Commit | Line | Data |
---|---|---|
6f4e8693 RW |
1 | #!/bin/bash |
2 | # GNU Guix --- Functional package management for GNU | |
3 | # Copyright © 2017 sharlatan <sharlatanus@gmail.com> | |
4 | # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net> | |
ea6b1bae | 5 | # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il> |
6f4e8693 RW |
6 | # |
7 | # This file is part of GNU Guix. | |
8 | # | |
9 | # GNU Guix is free software; you can redistribute it and/or modify it | |
10 | # under the terms of the GNU General Public License as published by | |
11 | # the Free Software Foundation; either version 3 of the License, or (at | |
12 | # your option) any later version. | |
13 | # | |
14 | # GNU Guix is distributed in the hope that it will be useful, but | |
15 | # WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 | # GNU General Public License for more details. | |
18 | # | |
19 | # You should have received a copy of the GNU General Public License | |
20 | # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
21 | ||
22 | set -e | |
23 | ||
24 | [ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; } | |
25 | ||
26 | REQUIRE=( | |
27 | "dirname" | |
28 | "readlink" | |
29 | "wget" | |
30 | "gpg" | |
31 | "grep" | |
32 | "which" | |
33 | "sed" | |
34 | "sort" | |
35 | "getent" | |
36 | "mktemp" | |
37 | "rm" | |
38 | "chmod" | |
39 | "uname" | |
40 | "groupadd" | |
41 | "tail" | |
42 | "tr" | |
43 | ) | |
44 | ||
45 | PAS=$'[ \033[32;1mPASS\033[0m ] ' | |
46 | ERR=$'[ \033[31;1mFAIL\033[0m ] ' | |
47 | INF="[ INFO ] " | |
48 | ||
49 | DEBUG=0 | |
50 | GNU_URL="https://alpha.gnu.org/gnu/guix/" | |
51 | OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5" | |
52 | ||
3cd4447f CM |
53 | # This script needs to know where root's home directory is. However, we |
54 | # cannot simply use the HOME environment variable, since there is no guarantee | |
55 | # that it points to root's home directory. | |
56 | ROOT_HOME="$(echo ~root)" | |
57 | ||
6f4e8693 RW |
58 | # ------------------------------------------------------------------------------ |
59 | #+UTILITIES | |
60 | ||
61 | _err() | |
62 | { # All errors go to stderr. | |
63 | printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" | |
64 | } | |
65 | ||
66 | _msg() | |
67 | { # Default message to stdout. | |
68 | printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" | |
69 | } | |
70 | ||
71 | _debug() | |
72 | { | |
73 | if [ "${DEBUG}" = '1' ]; then | |
74 | printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" | |
75 | fi | |
76 | } | |
77 | ||
78 | ||
79 | chk_require() | |
80 | { # Check that every required command is available. | |
81 | declare -a cmds | |
82 | declare -a warn | |
83 | ||
84 | cmds=(${1}) | |
85 | ||
86 | _debug "--- [ $FUNCNAME ] ---" | |
87 | ||
88 | for c in ${cmds[@]}; do | |
89 | command -v "$c" &>/dev/null | |
90 | [ "$?" -eq "1" ] && | |
91 | warn+=("$c") | |
92 | done | |
93 | ||
94 | [ "${#warn}" -ne 0 ] && | |
95 | { _err "${ERR}Missing commands: ${warn[*]}."; | |
96 | return 1; } | |
97 | ||
98 | _msg "${PAS}verification of required commands completed" | |
99 | ||
100 | gpg --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || ( | |
101 | _err "${ERR}Missing OpenPGP public key. Fetch it with this command:" | |
102 | echo " gpg --keyserver pgp.mit.edu --recv-keys ${OPENPGP_SIGNING_KEY_ID}" | |
103 | exit 1 | |
104 | ) | |
105 | } | |
106 | ||
107 | chk_term() | |
108 | { # Check for ANSI terminal for color printing. | |
