initrd} doesn't do "
+"anything high-level, such as trying to guess which kernel modules and packages should be included to the initrd. An example use of "
+"@code{raw-initrd} is when a user has a custom Linux kernel configuration and default kernel modules included by @code{base-initrd} "
+"are not available."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:19971
+msgid ""
+"The initial RAM disk produced by @code{base-initrd} or @code{raw-initrd} honors several options passed on the Linux kernel command "
+"line (that is, arguments passed @i{via} the @code{linux} command of GRUB, or the @code{-append} option of QEMU), notably:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19973
+#, no-wrap
+msgid "--load=@var{boot}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19976
+msgid "Tell the initial RAM disk to load @var{boot}, a file containing a Scheme program, once it has mounted the root file system."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19980
+msgid ""
+"GuixSD uses this option to yield control to a boot program that runs the service activation programs and then spawns the GNU@tie{}"
+"Shepherd, the initialization system."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19981
+#, no-wrap
+msgid "--root=@var{root}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19985
+msgid ""
+"Mount @var{root} as the root file system. @var{root} can be a device name like @code{/dev/sda1}, a file system label, or a file "
+"system UUID."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19989
+msgid "Have @file{/run/booted-system} and @file{/run/current-system} point to @var{system}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19990
+#, no-wrap
+msgid "modprobe.blacklist=@var{modules}@dots{}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19991
+#, no-wrap
+msgid "module, black-listing"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:19992
+#, no-wrap
+msgid "black list, of kernel modules"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:19997
+msgid ""
+"Instruct the initial RAM disk as well as the @command{modprobe} command (from the kmod package) to refuse to load @var{modules}. "
+"@var{modules} must be a comma-separated list of module names---e.g., @code{usbkbd,9pnet}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:19998
+#, no-wrap
+msgid "--repl"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20004
+msgid ""
+"Start a read-eval-print loop (REPL) from the initial RAM disk before it tries to load kernel modules and to mount the root file "
+"system. Our marketing team calls it @dfn{boot-to-Guile}. The Schemer in you will love it. @xref{Using Guile Interactively,,, "
+"guile, GNU Guile Reference Manual}, for more information on Guile's REPL."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20010
+msgid ""
+"Now that you know all the features that initial RAM disks produced by @code{base-initrd} and @code{raw-initrd} provide, here is how "
+"to use it and customize it further."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20013
+#, no-wrap
+msgid "{Monadic Procedure} raw-initrd @var{file-systems} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20025
+msgid ""
+"[#:linux-modules '()] [#:mapped-devices '()] @ [#:helper-packages '()] [#:qemu-networking? #f] [#:volatile-root? #f] Return a "
+"monadic derivation that builds a raw initrd. @var{file-systems} is a list of file systems to be mounted by the initrd, possibly in "
+"addition to the root file system specified on the kernel command line via @code{--root}. @var{linux-modules} is a list of kernel "
+"modules to be loaded at boot time. @var{mapped-devices} is a list of device mappings to realize before @var{file-systems} are "
+"mounted (@pxref{Mapped Devices}). @var{helper-packages} is a list of packages to be copied in the initrd. It may include "
+"@code{e2fsck/static} or other packages needed by the initrd to check the root file system."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20029
+msgid ""
+"When @var{qemu-networking?} is true, set up networking with the standard QEMU parameters. When @var{virtio?} is true, load "
+"additional modules so that the initrd can be used as a QEMU guest with para-virtualized I/O drivers."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20032
+msgid "When @var{volatile-root?} is true, the root file system is writable but any changes to it are lost."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20034
+#, no-wrap
+msgid "{Monadic Procedure} base-initrd @var{file-systems} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20042
+msgid ""
+"[#:mapped-devices '()] [#:qemu-networking? #f] [#:volatile-root? #f]@ [#:linux-modules '()] Return a monadic derivation that builds "
+"a generic initrd, with kernel modules taken from @var{linux}. @var{file-systems} is a list of file-systems to be mounted by the "
+"initrd, possibly in addition to the root file system specified on the kernel command line via @code{--root}. @var{mapped-devices} "
+"is a list of device mappings to realize before @var{file-systems} are mounted."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20044
+msgid "@var{qemu-networking?} and @var{volatile-root?} behaves as in @code{raw-initrd}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20049
+msgid ""
+"The initrd is automatically populated with all the kernel modules necessary for @var{file-systems} and for the given options. "
+"Additional kernel modules can be listed in @var{linux-modules}. They will be added to the initrd, and loaded at boot time in the "
+"order in which they appear."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20056
+msgid ""
+"Needless to say, the initrds we produce and use embed a statically-linked Guile, and the initialization program is a Guile program. "
+"That gives a lot of flexibility. The @code{expression->initrd} procedure builds such an initrd, given the program to run in that "
+"initrd."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20057
+#, no-wrap
+msgid "{Monadic Procedure} expression->initrd @var{exp} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20063
+msgid ""
+"[#:guile %guile-static-stripped] [#:name \"guile-initrd\"] Return a derivation that builds a Linux initrd (a gzipped cpio archive) "
+"containing @var{guile} and that evaluates @var{exp}, a G-expression, upon booting. All the derivations referenced by @var{exp} are "
+"automatically copied to the initrd."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20069
+#, no-wrap
+msgid "boot loader"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20076
+msgid ""
+"The operating system supports multiple bootloaders. The bootloader is configured using @code{bootloader-configuration} "
+"declaration. All the fields of this structure are bootloader agnostic except for one field, @code{bootloader} that indicates the "
+"bootloader to be configured and installed."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20081
+msgid ""
+"Some of the bootloaders do not honor every field of @code{bootloader-configuration}. For instance, the extlinux bootloader does not "
+"support themes and thus ignores the @code{theme} field."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:20082
+#, no-wrap
+msgid "{Data Type} bootloader-configuration"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:20084
+msgid "The type of a bootloader configuration declaration."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20088
+#, no-wrap
+msgid "EFI, bootloader"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20089
+#, no-wrap
+msgid "UEFI, bootloader"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20090
+#, no-wrap
+msgid "BIOS, bootloader"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20096
+msgid ""
+"The bootloader to use, as a @code{bootloader} object. For now @code{grub-bootloader}, @code{grub-efi-bootloader}, @code{extlinux-"
+"bootloader} and @code{u-boot-bootloader} are supported. @code{grub-efi-bootloader} allows to boot on modern systems using the "
+"@dfn{Unified Extensible Firmware Interface} (UEFI)."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20099
+msgid "Available bootloaders are described in @code{(gnu bootloader @dots{})} modules."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20109
+msgid ""
+"This is a string denoting the target onto which to install the bootloader. The exact interpretation depends on the bootloader in "
+"question; for @code{grub-bootloader}, for example, it should be a device name understood by the bootloader @command{installer} "
+"command, such as @code{/dev/sda} or @code{(hd0)} (for GRUB, @pxref{Invoking grub-install,,, grub, GNU GRUB Manual}). For @code{grub-"
+"efi-bootloader}, it should be the path to a mounted EFI file system."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20110
+#, no-wrap
+msgid "@code{menu-entries} (default: @code{()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20114
+msgid ""
+"A possibly empty list of @code{menu-entry} objects (see below), denoting entries to appear in the bootloader menu, in addition to "
+"the current system entry and the entry pointing to previous system generations."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20115
+#, no-wrap
+msgid "@code{default-entry} (default: @code{0})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20118
+msgid "The index of the default boot menu entry. Index 0 is for the entry of the current system."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20119
+#, no-wrap
+msgid "@code{timeout} (default: @code{5})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20122
+msgid "The number of seconds to wait for keyboard input before booting. Set to 0 to boot immediately, and to -1 to wait indefinitely."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20123
+#, no-wrap
+msgid "@code{theme} (default: @var{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20127
+msgid ""
+"The bootloader theme object describing the theme to use. If no theme is provided, some bootloaders might use a default theme, "
+"that's true for GRUB."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20128
+#, no-wrap
+msgid "@code{terminal-outputs} (default: @code{'gfxterm})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20135
+msgid ""
+"The output terminals used for the bootloader boot menu, as a list of symbols. GRUB accepts the values: @code{console}, "
+"@code{serial}, @code{serial_@{0-3@}}, @code{gfxterm}, @code{vga_text}, @code{mda_text}, @code{morse}, and @code{pkmodem}. This "
+"field corresponds to the GRUB variable GRUB_TERMINAL_OUTPUT (@pxref{Simple configuration,,, grub,GNU GRUB manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20136
+#, no-wrap
+msgid "@code{terminal-inputs} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20144
+msgid ""
+"The input terminals used for the bootloader boot menu, as a list of symbols. For GRUB, the default is the native platform terminal "
+"as determined at run-time. GRUB accepts the values: @code{console}, @code{serial}, @code{serial_@{0-3@}}, @code{at_keyboard}, and "
+"@code{usb_keyboard}. This field corresponds to the GRUB variable GRUB_TERMINAL_INPUT (@pxref{Simple configuration,,, grub,GNU GRUB "
+"manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20145
+#, no-wrap
+msgid "@code{serial-unit} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20149
+msgid ""
+"The serial unit used by the bootloader, as an integer from 0 to 3. For GRUB, it is chosen at run-time; currently GRUB chooses 0, "
+"which corresponds to COM1 (@pxref{Serial terminal,,, grub,GNU GRUB manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20150
+#, no-wrap
+msgid "@code{serial-speed} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20154
+msgid ""
+"The speed of the serial interface, as an integer. For GRUB, the default value is chosen at run-time; currently GRUB chooses "
+"9600@tie{}bps (@pxref{Serial terminal,,, grub,GNU GRUB manual})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20158
+#, no-wrap
+msgid "dual boot"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20159
+#, no-wrap
+msgid "boot menu"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20165
+msgid ""
+"Should you want to list additional boot menu entries @i{via} the @code{menu-entries} field above, you will need to create them with "
+"the @code{menu-entry} form. For example, imagine you want to be able to boot another distro (hard to imagine!), you can define a "
+"menu entry along these lines:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20172
+#, no-wrap
+msgid ""
+"(menu-entry\n"
+" (label \"The Other Distro\")\n"
+" (linux \"/boot/old/vmlinux-2.6.32\")\n"
+" (linux-arguments '(\"root=/dev/sda2\"))\n"
+" (initrd \"/boot/old/initrd\"))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20175
+msgid "Details below."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:20176
+#, no-wrap
+msgid "{Data Type} menu-entry"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:20178
+msgid "The type of an entry in the bootloader menu."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:20181
+#, no-wrap
+msgid "label"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20183
+msgid "The label to show in the menu---e.g., @code{\"GNU\"}."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:20184
+#, no-wrap
+msgid "linux"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20186
+msgid "The Linux kernel image to boot, for example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20189
+#, no-wrap
+msgid "(file-append linux-libre \"/bzImage\")\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20194
+msgid ""
+"For GRUB, it is also possible to specify a device explicitly in the file path using GRUB's device naming convention (@pxref{Naming "
+"convention,,, grub, GNU GRUB manual}), for example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20197
+#, no-wrap
+msgid "\"(hd0,msdos1)/boot/vmlinuz\"\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20201
+msgid "If the device is specified explicitly as above, then the @code{device} field is ignored entirely."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20202
+#, no-wrap
+msgid "@code{linux-arguments} (default: @code{()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20205
+msgid "The list of extra Linux kernel command-line arguments---e.g., @code{(\"console=ttyS0\")}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20209
+msgid "A G-Expression or string denoting the file name of the initial RAM disk to use (@pxref{G-Expressions})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20209
+#, no-wrap
+msgid "@code{device} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20212
+msgid ""
+"The device where the kernel and initrd are to be found---i.e., for GRUB, @dfn{root} for this menu entry (@pxref{root,,, grub, GNU "
+"GRUB manual})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20218
+msgid ""
+"This may be a file system label (a string), a file system UUID (a bytevector, @pxref{File Systems}), or @code{#f}, in which case the "
+"bootloader will search the device containing the file specified by the @code{linux} field (@pxref{search,,, grub, GNU GRUB "
+"manual}). It must @emph{not} be an OS device name such as @file{/dev/sda1}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20225
+msgid "Fow now only GRUB has theme support. GRUB themes are created using the @code{grub-theme} form, which is not documented yet."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:20230
+msgid ""
+"This is the default GRUB theme used by the operating system if no @code{theme} field is specified in @code{bootloader-configuration} "
+"record."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:20233
+msgid "It comes with a fancy background image displaying the GNU and Guix logos."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:20237
+#, no-wrap
+msgid "Invoking @code{guix system}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20242
+msgid ""
+"Once you have written an operating system declaration as seen in the previous section, it can be @dfn{instantiated} using the "
+"@command{guix system} command. The synopsis is:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20245
+#, no-wrap
+msgid "guix system @var{options}@dots{} @var{action} @var{file}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20251
+msgid ""
+"@var{file} must be the name of a file containing an @code{operating-system} declaration. @var{action} specifies how the operating "
+"system is instantiated. Currently the following values are supported:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20253
+#, no-wrap
+msgid "search"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20256
+msgid "Display available service type definitions that match the given regular expressions, sorted by relevance:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20268
+#, no-wrap
+msgid ""
+"$ guix system search console font\n"
+"name: console-fonts\n"
+"location: gnu/services/base.scm:729:2\n"
+"extends: shepherd-root\n"
+"description: Install the given fonts on the specified ttys (fonts are\n"
+"+ per virtual console on GNU/Linux). The value of this service is a list\n"
+"+ of tty/font pairs like:\n"
+"+ \n"
+"+ '((\"tty1\" . \"LatGrkCyr-8x16\"))\n"
+"relevance: 20\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20274
+#, no-wrap
+msgid ""
+"name: mingetty\n"
+"location: gnu/services/base.scm:1048:2\n"
+"extends: shepherd-root\n"
+"description: Provide console login using the `mingetty' program.\n"
+"relevance: 2\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20281
+#, no-wrap
+msgid ""
+"name: login\n"
+"location: gnu/services/base.scm:775:2\n"
+"extends: pam\n"
+"description: Provide a console log-in service as specified by its\n"
+"+ configuration value, a `login-configuration' object.\n"
+"relevance: 2\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20283
+#, no-wrap
+msgid "@dots{}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20288
+msgid ""
+"As for @command{guix package --search}, the result is written in @code{recutils} format, which makes it easy to filter the output "
+"(@pxref{Top, GNU recutils databases,, recutils, GNU recutils manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20289
+#, no-wrap
+msgid "reconfigure"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20294
+msgid ""
+"Build the operating system described in @var{file}, activate it, and switch to it@footnote{This action (and the related actions "
+"@code{switch-generation} and @code{roll-back}) are usable only on systems already running GuixSD.}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20301
+msgid ""
+"This effects all the configuration specified in @var{file}: user accounts, system services, global package list, setuid programs, "
+"etc. The command starts system services specified in @var{file} that are not currently running; if a service is currently running, "
+"it does not attempt to upgrade it since this would not be possible without stopping it first."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20307
+msgid ""
