[jackhill/guix/guix.git] / etc / guix-install.sh

#!/bin/sh
# GNU Guix --- Functional package management for GNU
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

# We require Bash but for portability we'd rather not use /bin/bash or
# /usr/bin/env in the shebang, hence this hack.
if [ "x$BASH_VERSION" = "x" ]
then
    exec bash "$0" "$@"
fi

set -e

[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }

REQUIRE=(
    "dirname"
    "readlink"
    "wget"
    "gpg"
    "grep"
    "which"
    "sed"
    "sort"
    "getent"
    "mktemp"
    "rm"
    "chmod"
    "uname"
    "groupadd"
    "tail"
    "tr"
    "xz"
)

PAS=$'[ \033[32;1mPASS\033[0m ] '
ERR=$'[ \033[31;1mFAIL\033[0m ] '
INF="[ INFO ] "

DEBUG=0
GNU_URL="https://ftp.gnu.org/gnu/guix/"
OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"

# This script needs to know where root's home directory is.  However, we
# cannot simply use the HOME environment variable, since there is no guarantee
# that it points to root's home directory.
ROOT_HOME="$(echo ~root)"

# ------------------------------------------------------------------------------
#+UTILITIES

_err()
{ # All errors go to stderr.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_msg()
{ # Default message to stdout.
    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
}

_debug()
{
    if [ "${DEBUG}" = '1' ]; then
        printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
    fi
}


chk_require()
{ # Check that every required command is available.
    declare -a warn
    local c

    _debug "--- [ $FUNCNAME ] ---"

    for c in "$@"; do
        command -v "$c" &>/dev/null || warn+=("$c")
    done

    [ "${#warn}" -ne 0 ] &&
        { _err "${ERR}Missing commands: ${warn[*]}.";
          return 1; }
    
    _msg "${PAS}verification of required commands completed"
}

chk_gpg_keyring()
{ # Check whether the Guix release signing public key is present.
    _debug "--- [ $FUNCNAME ] ---"

    # Without --dry-run this command will create a ~/.gnupg owned by root on
    # systems where gpg has never been used, causing errors and confusion.
    gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
        _err "${ERR}Missing OpenPGP public key.  Fetch it with this command:"
        echo "  wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | sudo -i gpg --import -"
        exit 1
    )
}

chk_term()
{ # Check for ANSI terminal for color printing.
    local ansi_term

    if [ -t 2 ]; then
        if [ "${TERM+set}" = 'set' ]; then
            case "$TERM" in
                xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
                    ansi_term=true
                    ;;
                *)
                    ansi_term=false
                    ERR="[ FAIL ] "
                    PAS="[ PASS ] "
                    ;;
            esac
        fi
    fi
}

chk_init_sys()
{ # Return init system type name.
    if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
        _msg "${INF}init system is: upstart"
        INIT_SYS="upstart"
        return 0
    elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
        _msg "${INF}init system is: systemd"
        INIT_SYS="systemd"
        return 0
    elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
        _msg "${INF}init system is: sysv-init"
        INIT_SYS="sysv-init"
        return 0
    elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
        _msg "${INF}init system is: OpenRC"
        INIT_SYS="openrc"
        return 0
    else
        INIT_SYS="NA"
        _err "${ERR}Init system could not be detected."
    fi
}

chk_sys_arch()
{ # Check for operating system and architecture type.
    local os
    local arch

    os="$(uname -s)"
    arch="$(uname -m)"

    case "$arch" in
        i386 | i486 | i686 | i786 | x86)
            local arch=i686
            ;;
        x86_64 | x86-64 | x64 | amd64)
            local arch=x86_64
            ;;
        aarch64)
            local arch=aarch64
            ;;
	armv7l)
	    local arch=armhf
	    ;;
        *)
            _err "${ERR}Unsupported CPU type: ${arch}"
            exit 1
    esac

    case "$os" in
        Linux | linux)
            local os=linux
            ;;
        *)
            _err "${ERR}Your operation system (${os}) is not supported."
            exit 1
    esac

