Hello everyone. I’ve been trying to install Nonguix on my laptop, and I’ve been having issues.
TL;DR
guix pull: error: Git error: the SSL certificate is invalidappears when trying to use the Nonguix channel. What does it mean? How do I fix it?- When does a
guix system reconfiguretake effect? Immediately? On re-login? On system reboot? WARNING: (guile-user): imported module (guix build utils) overrides core binding ‘delete'appears after runningguix system reconfigure. What does it mean? Is it bad? Even if it’s not bad, how do I fix the issue?
Question
So, I’m trying to install Nonguix. I followed the directions at the Gitlab Nonguix repository (no link because I’m not sure if links are allowed for new users). But I’m running into trouble. After following the instructions, I get this error when attempting to use guix pull:
guix pull: error: Git error: the SSL certificate is invalid
This sounds to me like I didn’t configure the signing key correctly. Here is my configuration, with some minor redactions (hostname and UUID redactions, specifically):
;; This is an operating system configuration generated
;; by the graphical installer.
;;
;; Once installation is complete, you can learn and modify
;; this file to tweak the system configuration, and pass it
;; to the 'guix system reconfigure' command to effect your
;; changes.
;; Indicate which modules to import to access the variables
;; used in this configuration.
(use-modules (gnu)
; Apparently these two lines are needed for the standard kernel.
(nongnu packages linux)
(nongnu system linux-initrd))
(use-service-modules cups desktop networking ssh xorg)
(operating-system
(locale "en_US.utf8")
(timezone [REDACTED])
(keyboard-layout (keyboard-layout "us"))
(host-name [REDACTED])
; Needed for standard kernel
(kernel linux)
(initrd microcode-initrd)
(firmware (list linux-firmware))
;; The list of user accounts ('root' is implicit).
(users (cons* (user-account
(name "user")
(comment "User")
(group "users")
(home-directory "/home/user")
(supplementary-groups '("wheel" "netdev" "audio" "video")))
%base-user-accounts))
;; Packages installed system-wide
(packages (specifications->packages (list
"fontconfig"
"font-google-noto"
"coreutils"
"e2fsprogs"
"ntfs-3g"
"pciutils"
)
)
)
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append
(list
(service mate-desktop-service-type)
(service gnome-desktop-service-type)
(service xfce-desktop-service-type)
(service plasma-desktop-service-type)
(set-xorg-configuration
(xorg-configuration (keyboard-layout keyboard-layout))
)
)
;; This is the default list of services we
;; are appending to.
(modify-services %desktop-services
(guix-service-type config => (guix-configuration
(inherit config)
(substitute-urls
(append (list "https://substitutes.nonguix.org")
%default-substitute-urls))
(authorized-keys
(append (list (local-file "/home/user/dotfiles/config/system/signing-key.pub"))
%default-authorized-guix-keys))))
)
)
)
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets (list "/boot/efi"))
(keyboard-layout keyboard-layout)))
(swap-devices (list (swap-space
(target (uuid
[REDACTED]))))
)
;; Adds device mapping for LUKS.
(mapped-devices (list (mapped-device
(source (uuid
[REDACTED]))
(target "cryptroot")
(type luks-device-mapping))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems (cons* (file-system
(mount-point "/boot/efi")
(device (uuid "60E8-3B32"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device
"/dev/mapper/cryptroot"
)
(type "ext4")
(dependencies mapped-devices)) %base-file-systems)))
And here is my channels config:
(cons* (channel
(name 'nonguix)
(url "https://gitlab.com/nonguix/nonguix")
;"https://gitlab.com/nonguix/nonguix"
;; Enable signature verification:
(introduction
(make-channel-introduction
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
(openpgp-fingerprint
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
%default-channels)
So far so good, as far as I can tell.