+"This command creates a new generation whose number is one greater than the current generation (as reported by @command{guix system "
+"list-generations}). If that generation already exists, it will be overwritten. This behavior mirrors that of @command{guix "
+"package} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20312
+msgid ""
+"It also adds a bootloader menu entry for the new OS configuration, ---unless @option{--no-bootloader} is passed. For GRUB, it moves "
+"entries for older configurations to a submenu, allowing you to choose an older system generation at boot time should you need it."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:20320
+msgid ""
+"It is highly recommended to run @command{guix pull} once before you run @command{guix system reconfigure} for the first time "
+"(@pxref{Invoking guix pull}). Failing to do that you would see an older version of Guix once @command{reconfigure} has completed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20322
+#, no-wrap
+msgid "switch-generation"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20331
+msgid ""
+"Switch to an existing system generation. This action atomically switches the system profile to the specified system generation. It "
+"also rearranges the system's existing bootloader menu entries. It makes the menu entry for the specified system generation the "
+"default, and it moves the entries for the other generatiors to a submenu, if supported by the bootloader being used. The next time "
+"the system boots, it will use the specified system generation."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20335
+msgid ""
+"The bootloader itself is not being reinstalled when using this command. Thus, the installed bootloader is used with an updated "
+"configuration file."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20339
+msgid ""
+"The target generation can be specified explicitly by its generation number. For example, the following invocation would switch to "
+"system generation 7:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20342
+#, no-wrap
+msgid "guix system switch-generation 7\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20350
+msgid ""
+"The target generation can also be specified relative to the current generation with the form @code{+N} or @code{-N}, where @code{+3} "
+"means ``3 generations ahead of the current generation,'' and @code{-1} means ``1 generation prior to the current generation.'' When "
+"specifying a negative value such as @code{-1}, you must precede it with @code{--} to prevent it from being parsed as an option. For "
+"example:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20353
+#, no-wrap
+msgid "guix system switch-generation -- -1\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20361
+msgid ""
+"Currently, the effect of invoking this action is @emph{only} to switch the system profile to an existing generation and rearrange "
+"the bootloader menu entries. To actually start using the target system generation, you must reboot after running this action. In "
+"the future, it will be updated to do the same things as @command{reconfigure}, like activating and deactivating services."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20363
+msgid "This action will fail if the specified generation does not exist."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20364
+#, no-wrap
+msgid "roll-back"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20370
+msgid ""
+"Switch to the preceding system generation. The next time the system boots, it will use the preceding system generation. This is "
+"the inverse of @command{reconfigure}, and it is exactly the same as invoking @command{switch-generation} with an argument of "
+"@code{-1}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20374
+msgid ""
+"Currently, as with @command{switch-generation}, you must reboot after running this action to actually start using the preceding "
+"system generation."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20379
+msgid ""
+"Build the derivation of the operating system, which includes all the configuration files and programs needed to boot and run the "
+"system. This action does not actually install anything."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20380
+#, no-wrap
+msgid "init"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20384
+msgid ""
+"Populate the given directory with all the files necessary to run the operating system specified in @var{file}. This is useful for "
+"first-time installations of GuixSD. For instance:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20387
+#, no-wrap
+msgid "guix system init my-os-config.scm /mnt\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20394
+msgid ""
+"copies to @file{/mnt} all the store items required by the configuration specified in @file{my-os-config.scm}. This includes "
+"configuration files, packages, and so on. It also creates other essential files needed for the system to operate correctly---e.g., "
+"the @file{/etc}, @file{/var}, and @file{/run} directories, and the @file{/bin/sh} file."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20398
+msgid ""
+"This command also installs bootloader on the target specified in @file{my-os-config}, unless the @option{--no-bootloader} option was "
+"passed."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20399
+#, no-wrap
+msgid "vm"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20400 doc/guix.texi:20664
+#, no-wrap
+msgid "virtual machine"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20401
+#, no-wrap
+msgid "VM"
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:20408
+msgid "guix system vm"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20408
+msgid ""
+"Build a virtual machine that contains the operating system declared in @var{file}, and return a script to run that virtual machine "
+"(VM). Arguments given to the script are passed to QEMU as in the example below, which enables networking and requests 1@tie{}GiB of "
+"RAM for the emulated machine:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20411
+#, no-wrap
+msgid "$ /gnu/store/@dots{}-run-vm.sh -m 1024 -net user\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20414
+msgid "The VM shares its store with the host system."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20419
+msgid ""
+"Additional file systems can be shared between the host and the VM using the @code{--share} and @code{--expose} command-line options: "
+"the former specifies a directory to be shared with write access, while the latter provides read-only access to the shared directory."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20423
+msgid ""
+"The example below creates a VM in which the user's home directory is accessible read-only, and where the @file{/exchange} directory "
+"is a read-write mapping of @file{$HOME/tmp} on the host:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20427
+#, no-wrap
+msgid ""
+"guix system vm my-config.scm \\\n"
+" --expose=$HOME --share=$HOME/tmp=/exchange\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20432
+msgid ""
+"On GNU/Linux, the default is to boot directly to the kernel; this has the advantage of requiring only a very tiny root disk image "
+"since the store of the host can then be mounted."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20438
+msgid ""
+"The @code{--full-boot} option forces a complete boot sequence, starting with the bootloader. This requires more disk space since a "
+"root image containing at least the kernel, initrd, and bootloader data files must be created. The @code{--image-size} option can be "
+"used to specify the size of the image."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20439
+#, no-wrap
+msgid "System images, creation in various formats"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20440
+#, no-wrap
+msgid "Creating system images in various formats"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20441
+#, no-wrap
+msgid "vm-image"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:20442
+#, no-wrap
+msgid "disk-image"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:20443
+#, no-wrap
+msgid "docker-image"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20451
+msgid ""
+"Return a virtual machine, disk image, or Docker image of the operating system declared in @var{file} that stands alone. By default, "
+"@command{guix system} estimates the size of the image needed to store the system, but you can use the @option{--image-size} option "
+"to specify a value. Docker images are built to contain exactly what they need, so the @option{--image-size} option is ignored in "
+"the case of @code{docker-image}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20454
+msgid "You can specify the root file system type by using the @option{--file-system-type} option. It defaults to @code{ext4}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20458
+msgid ""
+"When using @code{vm-image}, the returned image is in qcow2 format, which the QEMU emulator can efficiently use. @xref{Running GuixSD "
+"in a VM}, for more information on how to run the image in a virtual machine."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20463
+msgid ""
+"When using @code{disk-image}, a raw disk image is produced; it can be copied as is to a USB stick, for instance. Assuming @code{/"
+"dev/sdc} is the device corresponding to a USB stick, one can copy the image to it using the following command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20466
+#, no-wrap
+msgid "# dd if=$(guix system disk-image my-os.scm) of=/dev/sdc\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20473
+msgid ""
+"When using @code{docker-image}, a Docker image is produced. Guix builds the image from scratch, not from a pre-existing Docker base "
+"image. As a result, it contains @emph{exactly} what you define in the operating system configuration file. You can then load the "
+"image and launch a Docker container using commands like the following:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20479
+#, no-wrap
+msgid ""
+"image_id=\"$(docker load < guixsd-docker-image.tar.gz)\"\n"
+"docker run -e GUIX_NEW_SYSTEM=/var/guix/profiles/system \\\\\n"
+" --entrypoint /var/guix/profiles/system/profile/bin/guile \\\\\n"
+" $image_id /var/guix/profiles/system/boot\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20489
+msgid ""
+"This command starts a new Docker container from the specified image. It will boot the GuixSD system in the usual manner, which "
+"means it will start any services you have defined in the operating system configuration. Depending on what you run in the Docker "
+"container, it may be necessary to give the container additional permissions. For example, if you intend to build software using "
+"Guix inside of the Docker container, you may need to pass the @option{--privileged} option to @code{docker run}."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20497
+msgid ""
+"Return a script to run the operating system declared in @var{file} within a container. Containers are a set of lightweight "
+"isolation mechanisms provided by the kernel Linux-libre. Containers are substantially less resource-demanding than full virtual "
+"machines since the kernel, shared objects, and other resources can be shared with the host system; this also means they provide "
+"thinner isolation."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20501
+msgid ""
+"Currently, the script must be run as root in order to support more than a single user and group. The container shares its store "
+"with the host system."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20505
+msgid ""
+"As with the @code{vm} action (@pxref{guix system vm}), additional file systems to be shared between the host and container can be "
+"specified using the @option{--share} and @option{--expose} options:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20509
+#, no-wrap
+msgid ""
+"guix system container my-config.scm \\\n"
+" --expose=$HOME --share=$HOME/tmp=/exchange\n"
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:20513
+msgid "This option requires Linux-libre 3.19 or newer."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20520
+msgid ""
+"@var{options} can contain any of the common build options (@pxref{Common Build Options}). In addition, @var{options} can contain "
+"one of the following:"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20529
+msgid ""
+"Consider the operating-system @var{expr} evaluates to. This is an alternative to specifying a file which evaluates to an operating "
+"system. This is used to generate the GuixSD installer @pxref{Building the Installation Image})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20534
+msgid ""
+"Attempt to build for @var{system} instead of the host system type. This works as per @command{guix build} (@pxref{Invoking guix "
+"build})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20535
+#, no-wrap
+msgid "--derivation"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20539
+msgid "Return the derivation file name of the given operating system without building anything."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20540
+#, no-wrap
+msgid "--file-system-type=@var{type}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20544
+msgid "For the @code{disk-image} action, create a file system of the given @var{type} on the image."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20546
+msgid "When this option is omitted, @command{guix system} uses @code{ext4}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20547
+#, no-wrap
+msgid "ISO-9660 format"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20548
+#, no-wrap
+msgid "CD image format"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20549
+#, no-wrap
+msgid "DVD image format"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20552
+msgid "@code{--file-system-type=iso9660} produces an ISO-9660 image, suitable for burning on CDs and DVDs."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20553
+#, no-wrap
+msgid "--image-size=@var{size}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20558
+msgid ""
+"For the @code{vm-image} and @code{disk-image} actions, create an image of the given @var{size}. @var{size} may be a number of "
+"bytes, or it may include a unit as a suffix (@pxref{Block size, size specifications,, coreutils, GNU Coreutils})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20562
+msgid ""
+"When this option is omitted, @command{guix system} computes an estimate of the image size as a function of the size of the system "
+"declared in @var{file}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20568
+#, no-wrap
+msgid "--skip-checks"
+msgstr "--skip-checks"
+
+#. type: table
+#: doc/guix.texi:20570
+msgid "Skip pre-installation safety checks."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20577
+msgid ""
+"By default, @command{guix system init} and @command{guix system reconfigure} perform safety checks: they make sure the file systems "
+"that appear in the @code{operating-system} declaration actually exist (@pxref{File Systems}), and that any Linux kernel modules that "
+"may be needed at boot time are listed in @code{initrd-modules} (@pxref{Initial RAM Disk}). Passing this option skips these tests "
+"altogether."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20578
+#, no-wrap
+msgid "--on-error=@var{strategy}"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20581
+msgid "Apply @var{strategy} when an error occurs when reading @var{file}. @var{strategy} may be one of the following:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20583
+#, no-wrap
+msgid "nothing-special"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20585
+msgid "Report the error concisely and exit. This is the default strategy."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20586
+#, no-wrap
+msgid "backtrace"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20588
+msgid "Likewise, but also display a backtrace."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20589
+#, no-wrap
+msgid "debug"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20595
+msgid ""
+"Report the error and enter Guile's debugger. From there, you can run commands such as @code{,bt} to get a backtrace, @code{,locals} "
+"to display local variable values, and more generally inspect the state of the program. @xref{Debug Commands,,, guile, GNU Guile "
+"Reference Manual}, for a list of available debugging commands."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:20605
+msgid ""
+"All the actions above, except @code{build} and @code{init}, can use KVM support in the Linux-libre kernel. Specifically, if the "
+"machine has hardware virtualization support, the corresponding KVM kernel module should be loaded, and the @file{/dev/kvm} device "
+"node must exist and be readable and writable by the user and by the build users of the daemon (@pxref{Build Environment Setup})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20611
+msgid ""
+"Once you have built, configured, re-configured, and re-re-configured your GuixSD installation, you may find it useful to list the "
+"operating system generations available on disk---and that you can choose from the bootloader boot menu:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20614
+#, no-wrap
+msgid "list-generations"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20619
+msgid ""
+"List a summary of each generation of the operating system available on disk, in a human-readable way. This is similar to the "
+"@option{--list-generations} option of @command{guix package} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20624
+msgid ""
+"Optionally, one can specify a pattern, with the same syntax that is used in @command{guix package --list-generations}, to restrict "
+"the list of generations displayed. For instance, the following command displays generations that are up to 10 days old:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20627
+#, no-wrap
+msgid "$ guix system list-generations 10d\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20634
+msgid ""
+"The @command{guix system} command has even more to offer! The following sub-commands allow you to visualize how your system services "
+"relate to each other:"
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:20636
+msgid "system-extension-graph"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20638
+#, no-wrap
+msgid "extension-graph"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20643
+msgid ""
+"Emit in Dot/Graphviz format to standard output the @dfn{service extension graph} of the operating system defined in @var{file} "
+"(@pxref{Service Composition}, for more information on service extensions.)"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20645
+msgid "The command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20648
+#, no-wrap
+msgid "$ guix system extension-graph @var{file} | dot -Tpdf > services.pdf\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20651
+msgid "produces a PDF file showing the extension relations among services."
