[jackhill/guix/guix.git] / etc / guix-install.sh

#!/bin/sh
# GNU Guix --- Functional package management for GNU
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

# We require Bash but for portability we'd rather not use /bin/bash or
# /usr/bin/env in the shebang, hence this hack.
if [ "x$BASH_VERSION" = "x" ]
then
    exec bash "$0" "$@"
fi

set -e

[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }

REQUIRE=(
    "dirname"
    "readlink"
    "wget"
    "gpg"
    "grep"
    "which"
    "sed"
    "sort"
    "getent"
    "mktemp"
    "rm"
    "chmod"
    "uname"
    "groupadd"
    "tail"
    "tr"
    "xz"
)

PAS=$'[ \033[32;1mPASS\033[0m ] '
ERR=$'[ \033[31;1mFAIL\033[0m ] '
WAR=$'[ \033[33;1mWARN\033[0m ] '
INF="[ INFO ] "

DEBUG=0
GNU_URL="https://ftp.gnu.org/gnu/guix/"
#GNU_URL="https://alpha.gnu.org/gnu/guix/"

# The following associative array holds set of GPG keys used to sign the
# releases, keyed by their corresponding Savannah user ID.
declare -A GPG_SIGNING_KEYS
GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5  # ludo
GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim

# ------------------------------------------------------------------------------
#+UTILITIES

_err()
{ # All errors go to stderr.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_msg()
{ # Default message to stdout.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_debug()
{
    if [ "${DEBUG}" = '1' ]; then
        printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
    fi
}

# Return true if user answered yes, false otherwise.
# $1: The prompt question.
prompt_yes_no() {
    while true; do
        read -rp "$1 " yn
        case $yn in
            [Yy]*) return 0;;
            [Nn]*) return 1;;
            *) _msg "Please answer yes or no."
        esac
    done
}

chk_require()
{ # Check that every required command is available.
    declare -a warn
    local c

    _debug "--- [ ${FUNCNAME[0]} ] ---"

    for c in "$@"; do
        command -v "$c" &>/dev/null || warn+=("$c")
    done

    [ "${#warn}" -ne 0 ] &&
        { _err "${ERR}Missing commands: ${warn[*]}.";
          return 1; }
    
    _msg "${PAS}verification of required commands completed"
}

chk_gpg_keyring()
{ # Check whether the Guix release signing public key is present.
    _debug "--- [ ${FUNCNAME[0]} ] ---"
    local user_id
    local gpg_key_id
    local exit_flag

    for user_id in "${!GPG_SIGNING_KEYS[@]}"; do
        gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
        # Without --dry-run this command will create a ~/.gnupg owned by root on
        # systems where gpg has never been used, causing errors and confusion.
        if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
            if prompt_yes_no "${INF}The following OpenPGP public key is \
required to verify the Guix binary signature: $gpg_key_id.
Would you like me to fetch it for you? (yes/no)"; then
                wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
                     --no-verbose -O- | gpg --import -
            else
                _err "${ERR}Missing OpenPGP public key ($gpg_key_id).
Fetch it with this command:

  wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - | \
sudo -i gpg --import -"
                exit_flag=yes
            fi
        fi
    done
    if [ "$exit_flag" = yes ]; then
        exit 1
    fi
}

chk_term()
{ # Check for ANSI terminal for color printing.
    if [ -t 2 ]; then
        if [ "${TERM+set}" = 'set' ]; then
            case "$TERM" in
                xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
                    ;;
                *)
                    ERR="[ FAIL ] "
                    PAS="[ PASS ] "
                    ;;
            esac
        fi
    fi
}

chk_init_sys()
{ # Return init system type name.
    if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
        _msg "${INF}init system is: upstart"
        INIT_SYS="upstart"
        return 0
    elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
        _msg "${INF}init system is: systemd"
        INIT_SYS="systemd"
        return 0
    elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
        _msg "${INF}init system is: sysv-init"
        INIT_SYS="sysv-init"
        return 0
    elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
        _msg "${INF}init system is: OpenRC"
        INIT_SYS="openrc"
        return 0
    else
        INIT_SYS="NA"
        _err "${ERR}Init system could not be detected."
    fi
}

chk_sys_arch()
{ # Check for operating system and architecture type.
    local os
    local arch

    os="$(uname -s)"
    arch="$(uname -m)"

    case "$arch" in
        i386 | i486 | i686 | i786 | x86)
            local arch=i686
            ;;
        x86_64 | x86-64 | x64 | amd64)
            local arch=x86_64
            ;;
        aarch64)
            local arch=aarch64
            ;;
        armv7l)
            local arch=armhf
            ;;
        ppc64le | powerpc64le)
            local arch=powerpc64le
            ;;
        *)
            _err "${ERR}Unsupported CPU type: ${arch}"
            exit 1
    esac

    case "$os" in
        Linux | linux)
            local os=linux
            ;;
        *)
            _err "${ERR}Your operation system (${os}) is not supported."
            exit 1
    esac

    ARCH_OS="${arch}-${os}"
}

chk_sys_nscd()
{ # Check if nscd is up and suggest to start it or install it
    if [ "$(type -P pidof)" ]; then
        if [ ! "$(pidof nscd)" ]; then
            _msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
            _msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
        fi
    else
        _msg "${INF}We cannot determine if your distribution 'nscd' service is running"
        _msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
    fi
}

