2 # GNU Guix --- Functional package management for GNU
3 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
4 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
5 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
6 # Copyright © 2019–2020, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
7 # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
8 # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
9 # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
10 # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
11 # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
12 # Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
14 # This file is part of GNU Guix.
16 # GNU Guix is free software; you can redistribute it and/or modify it
17 # under the terms of the GNU General Public License as published by
18 # the Free Software Foundation; either version 3 of the License, or (at
19 # your option) any later version.
21 # GNU Guix is distributed in the hope that it will be useful, but
22 # WITHOUT ANY WARRANTY; without even the implied warranty of
23 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 # GNU General Public License for more details.
26 # You should have received a copy of the GNU General Public License
27 # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
29 # We require Bash but for portability we'd rather not use /bin/bash or
30 # /usr/bin/env in the shebang, hence this hack.
31 if [ "x$BASH_VERSION" = "x" ]
38 [ "$UID" -eq 0 ] ||
{ echo "This script must be run as root."; exit 1; }
60 PAS
=$
'[ \033[32;1mPASS\033[0m ] '
61 ERR
=$
'[ \033[31;1mFAIL\033[0m ] '
62 WAR
=$
'[ \033[33;1mWARN\033[0m ] '
66 GNU_URL
="https://ftp.gnu.org/gnu/guix/"
67 #GNU_URL="https://alpha.gnu.org/gnu/guix/"
69 # The following associative array holds set of GPG keys used to sign the
70 # releases, keyed by their corresponding Savannah user ID.
71 declare -A GPG_SIGNING_KEYS
72 GPG_SIGNING_KEYS
[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5
# ludo
73 GPG_SIGNING_KEYS
[127547]=27D586A4F8900854329FF09F1260E46482E63562
# maxim
75 # ------------------------------------------------------------------------------
79 { # All errors go to stderr.
80 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
84 { # Default message to stdout.
85 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
90 if [ "${DEBUG}" = '1' ]; then
91 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
101 # Return true if user answered yes, false otherwise. The prompt is
102 # yes-biased, that is, when the user simply enter newline, it is equivalent to
104 # $1: The prompt question.
107 read -rp "$1 [Y/n]" yn
108 [[ ! $yn ||
$yn = y ||
$yn = yes ]] ||
return 1
112 { # Check that every required command is available.
116 _debug
"--- [ ${FUNCNAME[0]} ] ---"
119 command -v "$c" &>/dev
/null || warn
+=("$c")
122 [ "${#warn}" -ne 0 ] &&
123 { _err
"${ERR}Missing commands: ${warn[*]}.";
126 _msg
"${PAS}verification of required commands completed"
130 { # Check whether the Guix release signing public key is present.
131 _debug
"--- [ ${FUNCNAME[0]} ] ---"
136 for user_id
in "${!GPG_SIGNING_KEYS[@]}"; do
137 gpg_key_id
=${GPG_SIGNING_KEYS[$user_id]}
138 # Without --dry-run this command will create a ~/.gnupg owned by root on
139 # systems where gpg has never been used, causing errors and confusion.
140 if gpg
--dry-run --list-keys "$gpg_key_id" >/dev
/null
2>&1; then
143 if prompt_yes_no
"${INF}The following OpenPGP public key is \
144 required to verify the Guix binary signature: $gpg_key_id.
145 Would you like me to fetch it for you?"; then
146 # Use a reasonable time-out here so users don't report silent
147 # ‘freezes’ when Savannah goes out to lunch, as has happened.
148 if wget
"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
149 --timeout=30 --no-verbose -O- | gpg
--import -; then
153 # If we reach this point, the key is (still) missing. Report further
154 # missing keys, if any, but then abort the installation.
155 _err
"${ERR}Missing OpenPGP public key ($gpg_key_id).
156 Fetch it with this command:
158 wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - | \
159 sudo -i gpg --import -"
162 if [ "$exit_flag" = yes ]; then
168 { # Check for ANSI terminal for color printing.
170 if [ "${TERM+set}" = 'set' ]; then
172 xterm
*|rxvt
*|urxvt
*|linux
*|vt
*|eterm
*|screen
*)
184 { # Return init system type name.
185 if [[ $
(/sbin
/init
--version 2>/dev
/null
) =~ upstart
]]; then
186 _msg
"${INF}init system is: upstart"
189 elif [[ $
(systemctl
2>/dev
/null
) =~
-\.mount
]]; then
190 _msg
"${INF}init system is: systemd"
193 elif [[ -f /etc
/init.d
/cron
&& ! -h /etc
/init.d
/cron
]]; then
194 _msg
"${INF}init system is: sysv-init"
197 elif [[ $
(openrc
--version 2>/dev
/null
) =~ \
(OpenRC\
) ]]; then
198 _msg
"${INF}init system is: OpenRC"
203 _err
"${ERR}Init system could not be detected."