+msgstr ""
+
+#. type: anchor{#1}
+#: doc/guix.texi:20653
+msgid "system-shepherd-graph"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20653
+#, no-wrap
+msgid "shepherd-graph"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20658
+msgid ""
+"Emit in Dot/Graphviz format to standard output the @dfn{dependency graph} of shepherd services of the operating system defined in "
+"@var{file}. @xref{Shepherd Services}, for more information and for an example graph."
+msgstr ""
+
+#. type: subsection
+#: doc/guix.texi:20662
+#, no-wrap
+msgid "Running GuixSD in a Virtual Machine"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20672
+msgid ""
+"To run GuixSD in a virtual machine (VM), one can either use the pre-built GuixSD VM image distributed at @indicateurl{ftp://alpha."
+"gnu.org/guix/guixsd-vm-image-@value{VERSION}.@var{system}.tar.xz} , or build their own virtual machine image using @command{guix "
+"system vm-image} (@pxref{Invoking guix system}). The returned image is in qcow2 format, which the @uref{http://qemu.org/, QEMU "
+"emulator} can efficiently use."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20673
+#, no-wrap
+msgid "QEMU"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20680
+msgid ""
+"If you built your own image, you must copy it out of the store (@pxref{The Store}) and give yourself permission to write to the copy "
+"before you can use it. When invoking QEMU, you must choose a system emulator that is suitable for your hardware platform. Here is "
+"a minimal QEMU invocation that will boot the result of @command{guix system vm-image} on x86_64 hardware:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20685
+#, no-wrap
+msgid ""
+"$ qemu-system-x86_64 \\\n"
+" -net user -net nic,model=virtio \\\n"
+" -enable-kvm -m 256 /tmp/qemu-image\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20688
+msgid "Here is what each of these options means:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20690
+#, no-wrap
+msgid "qemu-system-x86_64"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20693
+msgid "This specifies the hardware platform to emulate. This should match the host."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20694
+#, no-wrap
+msgid "-net user"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20698
+msgid ""
+"Enable the unprivileged user-mode network stack. The guest OS can access the host but not vice versa. This is the simplest way to "
+"get the guest OS online."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20699
+#, no-wrap
+msgid "-net nic,model=virtio"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20704
+msgid ""
+"You must create a network interface of a given model. If you do not create a NIC, the boot will fail. Assuming your hardware "
+"platform is x86_64, you can get a list of available NIC models by running @command{qemu-system-x86_64 -net nic,model=help}."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20705
+#, no-wrap
+msgid "-enable-kvm"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20709
+msgid ""
+"If your system has hardware virtualization extensions, enabling the virtual machine support (KVM) of the Linux kernel will make "
+"things run faster."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20710
+#, no-wrap
+msgid "-m 256"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20713
+msgid "RAM available to the guest OS, in mebibytes. Defaults to 128@tie{}MiB, which may be insufficient for some operations."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20714
+#, no-wrap
+msgid "/tmp/qemu-image"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20716
+msgid "The file name of the qcow2 image."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20726
+msgid ""
+"The default @command{run-vm.sh} script that is returned by an invocation of @command{guix system vm} does not add a @command{-net "
+"user} flag by default. To get network access from within the vm add the @code{(dhcp-client-service)} to your system definition and "
+"start the VM using @command{`guix system vm config.scm` -net user}. An important caveat of using @command{-net user} for networking "
+"is that @command{ping} will not work, because it uses the ICMP protocol. You'll have to use a different command to check for "
+"network connectivity, for example @command{guix download}."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:20727
+#, no-wrap
+msgid "Connecting Through SSH"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20736
+msgid ""
+"To enable SSH inside a VM you need to add a SSH server like @code{(dropbear-service)} or @code{(lsh-service)} to your VM. The "
+"@code{(lsh-service}) doesn't currently boot unsupervised. It requires you to type some characters to initialize the randomness "
+"generator. In addition you need to forward the SSH port, 22 by default, to the host. You can do this with"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20739
+#, no-wrap
+msgid "`guix system vm config.scm` -net user,hostfwd=tcp::10022-:22\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20742
+msgid "To connect to the VM you can run"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20745
+#, no-wrap
+msgid "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 10022\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20752
+msgid ""
+"The @command{-p} tells @command{ssh} the port you want to connect to. @command{-o UserKnownHostsFile=/dev/null} prevents "
+"@command{ssh} from complaining every time you modify your @command{config.scm} file and the @command{-o StrictHostKeyChecking=no} "
+"prevents you from having to allow a connection to an unknown host every time you connect."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:20753
+#, no-wrap
+msgid "Using @command{virt-viewer} with Spice"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20759
+msgid ""
+"As an alternative to the default @command{qemu} graphical client you can use the @command{remote-viewer} from the @command{virt-"
+"viewer} package. To connect pass the @command{-spice port=5930,disable-ticketing} flag to @command{qemu}. See previous section for "
+"further information on how to do this."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20762
+msgid ""
+"Spice also allows you to do some nice stuff like share your clipboard with your VM. To enable that you'll also have to pass the "
+"following flags to @command{qemu}:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20768
+#, no-wrap
+msgid ""
+"-device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x5\n"
+"-chardev spicevmc,name=vdagent,id=vdagent\n"
+"-device virtserialport,nr=1,bus=virtio-serial0.0,chardev=vdagent,\n"
+"name=com.redhat.spice.0\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20771
+msgid "You'll also need to add the @pxref{Miscellaneous Services, Spice service}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20778
+msgid ""
+"The previous sections show the available services and how one can combine them in an @code{operating-system} declaration. But how "
+"do we define them in the first place? And what is a service anyway?"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20790
+#, no-wrap
+msgid "daemons"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20803
+msgid ""
+"Here we define a @dfn{service} as, broadly, something that extends the functionality of the operating system. Often a service is a "
+"process---a @dfn{daemon}---started when the system boots: a secure shell server, a Web server, the Guix build daemon, etc. "
+"Sometimes a service is a daemon whose execution can be triggered by another daemon---e.g., an FTP server started by @command{inetd} "
+"or a D-Bus service activated by @command{dbus-daemon}. Occasionally, a service does not map to a daemon. For instance, the "
+"``account'' service collects user accounts and makes sure they exist when the system runs; the ``udev'' service collects device "
+"management rules and makes them available to the eudev daemon; the @file{/etc} service populates the @file{/etc} directory of the "
+"system."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20804
+#, no-wrap
+msgid "service extensions"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20816
+msgid ""
+"GuixSD services are connected by @dfn{extensions}. For instance, the secure shell service @emph{extends} the Shepherd---the GuixSD "
+"initialization system, running as PID@tie{}1---by giving it the command lines to start and stop the secure shell daemon "
+"(@pxref{Networking Services, @code{lsh-service}}); the UPower service extends the D-Bus service by passing it its @file{.service} "
+"specification, and extends the udev service by passing it device management rules (@pxref{Desktop Services, @code{upower-service}}); "
+"the Guix daemon service extends the Shepherd by passing it the command lines to start and stop the daemon, and extends the account "
+"service by passing it a list of required build user accounts (@pxref{Base Services})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20820
+msgid ""
+"All in all, services and their ``extends'' relations form a directed acyclic graph (DAG). If we represent services as boxes and "
+"extensions as arrows, a typical system might provide something like this:"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20822
+msgid "@image{images/service-graph,,5in,Typical service extension graph.}"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20823
+#, no-wrap
+msgid "system service"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20831
+msgid ""
+"At the bottom, we see the @dfn{system service}, which produces the directory containing everything to run and boot the system, as "
+"returned by the @command{guix system build} command. @xref{Service Reference}, to learn about the other service types shown here. "
+"@xref{system-extension-graph, the @command{guix system extension-graph} command}, for information on how to generate this "
+"representation for a particular operating system definition."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:20832
+#, no-wrap
+msgid "service types"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20838
+msgid ""
+"Technically, developers can define @dfn{service types} to express these relations. There can be any number of services of a given "
+"type on the system---for instance, a system running two instances of the GNU secure shell server (lsh) has two instances of @var{lsh-"
+"service-type}, with different parameters."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20841
+msgid "The following section describes the programming interface for service types and services."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20848
+msgid ""
+"A @dfn{service type} is a node in the DAG described above. Let us start with a simple example, the service type for the Guix build "
+"daemon (@pxref{Invoking guix-daemon}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20858
+#, no-wrap
+msgid ""
+"(define guix-service-type\n"
+" (service-type\n"
+" (name 'guix)\n"
+" (extensions\n"
+" (list (service-extension shepherd-root-service-type guix-shepherd-service)\n"
+" (service-extension account-service-type guix-accounts)\n"
+" (service-extension activation-service-type guix-activation)))\n"
+" (default-value (guix-configuration))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20862
+msgid "It defines three things:"
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:20866
+msgid "A name, whose sole purpose is to make inspection and debugging easier."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:20871
+msgid ""
+"A list of @dfn{service extensions}, where each extension designates the target service type and a procedure that, given the "
+"parameters of the service, returns a list of objects to extend the service of that type."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:20874
+msgid ""
+"Every service type has at least one service extension. The only exception is the @dfn{boot service type}, which is the ultimate "
+"service."
