# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
-# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+# Copyright © 2019–2020, 2022 Tobias Geerinckx-Rice <me@tobias.gr>
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
+# Copyright © 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
#
# This file is part of GNU Guix.
#
exec bash "$0" "$@"
fi
-set -e
+set -eo pipefail
[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
-# This script needs to know where root's home directory is. However, we
-# cannot simply use the HOME environment variable, since there is no guarantee
-# that it points to root's home directory.
-ROOT_HOME="$(echo ~root)"
-
# ------------------------------------------------------------------------------
#+UTILITIES
fi
}
+die()
+{
+ _err "${ERR}$*"
+ exit 1
+}
+
+# Return true if user answered yes, false otherwise. The prompt is
+# yes-biased, that is, when the user simply enter newline, it is equivalent to
+# answering "yes".
+# $1: The prompt question.
+prompt_yes_no() {
+ local -l yn
+ read -rp "$1 [Y/n]" yn
+ [[ ! $yn || $yn = y || $yn = yes ]] || return 1
+}
chk_require()
{ # Check that every required command is available.
declare -a warn
local c
- _debug "--- [ $FUNCNAME ] ---"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
for c in "$@"; do
command -v "$c" &>/dev/null || warn+=("$c")
chk_gpg_keyring()
{ # Check whether the Guix release signing public key is present.
- _debug "--- [ $FUNCNAME ] ---"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
local user_id
local gpg_key_id
local exit_flag
gpg_key_id=${GPG_SIGNING_KEYS[$user_id]}
# Without --dry-run this command will create a ~/.gnupg owned by root on
# systems where gpg has never been used, causing errors and confusion.
- if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
- _err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command:"
- echo " wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -"
- exit_flag=yes
+ if gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
+ continue
fi
+ if prompt_yes_no "${INF}The following OpenPGP public key is \
+required to verify the Guix binary signature: $gpg_key_id.
+Would you like me to fetch it for you?"; then
+ # Use a reasonable time-out here so users don't report silent
+ # ‘freezes’ when Savannah goes out to lunch, as has happened.
+ if wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
+ --timeout=30 --no-verbose -O- | gpg --import -; then
+ continue
+ fi
+ fi
+ # If we reach this point, the key is (still) missing. Report further
+ # missing keys, if any, but then abort the installation.
+ _err "${ERR}Missing OpenPGP public key ($gpg_key_id).
+Fetch it with this command:
+
+ wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -O - | \
+sudo -i gpg --import -"
+ exit_flag=yes
done
- test "$exit_flag" = yes && exit 1 || true
+ if [ "$exit_flag" = yes ]; then
+ exit 1
+ fi
}
chk_term()
{ # Check for ANSI terminal for color printing.
- local ansi_term
-
if [ -t 2 ]; then
if [ "${TERM+set}" = 'set' ]; then
case "$TERM" in
xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
- ansi_term=true
;;
*)
- ansi_term=false
ERR="[ FAIL ] "
PAS="[ PASS ] "
;;
local arch=powerpc64le
;;
*)
- _err "${ERR}Unsupported CPU type: ${arch}"
- exit 1
+ die "Unsupported CPU type: ${arch}"
esac
case "$os" in
local os=linux
;;
*)
- _err "${ERR}Your operation system (${os}) is not supported."
- exit 1
+ die "Your operation system (${os}) is not supported."
esac
ARCH_OS="${arch}-${os}"
fi
}
+# Configure substitute discovery according to user's preferences.
+# $1 is the installed service file to edit.
+configure_substitute_discovery() {
+ if grep -q -- '--discover=no' "$1" && \
+ prompt_yes_no "Would you like the Guix daemon to automatically \
+discover substitute servers on the local network?"; then
+ sed -i 's/--discover=no/--discover=yes/' "$1"
+ fi
+}
+
# ------------------------------------------------------------------------------
#+MAIN
local latest_ver
local default_ver
- _debug "--- [ $FUNCNAME ] ---"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
# Filter only version and architecture
- bin_ver_ls=("$(wget -qO- "$gnu_url" \
+ bin_ver_ls=("$(wget "$gnu_url" --no-verbose -O- \
| sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
| sort -Vu)")
if [[ "${#bin_ver_ls}" -ne "0" ]]; then
_msg "${PAS}Release for your system: ${default_ver}"
else
- _err "${ERR}Could not obtain list of Guix releases."
- exit 1
+ die "Could not obtain list of Guix releases."
fi
# Use default to download according to the list and local ARCH_OS.
local url="$1"
local bin_ver="$2"
local dl_path="$3"
+ local wget_args=()
- _debug "--- [ $FUNCNAME ] ---"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
_msg "${INF}Downloading Guix release archive"
- wget --help | grep -q '\--show-progress' && \
- _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
- wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
+ wget --help | grep -q '\--show-progress' \
+ && wget_args=("--no-verbose" "--show-progress")
- if [[ "$?" -eq 0 ]]; then
- _msg "${PAS}download completed."