# Configure substitute discovery according to user's preferences.
# $1 is the installed service file to edit.
configure_substitute_discovery() {
    if grep -q -- '--discover=no' "$1" && \
            prompt_yes_no "Would you like the Guix daemon to automatically \
discover substitute servers on the local network? (yes/no)"; then
        sed -i 's/--discover=no/--discover=yes/' "$1"
    fi
}

# ------------------------------------------------------------------------------
#+MAIN

guix_get_bin_list()
{ # Scan GNU archive and save list of binaries
    local gnu_url="$1"
    local -a bin_ver_ls
    local latest_ver
    local default_ver

    _debug "--- [ ${FUNCNAME[0]} ] ---"

    # Filter only version and architecture
    bin_ver_ls=("$(wget "$gnu_url" --no-verbose -O- \
        | sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
        | sort -Vu)")

    latest_ver="$(echo "${bin_ver_ls[0]}" \
                       | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
                       | tail -n1)"

    default_ver="guix-binary-${latest_ver}.${ARCH_OS}"

    if [[ "${#bin_ver_ls}" -ne "0" ]]; then
        _msg "${PAS}Release for your system: ${default_ver}"
    else
        _err "${ERR}Could not obtain list of Guix releases."
        exit 1
    fi

    # Use default to download according to the list and local ARCH_OS.
    BIN_VER="${default_ver}"
}

guix_get_bin()
{ # Download and verify binary package.
    local url="$1"
    local bin_ver="$2"
    local dl_path="$3"
    local wget_args=()

    _debug "--- [ ${FUNCNAME[0]} ] ---"

    _msg "${INF}Downloading Guix release archive"

    wget --help | grep -q '\--show-progress' \
        && wget_args=("--no-verbose" "--show-progress")

    if wget "${wget_args[@]}" -P "$dl_path" \
            "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
        _msg "${PAS}download completed."
    else
        _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
        exit 1
    fi

    pushd "${dl_path}" >/dev/null
    if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then
        _msg "${PAS}Signature is valid."
        popd >/dev/null
    else
        _err "${ERR}could not verify the signature."
        exit 1
    fi
}

sys_create_store()
{ # Unpack and install /gnu/store and /var/guix
    local pkg="$1"
    local tmp_path="$2"

    _debug "--- [ ${FUNCNAME[0]} ] ---"

    if [[ -e "/var/guix" || -e "/gnu" ]]; then
        _err "${ERR}A previous Guix installation was found.  Refusing to overwrite."
        exit 1
    fi

    cd "$tmp_path"
    tar --extract --file "$pkg" && _msg "${PAS}unpacked archive"

    _msg "${INF}Installing /var/guix and /gnu..."
    mv "${tmp_path}/var/guix" /var/
    mv "${tmp_path}/gnu" /

    _msg "${INF}Linking the root user's profile"
    mkdir -p "~root/.config/guix"
    ln -sf /var/guix/profiles/per-user/root/current-guix \
       "~root/.config/guix/current"

    GUIX_PROFILE="~root/.config/guix/current"
    # shellcheck disable=SC1090
    source "${GUIX_PROFILE}/etc/profile"
    _msg "${PAS}activated root profile at ${GUIX_PROFILE}"
}

sys_create_build_user()
{ # Create the group and user accounts for build users.

    _debug "--- [ ${FUNCNAME[0]} ] ---"

    if getent group guixbuild > /dev/null; then
        _msg "${INF}group guixbuild exists"
    else
        groupadd --system guixbuild
        _msg "${PAS}group <guixbuild> created"
    fi

    if getent group kvm > /dev/null; then
        _msg "${INF}group kvm exists and build users will be added to it"
        local KVMGROUP=,kvm
    fi

    for i in $(seq -w 1 10); do
        if id "guixbuilder${i}" &>/dev/null; then
            _msg "${INF}user is already in the system, reset"
            usermod -g guixbuild -G guixbuild${KVMGROUP}     \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i"             \
                    "guixbuilder${i}";
        else
            useradd -g guixbuild -G guixbuild${KVMGROUP}     \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i" --system    \
                    "guixbuilder${i}";
            _msg "${PAS}user added <guixbuilder${i}>"
        fi
    done
}

sys_enable_guix_daemon()
{ # Run the daemon, and set it to automatically start on boot.

    local info_path
    local local_bin
    local var_guix

    _debug "--- [ ${FUNCNAME[0]} ] ---"

    info_path="/usr/local/share/info"
    local_bin="/usr/local/bin"
    var_guix="/var/guix/profiles/per-user/root/current-guix"

    case "$INIT_SYS" in
        upstart)
            { initctl reload-configuration;
              cp "~root/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
                 /etc/init/ &&
                  configure_substitute_discovery /etc/init/guix-daemon.conf &&
                  start guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via upstart"
            ;;
        systemd)
            { # systemd .mount units must be named after the target directory.
              # Here we assume a hard-coded name of /gnu/store.
              # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
              if [ -f "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
                  cp "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" \
                     /etc/systemd/system/;
                  chmod 664 /etc/systemd/system/gnu-store.mount;
                  systemctl daemon-reload &&
                      systemctl enable gnu-store.mount;
              fi

              cp "~root/.config/guix/current/lib/systemd/system/guix-daemon.service" \
                 /etc/systemd/system/;
              chmod 664 /etc/systemd/system/guix-daemon.service;

              # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
              sed -i /etc/systemd/system/guix-daemon.service \
                  -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";

              # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
              if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
              then sed -i /etc/systemd/system/guix-daemon.service \
                       -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
              fi;

              configure_substitute_discovery \
                  /etc/systemd/system/guix-daemon.service

              systemctl daemon-reload &&
                  systemctl enable guix-daemon &&
                  systemctl start  guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via systemd"
            ;;
        sysv-init)
            { mkdir -p /etc/init.d;
              cp "~root/.config/guix/current/etc/init.d/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              configure_substitute_discovery /etc/init.d/guix-daemon

              update-rc.d guix-daemon defaults &&
                  update-rc.d guix-daemon enable &&
                  service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via sysv"
            ;;
        openrc)
            { mkdir -p /etc/init.d;
              cp "~root/.config/guix/current/etc/openrc/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              configure_substitute_discovery /etc/init.d/guix-daemon

              rc-update add guix-daemon default &&
                  rc-service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via OpenRC"
            ;;
        NA|*)
            _msg "${ERR}unsupported init system; run the daemon manually:"
            echo "  ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
            ;;
    esac

    _msg "${INF}making the guix command available to other users"

    [ -e "$local_bin" ] || mkdir -p "$local_bin"
    ln -sf "${var_guix}/bin/guix"  "$local_bin"

    [ -e "$info_path" ] || mkdir -p "$info_path"
    for i in "${var_guix}"/share/info/*; do
        ln -sf "$i" "$info_path"
    done
}

sys_authorize_build_farms()
{ # authorize the public key of the build farm
    if prompt_yes_no "Permit downloading pre-built package binaries from the \
project's build farm? (yes/no)"; then
        guix archive --authorize \
             < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
        else
            _msg "${INF}Skipped authorizing build farm public keys"
    fi
}

sys_create_init_profile()
{ # Define for better desktop integration
  # This will not take effect until the next shell or desktop session!
    [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
    cat <<"EOF" > /etc/profile.d/guix.sh
# _GUIX_PROFILE: `guix pull` profile
_GUIX_PROFILE="$HOME/.config/guix/current"
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
# Export INFOPATH so that the updated info pages can be found
# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
# When INFOPATH is unset, add a trailing colon so that Emacs
# searches 'Info-default-directory-list'.
export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"

# GUIX_PROFILE: User's default profile
GUIX_PROFILE="$HOME/.guix-profile"
[ -L $GUIX_PROFILE ] || return
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
export GUIX_LOCPATH

[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"

# set XDG_DATA_DIRS to include Guix installations
export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
EOF
}

sys_create_shell_completion()
{ # Symlink supported shell completions system-wide

    var_guix=/var/guix/profiles/per-user/root/current-guix
    bash_completion=/etc/bash_completion.d
    zsh_completion=/usr/share/zsh/site-functions
    fish_completion=/usr/share/fish/vendor_completions.d

    { # Just in case
        for dir_shell in $bash_completion $zsh_completion $fish_completion; do
            [ -d "$dir_shell" ] || mkdir -p $dir_shell
        done;

        ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
        ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
        ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
        _msg "${PAS}installed shell completion"
}


welcome()
{
    cat<<"EOF"
    ░░░                                     ░░░
    ░░▒▒░░░░░░░░░               ░░░░░░░░░▒▒░░
     ░░▒▒▒▒▒░░░░░░░           ░░░░░░░▒▒▒▒▒░
         ░▒▒▒░░▒▒▒▒▒         ░░░░░░░▒▒░
               ░▒▒▒▒░       ░░░░░░
                ▒▒▒▒▒      ░░░░░░
                 ▒▒▒▒▒     ░░░░░
                 ░▒▒▒▒▒   ░░░░░
                  ▒▒▒▒▒   ░░░░░
                   ▒▒▒▒▒ ░░░░░
                   ░▒▒▒▒▒░░░░░
                    ▒▒▒▒▒▒░░░
                     ▒▒▒▒▒▒░
     _____ _   _ _    _    _____       _
    / ____| \ | | |  | |  / ____|     (_)
   | |  __|  \| | |  | | | |  __ _   _ ___  __
   | | |_ | . ' | |  | | | | |_ | | | | \ \/ /
   | |__| | |\  | |__| | | |__| | |_| | |>  <
    \_____|_| \_|\____/   \_____|\__,_|_/_/\_\

This script installs GNU Guix on your system

https://www.gnu.org/software/guix/
EOF
    echo -n "Press return to continue..."
    read -r
}

main()
{
    local tmp_path
    welcome

    _msg "Starting installation ($(date))"

    chk_term
    chk_require "${REQUIRE[@]}"
    chk_gpg_keyring
    chk_init_sys
    chk_sys_arch
    chk_sys_nscd

    _msg "${INF}system is ${ARCH_OS}"

    umask 0022
    tmp_path="$(mktemp -t -d guix.XXX)"

    if [ -z "${GUIX_BINARY_FILE_NAME}" ]; then
        guix_get_bin_list "${GNU_URL}"
        guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
        GUIX_BINARY_FILE_NAME=${BIN_VER}.tar.xz
    else
        if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
            _err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
        fi
        _msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
        GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
    fi

    sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
    sys_create_build_user
    sys_enable_guix_daemon
    sys_authorize_build_farms
    sys_create_init_profile
    sys_create_shell_completion

    _msg "${INF}cleaning up ${tmp_path}"
    rm -r "${tmp_path}"

    _msg "${PAS}Guix has successfully been installed!"
    _msg "${INF}Run 'info guix' to read the manual."

