HCoop / jackhill / guix / guix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into staging
[jackhill/guix/guix.git] / etc / guix-install.sh
1 #!/bin/bash
2 # GNU Guix --- Functional package management for GNU
3 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
4 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
5 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
6 #
7 # This file is part of GNU Guix.
8 #
9 # GNU Guix is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or (at
12 # your option) any later version.
13 #
14 # GNU Guix is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
18 #
19 # You should have received a copy of the GNU General Public License
20 # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
21
22 set -e
23
24 [ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
25
26 REQUIRE=(
27 "dirname"
28 "readlink"
29 "wget"
30 "gpg"
31 "grep"
32 "which"
33 "sed"
34 "sort"
35 "getent"
36 "mktemp"
37 "rm"
38 "chmod"
39 "uname"
40 "groupadd"
41 "tail"
42 "tr"
43 )
44
45 PAS=$'[ \033[32;1mPASS\033[0m ] '
46 ERR=$'[ \033[31;1mFAIL\033[0m ] '
47 INF="[ INFO ] "
48
49 DEBUG=0
50 GNU_URL="https://alpha.gnu.org/gnu/guix/"
51 OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
52
53 # This script needs to know where root's home directory is. However, we
54 # cannot simply use the HOME environment variable, since there is no guarantee
55 # that it points to root's home directory.
56 ROOT_HOME="$(echo ~root)"
57
58 # ------------------------------------------------------------------------------
59 #+UTILITIES
60
61 _err()
62 { # All errors go to stderr.
63 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
64 }
65
66 _msg()
67 { # Default message to stdout.
68 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
69 }
70
71 _debug()
72 {
73 if [ "${DEBUG}" = '1' ]; then
74 printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
75 fi
76 }
77
78
79 chk_require()
80 { # Check that every required command is available.
81 declare -a cmds
82 declare -a warn
83
84 cmds=(${1})
85
86 _debug "--- [ $FUNCNAME ] ---"
87
88 for c in ${cmds[@]}; do
89 command -v "$c" &>/dev/null || warn+=("$c")
90 done
91
92 [ "${#warn}" -ne 0 ] &&
93 { _err "${ERR}Missing commands: ${warn[*]}.";
94 return 1; }
95
96 _msg "${PAS}verification of required commands completed"
97
98 gpg --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
99 _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
100 echo " gpg --keyserver pgp.mit.edu --recv-keys ${OPENPGP_SIGNING_KEY_ID}"
101 exit 1
102 )
103 }
104
105 chk_term()
106 { # Check for ANSI terminal for color printing.
107 local ansi_term
108
109 if [ -t 2 ]; then
110 if [ "${TERM+set}" = 'set' ]; then
111 case "$TERM" in
112 xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
113 ansi_term=true
114 ;;
115 *)
116 ansi_term=false
117 ERR="[ FAIL ] "
118 PAS="[ PASS ] "
119 ;;
120 esac
121 fi
122 fi
123 }
124
125 chk_init_sys()
126 { # Return init system type name.
127 if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
128 _msg "${INF}init system is: upstart"
129 INIT_SYS="upstart"
130 return 0
131 elif [[ $(systemctl) =~ -\.mount ]]; then
132 _msg "${INF}init system is: systemd"
133 INIT_SYS="systemd"
134 return 0
135 elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
136 _msg "${INF}init system is: sysv-init"
137 INIT_SYS="sysv-init"
138 return 0
139 else
140 INIT_SYS="NA"
141 _err "${ERR}Init system could not be detected."
142 fi
143 }
144
145 chk_sys_arch()
146 { # Check for operating system and architecture type.
147 local os
148 local arch
149
150 os="$(uname -s)"
151 arch="$(uname -m)"
152
153 case "$arch" in
154 i386 | i486 | i686 | i786 | x86)
155 local arch=i686
156 ;;
157 x86_64 | x86-64 | x64 | amd64)
158 local arch=x86_64
159 ;;
160 aarch64)
161 local arch=aarch64
162 ;;
163 *)
164 _err "${ERR}Unsupported CPU type: ${arch}"
165 exit 1
166 esac
167
168 case "$os" in
169 Linux | linux)
170 local os=linux
171 ;;
172 *)
173 _err "${ERR}Your operation system (${os}) is not supported."
