[jackhill/guix/guix.git] / etc / guix-install.sh

#!/bin/sh
# GNU Guix --- Functional package management for GNU
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

# We require Bash but for portability we'd rather not use /bin/bash or
# /usr/bin/env in the shebang, hence this hack.
if [ "x$BASH_VERSION" = "x" ]
then
    exec bash "$0" "$@"
fi

set -e

[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }

REQUIRE=(
    "dirname"
    "readlink"
    "wget"
    "gpg"
    "grep"
    "which"
    "sed"
    "sort"
    "getent"
    "mktemp"
    "rm"
    "chmod"
    "uname"
    "groupadd"
    "tail"
    "tr"
    "xz"
)

PAS=$'[ \033[32;1mPASS\033[0m ] '
ERR=$'[ \033[31;1mFAIL\033[0m ] '
WAR=$'[ \033[33;1mWARN\033[0m ] '
INF="[ INFO ] "

DEBUG=0
GNU_URL="https://ftp.gnu.org/gnu/guix/"
#GNU_URL="https://alpha.gnu.org/gnu/guix/"
OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"

# This script needs to know where root's home directory is.  However, we
# cannot simply use the HOME environment variable, since there is no guarantee
# that it points to root's home directory.
ROOT_HOME="$(echo ~root)"

# ------------------------------------------------------------------------------
#+UTILITIES

_err()
{ # All errors go to stderr.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_msg()
{ # Default message to stdout.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_debug()
{
    if [ "${DEBUG}" = '1' ]; then
        printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
    fi
}


chk_require()
{ # Check that every required command is available.
    declare -a warn
    local c

    _debug "--- [ $FUNCNAME ] ---"

    for c in "$@"; do
        command -v "$c" &>/dev/null || warn+=("$c")
    done

    [ "${#warn}" -ne 0 ] &&
        { _err "${ERR}Missing commands: ${warn[*]}.";
          return 1; }
    
    _msg "${PAS}verification of required commands completed"
}

chk_gpg_keyring()
{ # Check whether the Guix release signing public key is present.
    _debug "--- [ $FUNCNAME ] ---"

    # Without --dry-run this command will create a ~/.gnupg owned by root on
    # systems where gpg has never been used, causing errors and confusion.
    gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
        _err "${ERR}Missing OpenPGP public key.  Fetch it with this command:"
        echo "  wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | sudo -i gpg --import -"
        exit 1
    )
}

chk_term()
{ # Check for ANSI terminal for color printing.
    local ansi_term

    if [ -t 2 ]; then
        if [ "${TERM+set}" = 'set' ]; then
            case "$TERM" in
                xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
                    ansi_term=true
                    ;;
                *)
                    ansi_term=false
                    ERR="[ FAIL ] "
                    PAS="[ PASS ] "
                    ;;
            esac
        fi
    fi
}

chk_init_sys()
{ # Return init system type name.
    if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
        _msg "${INF}init system is: upstart"
        INIT_SYS="upstart"
        return 0
    elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
        _msg "${INF}init system is: systemd"
        INIT_SYS="systemd"
        return 0
    elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
        _msg "${INF}init system is: sysv-init"
        INIT_SYS="sysv-init"
        return 0
    elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
        _msg "${INF}init system is: OpenRC"
        INIT_SYS="openrc"
        return 0
    else
        INIT_SYS="NA"
        _err "${ERR}Init system could not be detected."
    fi
}

chk_sys_arch()
{ # Check for operating system and architecture type.
    local os
    local arch

    os="$(uname -s)"
    arch="$(uname -m)"

    case "$arch" in
        i386 | i486 | i686 | i786 | x86)
            local arch=i686
            ;;
        x86_64 | x86-64 | x64 | amd64)
            local arch=x86_64
            ;;
        aarch64)
            local arch=aarch64
            ;;
        armv7l)
            local arch=armhf
            ;;
        ppc64le | powerpc64le)
            local arch=powerpc64le
            ;;
        *)
            _err "${ERR}Unsupported CPU type: ${arch}"
            exit 1
    esac

    case "$os" in
        Linux | linux)
            local os=linux
            ;;
        *)
            _err "${ERR}Your operation system (${os}) is not supported."
            exit 1
    esac

    ARCH_OS="${arch}-${os}"
}

chk_sys_nscd()
{ # Check if nscd is up and suggest to start it or install it
    if [ "$(type -P pidof)" ]; then
        if [ ! "$(pidof nscd)" ]; then
            _msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
            _msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
        fi
    else
        _msg "${INF}We cannot determine if your distribution 'nscd' service is running"
        _msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
    fi
}