    ARCH_OS="${arch}-${os}"
}

# ------------------------------------------------------------------------------
#+MAIN

guix_get_bin_list()
{ # Scan GNU archive and save list of binaries
    local gnu_url="$1"
    local -a bin_ver_ls
    local latest_ver
    local default_ver

    _debug "--- [ $FUNCNAME ] ---"

    # Filter only version and architecture
    bin_ver_ls=("$(wget -qO- "$gnu_url" \
        | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \
        | sort -Vu)")

    latest_ver="$(echo "$bin_ver_ls" \
                       | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}" \
                       | tail -n1)"

    default_ver="guix-binary-${latest_ver}.${ARCH_OS}"

    if [[ "${#bin_ver_ls}" -ne "0" ]]; then
        _msg "${PAS}Release for your system: ${default_ver}"
    else
        _err "${ERR}Could not obtain list of Guix releases."
        exit 1
    fi

    # Use default to download according to the list and local ARCH_OS.
    BIN_VER="$default_ver"
}

guix_get_bin()
{ # Download and verify binary package.
    local url="$1"
    local bin_ver="$2"
    local dl_path="$3"

    _debug "--- [ $FUNCNAME ] ---"

    _msg "${INF}Downloading Guix release archive"

    wget --help | grep -q '\--show-progress' && \
        _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
    wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"

    if [[ "$?" -eq 0 ]]; then
       _msg "${PAS}download completed."
    else
        _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
        exit 1
    fi

    pushd $dl_path >/dev/null
    gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
    if [[ "$?" -eq 0 ]]; then
        _msg "${PAS}Signature is valid."
        popd >/dev/null
    else
        _err "${ERR}could not verify the signature."
        exit 1
    fi
}

sys_create_store()
{ # Unpack and install /gnu/store and /var/guix
    local pkg="$1"
    local tmp_path="$2"

    _debug "--- [ $FUNCNAME ] ---"

    cd "$tmp_path"
    tar --extract \
        --file "$pkg" &&
    _msg "${PAS}unpacked archive"

    if [[ -e "/var/guix" || -e "/gnu" ]]; then
        _err "${ERR}A previous Guix installation was found.  Refusing to overwrite."
        exit 1
    else
        _msg "${INF}Installing /var/guix and /gnu..."
        mv "${tmp_path}/var/guix" /var/
        mv "${tmp_path}/gnu" /
    fi

    _msg "${INF}Linking the root user's profile"
    mkdir -p "${ROOT_HOME}/.config/guix"
    ln -sf /var/guix/profiles/per-user/root/current-guix \
       "${ROOT_HOME}/.config/guix/current"

    GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
    source "${GUIX_PROFILE}/etc/profile"
    _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
}

sys_create_build_user()
{ # Create the group and user accounts for build users.

    _debug "--- [ $FUNCNAME ] ---"

    if [ $(getent group guixbuild) ]; then
        _msg "${INF}group guixbuild exists"
    else
        groupadd --system guixbuild
        _msg "${PAS}group <guixbuild> created"
    fi

    for i in $(seq -w 1 10); do
        if id "guixbuilder${i}" &>/dev/null; then
            _msg "${INF}user is already in the system, reset"
            usermod -g guixbuild -G guixbuild           \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i"             \
                    "guixbuilder${i}";
        else
            useradd -g guixbuild -G guixbuild           \
                    -d /var/empty -s "$(which nologin)" \
                    -c "Guix build user $i" --system    \
                    "guixbuilder${i}";
            _msg "${PAS}user added <guixbuilder${i}>"
        fi
    done
}

sys_enable_guix_daemon()
{ # Run the daemon, and set it to automatically start on boot.

    local info_path
    local local_bin
    local var_guix

    _debug "--- [ $FUNCNAME ] ---"

    info_path="/usr/local/share/info"
    local_bin="/usr/local/bin"
    var_guix="/var/guix/profiles/per-user/root/current-guix"

    case "$INIT_SYS" in
        upstart)
            { initctl reload-configuration;
              cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
                 /etc/init/ &&
                  start guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via upstart"
            ;;
        systemd)
            { # systemd .mount units must be named after the target directory.
              # Here we assume a hard-coded name of /gnu/store.
              # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
              if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
                  cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
                     /etc/systemd/system/;
                  chmod 664 /etc/systemd/system/gnu-store.mount;
                  systemctl daemon-reload &&
                      systemctl enable gnu-store.mount;
              fi

              cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
                 /etc/systemd/system/;
              chmod 664 /etc/systemd/system/guix-daemon.service;

