2 # GNU Guix --- Functional package management for GNU
3 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
4 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
5 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
7 # This file is part of GNU Guix.
9 # GNU Guix is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or (at
12 # your option) any later version.
14 # GNU Guix is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
24 [ "$UID" -eq 0 ] ||
{ echo "This script must be run as root."; exit 1; }
45 PAS
=$
'[ \033[32;1mPASS\033[0m ] '
46 ERR
=$
'[ \033[31;1mFAIL\033[0m ] '
50 GNU_URL
="https://alpha.gnu.org/gnu/guix/"
51 OPENPGP_SIGNING_KEY_ID
="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
53 # This script needs to know where root's home directory is. However, we
54 # cannot simply use the HOME environment variable, since there is no guarantee
55 # that it points to root's home directory.
56 ROOT_HOME
="$(echo ~root)"
58 # ------------------------------------------------------------------------------
62 { # All errors go to stderr.
63 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
67 { # Default message to stdout.
68 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
73 if [ "${DEBUG}" = '1' ]; then
74 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
80 { # Check that every required command is available.
86 _debug
"--- [ $FUNCNAME ] ---"
88 for c
in ${cmds[@]}; do
89 command -v "$c" &>/dev
/null || warn
+=("$c")
92 [ "${#warn}" -ne 0 ] &&
93 { _err
"${ERR}Missing commands: ${warn[*]}.";
96 _msg
"${PAS}verification of required commands completed"
98 gpg
--list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev
/null
2>&1 ||
(
99 _err
"${ERR}Missing OpenPGP public key. Fetch it with this command:"
100 echo " gpg --keyserver pgp.mit.edu --recv-keys ${OPENPGP_SIGNING_KEY_ID}"
106 { # Check for ANSI terminal for color printing.
110 if [ "${TERM+set}" = 'set' ]; then
112 xterm
*|rxvt
*|urxvt
*|linux
*|vt
*|eterm
*|screen
*)
126 { # Return init system type name.
127 if [[ $
(/sbin
/init
--version 2>/dev
/null
) =~ upstart
]]; then
128 _msg
"${INF}init system is: upstart"
131 elif [[ $
(systemctl
) =~
-\.mount
]]; then
132 _msg
"${INF}init system is: systemd"
135 elif [[ -f /etc
/init.d
/cron
&& ! -h /etc
/init.d
/cron
]]; then
136 _msg
"${INF}init system is: sysv-init"
141 _err
"${ERR}Init system could not be detected."
146 { # Check for operating system and architecture type.
154 i386 | i486 | i686 | i786 | x86
)
157 x86_64 | x86-64 | x64 | amd64
)
164 _err
"${ERR}Unsupported CPU type: ${arch}"
173 _err
"${ERR}Your operation system (${os}) is not supported."
177 ARCH_OS
="${arch}-${os}"
180 # ------------------------------------------------------------------------------
184 { # Scan GNU archive and save list of binaries
190 _debug
"--- [ $FUNCNAME ] ---"
192 # Filter only version and architecture
193 bin_ver_ls
=("$(wget -qO- "$gnu_url" \
194 | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \
197 latest_ver
="$(echo "$bin_ver_ls" \
198 | grep -oP "([0-9]{1,2}\.
){2}[0-9]{1,2}" \
201 default_ver
="guix-binary-${latest_ver}.${ARCH_OS}"
203 if [[ "${#bin_ver_ls}" -ne "0" ]]; then
204 _msg
"${PAS}Release for your system: ${default_ver}"
206 _err
"${ERR}Could not obtain list of Guix releases."
210 # Use default to download according to the list and local ARCH_OS.
211 BIN_VER
="$default_ver"
215 { # Download and verify binary package.
220 _debug
"--- [ $FUNCNAME ] ---"
222 _msg
"${INF}Downloading Guix release archive"
224 wget
--help |
grep -q '\--show-progress' && \
225 _PROGRESS_OPT
="-q --show-progress" || _PROGRESS_OPT
=""
226 wget
$_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
228 if [[ "$?" -eq 0 ]]; then
229 _msg
"${PAS}download completed."
231 _err
"${ERR}could not download ${url}/${bin_ver}.tar.xz."
235 pushd $dl_path >/dev
/null
236 gpg
--verify "${bin_ver}.tar.xz.sig" >/dev
/null
2>&1
237 if [[ "$?" -eq 0 ]]; then
238 _msg
"${PAS}Signature is valid."
241 _err
"${ERR}could not verify the signature."
