[jackhill/guix/guix.git] / etc / guix-install.sh

#!/bin/sh
# GNU Guix --- Functional package management for GNU
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

# We require Bash but for portability we'd rather not use /bin/bash or
# /usr/bin/env in the shebang, hence this hack.
if [ "x$BASH_VERSION" = "x" ]
then
    exec bash "$0" "$@"
fi

set -e

[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }

REQUIRE=(
    "dirname"
    "readlink"
    "wget"
    "gpg"
    "grep"
    "which"
    "sed"
    "sort"
    "getent"
    "mktemp"
    "rm"
    "chmod"
    "uname"
    "groupadd"
    "tail"
    "tr"
    "xz"
)

PAS=$'[ \033[32;1mPASS\033[0m ] '
ERR=$'[ \033[31;1mFAIL\033[0m ] '
WAR=$'[ \033[33;1mWARN\033[0m ] '
INF="[ INFO ] "

DEBUG=0
GNU_URL="https://ftp.gnu.org/gnu/guix/"
#GNU_URL="https://alpha.gnu.org/gnu/guix/"
OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"

# This script needs to know where root's home directory is.  However, we
# cannot simply use the HOME environment variable, since there is no guarantee
# that it points to root's home directory.
ROOT_HOME="$(echo ~root)"

# ------------------------------------------------------------------------------
#+UTILITIES

_err()
{ # All errors go to stderr.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_msg()
{ # Default message to stdout.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_debug()
{
    if [ "${DEBUG}" = '1' ]; then
        printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
    fi
}


chk_require()
{ # Check that every required command is available.
    declare -a warn
    local c

    _debug "--- [ $FUNCNAME ] ---"

    for c in "$@"; do
        command -v "$c" &>/dev/null || warn+=("$c")
    done

    [ "${#warn}" -ne 0 ] &&
        { _err "${ERR}Missing commands: ${warn[*]}.";
          return 1; }
    
    _msg "${PAS}verification of required commands completed"
}

chk_gpg_keyring()
{ # Check whether the Guix release signing public key is present.
    _debug "--- [ $FUNCNAME ] ---"

    # Without --dry-run this command will create a ~/.gnupg owned by root on
    # systems where gpg has never been used, causing errors and confusion.
    gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
        _err "${ERR}Missing OpenPGP public key.  Fetch it with this command:"
        echo "  wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | sudo -i gpg --import -"
        exit 1
    )
}

chk_term()
{ # Check for ANSI terminal for color printing.
    local ansi_term

    if [ -t 2 ]; then
        if [ "${TERM+set}" = 'set' ]; then
            case "$TERM" in
                xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
                    ansi_term=true
                    ;;
                *)
                    ansi_term=false
                    ERR="[ FAIL ] "
                    PAS="[ PASS ] "
                    ;;
            esac
        fi
    fi
}

chk_init_sys()
{ # Return init system type name.
    if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
        _msg "${INF}init system is: upstart"
        INIT_SYS="upstart"
        return 0
    elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
        _msg "${INF}init system is: systemd"
        INIT_SYS="systemd"
        return 0
    elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
        _msg "${INF}init system is: sysv-init"
        INIT_SYS="sysv-init"
        return 0
    elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
        _msg "${INF}init system is: OpenRC"
        INIT_SYS="openrc"
        return 0
    else
        INIT_SYS="NA"
        _err "${ERR}Init system could not be detected."
    fi
}

chk_sys_arch()
{ # Check for operating system and architecture type.
    local os
    local arch

    os="$(uname -s)"
    arch="$(uname -m)"

    case "$arch" in
        i386 | i486 | i686 | i786 | x86)
            local arch=i686
            ;;
        x86_64 | x86-64 | x64 | amd64)
            local arch=x86_64
            ;;
        aarch64)
            local arch=aarch64
            ;;
        armv7l)
            local arch=armhf
            ;;
        *)
            _err "${ERR}Unsupported CPU type: ${arch}"
            exit 1
    esac

    case "$os" in
        Linux | linux)
            local os=linux
            ;;
        *)
            _err "${ERR}Your operation system (${os}) is not supported."
            exit 1
    esac

    ARCH_OS="${arch}-${os}"
}

chk_sys_nscd()
{ # Check if nscd is up and suggest to start it or install it
    if [ "$(type -P pidof)" ]; then
        if [ ! "$(pidof nscd)" ]; then
            _msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
            _msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
        fi
    else
        _msg "${INF}We cannot determine if your distribution 'nscd' service is running"
        _msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
    fi
}