    # Required to source /etc/profile in desktop environments.
    _msg "${INF}Please log out and back in to complete the installation."
 }

main "$@"
Commit	Line	Data
f5fdc54d	1	#!/bin/sh
6f4e8693 RW	2	# GNU Guix --- Functional package management for GNU
	3	# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
	4	# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
ea6b1bae	5	# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
ebbf9154	6	# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
cabac732	7	# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
b3fba5ef	8	# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
8311e4e1	9	# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
9d34b04f	10	# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
a16eb6c5	11	# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
e61fe664	12	# Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
6f4e8693 RW	13	#
	14	# This file is part of GNU Guix.
	15	#
	16	# GNU Guix is free software; you can redistribute it and/or modify it
	17	# under the terms of the GNU General Public License as published by
	18	# the Free Software Foundation; either version 3 of the License, or (at
	19	# your option) any later version.
	20	#
	21	# GNU Guix is distributed in the hope that it will be useful, but
	22	# WITHOUT ANY WARRANTY; without even the implied warranty of
	23	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	24	# GNU General Public License for more details.
	25	#
	26	# You should have received a copy of the GNU General Public License
	27	# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	28
f5fdc54d LC	29	# We require Bash but for portability we'd rather not use /bin/bash or
	30	# /usr/bin/env in the shebang, hence this hack.
	31	if [ "x$BASH_VERSION" = "x" ]
	32	then
	33	exec bash "$0" "$@"
	34	fi
	35
6f4e8693 RW	36	set -e
	37
	38	[ "$UID" -eq 0 ] \|\| { echo "This script must be run as root."; exit 1; }
	39
	40	REQUIRE=(
	41	"dirname"
	42	"readlink"
	43	"wget"
	44	"gpg"
	45	"grep"
	46	"which"
	47	"sed"
	48	"sort"
	49	"getent"
	50	"mktemp"
	51	"rm"
	52	"chmod"
	53	"uname"
	54	"groupadd"
	55	"tail"
	56	"tr"
39939e30	57	"xz"
6f4e8693 RW	58	)
	59
	60	PAS=$'[ \033[32;1mPASS\033[0m ] '
	61	ERR=$'[ \033[31;1mFAIL\033[0m ] '
b2683a2b	62	WAR=$'[ \033[33;1mWARN\033[0m ] '
6f4e8693 RW	63	INF="[ INFO ] "
	64
	65	DEBUG=0
3a3e9f2b	66	GNU_URL="https://ftp.gnu.org/gnu/guix/"
8311e4e1	67	#GNU_URL="https://alpha.gnu.org/gnu/guix/"
18570922 MC	68
	69	# The following associative array holds set of GPG keys used to sign the
	70	# releases, keyed by their corresponding Savannah user ID.
	71	declare -A GPG_SIGNING_KEYS
	72	GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
	73	GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
6f4e8693 RW	74
	75	# ------------------------------------------------------------------------------
	76	#+UTILITIES
	77
	78	_err()
	79	{ # All errors go to stderr.
	80	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	81	}
	82
	83	_msg()
	84	{ # Default message to stdout.
	85	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	86	}
	87
	88	_debug()
	89	{
	90	if [ "${DEBUG}" = '1' ]; then
	91	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	92	fi
	93	}
	94
5b0ce339 MC	95	# Return true if user answered yes, false otherwise.
	96	# $1: The prompt question.
	97	prompt_yes_no() {
	98	while true; do
4cbe0127	99	read -rp "$1 " yn
5b0ce339 MC	100	case $yn in
	101	[Yy]*) return 0;;
	102	[Nn]*) return 1;;
	103	*) _msg "Please answer yes or no."
	104	esac
	105	done
	106	}
6f4e8693 RW	107
	108	chk_require()
	109	{ # Check that every required command is available.
6f4e8693	110	declare -a warn
7a2e0c52	111	local c
6f4e8693	112
e61fe664	113	_debug "--- [ ${FUNCNAME[0]} ] ---"
6f4e8693	114
6c77d79a	115	for c in "$@"; do
593fe736	116	command -v "$c" &>/dev/null \|\| warn+=("$c")
6f4e8693 RW	117	done
	118
	119	[ "${#warn}" -ne 0 ] &&
	120	{ _err "${ERR}Missing commands: ${warn[*]}.";
	121	return 1; }
	122
	123	_msg "${PAS}verification of required commands completed"
5d8e505c TGR	124	}
	125
	126	chk_gpg_keyring()
	127	{ # Check whether the Guix release signing public key is present.
e61fe664	128	_debug "--- [ ${FUNCNAME[0]} ] ---"
18570922 MC	129	local user_id
	130	local gpg_key_id
