Group: Guix/Mirrors

Substitutes

The Guix project runs two official build farms that continuously build binary substitutes, so users don't have to build everything at home. When installing Guix or Guix System for the first time, you'll be asked whether to trust their signatures and download their substitutes by default:

• https://ci.guix.gnu.org (Germany)
• https://bordeaux.guix.gnu.org (France)

For Guix users outside of Europe, connections to both of these can sometimes be slow or censored. Don't fret just yet: volunteers maintain unofficial mirrors of the official servers that may be closer by:

• People's Republic of China
  • https://mirrors.sjtug.sjtu.edu.cn/guix (mirrors ci.guix.gnu.org)
• Singapore
  • https://bordeaux-singapore-mirror.cbaines.net
• United States of America
  • https://bordeaux-us-east-mirror.cbaines.net (mirrors bordeaux.guix.gnu.org)
• Germany
  • https://hydra-guix-129.guix.gnu.org (official mirror of bordeaux.guix.gnu.org in Berlin)

To use one or more of these mirrors, simply add the URL(s) to the front of your substitute-urls list.

Mirrored substitutes are signed by the original builder, not the mirror. This means that mirror operators cannot add or modify binaries, as long as you trust only the signing keys published by the Guix project.

Git

• The official Git repository lives at GNU Savannah. This is what guix pull will use by default.
• There is also an official mirror at Codeberg. We are discussing a gradual migration from Savannah to Codeberg.

It is safe to momentarily guix pull from other copies of the Guix repository, for example during upstream outages. Guix will reject commits that haven't been signed by trusted upstream commiters. It will also warn loudly about (un)intentional downgrades.

However, Guix will not detect when a mirror is out of date and may lack important (security) updates! You are responsible for checking whether your chosen unofficial mirror is still, well, mirroring.