# ------------------------------------------------------------------------------
#+MAIN

guix_get_bin_list()
{ # Scan GNU archive and save list of binaries
    local gnu_url="$1"
    local -a bin_ver_ls
    local latest_ver
    local default_ver

    _debug "--- [ $FUNCNAME ] ---"

    # Filter only version and architecture
    bin_ver_ls=("$(wget -qO- "$gnu_url" \
        | sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
        | sort -Vu)")

    latest_ver="$(echo "${bin_ver_ls[0]}" \
                       | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
                       | tail -n1)"

    default_ver="guix-binary-${latest_ver}.${ARCH_OS}"

    if [[ "${#bin_ver_ls}" -ne "0" ]]; then
        _msg "${PAS}Release for your system: ${default_ver}"
    else
        _err "${ERR}Could not obtain list of Guix releases."
        exit 1
    fi

    # Use default to download according to the list and local ARCH_OS.
    BIN_VER="${default_ver}"
}

guix_get_bin()
{ # Download and verify binary package.
    local url="$1"
    local bin_ver="$2"
    local dl_path="$3"

    _debug "--- [ $FUNCNAME ] ---"

    _msg "${INF}Downloading Guix release archive"

    wget --help | grep -q '\--show-progress' && \
        _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
    wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"

    if [[ "$?" -eq 0 ]]; then
       _msg "${PAS}download completed."
    else
        _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
        exit 1
    fi

    pushd "${dl_path}" >/dev/null
    gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
    if [[ "$?" -eq 0 ]]; then
        _msg "${PAS}Signature is valid."
        popd >/dev/null
    else
        _err "${ERR}could not verify the signature."
        exit 1
    fi
}

sys_create_store()
{ # Unpack and install /gnu/store and /var/guix
    local pkg="$1"
    local tmp_path="$2"

    _debug "--- [ $FUNCNAME ] ---"

    cd "$tmp_path"
    tar --extract \
        --file "$pkg" &&
    _msg "${PAS}unpacked archive"

    if [[ -e "/var/guix" || -e "/gnu" ]]; then
        _err "${ERR}A previous Guix installation was found.  Refusing to overwrite."
        exit 1
    else
        _msg "${INF}Installing /var/guix and /gnu..."
        mv "${tmp_path}/var/guix" /var/
        mv "${tmp_path}/gnu" /
    fi

    _msg "${INF}Linking the root user's profile"
    mkdir -p "${ROOT_HOME}/.config/guix"
    ln -sf /var/guix/profiles/per-user/root/current-guix \
       "${ROOT_HOME}/.config/guix/current"

    GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
    source "${GUIX_PROFILE}/etc/profile"
    _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
}

sys_create_build_user()
{ # Create the group and user accounts for build users.

    _debug "--- [ $FUNCNAME ] ---"

    if [ $(getent group guixbuild) ]; then
        _msg "${INF}group guixbuild exists"
    else
        groupadd --system guixbuild
        _msg "${PAS}group <guixbuild> created"
    fi

    for i in $(seq -w 1 10); do
        if id "guixbuilder${i}" &>/dev/null; then
            _msg "${INF}user is already in the system, reset"
            usermod -g guixbuild -G guixbuild           \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i"             \
                    "guixbuilder${i}";
        else
            useradd -g guixbuild -G guixbuild           \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i" --system    \
                    "guixbuilder${i}";
            _msg "${PAS}user added <guixbuilder${i}>"
        fi
    done
}

sys_enable_guix_daemon()
{ # Run the daemon, and set it to automatically start on boot.

    local info_path
    local local_bin
    local var_guix

    _debug "--- [ $FUNCNAME ] ---"

    info_path="/usr/local/share/info"
    local_bin="/usr/local/bin"
    var_guix="/var/guix/profiles/per-user/root/current-guix"

    case "$INIT_SYS" in
        upstart)
            { initctl reload-configuration;
              cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
                 /etc/init/ &&
                  start guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via upstart"
            ;;
        systemd)
            { # systemd .mount units must be named after the target directory.
              # Here we assume a hard-coded name of /gnu/store.
              # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
              if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
                  cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
                     /etc/systemd/system/;
                  chmod 664 /etc/systemd/system/gnu-store.mount;
                  systemctl daemon-reload &&
                      systemctl enable gnu-store.mount;
              fi

              cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
                 /etc/systemd/system/;
              chmod 664 /etc/systemd/system/guix-daemon.service;

              # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
              sed -i /etc/systemd/system/guix-daemon.service \
                  -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";

              # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
              if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
              then sed -i /etc/systemd/system/guix-daemon.service \
                       -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
              fi;

              systemctl daemon-reload &&
                  systemctl enable guix-daemon &&
                  systemctl start  guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via systemd"
            ;;
        sysv-init)
            { mkdir -p /etc/init.d;
              cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              update-rc.d guix-daemon defaults &&
                  update-rc.d guix-daemon enable &&
                  service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via sysv"
            ;;
        openrc)
            { mkdir -p /etc/init.d;
              cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              rc-update add guix-daemon default &&
                  rc-service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via OpenRC"
            ;;
        NA|*)
            _msg "${ERR}unsupported init system; run the daemon manually:"
            echo "  ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
            ;;
    esac

    _msg "${INF}making the guix command available to other users"

    [ -e "$local_bin" ] || mkdir -p "$local_bin"
    ln -sf "${var_guix}/bin/guix"  "$local_bin"

    [ -e "$info_path" ] || mkdir -p "$info_path"
    for i in "${var_guix}"/share/info/*; do
        ln -sf "$i" "$info_path"
    done
}

sys_authorize_build_farms()
{ # authorize the public key of the build farm
    while true; do
        read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
        case $yn in
            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
                       _msg "${PAS}Authorized public key for ci.guix.gnu.org";
                   break;;
            [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
                   break;;
            *) _msg "Please answer yes or no.";
        esac
    done
}

sys_create_init_profile()
{ # Create /etc/profile.d/guix.sh for better desktop integration
  # This will not take effect until the next shell or desktop session!
    [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
    cat <<"EOF" > /etc/profile.d/guix.sh
# _GUIX_PROFILE: `guix pull` profile
_GUIX_PROFILE="$HOME/.config/guix/current"
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
# Export INFOPATH so that the updated info pages can be found
# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
# When INFOPATH is unset, add a trailing colon so that Emacs
# searches 'Info-default-directory-list'.
export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"

# GUIX_PROFILE: User's default profile
GUIX_PROFILE="$HOME/.guix-profile"
[ -L $GUIX_PROFILE ] || return
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
export GUIX_PROFILE GUIX_LOCPATH

[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"

# set XDG_DATA_DIRS to include Guix installations
export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
EOF
}

sys_create_shell_completion()
{ # Symlink supported shell completions system-wide

    var_guix=/var/guix/profiles/per-user/root/current-guix
    bash_completion=/etc/bash_completion.d
    zsh_completion=/usr/share/zsh/site-functions
    fish_completion=/usr/share/fish/vendor_completions.d

    { # Just in case
        for dir_shell in $bash_completion $zsh_completion $fish_completion; do
            [ -d "$dir_shell" ] || mkdir -p $dir_shell
        done;

        ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
        ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
        ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
        _msg "${PAS}installed shell completion"
}


welcome()
{
    cat<<"EOF"
    ░░░                                     ░░░
    ░░▒▒░░░░░░░░░               ░░░░░░░░░▒▒░░
     ░░▒▒▒▒▒░░░░░░░           ░░░░░░░▒▒▒▒▒░
         ░▒▒▒░░▒▒▒▒▒         ░░░░░░░▒▒░
               ░▒▒▒▒░       ░░░░░░
                ▒▒▒▒▒      ░░░░░░
                 ▒▒▒▒▒     ░░░░░
                 ░▒▒▒▒▒   ░░░░░
                  ▒▒▒▒▒   ░░░░░
                   ▒▒▒▒▒ ░░░░░
                   ░▒▒▒▒▒░░░░░
                    ▒▒▒▒▒▒░░░
                     ▒▒▒▒▒▒░
     _____ _   _ _    _    _____       _
    / ____| \ | | |  | |  / ____|     (_)
   | |  __|  \| | |  | | | |  __ _   _ ___  __
   | | |_ | . ' | |  | | | | |_ | | | | \ \/ /
   | |__| | |\  | |__| | | |__| | |_| | |>  <
    \_____|_| \_|\____/   \_____|\__,_|_/_/\_\

This script installs GNU Guix on your system

https://www.gnu.org/software/guix/
EOF
    echo -n "Press return to continue..."
    read -r  ANSWER
}

main()
{
    local tmp_path
    welcome

    _msg "Starting installation ($(date))"

    chk_term
    chk_require "${REQUIRE[@]}"
    chk_gpg_keyring
    chk_init_sys
    chk_sys_arch
    chk_sys_nscd