+msgstr ""
+
+#. type: enumerate
+#: doc/guix.texi:20877
+msgid "Optionally, a default value for instances of this type."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20880
+msgid "In this example, @var{guix-service-type} extends three services:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20882
+#, no-wrap
+msgid "shepherd-root-service-type"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20887
+msgid ""
+"The @var{guix-shepherd-service} procedure defines how the Shepherd service is extended. Namely, it returns a @code{<shepherd-"
+"service>} object that defines how @command{guix-daemon} is started and stopped (@pxref{Shepherd Services})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20888
+#, no-wrap
+msgid "account-service-type"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20893
+msgid ""
+"This extension for this service is computed by @var{guix-accounts}, which returns a list of @code{user-group} and @code{user-"
+"account} objects representing the build user accounts (@pxref{Invoking guix-daemon})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20894
+#, no-wrap
+msgid "activation-service-type"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20898
+msgid ""
+"Here @var{guix-activation} is a procedure that returns a gexp, which is a code snippet to run at ``activation time''---e.g., when "
+"the service is booted."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20901
+msgid "A service of this type is instantiated like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20907
+#, no-wrap
+msgid ""
+"(service guix-service-type\n"
+" (guix-configuration\n"
+" (build-accounts 5)\n"
+" (use-substitutes? #f)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20915
+msgid ""
+"The second argument to the @code{service} form is a value representing the parameters of this specific service instance. @xref{guix-"
+"configuration-type, @code{guix-configuration}}, for information about the @code{guix-configuration} data type. When the value is "
+"omitted, the default value specified by @code{guix-service-type} is used:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20918
+#, no-wrap
+msgid "(service guix-service-type)\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20922
+msgid "@var{guix-service-type} is quite simple because it extends other services but is not extensible itself."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20926
+msgid "The service type for an @emph{extensible} service looks like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20933
+#, no-wrap
+msgid ""
+"(define udev-service-type\n"
+" (service-type (name 'udev)\n"
+" (extensions\n"
+" (list (service-extension shepherd-root-service-type\n"
+" udev-shepherd-service)))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:20941
+#, no-wrap
+msgid ""
+" (compose concatenate) ;concatenate the list of rules\n"
+" (extend (lambda (config rules)\n"
+" (match config\n"
+" (($ <udev-configuration> udev initial-rules)\n"
+" (udev-configuration\n"
+" (udev udev) ;the udev package to use\n"
+" (rules (append initial-rules rules)))))))))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20947
+msgid ""
+"This is the service type for the @uref{https://wiki.gentoo.org/wiki/Project:Eudev, eudev device management daemon}. Compared to the "
+"previous example, in addition to an extension of @var{shepherd-root-service-type}, we see two new fields:"
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20949
+#, no-wrap
+msgid "compose"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20952
+msgid "This is the procedure to @dfn{compose} the list of extensions to services of this type."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20955
+msgid "Services can extend the udev service by passing it lists of rules; we compose those extensions simply by concatenating them."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:20956
+#, no-wrap
+msgid "extend"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20959
+msgid "This procedure defines how the value of the service is @dfn{extended} with the composition of the extensions."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20964
+msgid ""
+"Udev extensions are composed into a list of rules, but the udev service value is itself a @code{<udev-configuration>} record. So "
+"here, we extend that record by appending the list of rules it contains to the list of contributed rules."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:20970
+msgid ""
+"This is a string giving an overview of the service type. The string can contain Texinfo markup (@pxref{Overview,,, texinfo, GNU "
+"Texinfo}). The @command{guix system search} command searches these strings and displays them (@pxref{Invoking guix system})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20975
+msgid ""
+"There can be only one instance of an extensible service type such as @var{udev-service-type}. If there were more, the @code{service-"
+"extension} specifications would be ambiguous."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20978
+msgid "Still here? The next section provides a reference of the programming interface for services."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:20986
+msgid ""
+"We have seen an overview of service types (@pxref{Service Types and Services}). This section provides a reference on how to "
+"manipulate services and service types. This interface is provided by the @code{(gnu services)} module."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20987
+#, no-wrap
+msgid "{Scheme Procedure} service @var{type} [@var{value}]"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20991
+msgid ""
+"Return a new service of @var{type}, a @code{<service-type>} object (see below.) @var{value} can be any object; it represents the "
+"parameters of this particular service instance."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20995
+msgid ""
+"When @var{value} is omitted, the default value specified by @var{type} is used; if @var{type} does not specify a default value, an "
+"error is raised."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:20997
+msgid "For instance, this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21000
+#, no-wrap
+msgid "(service openssh-service-type)\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21004
+msgid "is equivalent to this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21008
+#, no-wrap
+msgid ""
+"(service openssh-service-type\n"
+" (openssh-configuration))\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21012
+msgid "In both cases the result is an instance of @code{openssh-service-type} with the default configuration."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21014
+#, no-wrap
+msgid "{Scheme Procedure} service? @var{obj}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21016
+msgid "Return true if @var{obj} is a service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21018
+#, no-wrap
+msgid "{Scheme Procedure} service-kind @var{service}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21020
+msgid "Return the type of @var{service}---i.e., a @code{<service-type>} object."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21022
+#, no-wrap
+msgid "{Scheme Procedure} service-value @var{service}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21025
+msgid "Return the value associated with @var{service}. It represents its parameters."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21028
+msgid "Here is an example of how a service is created and manipulated:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21037
+#, no-wrap
+msgid ""
+"(define s\n"
+" (service nginx-service-type\n"
+" (nginx-configuration\n"
+" (nginx nginx)\n"
+" (log-directory log-directory)\n"
+" (run-directory run-directory)\n"
+" (file config-file))))\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21040
+#, no-wrap
+msgid ""
+"(service? s)\n"
+"@result{} #t\n"
+"\n"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21043
+#, no-wrap
+msgid ""
+"(eq? (service-kind s) nginx-service-type)\n"
+"@result{} #t\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21053
+msgid ""
+"The @code{modify-services} form provides a handy way to change the parameters of some of the services of a list such as @var{%base-"
+"services} (@pxref{Base Services, @code{%base-services}}). It evaluates to a list of services. Of course, you could always use "
+"standard list combinators such as @code{map} and @code{fold} to do that (@pxref{SRFI-1, List Library,, guile, GNU Guile Reference "
+"Manual}); @code{modify-services} simply provides a more concise form for this common pattern."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21054
+#, no-wrap
+msgid "{Scheme Syntax} modify-services @var{services} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21056
+msgid "(@var{type} @var{variable} => @var{body}) @dots{}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21059
+msgid "Modify the services listed in @var{services} according to the given clauses. Each clause has the form:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21062
+#, no-wrap
+msgid "(@var{type} @var{variable} => @var{body})\n"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21069
+msgid ""
+"where @var{type} is a service type---e.g., @code{guix-service-type}---and @var{variable} is an identifier that is bound within the "
+"@var{body} to the service parameters---e.g., a @code{guix-configuration} instance---of the original service of that @var{type}."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21076
+msgid ""
+"The @var{body} should evaluate to the new service parameters, which will be used to configure the new service. This new service "
+"will replace the original in the resulting list. Because a service's service parameters are created using @code{define-record-"
+"type*}, you can write a succinct @var{body} that evaluates to the new service parameters by using the @code{inherit} feature that "
+"@code{define-record-type*} provides."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21078
+msgid "@xref{Using the Configuration System}, for example usage."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21085
+msgid ""
+"Next comes the programming interface for service types. This is something you want to know when writing new service definitions, "
+"but not necessarily when simply looking for ways to customize your @code{operating-system} declaration."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:21086
+#, no-wrap
+msgid "{Data Type} service-type"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21087
+#, no-wrap
+msgid "service type"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:21090
+msgid "This is the representation of a @dfn{service type} (@pxref{Service Types and Services})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21094
+msgid "This is a symbol, used only to simplify inspection and debugging."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:21095
+#, no-wrap
+msgid "extensions"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21097
+msgid "A non-empty list of @code{<service-extension>} objects (see below)."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:21098
+#, no-wrap
+msgid "@code{compose} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21102
+msgid ""
+"If this is @code{#f}, then the service type denotes services that cannot be extended---i.e., services that do not receive ``values'' "
+"from other services."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21106
+msgid ""
+"Otherwise, it must be a one-argument procedure. The procedure is called by @code{fold-services} and is passed a list of values "
+"collected from extensions. It may return any single value."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:21107
+#, no-wrap
+msgid "@code{extend} (default: @code{#f})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21109
+msgid "If this is @code{#f}, services of this type cannot be extended."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21115
+msgid ""
+"Otherwise, it must be a two-argument procedure: @code{fold-services} calls it, passing it the initial value of the service as the "
+"first argument and the result of applying @code{compose} to the extension values as the second argument. It must return a value "
+"that is a valid parameter value for the service instance."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:21118
+msgid "@xref{Service Types and Services}, for examples."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21120
+#, no-wrap
+msgid "{Scheme Procedure} service-extension @var{target-type} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21126
+msgid ""
+"@var{compute} Return a new extension for services of type @var{target-type}. @var{compute} must be a one-argument procedure: "
+"@code{fold-services} calls it, passing it the value associated with the service that provides the extension; it must return a valid "
+"value for the target service."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21128
+#, no-wrap
+msgid "{Scheme Procedure} service-extension? @var{obj}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21130
+msgid "Return true if @var{obj} is a service extension."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21136
+msgid ""
+"Occasionally, you might want to simply extend an existing service. This involves creating a new service type and specifying the "
+"extension of interest, which can be verbose; the @code{simple-service} procedure provides a shorthand for this."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21137
+#, no-wrap
+msgid "{Scheme Procedure} simple-service @var{name} @var{target} @var{value}"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21141
+msgid ""
+"Return a service that extends @var{target} with @var{value}. This works by creating a singleton service type @var{name}, of which "
+"the returned service is an instance."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21144
+msgid "For example, this extends mcron (@pxref{Scheduled Job Execution}) with an additional job:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21148
+#, no-wrap
+msgid ""
+"(simple-service 'my-mcron-job mcron-service-type\n"
+" #~(job '(next-hour (3)) \"guix gc -F 2G\"))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21158
+msgid ""
+"At the core of the service abstraction lies the @code{fold-services} procedure, which is responsible for ``compiling'' a list of "
+"services down to a single directory that contains everything needed to boot and run the system---the directory shown by the "
+"@command{guix system build} command (@pxref{Invoking guix system}). In essence, it propagates service extensions down the service "
+"graph, updating each node parameters on the way, until it reaches the root node."
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21159
+#, no-wrap
+msgid "{Scheme Procedure} fold-services @var{services} @"
+msgstr ""
+
+#. type: deffn
+#: doc/guix.texi:21163
+msgid ""
+"[#:target-type @var{system-service-type}] Fold @var{services} by propagating their extensions down to the root of type @var{target-"
+"type}; return the root service adjusted accordingly."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21167
+msgid "Lastly, the @code{(gnu services)} module also defines several essential service types, some of which are listed below."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21168
+#, no-wrap
+msgid "{Scheme Variable} system-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21171
+msgid ""
+"This is the root of the service graph. It produces the system directory as returned by the @command{guix system build} command."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21173
+#, no-wrap
+msgid "{Scheme Variable} boot-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21176
+msgid ""
+"The type of the ``boot service'', which produces the @dfn{boot script}. The boot script is what the initial RAM disk runs when "
+"booting."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21178
+#, no-wrap
+msgid "{Scheme Variable} etc-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21182
+msgid ""
+"The type of the @file{/etc} service. This service is used to create files under @file{/etc} and can be extended by passing it name/"
+"file tuples such as:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21185
+#, no-wrap
+msgid "(list `(\"issue\" ,(plain-file \"issue\" \"Welcome!\\n\")))\n"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21189
+msgid "In this example, the effect would be to add an @file{/etc/issue} file pointing to the given file."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21191
+#, no-wrap
+msgid "{Scheme Variable} setuid-program-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21195
+msgid ""
+"Type for the ``setuid-program service''. This service collects lists of executable file names, passed as gexps, and adds them to "
+"the set of setuid-root programs on the system (@pxref{Setuid Programs})."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21197
+#, no-wrap
+msgid "{Scheme Variable} profile-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21201
+msgid ""
+"Type of the service that populates the @dfn{system profile}---i.e., the programs under @file{/run/current-system/profile}. Other "
+"services can extend it by passing it lists of packages to add to the system profile."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21207
+#, no-wrap
+msgid "shepherd services"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21208
+#, no-wrap
+msgid "PID 1"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21209
+#, no-wrap
+msgid "init system"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21215
+msgid ""
+"The @code{(gnu services shepherd)} module provides a way to define services managed by the GNU@tie{}Shepherd, which is the GuixSD "
+"initialization system---the first process that is started when the system boots, also known as PID@tie{}1 (@pxref{Introduction,,, "
+"shepherd, The GNU Shepherd Manual})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21221
+msgid ""
+"Services in the Shepherd can depend on each other. For instance, the SSH daemon may need to be started after the syslog daemon has "
+"been started, which in turn can only happen once all the file systems have been mounted. The simple operating system defined "
+"earlier (@pxref{Using the Configuration System}) results in a service graph like this:"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21223
+msgid "@image{images/shepherd-graph,,5in,Typical shepherd service graph.}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21227
+msgid ""
+"You can actually generate such a graph for any operating system definition using the @command{guix system shepherd-graph} command "
+"(@pxref{system-shepherd-graph, @command{guix system shepherd-graph}})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21231
+msgid ""
+"The @var{%shepherd-root-service} is a service object representing PID@tie{}1, of type @var{shepherd-root-service-type}; it can be "
+"extended by passing it lists of @code{<shepherd-service>} objects."