	      # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
	      sed -i /etc/systemd/system/guix-daemon.service \
	          -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";

	      # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
	      if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
	      then sed -i /etc/systemd/system/guix-daemon.service \
		       -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
	      fi;

              systemctl daemon-reload &&
                  systemctl enable guix-daemon &&
                  systemctl start  guix-daemon; } &&
                _msg "${PAS}enabled Guix daemon via systemd"
            ;;
        sysv-init)
            { mkdir -p /etc/init.d;
              cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              update-rc.d guix-daemon defaults &&
                  update-rc.d guix-daemon enable &&
                  service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via sysv"
            ;;
        openrc)
            { mkdir -p /etc/init.d;
              cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
                 /etc/init.d/guix-daemon;
              chmod 775 /etc/init.d/guix-daemon;

              rc-update add guix-daemon default &&
                  rc-service guix-daemon start; } &&
                _msg "${PAS}enabled Guix daemon via OpenRC"
            ;;
        NA|*)
            _msg "${ERR}unsupported init system; run the daemon manually:"
            echo "  ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
            ;;
    esac

    _msg "${INF}making the guix command available to other users"

    [ -e "$local_bin" ] || mkdir -p "$local_bin"
    ln -sf "${var_guix}/bin/guix"  "$local_bin"

    [ -e "$info_path" ] || mkdir -p "$info_path"
    for i in ${var_guix}/share/info/*; do
        ln -sf "$i" "$info_path"
    done
}

sys_authorize_build_farms()
{ # authorize the public key of the build farm
    while true; do
        read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
        case $yn in
            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
                       _msg "${PAS}Authorized public key for ci.guix.gnu.org";
                   break;;
            [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
                   break;;
            *) _msg "Please answer yes or no.";
        esac
    done
}

sys_create_init_profile()
{ # Create /etc/profile.d/guix.sh for better desktop integration
  # This will not take effect until the next shell or desktop session!
    [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
    cat <<"EOF" > /etc/profile.d/guix.sh
# _GUIX_PROFILE: `guix pull` profile
_GUIX_PROFILE="$HOME/.config/guix/current"
if [ -L $_GUIX_PROFILE ]; then
  export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
  # Export INFOPATH so that the updated info pages can be found
  # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
  # When INFOPATH is unset, add a trailing colon so that Emacs
  # searches 'Info-default-directory-list'.
  export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
fi

# GUIX_PROFILE: User's default profile
GUIX_PROFILE="$HOME/.guix-profile"
[ -L $GUIX_PROFILE ] || return
GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
export GUIX_PROFILE GUIX_LOCPATH

[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"

# set XDG_DATA_DIRS to include Guix installations
export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
EOF
}

welcome()
{
    cat<<"EOF"
    ░░░                                     ░░░
    ░░▒▒░░░░░░░░░               ░░░░░░░░░▒▒░░
     ░░▒▒▒▒▒░░░░░░░           ░░░░░░░▒▒▒▒▒░
         ░▒▒▒░░▒▒▒▒▒         ░░░░░░░▒▒░
               ░▒▒▒▒░       ░░░░░░
                ▒▒▒▒▒      ░░░░░░
                 ▒▒▒▒▒     ░░░░░
                 ░▒▒▒▒▒   ░░░░░
                  ▒▒▒▒▒   ░░░░░
                   ▒▒▒▒▒ ░░░░░
                   ░▒▒▒▒▒░░░░░
                    ▒▒▒▒▒▒░░░
                     ▒▒▒▒▒▒░
     _____ _   _ _    _    _____       _
    / ____| \ | | |  | |  / ____|     (_)
   | |  __|  \| | |  | | | |  __ _   _ ___  __
   | | |_ | . ' | |  | | | | |_ | | | | \ \/ /
   | |__| | |\  | |__| | | |__| | |_| | |>  <
    \_____|_| \_|\____/   \_____|\__,_|_/_/\_\