	131	local exit_flag
	132
	133	for user_id in "${!GPG_SIGNING_KEYS[@]}"; do
	134	gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
	135	# Without --dry-run this command will create a ~/.gnupg owned by root on
	136	# systems where gpg has never been used, causing errors and confusion.
	137	if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
5b0ce339 MC	138	if prompt_yes_no "${INF}The following OpenPGP public key is \
	139	required to verify the Guix binary signature: $gpg_key_id.
	140	Would you like me to fetch it for you? (yes/no)"; then
	141	wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
e4ed0b39	142	--no-verbose -O- \| gpg --import -
5b0ce339 MC	143	else
	144	_err "${ERR}Missing OpenPGP public key ($gpg_key_id).
	145	Fetch it with this command:
	146
e4ed0b39	147	wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - \| \
5b0ce339 MC	148	sudo -i gpg --import -"
	149	exit_flag=yes
	150	fi
18570922 MC	151	fi
18570922 MC	152	done
e61fe664 MC	153	if [ "$exit_flag" = yes ]; then
	154	exit 1
	155	fi
6f4e8693 RW	156	}
	157
	158	chk_term()
	159	{ # Check for ANSI terminal for color printing.
6f4e8693 RW	160	if [ -t 2 ]; then
	161	if [ "${TERM+set}" = 'set' ]; then
	162	case "$TERM" in
	163	xterm\|rxvt\|urxvt\|linux\|vt\|eterm\|screen*)
6f4e8693 RW	164	;;
6f4e8693 RW	165	*)
6f4e8693 RW	166	ERR="[ FAIL ] "
	167	PAS="[ PASS ] "
	168	;;
	169	esac
	170	fi
	171	fi
	172	}
	173
	174	chk_init_sys()
	175	{ # Return init system type name.
	176	if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
	177	_msg "${INF}init system is: upstart"
	178	INIT_SYS="upstart"
	179	return 0
dc1aede3	180	elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
6f4e8693 RW	181	_msg "${INF}init system is: systemd"
	182	INIT_SYS="systemd"
	183	return 0
	184	elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
	185	_msg "${INF}init system is: sysv-init"
	186	INIT_SYS="sysv-init"
	187	return 0
cabac732 MS	188	elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
	189	_msg "${INF}init system is: OpenRC"
	190	INIT_SYS="openrc"
	191	return 0
6f4e8693 RW	192	else
	193	INIT_SYS="NA"
	194	_err "${ERR}Init system could not be detected."
	195	fi
	196	}
	197
	198	chk_sys_arch()
	199	{ # Check for operating system and architecture type.
	200	local os
	201	local arch
	202
	203	os="$(uname -s)"
	204	arch="$(uname -m)"
	205
	206	case "$arch" in
	207	i386 \| i486 \| i686 \| i786 \| x86)
	208	local arch=i686
	209	;;
	210	x86_64 \| x86-64 \| x64 \| amd64)
	211	local arch=x86_64
	212	;;
ea6b1bae EF	213	aarch64)
	214	local arch=aarch64
	215	;;
7c164068 VL	216	armv7l)
	217	local arch=armhf
	218	;;
a16eb6c5 CM	219	ppc64le \| powerpc64le)
	220	local arch=powerpc64le
	221	;;
6f4e8693 RW	222	*)
	223	_err "${ERR}Unsupported CPU type: ${arch}"
	224	exit 1
	225	esac
	226
	227	case "$os" in
	228	Linux \| linux)
	229	local os=linux
	230	;;
	231	*)
	232	_err "${ERR}Your operation system (${os}) is not supported."
	233	exit 1
	234	esac
	235
	236	ARCH_OS="${arch}-${os}"
	237	}
	238
b2683a2b	239	chk_sys_nscd()
	240	{ # Check if nscd is up and suggest to start it or install it
	241	if [ "$(type -P pidof)" ]; then
	242	if [ ! "$(pidof nscd)" ]; then
	243	_msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
	244	_msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
	245	fi
	246	else
	247	_msg "${INF}We cannot determine if your distribution 'nscd' service is running"
	248	_msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
	249	fi
	250	}
	251
4cbe0127 MC	252	# Configure substitute discovery according to user's preferences.
	253	# $1 is the installed service file to edit.
	254	configure_substitute_discovery() {
	255	if grep -q -- '--discover=no' "$1" && \
	256	prompt_yes_no "Would you like the Guix daemon to automatically \
	257	discover substitute servers on the local network? (yes/no)"; then
	258	sed -i 's/--discover=no/--discover=yes/' "$1"
	259	fi
	260	}
	261
6f4e8693 RW	262	# ------------------------------------------------------------------------------
	263	#+MAIN
	264
	265	guix_get_bin_list()
	266	{ # Scan GNU archive and save list of binaries
	267	local gnu_url="$1"
	268	local -a bin_ver_ls
	269	local latest_ver
	270	local default_ver
	271
e61fe664	272	_debug "--- [ ${FUNCNAME[0]} ] ---"
6f4e8693 RW	273