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:21232
+#, no-wrap
+msgid "{Data Type} shepherd-service"
+msgstr ""
+
+#. type: deftp
+#: doc/guix.texi:21234
+msgid "The data type representing a service managed by the Shepherd."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:21236
+#, no-wrap
+msgid "provision"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21238
+msgid "This is a list of symbols denoting what the service provides."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21243
+msgid ""
+"These are the names that may be passed to @command{herd start}, @command{herd status}, and similar commands (@pxref{Invoking herd,,, "
+"shepherd, The GNU Shepherd Manual}). @xref{Slots of services, the @code{provides} slot,, shepherd, The GNU Shepherd Manual}, for "
+"details."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:21244
+#, no-wrap
+msgid "@code{requirements} (default: @code{'()})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21246
+msgid "List of symbols denoting the Shepherd services this one depends on."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:21247
+#, no-wrap
+msgid "@code{respawn?} (default: @code{#t})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21250
+msgid "Whether to restart the service when it stops, for instance when the underlying process dies."
+msgstr ""
+
+#. type: code{#1}
+#: doc/guix.texi:21251
+#, no-wrap
+msgid "start"
+msgstr ""
+
+#. type: itemx
+#: doc/guix.texi:21252
+#, no-wrap
+msgid "@code{stop} (default: @code{#~(const #f)})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21258
+msgid ""
+"The @code{start} and @code{stop} fields refer to the Shepherd's facilities to start and stop processes (@pxref{Service De- and "
+"Constructors,,, shepherd, The GNU Shepherd Manual}). They are given as G-expressions that get expanded in the Shepherd "
+"configuration file (@pxref{G-Expressions})."
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21261
+msgid "A documentation string, as shown when running:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21264
+#, no-wrap
+msgid "herd doc @var{service-name}\n"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21268
+msgid "where @var{service-name} is one of the symbols in @var{provision} (@pxref{Invoking herd,,, shepherd, The GNU Shepherd Manual})."
+msgstr ""
+
+#. type: item
+#: doc/guix.texi:21269
+#, no-wrap
+msgid "@code{modules} (default: @var{%default-modules})"
+msgstr ""
+
+#. type: table
+#: doc/guix.texi:21272
+msgid "This is the list of modules that must be in scope when @code{start} and @code{stop} are evaluated."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21276
+#, no-wrap
+msgid "{Scheme Variable} shepherd-root-service-type"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21278
+msgid "The service type for the Shepherd ``root service''---i.e., PID@tie{}1."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21282
+msgid ""
+"This is the service type that extensions target when they want to create shepherd services (@pxref{Service Types and Services}, for "
+"an example). Each extension must pass a list of @code{<shepherd-service>}."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21284
+#, no-wrap
+msgid "{Scheme Variable} %shepherd-root-service"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21286
+msgid "This service represents PID@tie{}1."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21292
+#, no-wrap
+msgid "documentation, searching for"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21293
+#, no-wrap
+msgid "searching for documentation"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21294
+#, no-wrap
+msgid "Info, documentation format"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21295
+#, no-wrap
+msgid "man pages"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21296
+#, no-wrap
+msgid "manual pages"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21303
+msgid ""
+"In most cases packages installed with Guix come with documentation. There are two main documentation formats: ``Info'', a "
+"browseable hypertext format used for GNU software, and ``manual pages'' (or ``man pages''), the linear documentation format "
+"traditionally found on Unix. Info manuals are accessed with the @command{info} command or with Emacs, and man pages are accessed "
+"using @command{man}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21307
+msgid ""
+"You can look for documentation of software installed on your system by keyword. For example, the following command searches for "
+"information about ``TLS'' in Info manuals:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21315
+#, no-wrap
+msgid ""
+"$ info -k TLS\n"
+"\"(emacs)Network Security\" -- STARTTLS\n"
+"\"(emacs)Network Security\" -- TLS\n"
+"\"(gnutls)Core TLS API\" -- gnutls_certificate_set_verify_flags\n"
+"\"(gnutls)Core TLS API\" -- gnutls_certificate_set_verify_function\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21319
+msgid "The command below searches for the same keyword in man pages:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21325
+#, no-wrap
+msgid ""
+"$ man -k TLS\n"
+"SSL (7) - OpenSSL SSL/TLS library\n"
+"certtool (1) - GnuTLS certificate tool\n"
+"@dots {}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21331
+msgid ""
+"These searches are purely local to your computer so you have the guarantee that documentation you find corresponds to what you have "
+"actually installed, you can access it off-line, and your privacy is respected."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21334
+msgid "Once you have these results, you can view the relevant documentation by running, say:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21337
+#, no-wrap
+msgid "$ info \"(gnutls)Core TLS API\"\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21341
+msgid "or:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21344
+#, no-wrap
+msgid "$ man certtool\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21352
+msgid ""
+"Info manuals contain sections and indices as well as hyperlinks like those found in Web pages. The @command{info} reader "
+"(@pxref{Top, Info reader,, info-stnd, Stand-alone GNU Info}) and its Emacs counterpart (@pxref{Misc Help,,, emacs, The GNU Emacs "
+"Manual}) provide intuitive key bindings to navigate manuals. @xref{Getting Started,,, info, Info: An Introduction}, for an "
+"introduction to Info navigation."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21356
+#, no-wrap
+msgid "debugging files"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21362
+msgid ""
+"Program binaries, as produced by the GCC compilers for instance, are typically written in the ELF format, with a section containing "
+"@dfn{debugging information}. Debugging information is what allows the debugger, GDB, to map binary code to source code; it is "
+"required to debug a compiled program in good conditions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21370
+msgid ""
+"The problem with debugging information is that is takes up a fair amount of disk space. For example, debugging information for the "
+"GNU C Library weighs in at more than 60 MiB. Thus, as a user, keeping all the debugging info of all the installed programs is "
+"usually not an option. Yet, space savings should not come at the cost of an impediment to debugging---especially in the GNU system, "
+"which should make it easier for users to exert their computing freedom (@pxref{GNU Distribution})."
+msgstr ""
+"Le problème avec les informations de débogage est qu'elles prennent pas mal de place sur le disque. Par exemple, les informations de "
+"débogage de la bibliothèque C de GNU prend plus de 60 Mo. Ainsi, en tant qu'utilisateur, garder toutes les informations de débogage "
+"de tous les programmes installés n'est souvent pas une possibilité. Cependant, l'économie d'espace ne devrait pas empêcher le "
+"débogage — en particulier, dans le système GNU, qui devrait faciliter pour ses utilisateurs l'exercice de leurs libertés "
+"(@pxref{Distribution GNU})."
+
+#. type: Plain text
+#: doc/guix.texi:21377
+msgid ""
+"Thankfully, the GNU Binary Utilities (Binutils) and GDB provide a mechanism that allows users to get the best of both worlds: "
+"debugging information can be stripped from the binaries and stored in separate files. GDB is then able to load debugging "
+"information from those files, when they are available (@pxref{Separate Debug Files,,, gdb, Debugging with GDB})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21385
+msgid ""
+"The GNU distribution takes advantage of this by storing debugging information in the @code{lib/debug} sub-directory of a separate "
+"package output unimaginatively called @code{debug} (@pxref{Packages with Multiple Outputs}). Users can choose to install the "
+"@code{debug} output of a package when they need it. For instance, the following command installs the debugging information for the "
+"GNU C Library and for GNU Guile:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21388
+#, no-wrap
+msgid "guix package -i glibc:debug guile:debug\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21394
+msgid ""
+"GDB must then be told to look for debug files in the user's profile, by setting the @code{debug-file-directory} variable (consider "
+"setting it from the @file{~/.gdbinit} file, @pxref{Startup,,, gdb, Debugging with GDB}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21397
+#, no-wrap
+msgid "(gdb) set debug-file-directory ~/.guix-profile/lib/debug\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21401
+msgid "From there on, GDB will pick up debugging information from the @code{.debug} files under @file{~/.guix-profile/lib/debug}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21408
+msgid ""
+"In addition, you will most likely want GDB to be able to show the source code being debugged. To do that, you will have to unpack "
+"the source code of the package of interest (obtained with @code{guix build --source}, @pxref{Invoking guix build}), and to point GDB "
+"to that source directory using the @code{directory} command (@pxref{Source Path, @code{directory},, gdb, Debugging with GDB})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21417
+msgid ""
+"The @code{debug} output mechanism in Guix is implemented by the @code{gnu-build-system} (@pxref{Build Systems}). Currently, it is "
+"opt-in---debugging information is available only for the packages with definitions explicitly declaring a @code{debug} output. This "
+"may be changed to opt-out in the future if our build farm servers can handle the load. To check whether a package has a "
+"@code{debug} output, use @command{guix package --list-available} (@pxref{Invoking guix package})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21422
+#, no-wrap
+msgid "security updates"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21431
+msgid ""
+"Occasionally, important security vulnerabilities are discovered in software packages and must be patched. Guix developers try hard "
+"to keep track of known vulnerabilities and to apply fixes as soon as possible in the @code{master} branch of Guix (we do not yet "
+"provide a ``stable'' branch containing only security updates.) The @command{guix lint} tool helps developers find out about "
+"vulnerable versions of software packages in the distribution:"
+msgstr ""
+
+#. type: smallexample
+#: doc/guix.texi:21438
+#, no-wrap
+msgid ""
+"$ guix lint -c cve\n"
+"gnu/packages/base.scm:652:2: glibc@@2.21: probably vulnerable to CVE-2015-1781, CVE-2015-7547\n"
+"gnu/packages/gcc.scm:334:2: gcc@@4.9.3: probably vulnerable to CVE-2015-5276\n"
+"gnu/packages/image.scm:312:2: openjpeg@@2.1.0: probably vulnerable to CVE-2016-1923, CVE-2016-1924\n"
+"@dots{}\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21441
+msgid "@xref{Invoking guix lint}, for more information."
+msgstr ""
+
+#. type: quotation
+#: doc/guix.texi:21445
+msgid "As of version @value{VERSION}, the feature described below is considered ``beta''."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21455
+msgid ""
+"Guix follows a functional package management discipline (@pxref{Introduction}), which implies that, when a package is changed, "
+"@emph{every package that depends on it} must be rebuilt. This can significantly slow down the deployment of fixes in core packages "
+"such as libc or Bash, since basically the whole distribution would need to be rebuilt. Using pre-built binaries helps "
+"(@pxref{Substitutes}), but deployment may still take more time than desired."
+msgstr ""
+"Guix suit une discipline de gestion de paquets fonctionnelle (@pxref{Introduction}), ce qui implique que lorsqu'un paquet change, "
+"@emph{tous les paquets qui en dépendent} doivent être reconstruits. Cela peut grandement ralentir le déploiement de corrections dans "
+"les paquets du cœur comme libc ou bash comme presque toute la distribution aurait besoin d'être reconstruite. Cela aide d'utiliser "
+"des binaires pré-construits (@pxref{Substituts}), mais le déploiement peut toujours prendre plus de temps de souhaité."