    _msg "${INF}system is ${ARCH_OS}"

    umask 0022
    tmp_path="$(mktemp -t -d guix.XXX)"

    guix_get_bin_list "${GNU_URL}"
    guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"

    sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
    sys_create_build_user
    sys_enable_guix_daemon
    sys_authorize_build_farms
    sys_create_init_profile
    sys_create_shell_completion

    _msg "${INF}cleaning up ${tmp_path}"
    rm -r "${tmp_path}"

    _msg "${PAS}Guix has successfully been installed!"
    _msg "${INF}Run 'info guix' to read the manual."

    # Required to source /etc/profile in desktop environments.
    _msg "${INF}Please log out and back in to complete the installation."
 }

main "$@"
Commit	Line	Data
f5fdc54d	1	#!/bin/sh
6f4e8693 RW	2	# GNU Guix --- Functional package management for GNU
	3	# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
	4	# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
ea6b1bae	5	# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
ebbf9154	6	# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
cabac732	7	# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
b3fba5ef	8	# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
8311e4e1	9	# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
9d34b04f	10	# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
6f4e8693 RW	11	#
	12	# This file is part of GNU Guix.
	13	#
	14	# GNU Guix is free software; you can redistribute it and/or modify it
	15	# under the terms of the GNU General Public License as published by
	16	# the Free Software Foundation; either version 3 of the License, or (at
	17	# your option) any later version.
	18	#
	19	# GNU Guix is distributed in the hope that it will be useful, but
	20	# WITHOUT ANY WARRANTY; without even the implied warranty of
	21	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	# GNU General Public License for more details.
	23	#
	24	# You should have received a copy of the GNU General Public License
	25	# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	26
f5fdc54d LC	27	# We require Bash but for portability we'd rather not use /bin/bash or
	28	# /usr/bin/env in the shebang, hence this hack.
	29	if [ "x$BASH_VERSION" = "x" ]
	30	then
	31	exec bash "$0" "$@"
	32	fi
	33
6f4e8693 RW	34	set -e
	35
	36	[ "$UID" -eq 0 ] \|\| { echo "This script must be run as root."; exit 1; }
	37
	38	REQUIRE=(
	39	"dirname"
	40	"readlink"
	41	"wget"
	42	"gpg"
	43	"grep"
	44	"which"
	45	"sed"
	46	"sort"
	47	"getent"
	48	"mktemp"
	49	"rm"
	50	"chmod"
	51	"uname"
	52	"groupadd"
	53	"tail"
	54	"tr"
39939e30	55	"xz"
6f4e8693 RW	56	)
	57
	58	PAS=$'[ \033[32;1mPASS\033[0m ] '
	59	ERR=$'[ \033[31;1mFAIL\033[0m ] '
b2683a2b	60	WAR=$'[ \033[33;1mWARN\033[0m ] '
6f4e8693 RW	61	INF="[ INFO ] "
	62
	63	DEBUG=0
3a3e9f2b	64	GNU_URL="https://ftp.gnu.org/gnu/guix/"
8311e4e1	65	#GNU_URL="https://alpha.gnu.org/gnu/guix/"
6f4e8693 RW	66	OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
6f4e8693 RW	67
3cd4447f CM	68	# This script needs to know where root's home directory is. However, we
	69	# cannot simply use the HOME environment variable, since there is no guarantee
	70	# that it points to root's home directory.
	71	ROOT_HOME="$(echo ~root)"
	72
6f4e8693 RW	73	# ------------------------------------------------------------------------------
	74	#+UTILITIES
	75
	76	_err()
	77	{ # All errors go to stderr.
	78	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	79	}
	80
	81	_msg()
	82	{ # Default message to stdout.
	83	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	84	}
	85
	86	_debug()
	87	{
	88	if [ "${DEBUG}" = '1' ]; then
	89	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	90	fi
	91	}
	92
	93
	94	chk_require()
	95	{ # Check that every required command is available.