109 | local ansi_term | |
110 | ||
111 | if [ -t 2 ]; then | |
112 | if [ "${TERM+set}" = 'set' ]; then | |
113 | case "$TERM" in | |
114 | xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*) | |
115 | ansi_term=true | |
116 | ;; | |
117 | *) | |
118 | ansi_term=false | |
119 | ERR="[ FAIL ] " | |
120 | PAS="[ PASS ] " | |
121 | ;; | |
122 | esac | |
123 | fi | |
124 | fi | |
125 | } | |
126 | ||
127 | chk_init_sys() | |
128 | { # Return init system type name. | |
129 | if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then | |
130 | _msg "${INF}init system is: upstart" | |
131 | INIT_SYS="upstart" | |
132 | return 0 | |
133 | elif [[ $(systemctl) =~ -\.mount ]]; then | |
134 | _msg "${INF}init system is: systemd" | |
135 | INIT_SYS="systemd" | |
136 | return 0 | |
137 | elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then | |
138 | _msg "${INF}init system is: sysv-init" | |
139 | INIT_SYS="sysv-init" | |
140 | return 0 | |
141 | else | |
142 | INIT_SYS="NA" | |
143 | _err "${ERR}Init system could not be detected." | |
144 | fi | |
145 | } | |
146 | ||
147 | chk_sys_arch() | |
148 | { # Check for operating system and architecture type. | |
149 | local os | |
150 | local arch | |
151 | ||
152 | os="$(uname -s)" | |
153 | arch="$(uname -m)" | |
154 | ||
155 | case "$arch" in | |
156 | i386 | i486 | i686 | i786 | x86) | |
157 | local arch=i686 | |
158 | ;; | |
159 | x86_64 | x86-64 | x64 | amd64) | |
160 | local arch=x86_64 | |
161 | ;; | |
ea6b1bae EF |
162 | aarch64) |
163 | local arch=aarch64 | |
164 | ;; | |
6f4e8693 RW |
165 | *) |
166 | _err "${ERR}Unsupported CPU type: ${arch}" | |
167 | exit 1 | |
168 | esac | |
169 | ||
170 | case "$os" in | |
171 | Linux | linux) | |
172 | local os=linux | |
173 | ;; | |
174 | *) | |
175 | _err "${ERR}Your operation system (${os}) is not supported." | |
176 | exit 1 | |
177 | esac | |
178 | ||
179 | ARCH_OS="${arch}-${os}" | |
180 | } | |
181 | ||
182 | # ------------------------------------------------------------------------------ | |
183 | #+MAIN | |
184 | ||
185 | guix_get_bin_list() | |
186 | { # Scan GNU archive and save list of binaries | |
187 | local gnu_url="$1" | |
188 | local -a bin_ver_ls | |
189 | local latest_ver | |
190 | local default_ver | |
191 | ||
192 | _debug "--- [ $FUNCNAME ] ---" | |
193 | ||
194 | # Filter only version and architecture | |
195 | bin_ver_ls=("$(wget -qO- "$gnu_url" \ | |
196 | | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \ | |
197 | | sort -Vu)") | |
198 | ||
199 | latest_ver="$(echo "$bin_ver_ls" \ | |
200 | | grep -oP "([0-9]{1,2}\.){2}[0-9]{1,2}" \ | |
201 | | tail -n1)" | |
202 | ||
203 | default_ver="guix-binary-${latest_ver}.${ARCH_OS}" | |
204 | ||
205 | if [[ "${#bin_ver_ls}" -ne "0" ]]; then | |
206 | _msg "${PAS}Release for your system: ${default_ver}" | |
207 | else | |
208 | _err "${ERR}Could not obtain list of Guix releases." | |
209 | exit 1 | |
210 | fi | |
211 | ||
212 | # Use default to download according to the list and local ARCH_OS. | |
213 | BIN_VER="$default_ver" | |
214 | } | |
215 | ||
216 | guix_get_bin() | |
217 | { # Download and verify binary package. | |
218 | local url="$1" | |
219 | local bin_ver="$2" | |
220 | local dl_path="$3" | |
221 | ||
222 | _debug "--- [ $FUNCNAME ] ---" | |
223 | ||
224 | _msg "${INF}Downloading Guix release archive" | |
225 | ||
226 | wget --help | grep -q '\--show-progress' && \ | |
227 | _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" | |
