This is a channel for the GNU Guix package manager. It is a home for crypto and blockchain related packages and services that are not eligible for Guix proper.
This channel is established and can be expected to get timely updates. If not, Pull Requests are welcome, too.
For now it mostly contains binary packages and service code to install and run Swarm Bee nodes, and the necessary support services (e.g. an Ethereum node, a Clef wallet manager, etc).
The project’s Codeberg page is the primary communication channel.
This git repository is a Guix channel that can be added to the channels.scm
file of your Guix System by inserting the following channel introduction into
/etc/guix/channels.scm:
(channel
(name 'crypto) ; short name for nicer guix pull output
(url "https://codeberg.org/attila.lendvai/guix-crypto.git")
(branch "main")
(introduction
(make-channel-introduction
"a6a78768c2f9d0f0e659b0788001e37e23dc26e4"
(openpgp-fingerprint
"69DA 8D74 F179 7AD6 7806 EE06 FEFA 9FE5 5CF6 E3CD"))))For the time being, this channel depends on Nonguix (for the
binary-build-system), therefore pulling from this channel will also pull and
compile the Nonguix channel. See this and this for further details.
The snippet below is an example of how to start multiple Bee nodes that join a
swarm. First, add these services to your config.scm:
(operating-system
...
(services
...
(service
swarm-service-type
(swarm-service-configuration
(bee-configurations
;; Generate configuration entries for two Bee node instances.
(indexed-bee-configurations
2
(bee-config-values
(resolver-options "[an Ethereum mainnet endpoint]")
(blockchain-rpc-endpoint "https://xdai.fairdatasociety.org/")
(full-node #true)
(swap-enable #true)
(swap-initial-deposit 0))))))))Afterwards:
guix system reconfigure config.scmto apply the changes.herd statusto see if services are running properly.less /var/log/swarm/mainnet/bee-0.logto check the logs of the Bee nodes.less /var/log/openethereum/gnosis.logto check the logs of the Gnosis node.herd display-address bee-mainnet-0to display the node’s Ethereum address.
You will need to fund your Bee nodes to join a swarm. Follow the instructions in the Bee logs and the official documentation.
The crux of the issue is that Guix proper doesn’t accept binary packages, and compiling crypto/blockchain related projects properly is not trivial. Any mistake at compilation (e.g. by using a different version of a dependency) may introduce bugs into the final executable file that could result in losing money or worse.
Ideally, these mission-critical projects would all be reproducible build, even across OS installations. Then we could have source-based packages in Guix proper to build them reproducibly, and at the end of the build we could authenticate the resulting binaries by comparing ours to the officially released ones, that are cryptographically signed by upstream.
Until this ideal world is reached, this channel will serve as a home for crypto related Guix services, and package definitions. These package definitions download, authenticate and then patch the official binary releases so that they can run in the Guix environment.
Further readings on this topic:
- go-ethereum GitHub issue on reproducible builds
- Reproducibility vs. Replicability: A Brief History of a Confused Terminology
- Building a Secure Software Supply Chain with GNU Guix