6f4e8693	96	declare -a warn
7a2e0c52	97	local c
6f4e8693	98
6f4e8693 RW	99	_debug "--- [ $FUNCNAME ] ---"
6f4e8693 RW	100
6c77d79a	101	for c in "$@"; do
593fe736	102	command -v "$c" &>/dev/null \|\| warn+=("$c")
6f4e8693 RW	103	done
	104
	105	[ "${#warn}" -ne 0 ] &&
	106	{ _err "${ERR}Missing commands: ${warn[*]}.";
	107	return 1; }
	108
	109	_msg "${PAS}verification of required commands completed"
5d8e505c TGR	110	}
	111
	112	chk_gpg_keyring()
	113	{ # Check whether the Guix release signing public key is present.
	114	_debug "--- [ $FUNCNAME ] ---"
6f4e8693	115
9b2644c2 TGR	116	# Without --dry-run this command will create a ~/.gnupg owned by root on
	117	# systems where gpg has never been used, causing errors and confusion.
	118	gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 \|\| (
6f4e8693	119	_err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
ea0da486	120	echo " wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - \| sudo -i gpg --import -"
6f4e8693 RW	121	exit 1
	122	)
	123	}
	124
	125	chk_term()
	126	{ # Check for ANSI terminal for color printing.
	127	local ansi_term
	128
	129	if [ -t 2 ]; then
	130	if [ "${TERM+set}" = 'set' ]; then
	131	case "$TERM" in
	132	xterm\|rxvt\|urxvt\|linux\|vt\|eterm\|screen*)
	133	ansi_term=true
	134	;;
	135	*)
	136	ansi_term=false
	137	ERR="[ FAIL ] "
	138	PAS="[ PASS ] "
	139	;;
	140	esac
	141	fi
	142	fi
	143	}
	144
	145	chk_init_sys()
	146	{ # Return init system type name.
	147	if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
	148	_msg "${INF}init system is: upstart"
	149	INIT_SYS="upstart"
	150	return 0
dc1aede3	151	elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
6f4e8693 RW	152	_msg "${INF}init system is: systemd"
	153	INIT_SYS="systemd"
	154	return 0
	155	elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
	156	_msg "${INF}init system is: sysv-init"
	157	INIT_SYS="sysv-init"
	158	return 0
cabac732 MS	159	elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
	160	_msg "${INF}init system is: OpenRC"
	161	INIT_SYS="openrc"
	162	return 0
6f4e8693 RW	163	else
	164	INIT_SYS="NA"
	165	_err "${ERR}Init system could not be detected."
	166	fi
	167	}
	168
	169	chk_sys_arch()
	170	{ # Check for operating system and architecture type.
	171	local os
	172	local arch
	173
	174	os="$(uname -s)"
	175	arch="$(uname -m)"
	176
	177	case "$arch" in
	178	i386 \| i486 \| i686 \| i786 \| x86)
	179	local arch=i686
	180	;;
	181	x86_64 \| x86-64 \| x64 \| amd64)
	182	local arch=x86_64
	183	;;
ea6b1bae EF	184	aarch64)
	185	local arch=aarch64
	186	;;
7c164068 VL	187	armv7l)
	188	local arch=armhf
	189	;;
6f4e8693 RW	190	*)
	191	_err "${ERR}Unsupported CPU type: ${arch}"
	192	exit 1
	193	esac
	194
	195	case "$os" in
	196	Linux \| linux)
	197	local os=linux
	198	;;
	199	*)
	200	_err "${ERR}Your operation system (${os}) is not supported."
	201	exit 1
	202	esac
	203
	204	ARCH_OS="${arch}-${os}"
	205	}
	206
b2683a2b	207	chk_sys_nscd()
	208	{ # Check if nscd is up and suggest to start it or install it
	209	if [ "$(type -P pidof)" ]; then
	210	if [ ! "$(pidof nscd)" ]; then
	211	_msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
	212	_msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
	213	fi
	214	else
	215	_msg "${INF}We cannot determine if your distribution 'nscd' service is running"
	216	_msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
	217	fi
	218	}
	219
6f4e8693 RW	220	# ------------------------------------------------------------------------------
	221	#+MAIN
	222
	223	guix_get_bin_list()
	224	{ # Scan GNU archive and save list of binaries
	225	local gnu_url="$1"
	226	local -a bin_ver_ls
	227	local latest_ver
	228	local default_ver
	229
	230	_debug "--- [ $FUNCNAME ] ---"
	231
	232	# Filter only version and architecture