# ------------------------------------------------------------------------------
#+MAIN

guix_get_bin_list()
{ # Scan GNU archive and save list of binaries
    local gnu_url="$1"
    local -a bin_ver_ls
    local latest_ver
    local default_ver

    _debug "--- [ $FUNCNAME ] ---"

    # Filter only version and architecture
    bin_ver_ls=("$(wget -qO- "$gnu_url" \
        | sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
        | sort -Vu)")

    latest_ver="$(echo "${bin_ver_ls[0]}" \
                       | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
                       | tail -n1)"

    default_ver="guix-binary-${latest_ver}.${ARCH_OS}"

    if [[ "${#bin_ver_ls}" -ne "0" ]]; then
        _msg "${PAS}Release for your system: ${default_ver}"
    else
        _err "${ERR}Could not obtain list of Guix releases."
        exit 1
    fi

    # Use default to download according to the list and local ARCH_OS.
    BIN_VER="${default_ver}"
}

guix_get_bin()
{ # Download and verify binary package.
    local url="$1"
    local bin_ver="$2"
    local dl_path="$3"

    _debug "--- [ $FUNCNAME ] ---"

    _msg "${INF}Downloading Guix release archive"

    wget --help | grep -q '\--show-progress' && \
        _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
    wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"

    if [[ "$?" -eq 0 ]]; then
       _msg "${PAS}download completed."
    else
        _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
        exit 1
    fi

    pushd "${dl_path}" >/dev/null
    gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
    if [[ "$?" -eq 0 ]]; then
        _msg "${PAS}Signature is valid."
        popd >/dev/null
    else
        _err "${ERR}could not verify the signature."
        exit 1
    fi
}

sys_create_store()
{ # Unpack and install /gnu/store and /var/guix
    local pkg="$1"
    local tmp_path="$2"

    _debug "--- [ $FUNCNAME ] ---"

    cd "$tmp_path"
    tar --extract \
        --file "$pkg" &&
    _msg "${PAS}unpacked archive"

    if [[ -e "/var/guix" || -e "/gnu" ]]; then
        _err "${ERR}A previous Guix installation was found.  Refusing to overwrite."
        exit 1
    else
        _msg "${INF}Installing /var/guix and /gnu..."
        mv "${tmp_path}/var/guix" /var/
        mv "${tmp_path}/gnu" /
    fi

    _msg "${INF}Linking the root user's profile"
    mkdir -p "${ROOT_HOME}/.config/guix"
    ln -sf /var/guix/profiles/per-user/root/current-guix \
       "${ROOT_HOME}/.config/guix/current"

    GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
    source "${GUIX_PROFILE}/etc/profile"
    _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
}

sys_create_build_user()
{ # Create the group and user accounts for build users.

    _debug "--- [ $FUNCNAME ] ---"

    if [ $(getent group guixbuild) ]; then
        _msg "${INF}group guixbuild exists"
    else
        groupadd --system guixbuild
        _msg "${PAS}group <guixbuild> created"
    fi

    if [ $(getent group kvm) ]; then
        _msg "${INF}group kvm exists and build users will be added to it"
	local KVMGROUP=,kvm
    fi

    for i in $(seq -w 1 10); do
        if id "guixbuilder${i}" &>/dev/null; then
            _msg "${INF}user is already in the system, reset"
            usermod -g guixbuild -G guixbuild${KVMGROUP}     \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i"             \
                    "guixbuilder${i}";
        else
            useradd -g guixbuild -G guixbuild${KVMGROUP}     \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i" --system    \
                    "guixbuilder${i}";
            _msg "${PAS}user added <guixbuilder${i}>"
        fi
    done
}

sys_enable_guix_daemon()
{ # Run the daemon, and set it to automatically start on boot.

    local info_path
    local local_bin
    local var_guix

    _debug "--- [ $FUNCNAME ] ---"

    info_path="/usr/local/share/info"
    local_bin="/usr/local/bin"
    var_guix="/var/guix/profiles/per-user/root/current-guix"

    case "$INIT_SYS" in
        upstart)
            { initctl reload-configuration;
              cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
                 /etc/init/ &&
                  start guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via upstart"
            ;;
        systemd)
            { # systemd .mount units must be named after the target directory.
              # Here we assume a hard-coded name of /gnu/store.
              # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
              if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
                  cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
                     /etc/systemd/system/;
                  chmod 664 /etc/systemd/system/gnu-store.mount;
                  systemctl daemon-reload &&
                      systemctl enable gnu-store.mount;
              fi

              cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
                 /etc/systemd/system/;
              chmod 664 /etc/systemd/system/guix-daemon.service;

              # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
              sed -i /etc/systemd/system/guix-daemon.service \
                  -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";

              # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
              if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
              then sed -i /etc/systemd/system/guix-daemon.service \
                       -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
              fi;

              systemctl daemon-reload &&
                  systemctl enable guix-daemon &&
                  systemctl start  guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via systemd"
            ;;
        sysv-init)
            { mkdir -p /etc/init.d;
              cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              update-rc.d guix-daemon defaults &&
                  update-rc.d guix-daemon enable &&
                  service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via sysv"
            ;;
        openrc)
            { mkdir -p /etc/init.d;
              cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              rc-update add guix-daemon default &&
                  rc-service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via OpenRC"
            ;;
        NA|*)
            _msg "${ERR}unsupported init system; run the daemon manually:"
            echo "  ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
            ;;
    esac

    _msg "${INF}making the guix command available to other users"

    [ -e "$local_bin" ] || mkdir -p "$local_bin"
    ln -sf "${var_guix}/bin/guix"  "$local_bin"

    [ -e "$info_path" ] || mkdir -p "$info_path"
    for i in "${var_guix}"/share/info/*; do
        ln -sf "$i" "$info_path"
    done
}

sys_authorize_build_farms()
{ # authorize the public key of the build farm
    while true; do
        read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
        case $yn in
            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
                       _msg "${PAS}Authorized public key for ci.guix.gnu.org";
                   break;;
            [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
                   break;;
            *) _msg "Please answer yes or no.";
        esac
    done
}

sys_create_init_profile()
{ # Create /etc/profile.d/guix.sh for better desktop integration
  # This will not take effect until the next shell or desktop session!
    [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
    cat <<"EOF" > /etc/profile.d/guix.sh
# _GUIX_PROFILE: `guix pull` profile
_GUIX_PROFILE="$HOME/.config/guix/current"
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
# Export INFOPATH so that the updated info pages can be found
# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
# When INFOPATH is unset, add a trailing colon so that Emacs
# searches 'Info-default-directory-list'.
export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"

# GUIX_PROFILE: User's default profile
GUIX_PROFILE="$HOME/.guix-profile"
[ -L $GUIX_PROFILE ] || return
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
export GUIX_PROFILE GUIX_LOCPATH

[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"

# set XDG_DATA_DIRS to include Guix installations
export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
EOF
}

sys_create_shell_completion()
{ # Symlink supported shell completions system-wide

    var_guix=/var/guix/profiles/per-user/root/current-guix
    bash_completion=/etc/bash_completion.d
    zsh_completion=/usr/share/zsh/site-functions
    fish_completion=/usr/share/fish/vendor_completions.d

    { # Just in case
        for dir_shell in $bash_completion $zsh_completion $fish_completion; do
            [ -d "$dir_shell" ] || mkdir -p $dir_shell
        done;

        ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
        ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
        ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
        _msg "${PAS}installed shell completion"
}


welcome()
{
    cat<<"EOF"
    ░░░                                     ░░░
    ░░▒▒░░░░░░░░░               ░░░░░░░░░▒▒░░
     ░░▒▒▒▒▒░░░░░░░           ░░░░░░░▒▒▒▒▒░
         ░▒▒▒░░▒▒▒▒▒         ░░░░░░░▒▒░
               ░▒▒▒▒░       ░░░░░░
                ▒▒▒▒▒      ░░░░░░
                 ▒▒▒▒▒     ░░░░░
                 ░▒▒▒▒▒   ░░░░░
                  ▒▒▒▒▒   ░░░░░
                   ▒▒▒▒▒ ░░░░░
                   ░▒▒▒▒▒░░░░░
                    ▒▒▒▒▒▒░░░
                     ▒▒▒▒▒▒░
     _____ _   _ _    _    _____       _
    / ____| \ | | |  | |  / ____|     (_)
   | |  __|  \| | |  | | | |  __ _   _ ___  __
   | | |_ | . ' | |  | | | | |_ | | | | \ \/ /
   | |__| | |\  | |__| | | |__| | |_| | |>  <
    \_____|_| \_|\____/   \_____|\__,_|_/_/\_\

This script installs GNU Guix on your system

https://www.gnu.org/software/guix/
EOF
    echo -n "Press return to continue..."
    read -r  ANSWER
}

main()
{
    local tmp_path
    welcome

    _msg "Starting installation ($(date))"

    chk_term
    chk_require "${REQUIRE[@]}"
    chk_gpg_keyring
    chk_init_sys
    chk_sys_arch
    chk_sys_nscd

