# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
+# Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
#
# This file is part of GNU Guix.
#
INF="[ INFO ] "
DEBUG=0
-GNU_URL="https://alpha.gnu.org/gnu/guix/"
+GNU_URL="https://ftp.gnu.org/gnu/guix/"
OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
# This script needs to know where root's home directory is. However, we
chk_require()
{ # Check that every required command is available.
- declare -a cmds
declare -a warn
-
- cmds=(${1})
+ local c
_debug "--- [ $FUNCNAME ] ---"
- for c in ${cmds[@]}; do
+ for c in "$@"; do
command -v "$c" &>/dev/null || warn+=("$c")
done
return 1; }
_msg "${PAS}verification of required commands completed"
+}
+
+chk_gpg_keyring()
+{ # Check whether the Guix release signing public key is present.
+ _debug "--- [ $FUNCNAME ] ---"
- gpg --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
+ # Without --dry-run this command will create a ~/.gnupg owned by root on
+ # systems where gpg has never been used, causing errors and confusion.
+ gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
_err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
- echo " gpg --keyserver pool.sks-keyservers.net --recv-keys ${OPENPGP_SIGNING_KEY_ID}"
+ echo " wget https://sv.gnu.org/people/viewgpg.php?user_id=15145 -qO - | gpg --import -"
exit 1
)
}
{ cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/guix-daemon.service;
+
+ # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
+ sed -i /etc/systemd/system/guix-daemon.service \
+ -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
+
+ # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
+ if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
+ then sed -i /etc/systemd/system/guix-daemon.service \
+ -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
+ fi;
+
systemctl daemon-reload &&
systemctl start guix-daemon &&
systemctl enable guix-daemon; } &&
}
sys_authorize_build_farms()
-{ # authorize the public keys of the two build farms
+{ # authorize the public key of the build farm
while true; do
- read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
+ read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
case $yn in
- [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/hydra.gnu.org.pub" &&
- _msg "${PAS}Authorized public key for hydra.gnu.org";
- guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.info.pub" &&
- _msg "${PAS}Authorized public key for ci.guix.info";
+ [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
+ _msg "${PAS}Authorized public key for ci.guix.gnu.org";
break;;
[Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
break;;
_msg "Starting installation ($(date))"
chk_term
- chk_require "${REQUIRE[*]}"
+ chk_require "${REQUIRE[@]}"
+ chk_gpg_keyring
chk_init_sys
chk_sys_arch
_msg "${INF}system is ${ARCH_OS}"
+ umask 0022
tmp_path="$(mktemp -t -d guix.XXX)"
guix_get_bin_list "${GNU_URL}"