208 { # Check for operating system and architecture type.
216 i386 | i486 | i686 | i786 | x86
)
219 x86_64 | x86-64 | x64 | amd64
)
228 ppc64le | powerpc64le
)
229 local arch
=powerpc64le
232 die
"Unsupported CPU type: ${arch}"
240 die
"Your operation system (${os}) is not supported."
243 ARCH_OS
="${arch}-${os}"
247 { # Check if nscd is up and suggest to start it or install it
248 if [ "$(type -P pidof)" ]; then
249 if [ ! "$(pidof nscd)" ]; then
250 _msg
"${WAR}We recommend installing and/or starting your distribution 'nscd' service"
251 _msg
"${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
254 _msg
"${INF}We cannot determine if your distribution 'nscd' service is running"
255 _msg
"${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
259 # Configure substitute discovery according to user's preferences.
260 # $1 is the installed service file to edit.
261 configure_substitute_discovery
() {
262 if grep -q -- '--discover=no' "$1" && \
263 prompt_yes_no
"Would you like the Guix daemon to automatically \
264 discover substitute servers on the local network?"; then
265 sed -i 's/--discover=no/--discover=yes/' "$1"
269 # ------------------------------------------------------------------------------
273 { # Scan GNU archive and save list of binaries
279 _debug
"--- [ ${FUNCNAME[0]} ] ---"
281 # Filter only version and architecture
282 bin_ver_ls
=("$(wget "$gnu_url" --no-verbose -O- \
283 | sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
286 latest_ver
="$(echo "${bin_ver_ls[0]}" \
287 | grep -oE "([0-9]{1,2}\.
){2}[0-9]{1,2}[a-z0-9
]*" \
290 default_ver
="guix-binary-${latest_ver}.${ARCH_OS}"
292 if [[ "${#bin_ver_ls}" -ne "0" ]]; then
293 _msg
"${PAS}Release for your system: ${default_ver}"
295 die
"Could not obtain list of Guix releases."
298 # Use default to download according to the list and local ARCH_OS.
299 BIN_VER
="${default_ver}"
303 { # Download and verify binary package.
309 _debug
"--- [ ${FUNCNAME[0]} ] ---"
311 _msg
"${INF}Downloading Guix release archive"
313 wget
--help |
grep -q '\--show-progress' \
314 && wget_args
=("--no-verbose" "--show-progress")
316 if wget
"${wget_args[@]}" -P "$dl_path" \
317 "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
318 _msg
"${PAS}download completed."
320 die
"could not download ${url}/${bin_ver}.tar.xz."
323 pushd "${dl_path}" >/dev
/null
324 if gpg
--verify "${bin_ver}.tar.xz.sig" >/dev
/null
2>&1; then
325 _msg
"${PAS}Signature is valid."
328 die
"could not verify the signature."
333 { # Unpack and install /gnu/store and /var/guix
337 _debug
"--- [ ${FUNCNAME[0]} ] ---"
339 if [[ -e "/var/guix" ||
-e "/gnu" ]]; then
340 die
"A previous Guix installation was found. Refusing to overwrite."
344 tar --extract --file "$pkg" && _msg
"${PAS}unpacked archive"
346 _msg
"${INF}Installing /var/guix and /gnu..."
347 mv "${tmp_path}/var/guix" /var
/
348 mv "${tmp_path}/gnu" /
350 _msg
"${INF}Linking the root user's profile"
351 mkdir
-p ~root
/.config
/guix
352 ln -sf /var
/guix
/profiles
/per-user
/root
/current-guix \
353 ~root
/.config
/guix
/current
355 GUIX_PROFILE
=~root
/.config
/guix
/current
356 # shellcheck disable=SC1090
357 source "${GUIX_PROFILE}/etc/profile"
358 _msg
"${PAS}activated root profile at ${GUIX_PROFILE}"
361 sys_create_build_user
()
362 { # Create the group and user accounts for build users.
364 _debug
"--- [ ${FUNCNAME[0]} ] ---"
366 if getent group guixbuild
> /dev
/null
; then
367 _msg
"${INF}group guixbuild exists"
369 groupadd
--system guixbuild
370 _msg
"${PAS}group <guixbuild> created"
373 if getent group kvm
> /dev
/null
; then
374 _msg
"${INF}group kvm exists and build users will be added to it"
378 for i
in $
(seq -w 1 10); do
379 if id
"guixbuilder${i}" &>/dev
/null
; then
380 _msg
"${INF}user is already in the system, reset"
381 usermod
-g guixbuild
-G guixbuild
${KVMGROUP} \
382 -d /var
/empty
-s "$(which nologin)" \
383 -c "Guix build user $i" \
386 useradd
-g guixbuild
-G guixbuild
${KVMGROUP} \
387 -d /var
/empty
-s "$(which nologin)" \
388 -c "Guix build user $i" --system \
390 _msg
"${PAS}user added <guixbuilder${i}>"
395 sys_enable_guix_daemon
()
396 { # Run the daemon, and set it to automatically start on boot.