+
+#. type: cindex
+#: doc/guix.texi:21456
+#, no-wrap
+msgid "grafts"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21464
+msgid ""
+"To address this, Guix implements @dfn{grafts}, a mechanism that allows for fast deployment of critical updates without the costs "
+"associated with a whole-distribution rebuild. The idea is to rebuild only the package that needs to be patched, and then to "
+"``graft'' it onto packages explicitly installed by the user and that were previously referring to the original package. The cost of "
+"grafting is typically very low, and order of magnitudes lower than a full rebuild of the dependency chain."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21465
+#, no-wrap
+msgid "replacements of packages, for grafts"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21471
+msgid ""
+"For instance, suppose a security update needs to be applied to Bash. Guix developers will provide a package definition for the "
+"``fixed'' Bash, say @var{bash-fixed}, in the usual way (@pxref{Defining Packages}). Then, the original package definition is "
+"augmented with a @code{replacement} field pointing to the package containing the bug fix:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21478
+#, no-wrap
+msgid ""
+"(define bash\n"
+" (package\n"
+" (name \"bash\")\n"
+" ;; @dots{}\n"
+" (replacement bash-fixed)))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21488
+msgid ""
+"From there on, any package depending directly or indirectly on Bash---as reported by @command{guix gc --requisites} (@pxref{Invoking "
+"guix gc})---that is installed is automatically ``rewritten'' to refer to @var{bash-fixed} instead of @var{bash}. This grafting "
+"process takes time proportional to the size of the package, usually less than a minute for an ``average'' package on a recent "
+"machine. Grafting is recursive: when an indirect dependency requires grafting, then grafting ``propagates'' up to the package that "
+"the user is installing."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21496
+msgid ""
+"Currently, the length of the name and version of the graft and that of the package it replaces (@var{bash-fixed} and @var{bash} in "
+"the example above) must be equal. This restriction mostly comes from the fact that grafting works by patching files, including "
+"binary files, directly. Other restrictions may apply: for instance, when adding a graft to a package providing a shared library, "
+"the original shared library and its replacement must have the same @code{SONAME} and be binary-compatible."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21500
+msgid ""
+"The @option{--no-grafts} command-line option allows you to forcefully avoid grafting (@pxref{Common Build Options, @option{--no-"
+"grafts}}). Thus, the command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21503
+#, no-wrap
+msgid "guix build bash --no-grafts\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21507
+msgid "returns the store file name of the original Bash, whereas:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21510
+#, no-wrap
+msgid "guix build bash\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21515
+msgid ""
+"returns the store file name of the ``fixed'', replacement Bash. This allows you to distinguish between the two variants of Bash."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21518
+msgid "To verify which Bash your whole profile refers to, you can run (@pxref{Invoking guix gc}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21521
+#, no-wrap
+msgid "guix gc -R `readlink -f ~/.guix-profile` | grep bash\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21526
+msgid "@dots{} and compare the store file names that you get with those above. Likewise for a complete GuixSD system generation:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21529
+#, no-wrap
+msgid "guix gc -R `guix system build my-config.scm` | grep bash\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21533
+msgid "Lastly, to check which Bash running processes are using, you can use the @command{lsof} command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21536
+#, no-wrap
+msgid "lsof | grep /gnu/store/.*bash\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21553
+msgid ""
+"From a programming viewpoint, the package definitions of the GNU distribution are provided by Guile modules in the @code{(gnu "
+"packages @dots{})} name space@footnote{Note that packages under the @code{(gnu packages @dots{})} module name space are not "
+"necessarily ``GNU packages''. This module naming scheme follows the usual Guile module naming convention: @code{gnu} means that "
+"these modules are distributed as part of the GNU system, and @code{packages} identifies modules that define packages.} "
+"(@pxref{Modules, Guile modules,, guile, GNU Guile Reference Manual}). For instance, the @code{(gnu packages emacs)} module exports "
+"a variable named @code{emacs}, which is bound to a @code{<package>} object (@pxref{Defining Packages})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21560
+msgid ""
+"The @code{(gnu packages @dots{})} module name space is automatically scanned for packages by the command-line tools. For instance, "
+"when running @code{guix package -i emacs}, all the @code{(gnu packages @dots{})} modules are scanned until one that exports a "
+"package object whose name is @code{emacs} is found. This package search facility is implemented in the @code{(gnu packages)} module."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21562
+#, no-wrap
+msgid "package module search path"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21579
+msgid ""
+"Users can store package definitions in modules with different names---e.g., @code{(my-packages emacs)}@footnote{Note that the file "
+"name and module name must match. For instance, the @code{(my-packages emacs)} module must be stored in a @file{my-packages/emacs."
+"scm} file relative to the load path specified with @option{--load-path} or @code{GUIX_PACKAGE_PATH}. @xref{Modules and the File "
+"System,,, guile, GNU Guile Reference Manual}, for details.}. These package definitions will not be visible by default. Users can "
+"invoke commands such as @command{guix package} and @command{guix build} with the @code{-e} option so that they know where to find "
+"the package. Better yet, they can use the @code{-L} option of these commands to make those modules visible (@pxref{Invoking guix "
+"build, @code{--load-path}}), or define the @code{GUIX_PACKAGE_PATH} environment variable. This environment variable makes it easy "
+"to extend or customize the distribution and is honored by all the user interfaces."
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21580
+#, no-wrap
+msgid "{Environment Variable} GUIX_PACKAGE_PATH"
+msgstr ""
+
+#. type: defvr
+#: doc/guix.texi:21584
+msgid ""
+"This is a colon-separated list of directories to search for additional package modules. Directories listed in this variable take "
+"precedence over the own modules of the distribution."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21592
+msgid ""
+"The distribution is fully @dfn{bootstrapped} and @dfn{self-contained}: each package is built based solely on other packages in the "
+"distribution. The root of this dependency graph is a small set of @dfn{bootstrap binaries}, provided by the @code{(gnu packages "
+"bootstrap)} module. For more information on bootstrapping, @pxref{Bootstrapping}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21596
+#, no-wrap
+msgid "packages, creating"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21601
+msgid ""
+"The GNU distribution is nascent and may well lack some of your favorite packages. This section describes how you can help make the "
+"distribution grow. @xref{Contributing}, for additional information on how you can help."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21609
+msgid ""
+"Free software packages are usually distributed in the form of @dfn{source code tarballs}---typically @file{tar.gz} files that "
+"contain all the source files. Adding a package to the distribution means essentially two things: adding a @dfn{recipe} that "
+"describes how to build the package, including a list of other packages required to build it, and adding @dfn{package metadata} along "
+"with that recipe, such as a description and licensing information."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21618
+msgid ""
+"In Guix all this information is embodied in @dfn{package definitions}. Package definitions provide a high-level view of the "
+"package. They are written using the syntax of the Scheme programming language; in fact, for each package we define a variable bound "
+"to the package definition, and export that variable from a module (@pxref{Package Modules}). However, in-depth Scheme knowledge is "
+"@emph{not} a prerequisite for creating packages. For more information on package definitions, @pxref{Defining Packages}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21624
+msgid ""
+"Once a package definition is in place, stored in a file in the Guix source tree, it can be tested using the @command{guix build} "
+"command (@pxref{Invoking guix build}). For example, assuming the new package is called @code{gnew}, you may run this command from "
+"the Guix build tree (@pxref{Running Guix Before It Is Installed}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21627
+#, no-wrap
+msgid "./pre-inst-env guix build gnew --keep-failed\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21633
+msgid ""
+"Using @code{--keep-failed} makes it easier to debug build failures since it provides access to the failed build tree. Another "
+"useful command-line option when debugging is @code{--log-file}, to access the build log."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21638
+msgid ""
+"If the package is unknown to the @command{guix} command, it may be that the source file contains a syntax error, or lacks a "
+"@code{define-public} clause to export the package variable. To figure it out, you may load the module from Guile to get more "
+"information about the actual error:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21641
+#, no-wrap
+msgid "./pre-inst-env guile -c '(use-modules (gnu packages gnew))'\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21649
+msgid ""
+"Once your package builds correctly, please send us a patch (@pxref{Contributing}). Well, if you need help, we will be happy to help "
+"you too. Once the patch is committed in the Guix repository, the new package automatically gets built on the supported platforms by "
+"@url{http://hydra.gnu.org/jobset/gnu/master, our continuous integration system}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21650
+#, no-wrap
+msgid "substituter"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21657
+msgid ""
+"Users can obtain the new package definition simply by running @command{guix pull} (@pxref{Invoking guix pull}). When @code{hydra."
+"gnu.org} is done building the package, installing the package automatically downloads binaries from there (@pxref{Substitutes}). "
+"The only place where human intervention is needed is to review and apply the patch."
+msgstr ""
+"On peut obtenir la nouvelle définition du paquet simplement en lançant @command{guix pull} (@pxref{Invoking guix pull}). Lorsque "
+"@code{hydra.gnu.org} a fini de construire le paquet, l'installation du paquet y télécharge automatiquement les binaires "
+"(@pxref{Substituts}). La seule intervention humaine requise est pendant la revue et l'application du correctif."