174 exit 1
175 esac
176
177 ARCH_OS="${arch}-${os}"
178 }
179
180 # ------------------------------------------------------------------------------
181 #+MAIN
182
183 guix_get_bin_list()
184 { # Scan GNU archive and save list of binaries
185 local gnu_url="$1"
186 local -a bin_ver_ls
187 local latest_ver
188 local default_ver
189
190 _debug "--- [ $FUNCNAME ] ---"
191
192 # Filter only version and architecture
193 bin_ver_ls=("$(wget -qO- "$gnu_url" \
194 | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \
195 | sort -Vu)")
196
197 latest_ver="$(echo "$bin_ver_ls" \
198 | grep -oP "([0-9]{1,2}\.){2}[0-9]{1,2}" \
199 | tail -n1)"
200
201 default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
202
203 if [[ "${#bin_ver_ls}" -ne "0" ]]; then
204 _msg "${PAS}Release for your system: ${default_ver}"
205 else
206 _err "${ERR}Could not obtain list of Guix releases."
207 exit 1
208 fi
209
210 # Use default to download according to the list and local ARCH_OS.
211 BIN_VER="$default_ver"
212 }
213
214 guix_get_bin()
215 { # Download and verify binary package.
216 local url="$1"
217 local bin_ver="$2"
218 local dl_path="$3"
219
220 _debug "--- [ $FUNCNAME ] ---"
221
222 _msg "${INF}Downloading Guix release archive"
223
224 wget --help | grep -q '\--show-progress' && \
225 _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
226 wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
227
228 if [[ "$?" -eq 0 ]]; then
229 _msg "${PAS}download completed."
230 else
231 _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
232 exit 1
233 fi
234
235 pushd $dl_path >/dev/null
236 gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
237 if [[ "$?" -eq 0 ]]; then
238 _msg "${PAS}Signature is valid."
239 popd >/dev/null
240 else
241 _err "${ERR}could not verify the signature."
242 exit 1
243 fi
244 }
245
246 sys_create_store()
247 { # Unpack and install /gnu/store and /var/guix
248 local pkg="$1"
249 local tmp_path="$2"
250
251 _debug "--- [ $FUNCNAME ] ---"
252
253 cd "$tmp_path"
254 tar --warning=no-timestamp \
255 --extract \
256 --file "$pkg" &&
257 _msg "${PAS}unpacked archive"
258
259 if [[ -e "/var/guix" || -e "/gnu" ]]; then
260 _err "${ERR}A previous Guix installation was found. Refusing to overwrite."
261 exit 1
262 else
263 _msg "${INF}Installing /var/guix and /gnu..."
264 mv "${tmp_path}/var/guix" /var/
265 mv "${tmp_path}/gnu" /
266 fi
267
268 _msg "${INF}Linking the root user's profile"
269 ln -sf /var/guix/profiles/per-user/root/guix-profile \
270 "${ROOT_HOME}/.guix-profile"
271
272 GUIX_PROFILE="${ROOT_HOME}/.guix-profile"
273 source "${GUIX_PROFILE}/etc/profile"
274 _msg "${PAS}activated root profile at /root/.guix-profile"
275 }
276
277 sys_create_build_user()
278 { # Create the group and user accounts for build users.
279
280 _debug "--- [ $FUNCNAME ] ---"
281
282 if [ $(getent group guixbuild) ]; then
283 _msg "${INF}group guixbuild exists"
284 else
285 groupadd --system guixbuild
286 _msg "${PAS}group <guixbuild> created"
287 fi
288
289 for i in $(seq -w 1 10); do
290 if id "guixbuilder${i}" &>/dev/null; then
291 _msg "${INF}user is already in the system, reset"
292 usermod -g guixbuild -G guixbuild \
293 -d /var/empty -s "$(which nologin)" \
294 -c "Guix build user $i" \
295 "guixbuilder${i}";
296 else
297 useradd -g guixbuild -G guixbuild \
298 -d /var/empty -s "$(which nologin)" \
299 -c "Guix build user $i" --system \
300 "guixbuilder${i}";
301 _msg "${PAS}user added <guixbuilder${i}>"
302 fi
303 done
304 }
305
306 sys_enable_guix_daemon()
307 { # Run the daemon, and set it to automatically start on boot.