    _msg "${INF}system is ${ARCH_OS}"

    umask 0022
    tmp_path="$(mktemp -t -d guix.XXX)"

    guix_get_bin_list "${GNU_URL}"
    guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"

    sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
    sys_create_build_user
    sys_enable_guix_daemon
    sys_authorize_build_farms
    sys_create_init_profile
    sys_create_shell_completion

    _msg "${INF}cleaning up ${tmp_path}"
    rm -r "${tmp_path}"

    _msg "${PAS}Guix has successfully been installed!"
    _msg "${INF}Run 'info guix' to read the manual."

    # Required to source /etc/profile in desktop environments.
    _msg "${INF}Please log out and back in to complete the installation."
 }

main "$@"
Commit	Line	Data
f5fdc54d	1	#!/bin/sh
6f4e8693 RW	2	# GNU Guix --- Functional package management for GNU
	3	# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
	4	# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
ea6b1bae	5	# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
ebbf9154	6	# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
cabac732	7	# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
b3fba5ef	8	# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
8311e4e1	9	# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
9d34b04f	10	# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
a16eb6c5	11	# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
6f4e8693 RW	12	#
	13	# This file is part of GNU Guix.
	14	#
	15	# GNU Guix is free software; you can redistribute it and/or modify it
	16	# under the terms of the GNU General Public License as published by
	17	# the Free Software Foundation; either version 3 of the License, or (at
	18	# your option) any later version.
	19	#
	20	# GNU Guix is distributed in the hope that it will be useful, but
	21	# WITHOUT ANY WARRANTY; without even the implied warranty of
	22	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	23	# GNU General Public License for more details.
	24	#
	25	# You should have received a copy of the GNU General Public License
	26	# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	27
f5fdc54d LC	28	# We require Bash but for portability we'd rather not use /bin/bash or
	29	# /usr/bin/env in the shebang, hence this hack.
	30	if [ "x$BASH_VERSION" = "x" ]
	31	then
	32	exec bash "$0" "$@"
	33	fi
	34
6f4e8693 RW	35	set -e
	36
	37	[ "$UID" -eq 0 ] \|\| { echo "This script must be run as root."; exit 1; }
	38
	39	REQUIRE=(
	40	"dirname"
	41	"readlink"
	42	"wget"
	43	"gpg"
	44	"grep"
	45	"which"
	46	"sed"
	47	"sort"
	48	"getent"
	49	"mktemp"
	50	"rm"
	51	"chmod"
	52	"uname"
	53	"groupadd"
	54	"tail"
	55	"tr"
39939e30	56	"xz"
6f4e8693 RW	57	)
	58
	59	PAS=$'[ \033[32;1mPASS\033[0m ] '
	60	ERR=$'[ \033[31;1mFAIL\033[0m ] '
b2683a2b	61	WAR=$'[ \033[33;1mWARN\033[0m ] '
6f4e8693 RW	62	INF="[ INFO ] "
	63
	64	DEBUG=0
3a3e9f2b	65	GNU_URL="https://ftp.gnu.org/gnu/guix/"
8311e4e1	66	#GNU_URL="https://alpha.gnu.org/gnu/guix/"
6f4e8693 RW	67	OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
6f4e8693 RW	68
3cd4447f CM	69	# This script needs to know where root's home directory is. However, we
	70	# cannot simply use the HOME environment variable, since there is no guarantee
	71	# that it points to root's home directory.
	72	ROOT_HOME="$(echo ~root)"
	73
6f4e8693 RW	74	# ------------------------------------------------------------------------------
	75	#+UTILITIES
	76
	77	_err()
	78	{ # All errors go to stderr.
	79	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	80	}
	81
	82	_msg()
	83	{ # Default message to stdout.
	84	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	85	}
	86
	87	_debug()
	88	{
	89	if [ "${DEBUG}" = '1' ]; then
	90	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	91	fi
	92	}
	93
	94
	95	chk_require()
	96	{ # Check that every required command is available.