+
+#. type: cindex
+#: doc/guix.texi:21674
+#, no-wrap
+msgid "free software"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21682
+msgid ""
+"The GNU operating system has been developed so that users can have freedom in their computing. GNU is @dfn{free software}, meaning "
+"that users have the @url{http://www.gnu.org/philosophy/free-sw.html,four essential freedoms}: to run the program, to study and "
+"change the program in source code form, to redistribute exact copies, and to distribute modified versions. Packages found in the "
+"GNU distribution provide only software that conveys these four freedoms."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21688
+msgid ""
+"In addition, the GNU distribution follow the @url{http://www.gnu.org/distros/free-system-distribution-guidelines.html,free software "
+"distribution guidelines}. Among other things, these guidelines reject non-free firmware, recommendations of non-free software, and "
+"discuss ways to deal with trademarks and patents."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21696
+msgid ""
+"Some otherwise free upstream package sources contain a small and optional subset that violates the above guidelines, for instance "
+"because this subset is itself non-free code. When that happens, the offending items are removed with appropriate patches or code "
+"snippets in the @code{origin} form of the package (@pxref{Defining Packages}). This way, @code{guix build --source} returns the "
+"``freed'' source rather than the unmodified upstream source."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21701
+#, no-wrap
+msgid "package name"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21709
+msgid ""
+"A package has actually two names associated with it: First, there is the name of the @emph{Scheme variable}, the one following "
+"@code{define-public}. By this name, the package can be made known in the Scheme code, for instance as input to another package. "
+"Second, there is the string in the @code{name} field of a package definition. This name is used by package management commands such "
+"as @command{guix package} and @command{guix build}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21714
+msgid ""
+"Both are usually the same and correspond to the lowercase conversion of the project name chosen upstream, with underscores replaced "
+"with hyphens. For instance, GNUnet is available as @code{gnunet}, and SDL_net as @code{sdl-net}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21719
+msgid ""
+"We do not add @code{lib} prefixes for library packages, unless these are already part of the official project name. But "
+"@pxref{Python Modules} and @ref{Perl Modules} for special rules concerning modules for the Python and Perl languages."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21721
+msgid "Font package names are handled differently, @pxref{Fonts}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21726
+#, no-wrap
+msgid "package version"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21735
+msgid ""
+"We usually package only the latest version of a given free software project. But sometimes, for instance for incompatible library "
+"versions, two (or more) versions of the same package are needed. These require different Scheme variable names. We use the name as "
+"defined in @ref{Package Naming} for the most recent version; previous versions use the same name, suffixed by @code{-} and the "
+"smallest prefix of the version number that may distinguish the two versions."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21738
+msgid "The name inside the package definition is the same for all versions of a package and does not contain any version number."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21740
+msgid "For instance, the versions 2.24.20 and 3.9.12 of GTK+ may be packaged as follows:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21752
+#, no-wrap
+msgid ""
+"(define-public gtk+\n"
+" (package\n"
+" (name \"gtk+\")\n"
+" (version \"3.9.12\")\n"
+" ...))\n"
+"(define-public gtk+-2\n"
+" (package\n"
+" (name \"gtk+\")\n"
+" (version \"2.24.20\")\n"
+" ...))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21754
+msgid "If we also wanted GTK+ 3.8.2, this would be packaged as"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21760
+#, no-wrap
+msgid ""
+"(define-public gtk+-3.8\n"
+" (package\n"
+" (name \"gtk+\")\n"
+" (version \"3.8.2\")\n"
+" ...))\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21764
+#, no-wrap
+msgid "version number, for VCS snapshots"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21770
+msgid ""
+"Occasionally, we package snapshots of upstream's version control system (VCS) instead of formal releases. This should remain "
+"exceptional, because it is up to upstream developers to clarify what the stable release is. Yet, it is sometimes necessary. So, "
+"what should we put in the @code{version} field?"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21778
+msgid ""
+"Clearly, we need to make the commit identifier of the VCS snapshot visible in the version string, but we also need to make sure that "
+"the version string is monotonically increasing so that @command{guix package --upgrade} can determine which version is newer. Since "
+"commit identifiers, notably with Git, are not monotonically increasing, we add a revision number that we increase each time we "
+"upgrade to a newer snapshot. The resulting version string looks like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21787
+#, no-wrap
+msgid ""
+"2.0.11-3.cabba9e\n"
+" ^ ^ ^\n"
+" | | `-- upstream commit ID\n"
+" | |\n"
+" | `--- Guix package revision\n"
+" |\n"
+"latest upstream version\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21796
+msgid ""
+"It is a good idea to strip commit identifiers in the @code{version} field to, say, 7 digits. It avoids an aesthetic annoyance "
+"(assuming aesthetics have a role to play here) as well as problems related to OS limits such as the maximum shebang length (127 "
+"bytes for the Linux kernel.) It is best to use the full commit identifiers in @code{origin}s, though, to avoid ambiguities. A "
+"typical package definition may look like this:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21812
+#, no-wrap
+msgid ""
+"(define my-package\n"
+" (let ((commit \"c3f29bc928d5900971f65965feaae59e1272a3f7\")\n"
+" (revision \"1\")) ;Guix package revision\n"
+" (package\n"
+" (version (git-version \"0.9\" revision commit))\n"
+" (source (origin\n"
+" (method git-fetch)\n"
+" (uri (git-reference\n"
+" (url \"git://example.org/my-package.git\")\n"
+" (commit commit)))\n"
+" (sha256 (base32 \"1mbikn@dots{}\"))\n"
+" (file-name (git-file-name name version))))\n"
+" ;; @dots{}\n"
+" )))\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21817
+#, no-wrap
+msgid "package description"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21818
+#, no-wrap
+msgid "package synopsis"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21825
+msgid ""
+"As we have seen before, each package in GNU@tie{}Guix includes a synopsis and a description (@pxref{Defining Packages}). Synopses "
+"and descriptions are important: They are what @command{guix package --search} searches, and a crucial piece of information to help "
+"users determine whether a given package suits their needs. Consequently, packagers should pay attention to what goes into them."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21833
+msgid ""
+"Synopses must start with a capital letter and must not end with a period. They must not start with ``a'' or ``the'', which usually "
+"does not bring anything; for instance, prefer ``File-frobbing tool'' over ``A tool that frobs files''. The synopsis should say what "
+"the package is---e.g., ``Core GNU utilities (file, text, shell)''---or what it is used for---e.g., the synopsis for GNU@tie{}grep is "
+"``Print lines matching a pattern''."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21843
+msgid ""
+"Keep in mind that the synopsis must be meaningful for a very wide audience. For example, ``Manipulate alignments in the SAM "
+"format'' might make sense for a seasoned bioinformatics researcher, but might be fairly unhelpful or even misleading to a non-"
+"specialized audience. It is a good idea to come up with a synopsis that gives an idea of the application domain of the package. In "
+"this example, this might give something like ``Manipulate nucleotide sequence alignments'', which hopefully gives the user a better "
+"idea of whether this is what they are looking for."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21851
+msgid ""
+"Descriptions should take between five and ten lines. Use full sentences, and avoid using acronyms without first introducing them. "
+"Please avoid marketing phrases such as ``world-leading'', ``industrial-strength'', and ``next-generation'', and avoid superlatives "
+"like ``the most advanced''---they are not helpful to users looking for a package and may even sound suspicious. Instead, try to be "
+"factual, mentioning use cases and features."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21852
+#, no-wrap
+msgid "Texinfo markup, in package descriptions"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21861
+msgid ""
+"Descriptions can include Texinfo markup, which is useful to introduce ornaments such as @code{@@code} or @code{@@dfn}, bullet lists, "
+"or hyperlinks (@pxref{Overview,,, texinfo, GNU Texinfo}). However you should be careful when using some characters for example "
+"@samp{@@} and curly braces which are the basic special characters in Texinfo (@pxref{Special Characters,,, texinfo, GNU Texinfo}). "
+"User interfaces such as @command{guix package --show} take care of rendering it appropriately."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21867
+msgid ""
+"Synopses and descriptions are translated by volunteers @uref{http://translationproject.org/domain/guix-packages.html, at the "
+"Translation Project} so that as many users as possible can read them in their native language. User interfaces search them and "
+"display them in the language specified by the current locale."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21872
+msgid ""
+"To allow @command{xgettext} to extract them as translatable strings, synopses and descriptions @emph{must be literal strings}. This "
+"means that you cannot use @code{string-append} or @code{format} to construct these strings:"
+msgstr ""
+
+#. type: lisp
+#: doc/guix.texi:21878
+#, no-wrap
+msgid ""
+"(package\n"
+" ;; @dots{}\n"
+" (synopsis \"This is translatable\")\n"
+" (description (string-append \"This is \" \"*not*\" \" translatable.\")))\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21886
+msgid ""
+"Translation is a lot of work so, as a packager, please pay even more attention to your synopses and descriptions as every change may "
+"entail additional work for translators. In order to help them, it is possible to make recommendations or instructions visible to "
+"them by inserting special comments like this (@pxref{xgettext Invocation,,, gettext, GNU Gettext}):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:21891
+#, no-wrap
+msgid ""
+";; TRANSLATORS: \"X11 resize-and-rotate\" should not be translated.\n"
+"(description \"ARandR is designed to provide a simple visual front end\n"
+"for the X11 resize-and-rotate (RandR) extension. @dots{}\")\n"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21897
+#, no-wrap
+msgid "python"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21903
+msgid ""
+"We currently package Python 2 and Python 3, under the Scheme variable names @code{python-2} and @code{python} as explained in "
+"@ref{Version Numbers}. To avoid confusion and naming clashes with other programming languages, it seems desirable that the name of "
+"a package for a Python module contains the word @code{python}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21909
+msgid ""
+"Some modules are compatible with only one version of Python, others with both. If the package Foo compiles only with Python 3, we "
+"name it @code{python-foo}; if it compiles only with Python 2, we name it @code{python2-foo}. If it is compatible with both versions, "
+"we create two packages with the corresponding names."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21915
+msgid ""
+"If a project already contains the word @code{python}, we drop this; for instance, the module python-dateutil is packaged under the "
+"names @code{python-dateutil} and @code{python2-dateutil}. If the project name starts with @code{py} (e.g. @code{pytz}), we keep it "
+"and prefix it as described above."
+msgstr ""
+
+#. type: subsubsection
+#: doc/guix.texi:21916
+#, no-wrap
+msgid "Specifying Dependencies"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21917
+#, no-wrap
+msgid "inputs, for Python packages"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21922
+msgid ""
+"Dependency information for Python packages is usually available in the package source tree, with varying degrees of accuracy: in the "
+"@file{setup.py} file, in @file{requirements.txt}, or in @file{tox.ini}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21928
+msgid ""
+"Your mission, when writing a recipe for a Python package, is to map these dependencies to the appropriate type of "
+"``input'' (@pxref{package Reference, inputs}). Although the @code{pypi} importer normally does a good job (@pxref{Invoking guix "
+"import}), you may want to check the following check list to determine which dependency goes where."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:21936
+msgid ""
+"We currently package Python 2 with @code{setuptools} and @code{pip} installed like Python 3.4 has per default. Thus you don't need "
+"to specify either of these as an input. @command{guix lint} will warn you if you do."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:21942
+msgid ""
+"Python dependencies required at run time go into @code{propagated-inputs}. They are typically defined with the "
+"@code{install_requires} keyword in @file{setup.py}, or in the @file{requirements.txt} file."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:21950
+msgid ""
+"Python packages required only at build time---e.g., those listed with the @code{setup_requires} keyword in @file{setup.py}---or only "
+"for testing---e.g., those in @code{tests_require}---go into @code{native-inputs}. The rationale is that (1) they do not need to be "
+"propagated because they are not needed at run time, and (2) in a cross-compilation context, it's the ``native'' input that we'd want."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:21954
+msgid ""
+"Examples are the @code{pytest}, @code{mock}, and @code{nose} test frameworks. Of course if any of these packages is also required "
+"at run-time, it needs to go to @code{propagated-inputs}."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:21959
+msgid ""
+"Anything that does not fall in the previous categories goes to @code{inputs}, for example programs or C libraries required for "
+"building Python packages containing C extensions."
+msgstr ""
+
+#. type: itemize
+#: doc/guix.texi:21965
+msgid ""
+"If a Python package has optional dependencies (@code{extras_require}), it is up to you to decide whether to add them or not, based "
+"on their usefulness/overhead ratio (@pxref{Submitting Patches, @command{guix size}})."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21972
+#, no-wrap
+msgid "perl"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21983
+msgid ""
+"Perl programs standing for themselves are named as any other package, using the lowercase upstream name. For Perl packages "
+"containing a single class, we use the lowercase class name, replace all occurrences of @code{::} by dashes and prepend the prefix "
+"@code{perl-}. So the class @code{XML::Parser} becomes @code{perl-xml-parser}. Modules containing several classes keep their "
+"lowercase upstream name and are also prepended by @code{perl-}. Such modules tend to have the word @code{perl} somewhere in their "
+"name, which gets dropped in favor of the prefix. For instance, @code{libwww-perl} becomes @code{perl-libwww}."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:21988
+#, no-wrap
+msgid "java"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21991
+msgid "Java programs standing for themselves are named as any other package, using the lowercase upstream name."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:21997
+msgid ""
+"To avoid confusion and naming clashes with other programming languages, it is desirable that the name of a package for a Java "
+"package is prefixed with @code{java-}. If a project already contains the word @code{java}, we drop this; for instance, the package "
+"@code{ngsjava} is packaged under the name @code{java-ngs}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22003
+msgid ""
+"For Java packages containing a single class or a small class hierarchy, we use the lowercase class name, replace all occurrences of "
+"@code{.} by dashes and prepend the prefix @code{java-}. So the class @code{apache.commons.cli} becomes package @code{java-apache-"
+"commons-cli}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22014
+msgid ""
+"For fonts that are in general not installed by a user for typesetting purposes, or that are distributed as part of a larger software "
+"package, we rely on the general packaging rules for software; for instance, this applies to the fonts delivered as part of the X.Org "
+"system or fonts that are part of TeX Live."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22018
+msgid ""
+"To make it easier for a user to search for fonts, names for other packages containing only fonts are constructed as follows, "
+"independently of the upstream package name."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22026
+msgid ""
+"The name of a package containing only one font family starts with @code{font-}; it is followed by the foundry name and a dash "
+"@code{-} if the foundry is known, and the font family name, in which spaces are replaced by dashes (and as usual, all upper case "
+"letters are transformed to lower case). For example, the Gentium font family by SIL is packaged under the name @code{font-sil-"
+"gentium}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22035
+msgid ""
+"For a package containing several font families, the name of the collection is used in the place of the font family name. For "
+"instance, the Liberation fonts consist of three families, Liberation Sans, Liberation Serif and Liberation Mono. These could be "
+"packaged separately under the names @code{font-liberation-sans} and so on; but as they are distributed together under a common name, "
+"we prefer to package them together as @code{font-liberation}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22041
+msgid ""
+"In the case where several formats of the same font family or font collection are packaged separately, a short form of the format, "
+"prepended by a dash, is added to the package name. We use @code{-ttf} for TrueType fonts, @code{-otf} for OpenType fonts and @code{-"
+"type1} for PostScript Type 1 fonts."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:22049
+#, no-wrap
+msgid "bootstrapping"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22059
+msgid ""
+"Bootstrapping in our context refers to how the distribution gets built ``from nothing''. Remember that the build environment of a "
+"derivation contains nothing but its declared inputs (@pxref{Introduction}). So there's an obvious chicken-and-egg problem: how does "
+"the first package get built? How does the first compiler get compiled? Note that this is a question of interest only to the curious "
+"hacker, not to the regular user, so you can shamelessly skip this section if you consider yourself a ``regular user''."