308
309 local info_path
310 local local_bin
311 local var_guix
312
313 _debug "--- [ $FUNCNAME ] ---"
314
315 info_path="/usr/local/share/info"
316 local_bin="/usr/local/bin"
317 var_guix="/var/guix/profiles/per-user/root/guix-profile"
318
319 case "$INIT_SYS" in
320 upstart)
321 { initctl reload-configuration;
322 cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \
323 /etc/init/ &&
324 start guix-daemon; } &&
325 _msg "${PAS}enabled Guix daemon via upstart"
326 ;;
327 systemd)
328 { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \
329 /etc/systemd/system/;
330 chmod 664 /etc/systemd/system/guix-daemon.service;
331 systemctl daemon-reload &&
332 systemctl start guix-daemon &&
333 systemctl enable guix-daemon; } &&
334 _msg "${PAS}enabled Guix daemon via systemd"
335 ;;
336 NA|*)
337 _msg "${ERR}unsupported init system; run the daemon manually:"
338 echo " ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
339 ;;
340 esac
341
342 _msg "${INF}making the guix command available to other users"
343
344 [ -e "$local_bin" ] || mkdir -p "$local_bin"
345 ln -sf "${var_guix}/bin/guix" "$local_bin"
346
347 [ -e "$info_path" ] || mkdir -p "$info_path"
348 for i in ${var_guix}/share/info/*; do
349 ln -sf "$i" "$info_path"
350 done
351 }
352
353 sys_authorize_build_farms()
354 { # authorize the public keys of the two build farms
355 while true; do
356 read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
357 case $yn in
358 [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" &&
359 _msg "${PAS}Authorized public key for hydra.gnu.org";
360 guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" &&
361 _msg "${PAS}Authorized public key for berlin.guixsd.org";
362 break;;
363 [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
364 break;;
365 *) _msg "Please answer yes or no.";
366 esac
367 done
368 }
369
370 welcome()
371 {
372 cat<<"EOF"
373 ░░░ ░░░
374 ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
375 ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
376 ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
377 ░▒▒▒▒░ ░░░░░░
378 ▒▒▒▒▒ ░░░░░░
379 ▒▒▒▒▒ ░░░░░
380 ░▒▒▒▒▒ ░░░░░
381 ▒▒▒▒▒ ░░░░░
382 ▒▒▒▒▒ ░░░░░
383 ░▒▒▒▒▒░░░░░
384 ▒▒▒▒▒▒░░░
385 ▒▒▒▒▒▒░
386 _____ _ _ _ _ _____ _
387 / ____| \ | | | | | / ____| (_)
388 | | __| \| | | | | | | __ _ _ ___ __
389 | | |_ | . ' | | | | | | |_ | | | | \ \/ /
390 | |__| | |\ | |__| | | |__| | |_| | |> <
391 \_____|_| \_|\____/ \_____|\__,_|_/_/\_\
392
393 This script installs GNU Guix on your system
394
395 https://www.gnu.org/software/guix/
396 EOF
397 echo -n "Press return to continue..."
398 read -r ANSWER
399 }
400
401 main()
402 {
403 local tmp_path
404 welcome
405
406 _msg "Starting installation ($(date))"
407
408 chk_term
409 chk_require "${REQUIRE[*]}"
410 chk_init_sys
411 chk_sys_arch
412
413 _msg "${INF}system is ${ARCH_OS}"
414
415 tmp_path="$(mktemp -t -d guix.XXX)"
416
417 guix_get_bin_list "${GNU_URL}"
418 guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
419
420 sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
421 sys_create_build_user
422 sys_enable_guix_daemon
423 sys_authorize_build_farms
424
425 _msg "${INF}cleaning up ${tmp_path}"
426 rm -r "${tmp_path}"
427
428 _msg "${PAS}Guix has successfully been installed!"
429 _msg "${INF}Run 'info guix' to read the manual."
430 }
431
432 main "$@"
jackhill's copy of GNU Guix: https://guix.gnu.org/