	233	bin_ver_ls=("$(wget -qO- "$gnu_url" \
8311e4e1	234	\| sed -n -e 's/.guix-binary-\([0-9.][a-z0-9]\)\...tar.xz.*/\1/p' \
6f4e8693 RW	235	\| sort -Vu)")
6f4e8693 RW	236
1f4e878f	237	latest_ver="$(echo "${bin_ver_ls[0]}" \
8311e4e1	238	\| grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
6f4e8693 RW	239	\| tail -n1)"
	240
	241	default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
	242
	243	if [[ "${#bin_ver_ls}" -ne "0" ]]; then
	244	_msg "${PAS}Release for your system: ${default_ver}"
	245	else
	246	_err "${ERR}Could not obtain list of Guix releases."
	247	exit 1
	248	fi
	249
	250	# Use default to download according to the list and local ARCH_OS.
1f4e878f	251	BIN_VER="${default_ver}"
6f4e8693 RW	252	}
	253
	254	guix_get_bin()
	255	{ # Download and verify binary package.
	256	local url="$1"
	257	local bin_ver="$2"
	258	local dl_path="$3"
	259
	260	_debug "--- [ $FUNCNAME ] ---"
	261
	262	_msg "${INF}Downloading Guix release archive"
	263
	264	wget --help \| grep -q '\--show-progress' && \
	265	_PROGRESS_OPT="-q --show-progress" \|\| _PROGRESS_OPT=""
	266	wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
	267
	268	if [[ "$?" -eq 0 ]]; then
	269	_msg "${PAS}download completed."
	270	else
	271	_err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
	272	exit 1
	273	fi
	274
d2532317	275	pushd "${dl_path}" >/dev/null
6f4e8693 RW	276	gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
	277	if [[ "$?" -eq 0 ]]; then
	278	_msg "${PAS}Signature is valid."
	279	popd >/dev/null
	280	else
	281	_err "${ERR}could not verify the signature."
	282	exit 1
	283	fi
	284	}
	285
	286	sys_create_store()
	287	{ # Unpack and install /gnu/store and /var/guix
	288	local pkg="$1"
	289	local tmp_path="$2"
	290
	291	_debug "--- [ $FUNCNAME ] ---"
	292
	293	cd "$tmp_path"
f72bafe3	294	tar --extract \
6f4e8693 RW	295	--file "$pkg" &&
	296	_msg "${PAS}unpacked archive"
	297
	298	if [[ -e "/var/guix" \|\| -e "/gnu" ]]; then
	299	_err "${ERR}A previous Guix installation was found. Refusing to overwrite."
	300	exit 1
	301	else
	302	_msg "${INF}Installing /var/guix and /gnu..."
	303	mv "${tmp_path}/var/guix" /var/
	304	mv "${tmp_path}/gnu" /
	305	fi
	306
	307	_msg "${INF}Linking the root user's profile"
e9926f80 LC	308	mkdir -p "${ROOT_HOME}/.config/guix"
	309	ln -sf /var/guix/profiles/per-user/root/current-guix \
	310	"${ROOT_HOME}/.config/guix/current"
6f4e8693	311
e9926f80	312	GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
6f4e8693	313	source "${GUIX_PROFILE}/etc/profile"
e9926f80	314	_msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
6f4e8693 RW	315	}
	316
	317	sys_create_build_user()
	318	{ # Create the group and user accounts for build users.
	319
	320	_debug "--- [ $FUNCNAME ] ---"
	321
	322	if [ $(getent group guixbuild) ]; then
	323	_msg "${INF}group guixbuild exists"
	324	else
	325	groupadd --system guixbuild
	326	_msg "${PAS}group <guixbuild> created"
	327	fi
	328
	329	for i in $(seq -w 1 10); do
	330	if id "guixbuilder${i}" &>/dev/null; then
	331	_msg "${INF}user is already in the system, reset"
	332	usermod -g guixbuild -G guixbuild \
	333	-d /var/empty -s "$(which nologin)" \
	334	-c "Guix build user $i" \
	335	"guixbuilder${i}";
	336	else
	337	useradd -g guixbuild -G guixbuild \
	338	-d /var/empty -s "$(which nologin)" \
	339	-c "Guix build user $i" --system \
	340	"guixbuilder${i}";
	341	_msg "${PAS}user added <guixbuilder${i}>"
	342	fi
	343	done
	344	}
	345
	346	sys_enable_guix_daemon()
	347	{ # Run the daemon, and set it to automatically start on boot.
	348
	349	local info_path
	350	local local_bin
	351	local var_guix
	352
	353	_debug "--- [ $FUNCNAME ] ---"
	354
	355	info_path="/usr/local/share/info"
	356	local_bin="/usr/local/bin"
e9926f80	357	var_guix="/var/guix/profiles/per-user/root/current-guix"