6f4e8693	97	declare -a warn
7a2e0c52	98	local c
6f4e8693	99
6f4e8693 RW	100	_debug "--- [ $FUNCNAME ] ---"
6f4e8693 RW	101
6c77d79a	102	for c in "$@"; do
593fe736	103	command -v "$c" &>/dev/null \|\| warn+=("$c")
6f4e8693 RW	104	done
	105
	106	[ "${#warn}" -ne 0 ] &&
	107	{ _err "${ERR}Missing commands: ${warn[*]}.";
	108	return 1; }
	109
	110	_msg "${PAS}verification of required commands completed"
5d8e505c TGR	111	}
	112
	113	chk_gpg_keyring()
	114	{ # Check whether the Guix release signing public key is present.
	115	_debug "--- [ $FUNCNAME ] ---"
6f4e8693	116
9b2644c2 TGR	117	# Without --dry-run this command will create a ~/.gnupg owned by root on
	118	# systems where gpg has never been used, causing errors and confusion.
	119	gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 \|\| (
6f4e8693	120	_err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
ea0da486	121	echo " wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - \| sudo -i gpg --import -"
6f4e8693 RW	122	exit 1
	123	)
	124	}
	125
	126	chk_term()
	127	{ # Check for ANSI terminal for color printing.
	128	local ansi_term
	129
	130	if [ -t 2 ]; then
	131	if [ "${TERM+set}" = 'set' ]; then
	132	case "$TERM" in
	133	xterm\|rxvt\|urxvt\|linux\|vt\|eterm\|screen*)
	134	ansi_term=true
	135	;;
	136	*)
	137	ansi_term=false
	138	ERR="[ FAIL ] "
	139	PAS="[ PASS ] "
	140	;;
	141	esac
	142	fi
	143	fi
	144	}
	145
	146	chk_init_sys()
	147	{ # Return init system type name.
	148	if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
	149	_msg "${INF}init system is: upstart"
	150	INIT_SYS="upstart"
	151	return 0
dc1aede3	152	elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
6f4e8693 RW	153	_msg "${INF}init system is: systemd"
	154	INIT_SYS="systemd"
	155	return 0
	156	elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
	157	_msg "${INF}init system is: sysv-init"
	158	INIT_SYS="sysv-init"
	159	return 0
cabac732 MS	160	elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
	161	_msg "${INF}init system is: OpenRC"
	162	INIT_SYS="openrc"
	163	return 0
6f4e8693 RW	164	else
	165	INIT_SYS="NA"
	166	_err "${ERR}Init system could not be detected."
	167	fi
	168	}
	169
	170	chk_sys_arch()
	171	{ # Check for operating system and architecture type.
	172	local os
	173	local arch
	174
	175	os="$(uname -s)"
	176	arch="$(uname -m)"
	177
	178	case "$arch" in
	179	i386 \| i486 \| i686 \| i786 \| x86)
	180	local arch=i686
	181	;;
	182	x86_64 \| x86-64 \| x64 \| amd64)
	183	local arch=x86_64
	184	;;
ea6b1bae EF	185	aarch64)
	186	local arch=aarch64
	187	;;
7c164068 VL	188	armv7l)
	189	local arch=armhf
	190	;;
a16eb6c5 CM	191	ppc64le \| powerpc64le)
	192	local arch=powerpc64le
	193	;;
6f4e8693 RW	194	*)
	195	_err "${ERR}Unsupported CPU type: ${arch}"
	196	exit 1
	197	esac
	198
	199	case "$os" in
	200	Linux \| linux)
	201	local os=linux
	202	;;
	203	*)
	204	_err "${ERR}Your operation system (${os}) is not supported."
	205	exit 1
	206	esac
	207
	208	ARCH_OS="${arch}-${os}"
	209	}
	210
b2683a2b	211	chk_sys_nscd()
	212	{ # Check if nscd is up and suggest to start it or install it
	213	if [ "$(type -P pidof)" ]; then
	214	if [ ! "$(pidof nscd)" ]; then
	215	_msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
	216	_msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
	217	fi
	218	else
	219	_msg "${INF}We cannot determine if your distribution 'nscd' service is running"
	220	_msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
	221	fi
	222	}
	223
6f4e8693 RW	224	# ------------------------------------------------------------------------------
	225	#+MAIN
	226
	227	guix_get_bin_list()
	228	{ # Scan GNU archive and save list of binaries
	229	local gnu_url="$1"
	230	local -a bin_ver_ls
	231	local latest_ver
	232	local default_ver
	233
	234	_debug "--- [ $FUNCNAME ] ---"
	235
	236	# Filter only version and architecture