+ if wget "${wget_args[@]}" -P "$dl_path" \
+ "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
+ _msg "${PAS}download completed."
else
- _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
- exit 1
+ die "could not download ${url}/${bin_ver}.tar.xz."
fi
pushd "${dl_path}" >/dev/null
- gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
- if [[ "$?" -eq 0 ]]; then
+ if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then
_msg "${PAS}Signature is valid."
popd >/dev/null
else
- _err "${ERR}could not verify the signature."
- exit 1
+ die "could not verify the signature."
fi
}
local pkg="$1"
local tmp_path="$2"
- _debug "--- [ $FUNCNAME ] ---"
-
- cd "$tmp_path"
- tar --extract \
- --file "$pkg" &&
- _msg "${PAS}unpacked archive"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
if [[ -e "/var/guix" || -e "/gnu" ]]; then
- _err "${ERR}A previous Guix installation was found. Refusing to overwrite."
- exit 1
- else
- _msg "${INF}Installing /var/guix and /gnu..."
- mv "${tmp_path}/var/guix" /var/
- mv "${tmp_path}/gnu" /
+ die "A previous Guix installation was found. Refusing to overwrite."
fi
+ cd "$tmp_path"
+ tar --extract --file "$pkg" && _msg "${PAS}unpacked archive"
+
+ _msg "${INF}Installing /var/guix and /gnu..."
+ mv "${tmp_path}/var/guix" /var/
+ mv "${tmp_path}/gnu" /
+
_msg "${INF}Linking the root user's profile"
- mkdir -p "${ROOT_HOME}/.config/guix"
+ mkdir -p ~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix \
- "${ROOT_HOME}/.config/guix/current"
+ ~root/.config/guix/current
- GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
+ GUIX_PROFILE=~root/.config/guix/current
+ # shellcheck disable=SC1090
source "${GUIX_PROFILE}/etc/profile"
- _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
+ _msg "${PAS}activated root profile at ${GUIX_PROFILE}"
}
sys_create_build_user()
{ # Create the group and user accounts for build users.
- _debug "--- [ $FUNCNAME ] ---"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
- if [ $(getent group guixbuild) ]; then
+ if getent group guixbuild > /dev/null; then
_msg "${INF}group guixbuild exists"
else
groupadd --system guixbuild
_msg "${PAS}group <guixbuild> created"
fi
- if [ $(getent group kvm) ]; then
+ if getent group kvm > /dev/null; then
_msg "${INF}group kvm exists and build users will be added to it"
- local KVMGROUP=,kvm
+ local KVMGROUP=,kvm
fi
for i in $(seq -w 1 10); do
local local_bin
local var_guix
- _debug "--- [ $FUNCNAME ] ---"
+ _debug "--- [ ${FUNCNAME[0]} ] ---"
info_path="/usr/local/share/info"
local_bin="/usr/local/bin"
case "$INIT_SYS" in
upstart)
{ initctl reload-configuration;
- cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
+ cp ~root/.config/guix/current/lib/upstart/system/guix-daemon.conf \
/etc/init/ &&
+ configure_substitute_discovery /etc/init/guix-daemon.conf &&
start guix-daemon; } &&
_msg "${PAS}enabled Guix daemon via upstart"
;;
{ # systemd .mount units must be named after the target directory.