402 _debug
"--- [ ${FUNCNAME[0]} ] ---"
404 info_path
="/usr/local/share/info"
405 local_bin
="/usr/local/bin"
406 var_guix
="/var/guix/profiles/per-user/root/current-guix"
410 { initctl reload-configuration
;
411 cp ~root
/.config
/guix
/current
/lib
/upstart
/system
/guix-daemon.conf \
413 configure_substitute_discovery
/etc
/init
/guix-daemon.conf
&&
414 start guix-daemon
; } &&
415 _msg
"${PAS}enabled Guix daemon via upstart"
418 { # systemd .mount units must be named after the target directory.
419 # Here we assume a hard-coded name of /gnu/store.
420 # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
421 if [ -f ~root
/.config
/guix
/current
/lib
/systemd
/system
/gnu-store.mount
]; then
422 cp ~root
/.config
/guix
/current
/lib
/systemd
/system
/gnu-store.mount \
423 /etc
/systemd
/system
/;
424 chmod 664 /etc
/systemd
/system
/gnu-store.mount
;
425 systemctl daemon-reload
&&
426 systemctl
enable gnu-store.mount
;
429 cp ~root
/.config
/guix
/current
/lib
/systemd
/system
/guix-daemon.service \
430 /etc
/systemd
/system
/;
431 chmod 664 /etc
/systemd
/system
/guix-daemon.service
;
433 # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
434 sed -i /etc
/systemd
/system
/guix-daemon.service \
435 -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
437 # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
438 if ! grep en_US
/etc
/systemd
/system
/guix-daemon.service
>/dev
/null
;
439 then sed -i /etc
/systemd
/system
/guix-daemon.service \
440 -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
443 configure_substitute_discovery \
444 /etc
/systemd
/system
/guix-daemon.service
446 systemctl daemon-reload
&&
447 systemctl
enable guix-daemon
&&
448 systemctl start guix-daemon
; } &&
449 _msg
"${PAS}enabled Guix daemon via systemd"
452 { mkdir
-p /etc
/init.d
;
453 cp ~root
/.config
/guix
/current
/etc
/init.d
/guix-daemon \
454 /etc
/init.d
/guix-daemon
;
455 chmod 775 /etc
/init.d
/guix-daemon
;
457 configure_substitute_discovery
/etc
/init.d
/guix-daemon
459 update-rc.d guix-daemon defaults
&&
460 update-rc.d guix-daemon
enable &&
461 service guix-daemon start
; } &&
462 _msg
"${PAS}enabled Guix daemon via sysv"
465 { mkdir
-p /etc
/init.d
;
466 cp ~root
/.config
/guix
/current
/etc
/openrc
/guix-daemon \
467 /etc
/init.d
/guix-daemon
;
468 chmod 775 /etc
/init.d
/guix-daemon
;
470 configure_substitute_discovery
/etc
/init.d
/guix-daemon
472 rc-update add guix-daemon default
&&
473 rc-service guix-daemon start
; } &&
474 _msg
"${PAS}enabled Guix daemon via OpenRC"
477 _msg
"${ERR}unsupported init system; run the daemon manually:"
478 echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
482 _msg
"${INF}making the guix command available to other users"
484 [ -e "$local_bin" ] || mkdir
-p "$local_bin"
485 ln -sf "${var_guix}/bin/guix" "$local_bin"
487 [ -e "$info_path" ] || mkdir
-p "$info_path"
488 for i
in "${var_guix}"/share
/info
/*; do
489 ln -sf "$i" "$info_path"
493 sys_authorize_build_farms
()
494 { # authorize the public key of the build farm
495 if prompt_yes_no
"Permit downloading pre-built package binaries from the \
496 project's build farm?"; then
497 guix archive
--authorize \
498 < ~root
/.config
/guix
/current
/share
/guix
/ci.guix.gnu.org.pub \
499 && _msg
"${PAS}Authorized public key for ci.guix.gnu.org"
501 _msg
"${INF}Skipped authorizing build farm public keys"
505 sys_create_init_profile
()
506 { # Define for better desktop integration
507 # This will not take effect until the next shell or desktop session!