247 { # Unpack and install /gnu/store and /var/guix
251 _debug
"--- [ $FUNCNAME ] ---"
254 tar --warning=no-timestamp \
257 _msg
"${PAS}unpacked archive"
259 if [[ -e "/var/guix" ||
-e "/gnu" ]]; then
260 _err
"${ERR}A previous Guix installation was found. Refusing to overwrite."
263 _msg
"${INF}Installing /var/guix and /gnu..."
264 mv "${tmp_path}/var/guix" /var
/
265 mv "${tmp_path}/gnu" /
268 _msg
"${INF}Linking the root user's profile"
269 ln -sf /var
/guix
/profiles
/per-user
/root
/guix-profile \
270 "${ROOT_HOME}/.guix-profile"
272 GUIX_PROFILE
="${ROOT_HOME}/.guix-profile"
273 source "${GUIX_PROFILE}/etc/profile"
274 _msg
"${PAS}activated root profile at /root/.guix-profile"
277 sys_create_build_user
()
278 { # Create the group and user accounts for build users.
280 _debug
"--- [ $FUNCNAME ] ---"
282 if [ $
(getent group guixbuild
) ]; then
283 _msg
"${INF}group guixbuild exists"
285 groupadd
--system guixbuild
286 _msg
"${PAS}group <guixbuild> created"
289 for i
in $
(seq -w 1 10); do
290 if id
"guixbuilder${i}" &>/dev
/null
; then
291 _msg
"${INF}user is already in the system, reset"
292 usermod
-g guixbuild
-G guixbuild \
293 -d /var
/empty
-s "$(which nologin)" \
294 -c "Guix build user $i" \
297 useradd
-g guixbuild
-G guixbuild \
298 -d /var
/empty
-s "$(which nologin)" \
299 -c "Guix build user $i" --system \
301 _msg
"${PAS}user added <guixbuilder${i}>"
306 sys_enable_guix_daemon
()
307 { # Run the daemon, and set it to automatically start on boot.
313 _debug
"--- [ $FUNCNAME ] ---"
315 info_path
="/usr/local/share/info"
316 local_bin
="/usr/local/bin"
317 var_guix
="/var/guix/profiles/per-user/root/guix-profile"
321 { initctl reload-configuration
;
322 cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \
324 start guix-daemon
; } &&
325 _msg
"${PAS}enabled Guix daemon via upstart"
328 { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \
329 /etc
/systemd
/system
/;
330 chmod 664 /etc
/systemd
/system
/guix-daemon.service
;
331 systemctl daemon-reload
&&
332 systemctl start guix-daemon
&&
333 systemctl
enable guix-daemon
; } &&
334 _msg
"${PAS}enabled Guix daemon via systemd"
337 _msg
"${ERR}unsupported init system; run the daemon manually:"
338 echo " ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
342 _msg
"${INF}making the guix command available to other users"
344 [ -e "$local_bin" ] || mkdir
-p "$local_bin"
345 ln -sf "${var_guix}/bin/guix" "$local_bin"
347 [ -e "$info_path" ] || mkdir
-p "$info_path"
348 for i
in ${var_guix}/share
/info
/*; do
349 ln -sf "$i" "$info_path"
353 sys_authorize_build_farms
()
354 { # authorize the public keys of the two build farms
356 read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
358 [Yy
]*) guix archive
--authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" &&
359 _msg
"${PAS}Authorized public key for hydra.gnu.org";
360 guix archive
--authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" &&
361 _msg
"${PAS}Authorized public key for berlin.guixsd.org";
363 [Nn
]*) _msg
"${INF}Skipped authorizing build farm public keys"
365 *) _msg
"Please answer yes or no.";
374 ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
375 ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
376 ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
386 _____ _ _ _ _ _____ _
387 / ____| \ | | | | | / ____| (_)
388 | | __| \| | | | | | | __ _ _ ___ __
389 | | |_ | . ' | | | | | | |_ | | | | \ \/ /
390 | |__| | |\ | |__| | | |__| | |_| | |> <
391 \_____|_| \_|\____/ \_____|\__,_|_/_/\_\
393 This script installs GNU Guix on your system
395 https://www.gnu.org/software/guix/
397 echo -n "Press return to continue..."
406 _msg "Starting installation ($(date))"
409 chk_require "${REQUIRE[*]}"
413 _msg "${INF}system is ${ARCH_OS}"
415 tmp_path="$(mktemp -t -d guix.XXX)"
417 guix_get_bin_list "${GNU_URL}"
418 guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
420 sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
421 sys_create_build_user
422 sys_enable_guix_daemon
423 sys_authorize_build_farms
425 _msg "${INF}cleaning up ${tmp_path}"
428 _msg "${PAS}Guix has successfully been installed!"
429 _msg "${INF}Run 'info guix' to read the manual."