	237	bin_ver_ls=("$(wget -qO- "$gnu_url" \
8311e4e1	238	\| sed -n -e 's/.guix-binary-\([0-9.][a-z0-9]\)\...tar.xz.*/\1/p' \
6f4e8693 RW	239	\| sort -Vu)")
6f4e8693 RW	240
1f4e878f	241	latest_ver="$(echo "${bin_ver_ls[0]}" \
8311e4e1	242	\| grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
6f4e8693 RW	243	\| tail -n1)"
	244
	245	default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
	246
	247	if [[ "${#bin_ver_ls}" -ne "0" ]]; then
	248	_msg "${PAS}Release for your system: ${default_ver}"
	249	else
	250	_err "${ERR}Could not obtain list of Guix releases."
	251	exit 1
	252	fi
	253
	254	# Use default to download according to the list and local ARCH_OS.
1f4e878f	255	BIN_VER="${default_ver}"
6f4e8693 RW	256	}
	257
	258	guix_get_bin()
	259	{ # Download and verify binary package.
	260	local url="$1"
	261	local bin_ver="$2"
	262	local dl_path="$3"
	263
	264	_debug "--- [ $FUNCNAME ] ---"
	265
	266	_msg "${INF}Downloading Guix release archive"
	267
	268	wget --help \| grep -q '\--show-progress' && \
	269	_PROGRESS_OPT="-q --show-progress" \|\| _PROGRESS_OPT=""
	270	wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
	271
	272	if [[ "$?" -eq 0 ]]; then
	273	_msg "${PAS}download completed."
	274	else
	275	_err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
	276	exit 1
	277	fi
	278
d2532317	279	pushd "${dl_path}" >/dev/null
6f4e8693 RW	280	gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
	281	if [[ "$?" -eq 0 ]]; then
	282	_msg "${PAS}Signature is valid."
	283	popd >/dev/null
	284	else
	285	_err "${ERR}could not verify the signature."
	286	exit 1
	287	fi
	288	}
	289
	290	sys_create_store()
	291	{ # Unpack and install /gnu/store and /var/guix
	292	local pkg="$1"
	293	local tmp_path="$2"
	294
	295	_debug "--- [ $FUNCNAME ] ---"
	296
	297	cd "$tmp_path"
f72bafe3	298	tar --extract \
6f4e8693 RW	299	--file "$pkg" &&
	300	_msg "${PAS}unpacked archive"
	301
	302	if [[ -e "/var/guix" \|\| -e "/gnu" ]]; then
	303	_err "${ERR}A previous Guix installation was found. Refusing to overwrite."
	304	exit 1
	305	else
	306	_msg "${INF}Installing /var/guix and /gnu..."
	307	mv "${tmp_path}/var/guix" /var/
	308	mv "${tmp_path}/gnu" /
	309	fi
	310
	311	_msg "${INF}Linking the root user's profile"
e9926f80 LC	312	mkdir -p "${ROOT_HOME}/.config/guix"
	313	ln -sf /var/guix/profiles/per-user/root/current-guix \
	314	"${ROOT_HOME}/.config/guix/current"
6f4e8693	315
e9926f80	316	GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
6f4e8693	317	source "${GUIX_PROFILE}/etc/profile"
e9926f80	318	_msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
6f4e8693 RW	319	}
	320
	321	sys_create_build_user()
	322	{ # Create the group and user accounts for build users.
	323
	324	_debug "--- [ $FUNCNAME ] ---"
	325
	326	if [ $(getent group guixbuild) ]; then
	327	_msg "${INF}group guixbuild exists"
	328	else
	329	groupadd --system guixbuild
	330	_msg "${PAS}group <guixbuild> created"
	331	fi
	332
8e214c53 LF	333	if [ $(getent group kvm) ]; then
	334	_msg "${INF}group kvm exists and build users will be added to it"
	335	local KVMGROUP=,kvm
	336	fi
	337
6f4e8693 RW	338	for i in $(seq -w 1 10); do
	339	if id "guixbuilder${i}" &>/dev/null; then
	340	_msg "${INF}user is already in the system, reset"
8e214c53	341	usermod -g guixbuild -G guixbuild${KVMGROUP} \
6f4e8693 RW	342	-d /var/empty -s "$(which nologin)" \
	343	-c "Guix build user $i" \
	344	"guixbuilder${i}";
	345	else
8e214c53	346	useradd -g guixbuild -G guixbuild${KVMGROUP} \
6f4e8693 RW	347	-d /var/empty -s "$(which nologin)" \
	348	-c "Guix build user $i" --system \
	349	"guixbuilder${i}";
	350	_msg "${PAS}user added <guixbuilder${i}>"
	351	fi
	352	done
	353	}
	354
	355	sys_enable_guix_daemon()
	356	{ # Run the daemon, and set it to automatically start on boot.
	357
	358	local info_path
	359	local local_bin
	360	local var_guix
	361
	362	_debug "--- [ $FUNCNAME ] ---"