But I noticed something interesting when troubleshooting this issue. It seems that Guix will not set my custom configuration as the system configuration, even though I can run sudo guix system reconfigure ./config.scm without issue. Example of running without issue:
$ sudo guix system reconfigure ./config.scm
Password:
substitute: looking for substitutes on 'https://substitutes.nonguix.org'... 100.0%
substitute: looking for substitutes on 'https://bordeaux.guix.gnu.org'... 100.0%
substitute: looking for substitutes on 'https://ci.guix.gnu.org'... 100.0%
The following derivations will be built:
/gnu/store/dcp4m9xx6ky3mxrp8hgy2yb1cs1s7v3f-provenance.drv
/gnu/store/1b8lf2jp0k46srg1jkznpzq4jz9j4rf8-system.drv
/gnu/store/7vvq6xpqc1srg5dykc7yq0d75g7qsgqn-grub.cfg.drv
building /gnu/store/dcp4m9xx6ky3mxrp8hgy2yb1cs1s7v3f-provenance.drv...
building /gnu/store/1b8lf2jp0k46srg1jkznpzq4jz9j4rf8-system.drv...
building /gnu/store/7vvq6xpqc1srg5dykc7yq0d75g7qsgqn-grub.cfg.drv...
/gnu/store/0j739llh4j8c6kq4d3smgprxd4mxyyzd-system
/gnu/store/l53my76vnvi7f3y3y2r3bj1ihzrvbmv8-grub.cfg
activating system...
The following derivation will be built:
/gnu/store/yy2wisq7a0ygsaab6xx0a8xg6c3nh2wf-switch-to-system.scm.drv
building /gnu/store/yy2wisq7a0ygsaab6xx0a8xg6c3nh2wf-switch-to-system.scm.drv...
making '/var/guix/profiles/system-7-link' the current system...
populating /etc from /gnu/store/n2bf6ssy3i8546gzmq2wsyal087p6c6q-etc...
setting up privileged programs in '/run/privileged/bin'...
The following derivation will be built:
/gnu/store/fjiza2bxgwqz0ws4dbyl49pacd8wsibi-install-bootloader.scm.drv
building /gnu/store/fjiza2bxgwqz0ws4dbyl49pacd8wsibi-install-bootloader.scm.drv...
guix system: bootloader successfully installed on '(/boot/efi)'
shepherd: Starting service swap-7ca8ffa9-1f08-489f-a983-1d605a35d52f...
shepherd: Service swap-7ca8ffa9-1f08-489f-a983-1d605a35d52f failed to start.
shepherd: Service swap-7ca8ffa9-1f08-489f-a983-1d605a35d52f could not be started.
shepherd: Starting service host-name...
shepherd: Service host-name started.
shepherd: Service host-name running with value "hostname".
shepherd: Service host-name has been started.
shepherd: Starting service user-homes...
shepherd: Service user-homes started.
shepherd: Service user-homes running with value #t.
shepherd: Service user-homes has been started.
shepherd: Starting service sysctl...
shepherd: Service sysctl started.
shepherd: Service sysctl running with value #t.
shepherd: Service sysctl has been started.
shepherd: Service user-homes has been started.
shepherd: Starting service guix-ownership...
shepherd: Service guix-ownership started.
shepherd: Service guix-ownership running with value #t.
shepherd: Service guix-ownership has been started.
shepherd: Starting service x11-socket-directory...
shepherd: Service x11-socket-directory started.
shepherd: Service x11-socket-directory running with value #<unspecified>.
shepherd: Service x11-socket-directory has been started.
To complete the upgrade, run 'herd restart SERVICE' to stop,
upgrade, and restart each service that was not automatically restarted.
Run 'herd status' to view the list of services on your system.
The following derivation will be built:
/gnu/store/yws87zi47sx81z3p0gjm4d5msz95i67c-kexec-load-system.scm.drv
building /gnu/store/yws87zi47sx81z3p0gjm4d5msz95i67c-kexec-load-system.scm.drv...
WARNING: (guile-user): imported module (guix build utils) overrides core binding `delete'
guix system: system loaded for fast reboot with 'reboot --kexec'
$
This looks pretty normal.