6f4e8693 RW	358
	359	case "$INIT_SYS" in
	360	upstart)
	361	{ initctl reload-configuration;
e9926f80	362	cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
6f4e8693 RW	363	/etc/init/ &&
	364	start guix-daemon; } &&
	365	_msg "${PAS}enabled Guix daemon via upstart"
	366	;;
	367	systemd)
1a1faa78 TGR	368	{ # systemd .mount units must be named after the target directory.
1a1faa78 TGR	369	# Here we assume a hard-coded name of /gnu/store.
ebbf9154 TGR	370	# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
	371	if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
	372	cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
	373	/etc/systemd/system/;
	374	chmod 664 /etc/systemd/system/gnu-store.mount;
d6f303d4 TGR	375	systemctl daemon-reload &&
d6f303d4 TGR	376	systemctl enable gnu-store.mount;
ebbf9154	377	fi
1a1faa78 TGR	378
1a1faa78 TGR	379	cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
6f4e8693 RW	380	/etc/systemd/system/;
6f4e8693 RW	381	chmod 664 /etc/systemd/system/guix-daemon.service;
e1e3fe08	382
7c164068 VL	383	# Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
	384	sed -i /etc/systemd/system/guix-daemon.service \
	385	-e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
e1e3fe08	386
7c164068 VL	387	# Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
	388	if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
	389	then sed -i /etc/systemd/system/guix-daemon.service \
	390	-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
	391	fi;
e1e3fe08	392
6f4e8693	393	systemctl daemon-reload &&
d6f303d4 TGR	394	systemctl enable guix-daemon &&
d6f303d4 TGR	395	systemctl start guix-daemon; } &&
6f4e8693 RW	396	_msg "${PAS}enabled Guix daemon via systemd"
6f4e8693 RW	397	;;
fe60ef99 DM	398	sysv-init)
	399	{ mkdir -p /etc/init.d;
	400	cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
	401	/etc/init.d/guix-daemon;
	402	chmod 775 /etc/init.d/guix-daemon;
	403
	404	update-rc.d guix-daemon defaults &&
	405	update-rc.d guix-daemon enable &&
	406	service guix-daemon start; } &&
	407	_msg "${PAS}enabled Guix daemon via sysv"
	408	;;
cabac732 MS	409	openrc)
	410	{ mkdir -p /etc/init.d;
	411	cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
	412	/etc/init.d/guix-daemon;
	413	chmod 775 /etc/init.d/guix-daemon;
	414
	415	rc-update add guix-daemon default &&
	416	rc-service guix-daemon start; } &&
	417	_msg "${PAS}enabled Guix daemon via OpenRC"
	418	;;
6f4e8693 RW	419	NA\|*)
6f4e8693 RW	420	_msg "${ERR}unsupported init system; run the daemon manually:"
e9926f80	421	echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
6f4e8693 RW	422	;;
	423	esac
	424
	425	_msg "${INF}making the guix command available to other users"
	426
	427	[ -e "$local_bin" ] \|\| mkdir -p "$local_bin"
	428	ln -sf "${var_guix}/bin/guix" "$local_bin"
	429
	430	[ -e "$info_path" ] \|\| mkdir -p "$info_path"
b4a1252b	431	for i in "${var_guix}"/share/info/*; do
6f4e8693 RW	432	ln -sf "$i" "$info_path"
	433	done
	434	}
	435
	436	sys_authorize_build_farms()
414c4de1	437	{ # authorize the public key of the build farm
6f4e8693	438	while true; do
414c4de1	439	read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
6f4e8693	440	case $yn in
414c4de1	441	[Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
825c39bf	442	_msg "${PAS}Authorized public key for ci.guix.gnu.org";
6f4e8693 RW	443	break;;
	444	[Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
	445	break;;
	446	*) _msg "Please answer yes or no.";
	447	esac
	448	done
	449	}
	450
30810aff PG	451	sys_create_init_profile()
30810aff PG	452	{ # Create /etc/profile.d/guix.sh for better desktop integration
2ffd1314	453	# This will not take effect until the next shell or desktop session!
29ba58c0	454	[ -d "/etc/profile.d" ] \|\| mkdir /etc/profile.d # Just in case