	363
	364	info_path="/usr/local/share/info"
	365	local_bin="/usr/local/bin"
e9926f80	366	var_guix="/var/guix/profiles/per-user/root/current-guix"
6f4e8693 RW	367
	368	case "$INIT_SYS" in
	369	upstart)
	370	{ initctl reload-configuration;
e9926f80	371	cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
6f4e8693 RW	372	/etc/init/ &&
	373	start guix-daemon; } &&
	374	_msg "${PAS}enabled Guix daemon via upstart"
	375	;;
	376	systemd)
1a1faa78 TGR	377	{ # systemd .mount units must be named after the target directory.
1a1faa78 TGR	378	# Here we assume a hard-coded name of /gnu/store.
ebbf9154 TGR	379	# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
	380	if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
	381	cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
	382	/etc/systemd/system/;
	383	chmod 664 /etc/systemd/system/gnu-store.mount;
d6f303d4 TGR	384	systemctl daemon-reload &&
d6f303d4 TGR	385	systemctl enable gnu-store.mount;
ebbf9154	386	fi
1a1faa78 TGR	387
1a1faa78 TGR	388	cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
6f4e8693 RW	389	/etc/systemd/system/;
6f4e8693 RW	390	chmod 664 /etc/systemd/system/guix-daemon.service;
e1e3fe08	391
7c164068 VL	392	# Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
	393	sed -i /etc/systemd/system/guix-daemon.service \
	394	-e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
e1e3fe08	395
7c164068 VL	396	# Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
	397	if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
	398	then sed -i /etc/systemd/system/guix-daemon.service \
	399	-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
	400	fi;
e1e3fe08	401
6f4e8693	402	systemctl daemon-reload &&
d6f303d4 TGR	403	systemctl enable guix-daemon &&
d6f303d4 TGR	404	systemctl start guix-daemon; } &&
6f4e8693 RW	405	_msg "${PAS}enabled Guix daemon via systemd"
6f4e8693 RW	406	;;
fe60ef99 DM	407	sysv-init)
	408	{ mkdir -p /etc/init.d;
	409	cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
	410	/etc/init.d/guix-daemon;
	411	chmod 775 /etc/init.d/guix-daemon;
	412
	413	update-rc.d guix-daemon defaults &&
	414	update-rc.d guix-daemon enable &&
	415	service guix-daemon start; } &&
	416	_msg "${PAS}enabled Guix daemon via sysv"
	417	;;
cabac732 MS	418	openrc)
	419	{ mkdir -p /etc/init.d;
	420	cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
	421	/etc/init.d/guix-daemon;
	422	chmod 775 /etc/init.d/guix-daemon;
	423
	424	rc-update add guix-daemon default &&
	425	rc-service guix-daemon start; } &&
	426	_msg "${PAS}enabled Guix daemon via OpenRC"
	427	;;
6f4e8693 RW	428	NA\|*)
6f4e8693 RW	429	_msg "${ERR}unsupported init system; run the daemon manually:"
e9926f80	430	echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
6f4e8693 RW	431	;;
	432	esac
	433
	434	_msg "${INF}making the guix command available to other users"
	435
	436	[ -e "$local_bin" ] \|\| mkdir -p "$local_bin"
	437	ln -sf "${var_guix}/bin/guix" "$local_bin"
	438
	439	[ -e "$info_path" ] \|\| mkdir -p "$info_path"
b4a1252b	440	for i in "${var_guix}"/share/info/*; do
6f4e8693 RW	441	ln -sf "$i" "$info_path"
	442	done
	443	}
	444
	445	sys_authorize_build_farms()
414c4de1	446	{ # authorize the public key of the build farm
6f4e8693	447	while true; do
414c4de1	448	read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
6f4e8693	449	case $yn in
414c4de1	450	[Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
825c39bf	451	_msg "${PAS}Authorized public key for ci.guix.gnu.org";
6f4e8693 RW	452	break;;
	453	[Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
	454	break;;
	455	*) _msg "Please answer yes or no.";
	456	esac
	457	done
	458	}
	459
30810aff PG	460	sys_create_init_profile()
30810aff PG	461	{ # Create /etc/profile.d/guix.sh for better desktop integration
2ffd1314	462	# This will not take effect until the next shell or desktop session!