6f4e8693 RW	274	# Filter only version and architecture
e4ed0b39	275	bin_ver_ls=("$(wget "$gnu_url" --no-verbose -O- \
8311e4e1	276	\| sed -n -e 's/.guix-binary-\([0-9.][a-z0-9]\)\...tar.xz.*/\1/p' \
6f4e8693 RW	277	\| sort -Vu)")
6f4e8693 RW	278
1f4e878f	279	latest_ver="$(echo "${bin_ver_ls[0]}" \
8311e4e1	280	\| grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
6f4e8693 RW	281	\| tail -n1)"
	282
	283	default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
	284
	285	if [[ "${#bin_ver_ls}" -ne "0" ]]; then
	286	_msg "${PAS}Release for your system: ${default_ver}"
	287	else
	288	_err "${ERR}Could not obtain list of Guix releases."
	289	exit 1
	290	fi
	291
	292	# Use default to download according to the list and local ARCH_OS.
1f4e878f	293	BIN_VER="${default_ver}"
6f4e8693 RW	294	}
	295
	296	guix_get_bin()
	297	{ # Download and verify binary package.
	298	local url="$1"
	299	local bin_ver="$2"
	300	local dl_path="$3"
e61fe664	301	local wget_args=()
6f4e8693	302
e61fe664	303	_debug "--- [ ${FUNCNAME[0]} ] ---"
6f4e8693 RW	304
	305	_msg "${INF}Downloading Guix release archive"
	306
e61fe664	307	wget --help \| grep -q '\--show-progress' \
e4ed0b39	308	&& wget_args=("--no-verbose" "--show-progress")
6f4e8693	309
e61fe664 MC	310	if wget "${wget_args[@]}" -P "$dl_path" \
	311	"${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
	312	_msg "${PAS}download completed."
6f4e8693 RW	313	else
	314	_err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
	315	exit 1
	316	fi
	317
d2532317	318	pushd "${dl_path}" >/dev/null
e61fe664	319	if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then
6f4e8693 RW	320	_msg "${PAS}Signature is valid."
	321	popd >/dev/null
	322	else
	323	_err "${ERR}could not verify the signature."
	324	exit 1
	325	fi
	326	}
	327
	328	sys_create_store()
	329	{ # Unpack and install /gnu/store and /var/guix
	330	local pkg="$1"
	331	local tmp_path="$2"
	332
e61fe664	333	_debug "--- [ ${FUNCNAME[0]} ] ---"
6f4e8693	334
6f4e8693 RW	335	if [[ -e "/var/guix" \|\| -e "/gnu" ]]; then
	336	_err "${ERR}A previous Guix installation was found. Refusing to overwrite."
	337	exit 1
6f4e8693 RW	338	fi
6f4e8693 RW	339
74009c4c MC	340	cd "$tmp_path"
	341	tar --extract --file "$pkg" && _msg "${PAS}unpacked archive"
	342
	343	_msg "${INF}Installing /var/guix and /gnu..."
	344	mv "${tmp_path}/var/guix" /var/
	345	mv "${tmp_path}/gnu" /
	346
6f4e8693	347	_msg "${INF}Linking the root user's profile"
e61fe664	348	mkdir -p "~root/.config/guix"
e9926f80	349	ln -sf /var/guix/profiles/per-user/root/current-guix \
e61fe664	350	"~root/.config/guix/current"
6f4e8693	351
e61fe664 MC	352	GUIX_PROFILE="~root/.config/guix/current"
e61fe664 MC	353	# shellcheck disable=SC1090
6f4e8693	354	source "${GUIX_PROFILE}/etc/profile"
e61fe664	355	_msg "${PAS}activated root profile at ${GUIX_PROFILE}"
6f4e8693 RW	356	}
	357
	358	sys_create_build_user()
	359	{ # Create the group and user accounts for build users.
	360
e61fe664	361	_debug "--- [ ${FUNCNAME[0]} ] ---"
6f4e8693	362
e61fe664	363	if getent group guixbuild > /dev/null; then
6f4e8693 RW	364	_msg "${INF}group guixbuild exists"
	365	else
	366	groupadd --system guixbuild
	367	_msg "${PAS}group <guixbuild> created"
	368	fi
	369
e61fe664	370	if getent group kvm > /dev/null; then
8e214c53	371	_msg "${INF}group kvm exists and build users will be added to it"
073904c5	372	local KVMGROUP=,kvm
8e214c53 LF	373	fi
8e214c53 LF	374
6f4e8693 RW	375	for i in $(seq -w 1 10); do
	376	if id "guixbuilder${i}" &>/dev/null; then
	377	_msg "${INF}user is already in the system, reset"
8e214c53	378	usermod -g guixbuild -G guixbuild${KVMGROUP} \
6f4e8693 RW	379	-d /var/empty -s "$(which nologin)" \
	380	-c "Guix build user $i" \
	381	"guixbuilder${i}";
	382	else
8e214c53	383	useradd -g guixbuild -G guixbuild${KVMGROUP} \
6f4e8693 RW	384	-d /var/empty -s "$(which nologin)" \
	385	-c "Guix build user $i" --system \
	386	"guixbuilder${i}";
	387	_msg "${PAS}user added <guixbuilder${i}>"
	388	fi
	389	done
	390	}
	391
	392	sys_enable_guix_daemon()
	393	{ # Run the daemon, and set it to automatically start on boot.
	394
	395	local info_path
	396	local local_bin
	397	local var_guix
	398
e61fe664	399	_debug "--- [ ${FUNCNAME[0]} ] ---"
6f4e8693 RW	400
	401	info_path="/usr/local/share/info"
	402	local_bin="/usr/local/bin"