This script installs GNU Guix on your system

https://www.gnu.org/software/guix/
EOF
    echo -n "Press return to continue..."
    read -r  ANSWER
}

main()
{
    local tmp_path
    welcome

    _msg "Starting installation ($(date))"

    chk_term
    chk_require "${REQUIRE[@]}"
    chk_gpg_keyring
    chk_init_sys
    chk_sys_arch

    _msg "${INF}system is ${ARCH_OS}"

    umask 0022
    tmp_path="$(mktemp -t -d guix.XXX)"

    guix_get_bin_list "${GNU_URL}"
    guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"

    sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
    sys_create_build_user
    sys_enable_guix_daemon
    sys_authorize_build_farms
    sys_create_init_profile

    _msg "${INF}cleaning up ${tmp_path}"
    rm -r "${tmp_path}"

    _msg "${PAS}Guix has successfully been installed!"
    _msg "${INF}Run 'info guix' to read the manual."

    # Required to source /etc/profile in desktop environments.
    _msg "${INF}Please log out and back in to complete the installation."
 }

main "$@"
Commit	Line	Data
f5fdc54d	1	#!/bin/sh
6f4e8693 RW	2	# GNU Guix --- Functional package management for GNU
	3	# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
	4	# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
ea6b1bae	5	# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
ebbf9154	6	# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
cabac732	7	# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
6f4e8693 RW	8	#
	9	# This file is part of GNU Guix.
	10	#
	11	# GNU Guix is free software; you can redistribute it and/or modify it
	12	# under the terms of the GNU General Public License as published by
	13	# the Free Software Foundation; either version 3 of the License, or (at
	14	# your option) any later version.
	15	#
	16	# GNU Guix is distributed in the hope that it will be useful, but
	17	# WITHOUT ANY WARRANTY; without even the implied warranty of
	18	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	19	# GNU General Public License for more details.
	20	#
	21	# You should have received a copy of the GNU General Public License
	22	# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	23
f5fdc54d LC	24	# We require Bash but for portability we'd rather not use /bin/bash or
	25	# /usr/bin/env in the shebang, hence this hack.
	26	if [ "x$BASH_VERSION" = "x" ]
	27	then
	28	exec bash "$0" "$@"
	29	fi
	30
6f4e8693 RW	31	set -e
	32
	33	[ "$UID" -eq 0 ] \|\| { echo "This script must be run as root."; exit 1; }
	34
	35	REQUIRE=(
	36	"dirname"
	37	"readlink"
	38	"wget"
	39	"gpg"
	40	"grep"
	41	"which"
	42	"sed"
	43	"sort"
	44	"getent"
	45	"mktemp"
	46	"rm"
	47	"chmod"
	48	"uname"
	49	"groupadd"
	50	"tail"
	51	"tr"
39939e30	52	"xz"
6f4e8693 RW	53	)
	54
	55	PAS=$'[ \033[32;1mPASS\033[0m ] '
	56	ERR=$'[ \033[31;1mFAIL\033[0m ] '
	57	INF="[ INFO ] "
	58
	59	DEBUG=0
3a3e9f2b	60	GNU_URL="https://ftp.gnu.org/gnu/guix/"
6f4e8693 RW	61	OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
6f4e8693 RW	62
3cd4447f CM	63	# This script needs to know where root's home directory is. However, we
	64	# cannot simply use the HOME environment variable, since there is no guarantee
	65	# that it points to root's home directory.
	66	ROOT_HOME="$(echo ~root)"
	67
6f4e8693 RW	68	# ------------------------------------------------------------------------------
	69	#+UTILITIES
	70
	71	_err()
	72	{ # All errors go to stderr.
	73	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	74	}
	75
	76	_msg()
	77	{ # Default message to stdout.
