Mirror of GNU Guix
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

432 lines
12 KiB

  1. #!/bin/bash
  2. # GNU Guix --- Functional package management for GNU
  3. # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
  4. # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
  5. # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
  6. #
  7. # This file is part of GNU Guix.
  8. #
  9. # GNU Guix is free software; you can redistribute it and/or modify it
  10. # under the terms of the GNU General Public License as published by
  11. # the Free Software Foundation; either version 3 of the License, or (at
  12. # your option) any later version.
  13. #
  14. # GNU Guix is distributed in the hope that it will be useful, but
  15. # WITHOUT ANY WARRANTY; without even the implied warranty of
  16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. # GNU General Public License for more details.
  18. #
  19. # You should have received a copy of the GNU General Public License
  20. # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
  21. set -e
  22. [ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
  23. REQUIRE=(
  24. "dirname"
  25. "readlink"
  26. "wget"
  27. "gpg"
  28. "grep"
  29. "which"
  30. "sed"
  31. "sort"
  32. "getent"
  33. "mktemp"
  34. "rm"
  35. "chmod"
  36. "uname"
  37. "groupadd"
  38. "tail"
  39. "tr"
  40. )
  41. PAS=$'[ \033[32;1mPASS\033[0m ] '
  42. ERR=$'[ \033[31;1mFAIL\033[0m ] '
  43. INF="[ INFO ] "
  44. DEBUG=0
  45. GNU_URL="https://alpha.gnu.org/gnu/guix/"
  46. OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
  47. # This script needs to know where root's home directory is. However, we
  48. # cannot simply use the HOME environment variable, since there is no guarantee
  49. # that it points to root's home directory.
  50. ROOT_HOME="$(echo ~root)"
  51. # ------------------------------------------------------------------------------
  52. #+UTILITIES
  53. _err()
  54. { # All errors go to stderr.
  55. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
  56. }
  57. _msg()
  58. { # Default message to stdout.
  59. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
  60. }
  61. _debug()
  62. {
  63. if [ "${DEBUG}" = '1' ]; then
  64. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
  65. fi
  66. }
  67. chk_require()
  68. { # Check that every required command is available.
  69. declare -a cmds
  70. declare -a warn
  71. cmds=(${1})
  72. _debug "--- [ $FUNCNAME ] ---"
  73. for c in ${cmds[@]}; do
  74. command -v "$c" &>/dev/null || warn+=("$c")
  75. done
  76. [ "${#warn}" -ne 0 ] &&
  77. { _err "${ERR}Missing commands: ${warn[*]}.";
  78. return 1; }
  79. _msg "${PAS}verification of required commands completed"
  80. gpg --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
  81. _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
  82. echo " gpg --keyserver pgp.mit.edu --recv-keys ${OPENPGP_SIGNING_KEY_ID}"
  83. exit 1
  84. )
  85. }
  86. chk_term()
  87. { # Check for ANSI terminal for color printing.
  88. local ansi_term
  89. if [ -t 2 ]; then
  90. if [ "${TERM+set}" = 'set' ]; then
  91. case "$TERM" in
  92. xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
  93. ansi_term=true
  94. ;;
  95. *)
  96. ansi_term=false
  97. ERR="[ FAIL ] "
  98. PAS="[ PASS ] "
  99. ;;
  100. esac
  101. fi
  102. fi
  103. }
  104. chk_init_sys()
  105. { # Return init system type name.
  106. if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
  107. _msg "${INF}init system is: upstart"
  108. INIT_SYS="upstart"
  109. return 0
  110. elif [[ $(systemctl) =~ -\.mount ]]; then
  111. _msg "${INF}init system is: systemd"
  112. INIT_SYS="systemd"
  113. return 0
  114. elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
  115. _msg "${INF}init system is: sysv-init"
  116. INIT_SYS="sysv-init"
  117. return 0
  118. else
  119. INIT_SYS="NA"
  120. _err "${ERR}Init system could not be detected."
  121. fi
  122. }
  123. chk_sys_arch()
  124. { # Check for operating system and architecture type.