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:22060 doc/guix.texi:22182
+#, no-wrap
+msgid "bootstrap binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22070
+msgid ""
+"The GNU system is primarily made of C code, with libc at its core. The GNU build system itself assumes the availability of a Bourne "
+"shell and command-line tools provided by GNU Coreutils, Awk, Findutils, `sed', and `grep'. Furthermore, build programs---programs "
+"that run @code{./configure}, @code{make}, etc.---are written in Guile Scheme (@pxref{Derivations}). Consequently, to be able to "
+"build anything at all, from scratch, Guix relies on pre-built binaries of Guile, GCC, Binutils, libc, and the other packages "
+"mentioned above---the @dfn{bootstrap binaries}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22073
+msgid "These bootstrap binaries are ``taken for granted'', though we can also re-create them if needed (more on that later)."
+msgstr ""
+
+#. type: unnumberedsubsec
+#: doc/guix.texi:22074
+#, no-wrap
+msgid "Preparing to Use the Bootstrap Binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22079
+msgid "@image{images/bootstrap-graph,6in,,Dependency graph of the early bootstrap derivations}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22084
+msgid ""
+"The figure above shows the very beginning of the dependency graph of the distribution, corresponding to the package definitions of "
+"the @code{(gnu packages bootstrap)} module. A similar figure can be generated with @command{guix graph} (@pxref{Invoking guix "
+"graph}), along the lines of:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:22089
+#, no-wrap
+msgid ""
+"guix graph -t derivation \\\n"
+" -e '(@@@@ (gnu packages bootstrap) %bootstrap-gcc)' \\\n"
+" | dot -Tps > t.ps\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22098
+msgid ""
+"At this level of detail, things are slightly complex. First, Guile itself consists of an ELF executable, along with many source and "
+"compiled Scheme files that are dynamically loaded when it runs. This gets stored in the @file{guile-2.0.7.tar.xz} tarball shown in "
+"this graph. This tarball is part of Guix's ``source'' distribution, and gets inserted into the store with @code{add-to-store} "
+"(@pxref{The Store})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22107
+msgid ""
+"But how do we write a derivation that unpacks this tarball and adds it to the store? To solve this problem, the @code{guile-"
+"bootstrap-2.0.drv} derivation---the first one that gets built---uses @code{bash} as its builder, which runs @code{build-bootstrap-"
+"guile.sh}, which in turn calls @code{tar} to unpack the tarball. Thus, @file{bash}, @file{tar}, @file{xz}, and @file{mkdir} are "
+"statically-linked binaries, also part of the Guix source distribution, whose sole purpose is to allow the Guile tarball to be "
+"unpacked."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22119
+msgid ""
+"Once @code{guile-bootstrap-2.0.drv} is built, we have a functioning Guile that can be used to run subsequent build programs. Its "
+"first task is to download tarballs containing the other pre-built binaries---this is what the @code{.tar.xz.drv} derivations do. "
+"Guix modules such as @code{ftp-client.scm} are used for this purpose. The @code{module-import.drv} derivations import those modules "
+"in a directory in the store, using the original layout. The @code{module-import-compiled.drv} derivations compile those modules, "
+"and write them in an output directory with the right layout. This corresponds to the @code{#:modules} argument of @code{build-"
+"expression->derivation} (@pxref{Derivations})."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22123
+msgid ""
+"Finally, the various tarballs are unpacked by the derivations @code{gcc-bootstrap-0.drv}, @code{glibc-bootstrap-0.drv}, etc., at "
+"which point we have a working C tool chain."
+msgstr ""
+
+#. type: unnumberedsubsec
+#: doc/guix.texi:22125
+#, no-wrap
+msgid "Building the Build Tools"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22134
+msgid ""
+"Bootstrapping is complete when we have a full tool chain that does not depend on the pre-built bootstrap tools discussed above. "
+"This no-dependency requirement is verified by checking whether the files of the final tool chain contain references to the @file{/"
+"gnu/store} directories of the bootstrap inputs. The process that leads to this ``final'' tool chain is described by the package "
+"definitions found in the @code{(gnu packages commencement)} module."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22141
+msgid ""
+"The @command{guix graph} command allows us to ``zoom out'' compared to the graph above, by looking at the level of package objects "
+"instead of individual derivations---remember that a package may translate to several derivations, typically one derivation to "
+"download its source, one to build the Guile modules it needs, and one to actually build the package from source. The command:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:22146
+#, no-wrap
+msgid ""
+"guix graph -t bag \\\n"
+" -e '(@@@@ (gnu packages commencement)\n"
+" glibc-final-with-bootstrap-bash)' | dot -Tps > t.ps\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22153
+msgid ""
+"produces the dependency graph leading to the ``final'' C library@footnote{You may notice the @code{glibc-intermediate} label, "
+"suggesting that it is not @emph{quite} final, but as a good approximation, we will consider it final.}, depicted below."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22155
+msgid "@image{images/bootstrap-packages,6in,,Dependency graph of the early packages}"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22161
+msgid ""
+"The first tool that gets built with the bootstrap binaries is GNU@tie{}Make---noted @code{make-boot0} above---which is a "
+"prerequisite for all the following packages. From there Findutils and Diffutils get built."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22166
+msgid ""
+"Then come the first-stage Binutils and GCC, built as pseudo cross tools---i.e., with @code{--target} equal to @code{--host}. They "
+"are used to build libc. Thanks to this cross-build trick, this libc is guaranteed not to hold any reference to the initial tool "
+"chain."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22172
+msgid ""
+"From there the final Binutils and GCC (not shown above) are built. GCC uses @code{ld} from the final Binutils, and links programs "
+"against the just-built libc. This tool chain is used to build the other packages used by Guix and by the GNU Build System: Guile, "
+"Bash, Coreutils, etc."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22178
+msgid ""
+"And voilà! At this point we have the complete set of build tools that the GNU Build System expects. These are in the @code{%final-"
+"inputs} variable of the @code{(gnu packages commencement)} module, and are implicitly used by any package that uses @code{gnu-build-"
+"system} (@pxref{Build Systems, @code{gnu-build-system}})."
+msgstr ""
+
+#. type: unnumberedsubsec
+#: doc/guix.texi:22180
+#, no-wrap
+msgid "Building the Bootstrap Binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22187
+msgid ""
+"Because the final tool chain does not depend on the bootstrap binaries, those rarely need to be updated. Nevertheless, it is useful "
+"to have an automated way to produce them, should an update occur, and this is what the @code{(gnu packages make-bootstrap)} module "
+"provides."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22191
+msgid ""
+"The following command builds the tarballs containing the bootstrap binaries (Guile, Binutils, GCC, libc, and a tarball containing a "
+"mixture of Coreutils and other basic command-line tools):"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:22194
+#, no-wrap
+msgid "guix build bootstrap-tarballs\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22199
+msgid ""
+"The generated tarballs are those that should be referred to in the @code{(gnu packages bootstrap)} module mentioned at the beginning "
+"of this section."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22205
+msgid ""
+"Still here? Then perhaps by now you've started to wonder: when do we reach a fixed point? That is an interesting question! The "
+"answer is unknown, but if you would like to investigate further (and have significant computational and storage resources to do so), "
+"then let us know."
+msgstr ""
+
+#. type: unnumberedsubsec
+#: doc/guix.texi:22206
+#, no-wrap
+msgid "Reducing the Set of Bootstrap Binaries"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22214
+msgid ""
+"Our bootstrap binaries currently include GCC, Guile, etc. That's a lot of binary code! Why is that a problem? It's a problem "
+"because these big chunks of binary code are practically non-auditable, which makes it hard to establish what source code produced "
+"them. Every unauditable binary also leaves us vulnerable to compiler backdoors as described by Ken Thompson in the 1984 paper "
+"@emph{Reflections on Trusting Trust}."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22220
+msgid ""
+"This is mitigated by the fact that our bootstrap binaries were generated from an earlier Guix revision. Nevertheless it lacks the "
+"level of transparency that we get in the rest of the package dependency graph, where Guix always gives us a source-to-binary "
+"mapping. Thus, our goal is to reduce the set of bootstrap binaries to the bare minimum."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22226
+msgid ""
+"The @uref{http://bootstrappable.org, Bootstrappable.org web site} lists on-going projects to do that. One of these is about "
+"replacing the bootstrap GCC with a sequence of assemblers, interpreters, and compilers of increasing complexity, which could be "
+"built from source starting from a simple and auditable assembler. Your help is welcome!"
+msgstr ""
+
+#. type: section
+#: doc/guix.texi:22229
+#, no-wrap
+msgid "Porting to a New Platform"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22238
+msgid ""
+"As discussed above, the GNU distribution is self-contained, and self-containment is achieved by relying on pre-built ``bootstrap "
+"binaries'' (@pxref{Bootstrapping}). These binaries are specific to an operating system kernel, CPU architecture, and application "
+"binary interface (ABI). Thus, to port the distribution to a platform that is not yet supported, one must build those bootstrap "
+"binaries, and update the @code{(gnu packages bootstrap)} module to use them on that platform."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22243
+msgid ""
+"Fortunately, Guix can @emph{cross compile} those bootstrap binaries. When everything goes well, and assuming the GNU tool chain "
+"supports the target platform, this can be as simple as running a command like this one:"
+msgstr ""
+
+#. type: example
+#: doc/guix.texi:22246
+#, no-wrap
+msgid "guix build --target=armv5tel-linux-gnueabi bootstrap-tarballs\n"
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22253
+msgid ""
+"For this to work, the @code{glibc-dynamic-linker} procedure in @code{(gnu packages bootstrap)} must be augmented to return the right "
+"file name for libc's dynamic linker on that platform; likewise, @code{system->linux-architecture} in @code{(gnu packages linux)} "
+"must be taught about the new platform."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22262
+msgid ""
+"Once these are built, the @code{(gnu packages bootstrap)} module needs to be updated to refer to these binaries on the target "
+"platform. That is, the hashes and URLs of the bootstrap tarballs for the new platform must be added alongside those of the "
+"currently supported platforms. The bootstrap Guile tarball is treated specially: it is expected to be available locally, and "
+"@file{gnu/local.mk} has rules do download it for the supported architectures; a rule for the new platform must be added as well."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22271
+msgid ""
+"In practice, there may be some complications. First, it may be that the extended GNU triplet that specifies an ABI (like the "
+"@code{eabi} suffix above) is not recognized by all the GNU tools. Typically, glibc recognizes some of these, whereas GCC uses an "
+"extra @code{--with-abi} configure flag (see @code{gcc.scm} for examples of how to handle this). Second, some of the required "
+"packages could fail to build for that platform. Lastly, the generated binaries could be broken for some reason."
+msgstr ""
+
+#. type: include
+#: doc/guix.texi:22273
+#, no-wrap
+msgid "contributing.texi"
+msgstr "contributing.fr.texi"
+
+#. type: Plain text
+#: doc/guix.texi:22286
+msgid ""
+"Guix is based on the @uref{http://nixos.org/nix/, Nix package manager}, which was designed and implemented by Eelco Dolstra, with "
+"contributions from other people (see the @file{nix/AUTHORS} file in Guix.) Nix pioneered functional package management, and "
+"promoted unprecedented features, such as transactional package upgrades and rollbacks, per-user profiles, and referentially "
+"transparent build processes. Without this work, Guix would not exist."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22289
+msgid "The Nix-based software distributions, Nixpkgs and NixOS, have also been an inspiration for Guix."
+msgstr ""
+
+#. type: Plain text
+#: doc/guix.texi:22295
+msgid ""
+"GNU@tie{}Guix itself is a collective work with contributions from a number of people. See the @file{AUTHORS} file in Guix for more "
+"information on these fine people. The @file{THANKS} file lists people who have helped by reporting bugs, taking care of the "
+"infrastructure, providing artwork and themes, making suggestions, and more---thank you!"
+msgstr ""
+
+#. type: cindex
+#: doc/guix.texi:22300
+#, no-wrap
+msgid "license, GNU Free Documentation License"
+msgstr "license, GNU Free Documentation License"
+
+#. type: include
+#: doc/guix.texi:22301
+#, no-wrap
+msgid "fdl-1.3.texi"
+msgstr "fdl-1.3.texi"
diff --git a/po/doc/local.mk b/po/doc/local.mk
index 556dcf1636..4e1c28307b 100644
--- a/po/doc/local.mk
+++ b/po/doc/local.mk
@@ -16,7 +16,9 @@
# You should have received a copy of the GNU General Public License
# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
-EXTRA_DIST =
+EXTRA_DIST = \
+ %D%/contributing.fr.po \
+ %D%/guix.fr.po
POT_OPTIONS = --package-name "guix" --package-version "$(VERSION)" \
--copyright-holder "Ludovic Courtès" \