	78	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	79	}
	80
	81	_debug()
	82	{
	83	if [ "${DEBUG}" = '1' ]; then
	84	printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
	85	fi
	86	}
	87
	88
	89	chk_require()
	90	{ # Check that every required command is available.
6f4e8693	91	declare -a warn
7a2e0c52	92	local c
6f4e8693	93
6f4e8693 RW	94	_debug "--- [ $FUNCNAME ] ---"
6f4e8693 RW	95
6c77d79a	96	for c in "$@"; do
593fe736	97	command -v "$c" &>/dev/null \|\| warn+=("$c")
6f4e8693 RW	98	done
	99
	100	[ "${#warn}" -ne 0 ] &&
	101	{ _err "${ERR}Missing commands: ${warn[*]}.";
	102	return 1; }
	103
	104	_msg "${PAS}verification of required commands completed"
5d8e505c TGR	105	}
	106
	107	chk_gpg_keyring()
	108	{ # Check whether the Guix release signing public key is present.
	109	_debug "--- [ $FUNCNAME ] ---"
6f4e8693	110
9b2644c2 TGR	111	# Without --dry-run this command will create a ~/.gnupg owned by root on
	112	# systems where gpg has never been used, causing errors and confusion.
	113	gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 \|\| (
6f4e8693	114	_err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
ea0da486	115	echo " wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - \| sudo -i gpg --import -"
6f4e8693 RW	116	exit 1
	117	)
	118	}
	119
	120	chk_term()
	121	{ # Check for ANSI terminal for color printing.
	122	local ansi_term
	123
	124	if [ -t 2 ]; then
	125	if [ "${TERM+set}" = 'set' ]; then
	126	case "$TERM" in
	127	xterm\|rxvt\|urxvt\|linux\|vt\|eterm\|screen*)
	128	ansi_term=true
	129	;;
	130	*)
	131	ansi_term=false
	132	ERR="[ FAIL ] "
	133	PAS="[ PASS ] "
	134	;;
	135	esac
	136	fi
	137	fi
	138	}
	139
	140	chk_init_sys()
	141	{ # Return init system type name.
	142	if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
	143	_msg "${INF}init system is: upstart"
	144	INIT_SYS="upstart"
	145	return 0
dc1aede3	146	elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
6f4e8693 RW	147	_msg "${INF}init system is: systemd"
	148	INIT_SYS="systemd"
	149	return 0
	150	elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
	151	_msg "${INF}init system is: sysv-init"
	152	INIT_SYS="sysv-init"
	153	return 0
cabac732 MS	154	elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
	155	_msg "${INF}init system is: OpenRC"
	156	INIT_SYS="openrc"
	157	return 0
6f4e8693 RW	158	else
	159	INIT_SYS="NA"
	160	_err "${ERR}Init system could not be detected."
	161	fi
	162	}
	163
	164	chk_sys_arch()
	165	{ # Check for operating system and architecture type.
	166	local os
	167	local arch
	168
	169	os="$(uname -s)"
	170	arch="$(uname -m)"
	171
	172	case "$arch" in
	173	i386 \| i486 \| i686 \| i786 \| x86)
	174	local arch=i686
	175	;;
	176	x86_64 \| x86-64 \| x64 \| amd64)
	177	local arch=x86_64
	178	;;
ea6b1bae EF	179	aarch64)
	180	local arch=aarch64
	181	;;
2510bd87 LC	182	armv7l)
	183	local arch=armhf
	184	;;
6f4e8693 RW	185	*)
	186	_err "${ERR}Unsupported CPU type: ${arch}"
	187	exit 1
	188	esac
	189
	190	case "$os" in
	191	Linux \| linux)
	192	local os=linux
	193	;;
	194	*)
	195	_err "${ERR}Your operation system (${os}) is not supported."
	196	exit 1
	197	esac
	198
	199	ARCH_OS="${arch}-${os}"
	200	}
	201
	202	# ------------------------------------------------------------------------------
	203	#+MAIN
	204
	205	guix_get_bin_list()
	206	{ # Scan GNU archive and save list of binaries
	207	local gnu_url="$1"
	208	local -a bin_ver_ls
	209	local latest_ver
	210	local default_ver
	211
	212	_debug "--- [ $FUNCNAME ] ---"