508 [ -d "/etc/profile.d" ] || mkdir
/etc
/profile.d
# Just in case
509 cat <<"EOF" > /etc/profile.d/guix.sh
510 # Explicitly initialize XDG base directory variables to ease compatibility
511 # with Guix System: see <https://issues.guix.gnu.org/56050#3>.
512 export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
513 export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
514 export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}"
515 export XDG_DATA_DIRS="${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
516 export XDG_CONFIG_DIRS="${XDG_CONFIG_DIRS:-/etc/xdg}"
517 export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}"
518 # no default for XDG_RUNTIME_DIR (depends on foreign distro for semantics)
520 # _GUIX_PROFILE: `guix pull` profile
521 _GUIX_PROFILE="$HOME/.config/guix/current"
522 export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
523 # Export INFOPATH so that the updated info pages can be found
524 # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
525 # When INFOPATH is unset, add a trailing colon so that Emacs
526 # searches 'Info-default-directory-list'.
527 export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
529 # GUIX_PROFILE: User's default profile
530 # Prefer the one from 'guix home' if it exists.
531 GUIX_PROFILE="$HOME/.guix-home/profile"
532 [ -L $GUIX_PROFILE ] || GUIX_PROFILE="$HOME/.guix-profile"
533 [ -L $GUIX_PROFILE ] || return
534 GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
537 [ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
539 # set XDG_DATA_DIRS to include Guix installations
540 export XDG_DATA_DIRS="$GUIX_PROFILE/share:$XDG_DATA_DIRS"
544 sys_create_shell_completion()
545 { # Symlink supported shell completions system-wide
547 var_guix=/var/guix/profiles/per-user/root/current-guix
548 bash_completion=/etc/bash_completion.d
549 zsh_completion=/usr/share/zsh/site-functions
550 fish_completion=/usr/share/fish/vendor_completions.d
553 for dir_shell in $bash_completion $zsh_completion $fish_completion; do
554 [ -d "$dir_shell" ] || mkdir -p $dir_shell
557 ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
558 ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
559 ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
560 _msg "${PAS}installed shell completion"
563 sys_customize_bashrc()
565 prompt_yes_no "Customize users Bash shell prompt for Guix?" || return
566 for bashrc in /home/*/.bashrc /root/.bashrc; do
567 test -f "$bashrc" || continue
568 grep -Fq '$GUIX_ENVIRONMENT' "$bashrc" && continue
569 cp "${bashrc}" "${bashrc}.bak"
571 # Automatically added by the Guix install script.
572 if [ -n "$GUIX_ENVIRONMENT" ]; then
573 if [[ $PS1 =~ (.*)"\\$" ]]; then
574 PS1="${BASH_REMATCH[1]} [env]\\\$ "
579 _msg "${PAS}Bash shell prompt successfully customized for Guix"
587 ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
588 ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
589 ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
599 _____ _ _ _ _ _____ _
600 / ____| \ | | | | |
/ ____|
(_
)
601 | | __| \| | | | | | | __ _ _ ___ __
602 | | |_ | .
' | | | | | | |_ | | | | \ \/ /
603 | |__| | |\ | |__| | | |__| | |_| | |> <
604 \_____|_| \_|\____/ \_____|\__,_|_/_/\_\
606 This script installs GNU Guix on your system
608 https://www.gnu.org/software/guix/
610 # Don't use ‘
read -p’ here
! It won
't display when run non-interactively.
611 echo -n "Press return to continue..."$'\r'
615 echo "...that ($char) was not a return!"
616 _msg "${WAR}Use newlines to automate installation, e.g.: yes '' | ${0##*/}"
617 _msg "${WAR}Any other method is unsupported and likely to break in future."
626 _msg "Starting installation ($(date))"
629 chk_require "${REQUIRE[@]}"
635 _msg "${INF}system is ${ARCH_OS}"
638 tmp_path="$(mktemp -t -d guix.XXX)"
640 if [ -z "${GUIX_BINARY_FILE_NAME}" ]; then
641 guix_get_bin_list "${GNU_URL}"
642 guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
643 GUIX_BINARY_FILE_NAME=${BIN_VER}.tar.xz
645 if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
646 _err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
648 _msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
649 GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
652 sys_create_store "${GUIX_BINARY_FILE_NAME}" "${tmp_path}"
653 sys_create_build_user
654 sys_enable_guix_daemon
655 sys_authorize_build_farms
656 sys_create_init_profile
657 sys_create_shell_completion
660 _msg "${INF}cleaning up ${tmp_path}"
663 _msg "${PAS}Guix has successfully been installed!"
664 _msg "${INF}Run 'info guix
' to read the manual."
666 # Required to source /etc/profile in desktop environments.
667 _msg "${INF}Please log out and back in to complete the installation."