29ba58c0	463	[ -d "/etc/profile.d" ] \|\| mkdir /etc/profile.d # Just in case
30810aff PG	464	cat <<"EOF" > /etc/profile.d/guix.sh
	465	# _GUIX_PROFILE: `guix pull` profile
	466	_GUIX_PROFILE="$HOME/.config/guix/current"
9d34b04f JK	467	export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
	468	# Export INFOPATH so that the updated info pages can be found
	469	# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
	470	# When INFOPATH is unset, add a trailing colon so that Emacs
	471	# searches 'Info-default-directory-list'.
	472	export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
30810aff PG	473
	474	# GUIX_PROFILE: User's default profile
	475	GUIX_PROFILE="$HOME/.guix-profile"
	476	[ -L $GUIX_PROFILE ] \|\| return
	477	GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
	478	export GUIX_PROFILE GUIX_LOCPATH
	479
e69b8bba	480	[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
30810aff PG	481
30810aff PG	482	# set XDG_DATA_DIRS to include Guix installations
7ff169d0	483	export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
30810aff PG	484	EOF
	485	}
	486
b3fba5ef	487	sys_create_shell_completion()
	488	{ # Symlink supported shell completions system-wide
	489
	490	var_guix=/var/guix/profiles/per-user/root/current-guix
	491	bash_completion=/etc/bash_completion.d
	492	zsh_completion=/usr/share/zsh/site-functions
	493	fish_completion=/usr/share/fish/vendor_completions.d
	494
	495	{ # Just in case
	496	for dir_shell in $bash_completion $zsh_completion $fish_completion; do
	497	[ -d "$dir_shell" ] \|\| mkdir -p $dir_shell
	498	done;
	499
	500	ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
	501	ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
	502	ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
	503	_msg "${PAS}installed shell completion"
	504	}
	505
	506
6f4e8693 RW	507	welcome()
	508	{
	509	cat<<"EOF"
	510	░░░ ░░░
	511	░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
	512	░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
	513	░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
	514	░▒▒▒▒░ ░░░░░░
	515	▒▒▒▒▒ ░░░░░░
	516	▒▒▒▒▒ ░░░░░
	517	░▒▒▒▒▒ ░░░░░
	518	▒▒▒▒▒ ░░░░░
	519	▒▒▒▒▒ ░░░░░
	520	░▒▒▒▒▒░░░░░
	521	▒▒▒▒▒▒░░░
	522	▒▒▒▒▒▒░
	523	_____ _ _ _ _ _____ _
	524	/ ____\| \ \| \| \| \| \| / ____\| (_)
	525	\| \| __\| \\| \| \| \| \| \| \| __ _ _ ___ __
	526	\| \| \|_ \| . ' \| \| \| \| \| \| \|_ \| \| \| \| \ \/ /
	527	\| \|__\| \| \|\ \| \|__\| \| \| \|__\| \| \|_\| \| \|> <
	528	\_____\|_\| \_\|\____/ \_____\|\__,_\|_/_/\_\
	529
	530	This script installs GNU Guix on your system
	531
	532	https://www.gnu.org/software/guix/
	533	EOF
	534	echo -n "Press return to continue..."
	535	read -r ANSWER
	536	}
	537
	538	main()
	539	{
	540	local tmp_path
	541	welcome
	542
	543	_msg "Starting installation ($(date))"
	544
	545	chk_term
6c77d79a	546	chk_require "${REQUIRE[@]}"
5d8e505c	547	chk_gpg_keyring
6f4e8693 RW	548	chk_init_sys
6f4e8693 RW	549	chk_sys_arch
b2683a2b	550	chk_sys_nscd
6f4e8693 RW	551
	552	_msg "${INF}system is ${ARCH_OS}"
	553
32c06aff	554	umask 0022
6f4e8693 RW	555	tmp_path="$(mktemp -t -d guix.XXX)"
	556
	557	guix_get_bin_list "${GNU_URL}"
	558	guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
	559
	560	sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
	561	sys_create_build_user
	562	sys_enable_guix_daemon
	563	sys_authorize_build_farms
30810aff	564	sys_create_init_profile
b3fba5ef	565	sys_create_shell_completion
6f4e8693 RW	566
	567	_msg "${INF}cleaning up ${tmp_path}"
	568	rm -r "${tmp_path}"
	569
	570	_msg "${PAS}Guix has successfully been installed!"
	571	_msg "${INF}Run 'info guix' to read the manual."
2ffd1314 TGR	572
	573	# Required to source /etc/profile in desktop environments.
	574	_msg "${INF}Please log out and back in to complete the installation."
6f4e8693 RW	575	}
	576
	577	main "$@"