228 | wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig" | |
229 | ||
230 | if [[ "$?" -eq 0 ]]; then | |
231 | _msg "${PAS}download completed." | |
232 | else | |
233 | _err "${ERR}could not download ${url}/${bin_ver}.tar.xz." | |
234 | exit 1 | |
235 | fi | |
236 | ||
237 | pushd $dl_path >/dev/null | |
238 | gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1 | |
239 | if [[ "$?" -eq 0 ]]; then | |
240 | _msg "${PAS}Signature is valid." | |
241 | popd >/dev/null | |
242 | else | |
243 | _err "${ERR}could not verify the signature." | |
244 | exit 1 | |
245 | fi | |
246 | } | |
247 | ||
248 | sys_create_store() | |
249 | { # Unpack and install /gnu/store and /var/guix | |
250 | local pkg="$1" | |
251 | local tmp_path="$2" | |
252 | ||
253 | _debug "--- [ $FUNCNAME ] ---" | |
254 | ||
255 | cd "$tmp_path" | |
256 | tar --warning=no-timestamp \ | |
257 | --extract \ | |
258 | --file "$pkg" && | |
259 | _msg "${PAS}unpacked archive" | |
260 | ||
261 | if [[ -e "/var/guix" || -e "/gnu" ]]; then | |
262 | _err "${ERR}A previous Guix installation was found. Refusing to overwrite." | |
263 | exit 1 | |
264 | else | |
265 | _msg "${INF}Installing /var/guix and /gnu..." | |
266 | mv "${tmp_path}/var/guix" /var/ | |
267 | mv "${tmp_path}/gnu" / | |
268 | fi | |
269 | ||
270 | _msg "${INF}Linking the root user's profile" | |
271 | ln -sf /var/guix/profiles/per-user/root/guix-profile \ | |
3cd4447f | 272 | "${ROOT_HOME}/.guix-profile" |
6f4e8693 | 273 | |
3cd4447f | 274 | GUIX_PROFILE="${ROOT_HOME}/.guix-profile" |
6f4e8693 RW |
275 | source "${GUIX_PROFILE}/etc/profile" |
276 | _msg "${PAS}activated root profile at /root/.guix-profile" | |
277 | } | |
278 | ||
279 | sys_create_build_user() | |
280 | { # Create the group and user accounts for build users. | |
281 | ||
282 | _debug "--- [ $FUNCNAME ] ---" | |
283 | ||
284 | if [ $(getent group guixbuild) ]; then | |
285 | _msg "${INF}group guixbuild exists" | |
286 | else | |
287 | groupadd --system guixbuild | |
288 | _msg "${PAS}group <guixbuild> created" | |
289 | fi | |
290 | ||
291 | for i in $(seq -w 1 10); do | |
292 | if id "guixbuilder${i}" &>/dev/null; then | |
293 | _msg "${INF}user is already in the system, reset" | |
294 | usermod -g guixbuild -G guixbuild \ | |
295 | -d /var/empty -s "$(which nologin)" \ | |
296 | -c "Guix build user $i" \ | |
297 | "guixbuilder${i}"; | |
298 | else | |
299 | useradd -g guixbuild -G guixbuild \ | |
300 | -d /var/empty -s "$(which nologin)" \ | |
301 | -c "Guix build user $i" --system \ | |
302 | "guixbuilder${i}"; | |
303 | _msg "${PAS}user added <guixbuilder${i}>" | |
304 | fi | |
305 | done | |
306 | } | |
307 | ||
308 | sys_enable_guix_daemon() | |
309 | { # Run the daemon, and set it to automatically start on boot. | |
310 | ||
311 | local info_path | |
312 | local local_bin | |
313 | local var_guix | |
314 | ||
315 | _debug "--- [ $FUNCNAME ] ---" | |
316 | ||
317 | info_path="/usr/local/share/info" | |
318 | local_bin="/usr/local/bin" | |
319 | var_guix="/var/guix/profiles/per-user/root/guix-profile" | |
320 | ||
321 | case "$INIT_SYS" in | |
322 | upstart) | |
323 | { initctl reload-configuration; | |
3cd4447f | 324 | cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \ |
6f4e8693 RW |
325 | /etc/init/ && |
326 | start guix-daemon; } && | |
327 | _msg "${PAS}enabled Guix daemon via upstart" | |
328 | ;; | |
329 | systemd) | |
3cd4447f | 330 | { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \ |
6f4e8693 RW |
331 | /etc/systemd/system/; |
332 | chmod 664 /etc/systemd/system/guix-daemon.service; | |
333 | systemctl daemon-reload && | |
334 | systemctl start guix-daemon && | |
335 | systemctl enable guix-daemon; } && | |
336 | _msg "${PAS}enabled Guix daemon via systemd" | |
337 | ;; | |
338 | NA|*) | |
339 | _msg "${ERR}unsupported init system; run the daemon manually:" | |
3cd4447f | 340 | echo " ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild" |
6f4e8693 RW |
341 | ;; |
342 | esac | |
343 | ||
344 | _msg "${INF}making the guix command available to other users" | |
345 | ||
346 | [ -e "$local_bin" ] || mkdir -p "$local_bin" | |
347 | ln -sf "${var_guix}/bin/guix" "$local_bin" | |
348 | ||
349 | [ -e "$info_path" ] || mkdir -p "$info_path" | |
350 | for i in ${var_guix}/share/info/*; do | |
351 | ln -sf "$i" "$info_path" | |
352 | done | |
353 | } | |
354 | ||
355 | sys_authorize_build_farms() | |
356 | { # authorize the public keys of the two build farms | |
357 | while true; do | |
358 | read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn | |
359 | case $yn in | |
3cd4447f | 360 | [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" && |
6f4e8693 | 361 | _msg "${PAS}Authorized public key for hydra.gnu.org"; |
3cd4447f | 362 | guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" && |
6f4e8693 RW |
363 | _msg "${PAS}Authorized public key for berlin.guixsd.org"; |
364 | break;; | |
365 | [Nn]*) _msg "${INF}Skipped authorizing build farm public keys" | |
366 | break;; | |
367 | *) _msg "Please answer yes or no."; | |
368 | esac | |
369 | done | |
370 | } | |
371 | ||
372 | welcome() | |
373 | { | |
374 | cat<<"EOF" | |
375 | ░░░ ░░░ | |
376 | ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░ | |
377 | ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░ | |
378 | ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░ | |
379 | ░▒▒▒▒░ ░░░░░░ | |
380 | ▒▒▒▒▒ ░░░░░░ | |
381 | ▒▒▒▒▒ ░░░░░ | |
382 | ░▒▒▒▒▒ ░░░░░ | |
383 | ▒▒▒▒▒ ░░░░░ | |
384 | ▒▒▒▒▒ ░░░░░ | |
385 | ░▒▒▒▒▒░░░░░ | |
386 | ▒▒▒▒▒▒░░░ | |
387 | ▒▒▒▒▒▒░ | |
388 | _____ _ _ _ _ _____ _ | |
389 | / ____| \ | | | | | / ____| (_) | |
390 | | | __| \| | | | | | | __ _ _ ___ __ | |
391 | | | |_ | . ' | | | | | | |_ | | | | \ \/ / | |
392 | | |__| | |\ | |__| | | |__| | |_| | |> < | |
393 | \_____|_| \_|\____/ \_____|\__,_|_/_/\_\ | |
394 | ||
395 | This script installs GNU Guix on your system | |
396 | ||
397 | https://www.gnu.org/software/guix/ | |
398 | EOF | |
399 | echo -n "Press return to continue..." | |
400 | read -r ANSWER | |
401 | } | |
402 | ||
403 | main() | |
404 | { | |
405 | local tmp_path | |
406 | welcome | |
407 | ||
408 | _msg "Starting installation ($(date))" | |
409 | ||
410 | chk_term | |
411 | chk_require "${REQUIRE[*]}" | |
412 | chk_init_sys | |
413 | chk_sys_arch | |
414 | ||
415 | _msg "${INF}system is ${ARCH_OS}" | |
416 | ||
417 | tmp_path="$(mktemp -t -d guix.XXX)" | |
418 | ||
419 | guix_get_bin_list "${GNU_URL}" | |
420 | guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path" | |
421 | ||
422 | sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}" | |
423 | sys_create_build_user | |
424 | sys_enable_guix_daemon | |
425 | sys_authorize_build_farms | |
426 | ||
427 | _msg "${INF}cleaning up ${tmp_path}" | |
428 | rm -r "${tmp_path}" | |
429 | ||
430 | _msg "${PAS}Guix has successfully been installed!" | |
431 | _msg "${INF}Run 'info guix' to read the manual." | |
432 | } | |
433 | ||
434 | main "$@" |