e9926f80	403	var_guix="/var/guix/profiles/per-user/root/current-guix"
6f4e8693 RW	404
	405	case "$INIT_SYS" in
	406	upstart)
	407	{ initctl reload-configuration;
e61fe664	408	cp "~root/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
6f4e8693	409	/etc/init/ &&
4cbe0127	410	configure_substitute_discovery /etc/init/guix-daemon.conf &&
6f4e8693 RW	411	start guix-daemon; } &&
	412	_msg "${PAS}enabled Guix daemon via upstart"
	413	;;
	414	systemd)
1a1faa78 TGR	415	{ # systemd .mount units must be named after the target directory.
1a1faa78 TGR	416	# Here we assume a hard-coded name of /gnu/store.
ebbf9154	417	# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
e61fe664 MC	418	if [ -f "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
e61fe664 MC	419	cp "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" \
ebbf9154 TGR	420	/etc/systemd/system/;
ebbf9154 TGR	421	chmod 664 /etc/systemd/system/gnu-store.mount;
d6f303d4 TGR	422	systemctl daemon-reload &&
d6f303d4 TGR	423	systemctl enable gnu-store.mount;
ebbf9154	424	fi
1a1faa78	425
e61fe664	426	cp "~root/.config/guix/current/lib/systemd/system/guix-daemon.service" \
6f4e8693 RW	427	/etc/systemd/system/;
6f4e8693 RW	428	chmod 664 /etc/systemd/system/guix-daemon.service;
e1e3fe08	429
7c164068 VL	430	# Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
	431	sed -i /etc/systemd/system/guix-daemon.service \
	432	-e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
e1e3fe08	433
7c164068 VL	434	# Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
	435	if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
	436	then sed -i /etc/systemd/system/guix-daemon.service \
	437	-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
	438	fi;
e1e3fe08	439
4cbe0127 MC	440	configure_substitute_discovery \
	441	/etc/systemd/system/guix-daemon.service
	442
6f4e8693	443	systemctl daemon-reload &&
d6f303d4 TGR	444	systemctl enable guix-daemon &&
d6f303d4 TGR	445	systemctl start guix-daemon; } &&
6f4e8693 RW	446	_msg "${PAS}enabled Guix daemon via systemd"
6f4e8693 RW	447	;;
fe60ef99 DM	448	sysv-init)
fe60ef99 DM	449	{ mkdir -p /etc/init.d;
e61fe664	450	cp "~root/.config/guix/current/etc/init.d/guix-daemon" \
fe60ef99 DM	451	/etc/init.d/guix-daemon;
	452	chmod 775 /etc/init.d/guix-daemon;
	453
4cbe0127 MC	454	configure_substitute_discovery /etc/init.d/guix-daemon
4cbe0127 MC	455
fe60ef99 DM	456	update-rc.d guix-daemon defaults &&
	457	update-rc.d guix-daemon enable &&
	458	service guix-daemon start; } &&
	459	_msg "${PAS}enabled Guix daemon via sysv"
	460	;;
cabac732 MS	461	openrc)
cabac732 MS	462	{ mkdir -p /etc/init.d;
e61fe664	463	cp "~root/.config/guix/current/etc/openrc/guix-daemon" \
cabac732 MS	464	/etc/init.d/guix-daemon;
	465	chmod 775 /etc/init.d/guix-daemon;
	466
4cbe0127 MC	467	configure_substitute_discovery /etc/init.d/guix-daemon
4cbe0127 MC	468
cabac732 MS	469	rc-update add guix-daemon default &&
	470	rc-service guix-daemon start; } &&
	471	_msg "${PAS}enabled Guix daemon via OpenRC"
	472	;;
6f4e8693 RW	473	NA\|*)
6f4e8693 RW	474	_msg "${ERR}unsupported init system; run the daemon manually:"
e61fe664	475	echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
6f4e8693 RW	476	;;
	477	esac
	478
	479	_msg "${INF}making the guix command available to other users"
	480
	481	[ -e "$local_bin" ] \|\| mkdir -p "$local_bin"
	482	ln -sf "${var_guix}/bin/guix" "$local_bin"
	483
	484	[ -e "$info_path" ] \|\| mkdir -p "$info_path"
b4a1252b	485	for i in "${var_guix}"/share/info/*; do
6f4e8693 RW	486	ln -sf "$i" "$info_path"
	487	done
	488	}
	489
	490	sys_authorize_build_farms()
414c4de1	491	{ # authorize the public key of the build farm
5b0ce339	492	if prompt_yes_no "Permit downloading pre-built package binaries from the \
4cbe0127	493	project's build farm? (yes/no)"; then
5b0ce339 MC	494	guix archive --authorize \
	495	< "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
	496	&& _msg "${PAS}Authorized public key for ci.guix.gnu.org"
	497	else
	498	_msg "${INF}Skipped authorizing build farm public keys"
	499	fi
6f4e8693 RW	500	}
6f4e8693 RW	501
30810aff	502	sys_create_init_profile()
e61fe664	503	{ # Define for better desktop integration
2ffd1314	504	# This will not take effect until the next shell or desktop session!