# Here we assume a hard-coded name of /gnu/store.
# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
- if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
- cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
+ if [ -f ~root/.config/guix/current/lib/systemd/system/gnu-store.mount ]; then
+ cp ~root/.config/guix/current/lib/systemd/system/gnu-store.mount \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/gnu-store.mount;
systemctl daemon-reload &&
systemctl enable gnu-store.mount;
fi
- cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
+ cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/guix-daemon.service;
-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
fi;
+ configure_substitute_discovery \
+ /etc/systemd/system/guix-daemon.service
+
systemctl daemon-reload &&
systemctl enable guix-daemon &&
systemctl start guix-daemon; } &&
;;
sysv-init)
{ mkdir -p /etc/init.d;
- cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
+ cp ~root/.config/guix/current/etc/init.d/guix-daemon \
/etc/init.d/guix-daemon;
chmod 775 /etc/init.d/guix-daemon;
+ configure_substitute_discovery /etc/init.d/guix-daemon
+
update-rc.d guix-daemon defaults &&
update-rc.d guix-daemon enable &&
service guix-daemon start; } &&
;;
openrc)
{ mkdir -p /etc/init.d;
- cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
+ cp ~root/.config/guix/current/etc/openrc/guix-daemon \
/etc/init.d/guix-daemon;
chmod 775 /etc/init.d/guix-daemon;
+ configure_substitute_discovery /etc/init.d/guix-daemon
+
rc-update add guix-daemon default &&
rc-service guix-daemon start; } &&
_msg "${PAS}enabled Guix daemon via OpenRC"
;;
NA|*)
_msg "${ERR}unsupported init system; run the daemon manually:"
- echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
+ echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
;;
esac
sys_authorize_build_farms()
{ # authorize the public key of the build farm
- while true; do
- read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
- case $yn in
- [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
- _msg "${PAS}Authorized public key for ci.guix.gnu.org";
- break;;
- [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
- break;;
- *) _msg "Please answer yes or no.";
- esac
- done
+ if prompt_yes_no "Permit downloading pre-built package binaries from the \
+project's build farm?"; then
+ guix archive --authorize \
+ < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub \
+ && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
+ else
+ _msg "${INF}Skipped authorizing build farm public keys"
+ fi
}
sys_create_init_profile()
-{ # Create /etc/profile.d/guix.sh for better desktop integration
+{ # Define for better desktop integration
# This will not take effect until the next shell or desktop session!
[ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
cat <<"EOF" > /etc/profile.d/guix.sh
+# Explicitly initialize XDG base directory variables to ease compatibility
+# with Guix System: see <https://issues.guix.gnu.org/56050#3>.
+export XDG_DATA_HOME="${XDG_DATA_HOME:-$HOME/.local/share}"
+export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
+export XDG_STATE_HOME="${XDG_STATE_HOME:-$HOME/.local/state}"
+export XDG_DATA_DIRS="${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
+export XDG_CONFIG_DIRS="${XDG_CONFIG_DIRS:-/etc/xdg}"
+export XDG_CACHE_HOME="${XDG_CACHE_HOME:-$HOME/.cache}"
+# no default for XDG_RUNTIME_DIR (depends on foreign distro for semantics)
+
# _GUIX_PROFILE: `guix pull` profile
_GUIX_PROFILE="$HOME/.config/guix/current"
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
# GUIX_PROFILE: User's default profile
-GUIX_PROFILE="$HOME/.guix-profile"
+# Prefer the one from 'guix home' if it exists.
+GUIX_PROFILE="$HOME/.guix-home/profile"
+[ -L $GUIX_PROFILE ] || GUIX_PROFILE="$HOME/.guix-profile"
[ -L $GUIX_PROFILE ] || return
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
-export GUIX_PROFILE GUIX_LOCPATH
+export GUIX_LOCPATH
[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
# set XDG_DATA_DIRS to include Guix installations
-export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
+export XDG_DATA_DIRS="$GUIX_PROFILE/share:$XDG_DATA_DIRS"
EOF
}
_msg "${PAS}installed shell completion"
}
+sys_customize_bashrc()
+{
+ prompt_yes_no "Customize users Bash shell prompt for Guix?" || return
+ for bashrc in /home/*/.bashrc /root/.bashrc; do
+ test -f "$bashrc" || continue
+ grep -Fq '$GUIX_ENVIRONMENT' "$bashrc" && continue
+ cp "${bashrc}" "${bashrc}.bak"
+ echo '
+# Automatically added by the Guix install script.
+if [ -n "$GUIX_ENVIRONMENT" ]; then
+ if [[ $PS1 =~ (.*)"\\$" ]]; then
+ PS1="${BASH_REMATCH[1]} [env]\\\$ "
+ fi
+fi
+' >> "$bashrc"
+ done
+ _msg "${PAS}Bash shell prompt successfully customized for Guix"
+}
welcome()
{
+ local char
cat<<"EOF"
░░░ ░░░
░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
https://www.gnu.org/software/guix/
EOF
- echo -n "Press return to continue..."
- read -r ANSWER
+ # Don't use ‘read -p’ here! It won't display when run non-interactively.
+ echo -n "Press return to continue..."$'\r'
+ read -r char
+ if [ "$char" ]; then
+ echo
+ echo "...that ($char) was not a return!"
+ _msg "${WAR}Use newlines to automate installation, e.g.: yes '' | ${0##*/}"
+ _msg "${WAR}Any other method is unsupported and likely to break in future."
+ fi
}
main()
if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
fi
- _msg "Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
+ _msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
fi
sys_authorize_build_farms
sys_create_init_profile
sys_create_shell_completion
+ sys_customize_bashrc
_msg "${INF}cleaning up ${tmp_path}"
rm -r "${tmp_path}"