Side questions
I actually have 2 short side questions at this point:
- When does a
guix system reconfiguretake effect? Immediately? On re-login? On system reboot? - What does the warning mean? Is it important?
Resuming the post
Back on track. When I copy the current /etc/config/scm immediately after guix system reconfigure (i.e., no logging out), it looks like this. Notice that Nonguix stuff is not present in the file whatsoever.
;; This is an operating system configuration generated
;; by the graphical installer.
;;
;; Once installation is complete, you can learn and modify
;; this file to tweak the system configuration, and pass it
;; to the 'guix system reconfigure' command to effect your
;; changes.
;; Indicate which modules to import to access the variables
;; used in this configuration.
(use-modules (gnu))
(use-service-modules cups desktop networking ssh xorg)
(operating-system
(locale "en_US.utf8")
(timezone [REDACTED])
(keyboard-layout (keyboard-layout "us"))
(host-name [REDACTED])
;; The list of user accounts ('root' is implicit).
(users (cons* (user-account
(name "user")
(comment "User")
(group "users")
(home-directory "/home/user")
(supplementary-groups '("wheel" "netdev" "audio" "video")))
%base-user-accounts))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list (service gnome-desktop-service-type)
(service xfce-desktop-service-type)
(service mate-desktop-service-type)
(service plasma-desktop-service-type)
(set-xorg-configuration
(xorg-configuration (keyboard-layout keyboard-layout))))
;; This is the default list of services we
;; are appending to.
%desktop-services))
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets (list "/boot/efi"))
(keyboard-layout keyboard-layout)))
(mapped-devices (list (mapped-device
(source (uuid
[REDACTED]))
(target "cryptroot")
(type luks-device-mapping))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems (cons* (file-system
(mount-point "/boot/efi")
(device (uuid "60E8-3B32"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "ext4")
(dependencies mapped-devices)) %base-file-systems)))
When I reboot, it looks like this:
;; This is an operating system configuration generated
;; by the graphical installer.
;;
;; Once installation is complete, you can learn and modify
;; this file to tweak the system configuration, and pass it
;; to the 'guix system reconfigure' command to effect your
;; changes.
;; Indicate which modules to import to access the variables
;; used in this configuration.
(use-modules (gnu))
(use-service-modules cups desktop networking ssh xorg)
(operating-system
(locale "en_US.utf8")
(timezone [REDACTED])
(keyboard-layout (keyboard-layout "us"))
(host-name [REDACTED])
;; The list of user accounts ('root' is implicit).
(users (cons* (user-account
(name "user")
(comment "User")
(group "users")
(home-directory "/home/user")
(supplementary-groups '("wheel" "netdev" "audio" "video")))
%base-user-accounts))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list (service gnome-desktop-service-type)
(service xfce-desktop-service-type)
(service mate-desktop-service-type)
(service plasma-desktop-service-type)
(set-xorg-configuration
(xorg-configuration (keyboard-layout keyboard-layout))))
;; This is the default list of services we
;; are appending to.
%desktop-services))
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(targets (list "/boot/efi"))
(keyboard-layout keyboard-layout)))
(mapped-devices (list (mapped-device
(source (uuid
[REDACTED]))
(target "cryptroot")
(type luks-device-mapping))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems (cons* (file-system
(mount-point "/boot/efi")
(device (uuid "60E8-3B32"
'fat32))
(type "vfat"))
(file-system
(mount-point "/")
(device "/dev/mapper/cryptroot")
(type "ext4")
(dependencies mapped-devices)) %base-file-systems)))
Also, when I list generations, it doesn’t update or increment the number. That is to say, the guix system reconfigure seemingly had no effect on the system.
# The time is redacted, but the newest generation is already hours
# old at this point, even though I've reconfigured a bunch of times.
# Also, the generation number should be at least 15 at this point. But
# it won't go up anymore.
Generation 10 Jan 09 2026 XX:YY:ZZ (current)
Can anyone help me?