29ba58c0	505	[ -d "/etc/profile.d" ] \|\| mkdir /etc/profile.d # Just in case
30810aff PG	506	cat <<"EOF" > /etc/profile.d/guix.sh
	507	# _GUIX_PROFILE: `guix pull` profile
	508	_GUIX_PROFILE="$HOME/.config/guix/current"
9d34b04f JK	509	export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
	510	# Export INFOPATH so that the updated info pages can be found
	511	# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
	512	# When INFOPATH is unset, add a trailing colon so that Emacs
	513	# searches 'Info-default-directory-list'.
	514	export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
30810aff PG	515
	516	# GUIX_PROFILE: User's default profile
	517	GUIX_PROFILE="$HOME/.guix-profile"
	518	[ -L $GUIX_PROFILE ] \|\| return
	519	GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
7f06567b	520	export GUIX_LOCPATH
30810aff	521
e69b8bba	522	[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
30810aff PG	523
30810aff PG	524	# set XDG_DATA_DIRS to include Guix installations
7ff169d0	525	export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
30810aff PG	526	EOF
	527	}
	528
b3fba5ef	529	sys_create_shell_completion()
	530	{ # Symlink supported shell completions system-wide
	531
	532	var_guix=/var/guix/profiles/per-user/root/current-guix
	533	bash_completion=/etc/bash_completion.d
	534	zsh_completion=/usr/share/zsh/site-functions
	535	fish_completion=/usr/share/fish/vendor_completions.d
	536
	537	{ # Just in case
	538	for dir_shell in $bash_completion $zsh_completion $fish_completion; do
	539	[ -d "$dir_shell" ] \|\| mkdir -p $dir_shell
	540	done;
	541
	542	ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
	543	ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
	544	ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
	545	_msg "${PAS}installed shell completion"
	546	}
	547
	548
6f4e8693 RW	549	welcome()
	550	{
	551	cat<<"EOF"
	552	░░░ ░░░
	553	░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
	554	░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
	555	░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
	556	░▒▒▒▒░ ░░░░░░
	557	▒▒▒▒▒ ░░░░░░
	558	▒▒▒▒▒ ░░░░░
	559	░▒▒▒▒▒ ░░░░░
	560	▒▒▒▒▒ ░░░░░
	561	▒▒▒▒▒ ░░░░░
	562	░▒▒▒▒▒░░░░░
	563	▒▒▒▒▒▒░░░
	564	▒▒▒▒▒▒░
	565	_____ _ _ _ _ _____ _
	566	/ ____\| \ \| \| \| \| \| / ____\| (_)
	567	\| \| __\| \\| \| \| \| \| \| \| __ _ _ ___ __
	568	\| \| \|_ \| . ' \| \| \| \| \| \| \|_ \| \| \| \| \ \/ /
	569	\| \|__\| \| \|\ \| \|__\| \| \| \|__\| \| \|_\| \| \|> <
	570	\_____\|_\| \_\|\____/ \_____\|\__,_\|_/_/\_\
	571
	572	This script installs GNU Guix on your system
	573
	574	https://www.gnu.org/software/guix/
	575	EOF
	576	echo -n "Press return to continue..."
e61fe664	577	read -r
6f4e8693 RW	578	}
	579
	580	main()
	581	{
	582	local tmp_path
	583	welcome
	584
	585	_msg "Starting installation ($(date))"
	586
	587	chk_term
6c77d79a	588	chk_require "${REQUIRE[@]}"
5d8e505c	589	chk_gpg_keyring
6f4e8693 RW	590	chk_init_sys
6f4e8693 RW	591	chk_sys_arch
b2683a2b	592	chk_sys_nscd
6f4e8693 RW	593
	594	_msg "${INF}system is ${ARCH_OS}"
	595
32c06aff	596	umask 0022
6f4e8693 RW	597	tmp_path="$(mktemp -t -d guix.XXX)"
6f4e8693 RW	598
51f95d4e MC	599	if [ -z "${GUIX_BINARY_FILE_NAME}" ]; then
	600	guix_get_bin_list "${GNU_URL}"
	601	guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
	602	GUIX_BINARY_FILE_NAME=${BIN_VER}.tar.xz
	603	else
	604	if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
	605	_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
	606	fi
e61fe664	607	_msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
18570922	608	GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
51f95d4e	609	fi
6f4e8693	610
51f95d4e	611	sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
6f4e8693 RW	612	sys_create_build_user
	613	sys_enable_guix_daemon
	614	sys_authorize_build_farms
30810aff	615	sys_create_init_profile
b3fba5ef	616	sys_create_shell_completion
6f4e8693 RW	617
	618	_msg "${INF}cleaning up ${tmp_path}"
	619	rm -r "${tmp_path}"
	620
	621	_msg "${PAS}Guix has successfully been installed!"
	622	_msg "${INF}Run 'info guix' to read the manual."
2ffd1314 TGR	623
	624	# Required to source /etc/profile in desktop environments.
	625	_msg "${INF}Please log out and back in to complete the installation."
6f4e8693 RW	626	}
	627
	628	main "$@"