	213
	214	# Filter only version and architecture
	215	bin_ver_ls=("$(wget -qO- "$gnu_url" \
	216	\| sed -n -e 's/.guix-binary-\([0-9.]\)\...tar.xz./\1/p' \
	217	\| sort -Vu)")
	218
	219	latest_ver="$(echo "$bin_ver_ls" \
f72bafe3	220	\| grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}" \
6f4e8693 RW	221	\| tail -n1)"
	222
	223	default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
	224
	225	if [[ "${#bin_ver_ls}" -ne "0" ]]; then
	226	_msg "${PAS}Release for your system: ${default_ver}"
	227	else
	228	_err "${ERR}Could not obtain list of Guix releases."
	229	exit 1
	230	fi
	231
	232	# Use default to download according to the list and local ARCH_OS.
	233	BIN_VER="$default_ver"
	234	}
	235
	236	guix_get_bin()
	237	{ # Download and verify binary package.
	238	local url="$1"
	239	local bin_ver="$2"
	240	local dl_path="$3"
	241
	242	_debug "--- [ $FUNCNAME ] ---"
	243
	244	_msg "${INF}Downloading Guix release archive"
	245
	246	wget --help \| grep -q '\--show-progress' && \
	247	_PROGRESS_OPT="-q --show-progress" \|\| _PROGRESS_OPT=""
	248	wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
	249
	250	if [[ "$?" -eq 0 ]]; then
	251	_msg "${PAS}download completed."
	252	else
	253	_err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
	254	exit 1
	255	fi
	256
	257	pushd $dl_path >/dev/null
	258	gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
	259	if [[ "$?" -eq 0 ]]; then
	260	_msg "${PAS}Signature is valid."
	261	popd >/dev/null
	262	else
	263	_err "${ERR}could not verify the signature."
	264	exit 1
	265	fi
	266	}
	267
	268	sys_create_store()
	269	{ # Unpack and install /gnu/store and /var/guix
	270	local pkg="$1"
	271	local tmp_path="$2"
	272
	273	_debug "--- [ $FUNCNAME ] ---"
	274
	275	cd "$tmp_path"
f72bafe3	276	tar --extract \
6f4e8693 RW	277	--file "$pkg" &&
	278	_msg "${PAS}unpacked archive"
	279
	280	if [[ -e "/var/guix" \|\| -e "/gnu" ]]; then
	281	_err "${ERR}A previous Guix installation was found. Refusing to overwrite."
	282	exit 1
	283	else
	284	_msg "${INF}Installing /var/guix and /gnu..."
	285	mv "${tmp_path}/var/guix" /var/
	286	mv "${tmp_path}/gnu" /
	287	fi
	288
	289	_msg "${INF}Linking the root user's profile"
e9926f80 LC	290	mkdir -p "${ROOT_HOME}/.config/guix"
	291	ln -sf /var/guix/profiles/per-user/root/current-guix \
	292	"${ROOT_HOME}/.config/guix/current"
6f4e8693	293
e9926f80	294	GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
6f4e8693	295	source "${GUIX_PROFILE}/etc/profile"
e9926f80	296	_msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
6f4e8693 RW	297	}
	298
	299	sys_create_build_user()
	300	{ # Create the group and user accounts for build users.
	301
	302	_debug "--- [ $FUNCNAME ] ---"
	303
	304	if [ $(getent group guixbuild) ]; then
	305	_msg "${INF}group guixbuild exists"
	306	else
	307	groupadd --system guixbuild
	308	_msg "${PAS}group <guixbuild> created"
	309	fi
	310
	311	for i in $(seq -w 1 10); do
	312	if id "guixbuilder${i}" &>/dev/null; then
	313	_msg "${INF}user is already in the system, reset"
	314	usermod -g guixbuild -G guixbuild \
	315	-d /var/empty -s "$(which nologin)" \
	316	-c "Guix build user $i" \
	317	"guixbuilder${i}";
	318	else
	319	useradd -g guixbuild -G guixbuild \
	320	-d /var/empty -s "$(which nologin)" \
	321	-c "Guix build user $i" --system \
	322	"guixbuilder${i}";
	323	_msg "${PAS}user added <guixbuilder${i}>"
	324	fi
	325	done
	326	}
	327
	328	sys_enable_guix_daemon()
	329	{ # Run the daemon, and set it to automatically start on boot.