30810aff PG	455	cat <<"EOF" > /etc/profile.d/guix.sh
	456	# _GUIX_PROFILE: `guix pull` profile
	457	_GUIX_PROFILE="$HOME/.config/guix/current"
9d34b04f JK	458	export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
	459	# Export INFOPATH so that the updated info pages can be found
	460	# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
	461	# When INFOPATH is unset, add a trailing colon so that Emacs
	462	# searches 'Info-default-directory-list'.
	463	export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
30810aff PG	464
	465	# GUIX_PROFILE: User's default profile
	466	GUIX_PROFILE="$HOME/.guix-profile"
	467	[ -L $GUIX_PROFILE ] \|\| return
	468	GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
	469	export GUIX_PROFILE GUIX_LOCPATH
	470
e69b8bba	471	[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
30810aff PG	472
30810aff PG	473	# set XDG_DATA_DIRS to include Guix installations
7ff169d0	474	export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
30810aff PG	475	EOF
	476	}
	477
b3fba5ef	478	sys_create_shell_completion()
	479	{ # Symlink supported shell completions system-wide
	480
	481	var_guix=/var/guix/profiles/per-user/root/current-guix
	482	bash_completion=/etc/bash_completion.d
	483	zsh_completion=/usr/share/zsh/site-functions
	484	fish_completion=/usr/share/fish/vendor_completions.d
	485
	486	{ # Just in case
	487	for dir_shell in $bash_completion $zsh_completion $fish_completion; do
	488	[ -d "$dir_shell" ] \|\| mkdir -p $dir_shell
	489	done;
	490
	491	ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
	492	ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
	493	ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
	494	_msg "${PAS}installed shell completion"
	495	}
	496
	497
6f4e8693 RW	498	welcome()
	499	{
	500	cat<<"EOF"
	501	░░░ ░░░
	502	░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
	503	░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
	504	░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
	505	░▒▒▒▒░ ░░░░░░
	506	▒▒▒▒▒ ░░░░░░
	507	▒▒▒▒▒ ░░░░░
	508	░▒▒▒▒▒ ░░░░░
	509	▒▒▒▒▒ ░░░░░
	510	▒▒▒▒▒ ░░░░░
	511	░▒▒▒▒▒░░░░░
	512	▒▒▒▒▒▒░░░
	513	▒▒▒▒▒▒░
	514	_____ _ _ _ _ _____ _
	515	/ ____\| \ \| \| \| \| \| / ____\| (_)
	516	\| \| __\| \\| \| \| \| \| \| \| __ _ _ ___ __
	517	\| \| \|_ \| . ' \| \| \| \| \| \| \|_ \| \| \| \| \ \/ /
	518	\| \|__\| \| \|\ \| \|__\| \| \| \|__\| \| \|_\| \| \|> <
	519	\_____\|_\| \_\|\____/ \_____\|\__,_\|_/_/\_\
	520
	521	This script installs GNU Guix on your system
	522
	523	https://www.gnu.org/software/guix/
	524	EOF
	525	echo -n "Press return to continue..."
	526	read -r ANSWER
	527	}
	528
	529	main()
	530	{
	531	local tmp_path
	532	welcome
	533
	534	_msg "Starting installation ($(date))"
	535
	536	chk_term
6c77d79a	537	chk_require "${REQUIRE[@]}"
5d8e505c	538	chk_gpg_keyring
6f4e8693 RW	539	chk_init_sys
6f4e8693 RW	540	chk_sys_arch
b2683a2b	541	chk_sys_nscd
6f4e8693 RW	542
	543	_msg "${INF}system is ${ARCH_OS}"
	544
32c06aff	545	umask 0022
6f4e8693 RW	546	tmp_path="$(mktemp -t -d guix.XXX)"
	547
	548	guix_get_bin_list "${GNU_URL}"
	549	guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
	550
	551	sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
	552	sys_create_build_user
	553	sys_enable_guix_daemon
	554	sys_authorize_build_farms
30810aff	555	sys_create_init_profile
b3fba5ef	556	sys_create_shell_completion
6f4e8693 RW	557
	558	_msg "${INF}cleaning up ${tmp_path}"
	559	rm -r "${tmp_path}"
	560
	561	_msg "${PAS}Guix has successfully been installed!"
	562	_msg "${INF}Run 'info guix' to read the manual."
2ffd1314 TGR	563
	564	# Required to source /etc/profile in desktop environments.
	565	_msg "${INF}Please log out and back in to complete the installation."
6f4e8693 RW	566	}
	567
	568	main "$@"