Guix Container Images - and what you can do with them

This talk will describe work on creating and publishing Guix container images, and what you can do with them. Images are bootstrapped from Debian images and built on GitLab shared runners for amd64 and arm64, with ppc64el and riscv64 work in progress. The images are tested for regression, and automatically uploaded to the GitLab container registry and to Docker Hub. We will also talk about what these images can be used for, with examples of long-term reproducible tarball artifacts for official releases of GNU Libtasn1, InetUtils, Libidn2 and SASL. We will also go into limitations involving security trade-offs for reducing guix-daemon privileges, and the interaction between GitLab shared runners, user namespaces and other security complications.