	330
	331	local info_path
	332	local local_bin
	333	local var_guix
	334
	335	_debug "--- [ $FUNCNAME ] ---"
	336
	337	info_path="/usr/local/share/info"
	338	local_bin="/usr/local/bin"
e9926f80	339	var_guix="/var/guix/profiles/per-user/root/current-guix"
6f4e8693 RW	340
	341	case "$INIT_SYS" in
	342	upstart)
	343	{ initctl reload-configuration;
e9926f80	344	cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
6f4e8693 RW	345	/etc/init/ &&
	346	start guix-daemon; } &&
	347	_msg "${PAS}enabled Guix daemon via upstart"
	348	;;
	349	systemd)
1a1faa78 TGR	350	{ # systemd .mount units must be named after the target directory.
1a1faa78 TGR	351	# Here we assume a hard-coded name of /gnu/store.
ebbf9154 TGR	352	# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
	353	if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
	354	cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
	355	/etc/systemd/system/;
	356	chmod 664 /etc/systemd/system/gnu-store.mount;
d6f303d4 TGR	357	systemctl daemon-reload &&
d6f303d4 TGR	358	systemctl enable gnu-store.mount;
ebbf9154	359	fi
1a1faa78 TGR	360
1a1faa78 TGR	361	cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
6f4e8693 RW	362	/etc/systemd/system/;
6f4e8693 RW	363	chmod 664 /etc/systemd/system/guix-daemon.service;
e1e3fe08 LC	364
	365	# Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
	366	sed -i /etc/systemd/system/guix-daemon.service \
	367	-e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
	368
	369	# Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
	370	if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
	371	then sed -i /etc/systemd/system/guix-daemon.service \
	372	-e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
	373	fi;
	374
6f4e8693	375	systemctl daemon-reload &&
d6f303d4 TGR	376	systemctl enable guix-daemon &&
d6f303d4 TGR	377	systemctl start guix-daemon; } &&
6f4e8693 RW	378	_msg "${PAS}enabled Guix daemon via systemd"
6f4e8693 RW	379	;;
fe60ef99 DM	380	sysv-init)
	381	{ mkdir -p /etc/init.d;
	382	cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
	383	/etc/init.d/guix-daemon;
	384	chmod 775 /etc/init.d/guix-daemon;
	385
	386	update-rc.d guix-daemon defaults &&
	387	update-rc.d guix-daemon enable &&
	388	service guix-daemon start; } &&
	389	_msg "${PAS}enabled Guix daemon via sysv"
	390	;;
cabac732 MS	391	openrc)
	392	{ mkdir -p /etc/init.d;
	393	cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
	394	/etc/init.d/guix-daemon;
	395	chmod 775 /etc/init.d/guix-daemon;
	396
	397	rc-update add guix-daemon default &&
	398	rc-service guix-daemon start; } &&
	399	_msg "${PAS}enabled Guix daemon via OpenRC"
	400	;;
6f4e8693 RW	401	NA\|*)
6f4e8693 RW	402	_msg "${ERR}unsupported init system; run the daemon manually:"
e9926f80	403	echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
6f4e8693 RW	404	;;
	405	esac
	406
	407	_msg "${INF}making the guix command available to other users"
	408
	409	[ -e "$local_bin" ] \|\| mkdir -p "$local_bin"
	410	ln -sf "${var_guix}/bin/guix" "$local_bin"
	411
	412	[ -e "$info_path" ] \|\| mkdir -p "$info_path"
	413	for i in ${var_guix}/share/info/*; do
	414	ln -sf "$i" "$info_path"
	415	done
	416	}
	417
	418	sys_authorize_build_farms()
414c4de1	419	{ # authorize the public key of the build farm
6f4e8693	420	while true; do
414c4de1	421	read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
6f4e8693	422	case $yn in
414c4de1	423	[Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
825c39bf	424	_msg "${PAS}Authorized public key for ci.guix.gnu.org";
6f4e8693 RW	425	break;;
	426	[Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
	427	break;;
	428	*) _msg "Please answer yes or no.";
	429	esac
	430	done
	431	}
	432
30810aff PG	433	sys_create_init_profile()
30810aff PG	434	{ # Create /etc/profile.d/guix.sh for better desktop integration
2ffd1314	435	# This will not take effect until the next shell or desktop session!
29ba58c0	436	[ -d "/etc/profile.d" ] \|\| mkdir /etc/profile.d # Just in case
30810aff PG	437	cat <<"EOF" > /etc/profile.d/guix.sh
	438	# _GUIX_PROFILE: `guix pull` profile
	439	_GUIX_PROFILE="$HOME/.config/guix/current"
5c03516a PG	440	if [ -L $_GUIX_PROFILE ]; then
	441	export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
	442	# Export INFOPATH so that the updated info pages can be found
	443	# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
3c69701f LC	444	# When INFOPATH is unset, add a trailing colon so that Emacs
	445	# searches 'Info-default-directory-list'.
	446	export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
5c03516a	447	fi
30810aff PG	448
	449	# GUIX_PROFILE: User's default profile
	450	GUIX_PROFILE="$HOME/.guix-profile"
	451	[ -L $GUIX_PROFILE ] \|\| return
	452	GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
	453	export GUIX_PROFILE GUIX_LOCPATH
	454
e69b8bba	455	[ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
30810aff PG	456
30810aff PG	457	# set XDG_DATA_DIRS to include Guix installations
7ff169d0	458	export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
30810aff PG	459	EOF
	460	}
	461
6f4e8693 RW	462	welcome()
	463	{
	464	cat<<"EOF"
	465	░░░ ░░░
	466	░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
	467	░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
	468	░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
	469	░▒▒▒▒░ ░░░░░░
	470	▒▒▒▒▒ ░░░░░░
	471	▒▒▒▒▒ ░░░░░
	472	░▒▒▒▒▒ ░░░░░
	473	▒▒▒▒▒ ░░░░░
	474	▒▒▒▒▒ ░░░░░
	475	░▒▒▒▒▒░░░░░
	476	▒▒▒▒▒▒░░░
	477	▒▒▒▒▒▒░
	478	_____ _ _ _ _ _____ _
	479	/ ____\| \ \| \| \| \| \| / ____\| (_)
	480	\| \| __\| \\| \| \| \| \| \| \| __ _ _ ___ __
	481	\| \| \|_ \| . ' \| \| \| \| \| \| \|_ \| \| \| \| \ \/ /
	482	\| \|__\| \| \|\ \| \|__\| \| \| \|__\| \| \|_\| \| \|> <
	483	\_____\|_\| \_\|\____/ \_____\|\__,_\|_/_/\_\
	484
	485	This script installs GNU Guix on your system
	486
	487	https://www.gnu.org/software/guix/
	488	EOF
	489	echo -n "Press return to continue..."
	490	read -r ANSWER
	491	}
	492
	493	main()
	494	{
	495	local tmp_path
	496	welcome
	497
	498	_msg "Starting installation ($(date))"
	499
	500	chk_term
6c77d79a	501	chk_require "${REQUIRE[@]}"
5d8e505c	502	chk_gpg_keyring
6f4e8693 RW	503	chk_init_sys
	504	chk_sys_arch
	505
	506	_msg "${INF}system is ${ARCH_OS}"
	507
32c06aff	508	umask 0022
6f4e8693 RW	509	tmp_path="$(mktemp -t -d guix.XXX)"
	510
	511	guix_get_bin_list "${GNU_URL}"
	512	guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
	513
	514	sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
	515	sys_create_build_user
	516	sys_enable_guix_daemon
	517	sys_authorize_build_farms
30810aff	518	sys_create_init_profile
6f4e8693 RW	519
	520	_msg "${INF}cleaning up ${tmp_path}"
	521	rm -r "${tmp_path}"
	522
	523	_msg "${PAS}Guix has successfully been installed!"
	524	_msg "${INF}Run 'info guix' to read the manual."
2ffd1314 TGR	525
	526	# Required to source /etc/profile in desktop environments.
	527	_msg "${INF}Please log out and back in to complete the installation."
6f4e8693 RW	528	}
	529
	530	main "$@"