  125. local os
  126. local arch
  127. os="$(uname -s)"
  128. arch="$(uname -m)"
  129. case "$arch" in
  130. i386 | i486 | i686 | i786 | x86)
  131. local arch=i686
  132. ;;
  133. x86_64 | x86-64 | x64 | amd64)
  134. local arch=x86_64
  135. ;;
  136. aarch64)
  137. local arch=aarch64
  138. ;;
  139. *)
  140. _err "${ERR}Unsupported CPU type: ${arch}"
  141. exit 1
  142. esac
  143. case "$os" in
  144. Linux | linux)
  145. local os=linux
  146. ;;
  147. *)
  148. _err "${ERR}Your operation system (${os}) is not supported."
  149. exit 1
  150. esac
  151. ARCH_OS="${arch}-${os}"
  152. }
  153. # ------------------------------------------------------------------------------
  154. #+MAIN
  155. guix_get_bin_list()
  156. { # Scan GNU archive and save list of binaries
  157. local gnu_url="$1"
  158. local -a bin_ver_ls
  159. local latest_ver
  160. local default_ver
  161. _debug "--- [ $FUNCNAME ] ---"
  162. # Filter only version and architecture
  163. bin_ver_ls=("$(wget -qO- "$gnu_url" \
  164. | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \
  165. | sort -Vu)")
  166. latest_ver="$(echo "$bin_ver_ls" \
  167. | grep -oP "([0-9]{1,2}\.){2}[0-9]{1,2}" \
  168. | tail -n1)"
  169. default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
  170. if [[ "${#bin_ver_ls}" -ne "0" ]]; then
  171. _msg "${PAS}Release for your system: ${default_ver}"
  172. else
  173. _err "${ERR}Could not obtain list of Guix releases."
  174. exit 1
  175. fi
  176. # Use default to download according to the list and local ARCH_OS.
  177. BIN_VER="$default_ver"
  178. }
  179. guix_get_bin()
  180. { # Download and verify binary package.
  181. local url="$1"
  182. local bin_ver="$2"
  183. local dl_path="$3"
  184. _debug "--- [ $FUNCNAME ] ---"
  185. _msg "${INF}Downloading Guix release archive"
  186. wget --help | grep -q '\--show-progress' && \
  187. _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
  188. wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
  189. if [[ "$?" -eq 0 ]]; then
  190. _msg "${PAS}download completed."
  191. else
  192. _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
  193. exit 1
  194. fi
  195. pushd $dl_path >/dev/null
  196. gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
  197. if [[ "$?" -eq 0 ]]; then
  198. _msg "${PAS}Signature is valid."
  199. popd >/dev/null
  200. else
  201. _err "${ERR}could not verify the signature."
  202. exit 1
  203. fi
  204. }
  205. sys_create_store()
  206. { # Unpack and install /gnu/store and /var/guix
  207. local pkg="$1"
  208. local tmp_path="$2"
  209. _debug "--- [ $FUNCNAME ] ---"
  210. cd "$tmp_path"
  211. tar --warning=no-timestamp \
  212. --extract \
  213. --file "$pkg" &&
  214. _msg "${PAS}unpacked archive"
  215. if [[ -e "/var/guix" || -e "/gnu" ]]; then
  216. _err "${ERR}A previous Guix installation was found. Refusing to overwrite."
  217. exit 1
  218. else
  219. _msg "${INF}Installing /var/guix and /gnu..."
  220. mv "${tmp_path}/var/guix" /var/
  221. mv "${tmp_path}/gnu" /
  222. fi
  223. _msg "${INF}Linking the root user's profile"
  224. ln -sf /var/guix/profiles/per-user/root/guix-profile \
  225. "${ROOT_HOME}/.guix-profile"
  226. GUIX_PROFILE="${ROOT_HOME}/.guix-profile"
  227. source "${GUIX_PROFILE}/etc/profile"
  228. _msg "${PAS}activated root profile at /root/.guix-profile"
  229. }
  230. sys_create_build_user()
  231. { # Create the group and user accounts for build users.
  232. _debug "--- [ $FUNCNAME ] ---"
  233. if [ $(getent group guixbuild) ]; then
  234. _msg "${INF}group guixbuild exists"
  235. else
  236. groupadd --system guixbuild
  237. _msg "${PAS}group <guixbuild> created"
  238. fi
  239. for i in $(seq -w 1 10); do
  240. if id "guixbuilder${i}" &>/dev/null; then
  241. _msg "${INF}user is already in the system, reset"
  242. usermod -g guixbuild -G guixbuild \
  243. -d /var/empty -s "$(which nologin)" \
  244. -c "Guix build user $i" \
  245. "guixbuilder${i}";
  246. else
  247. useradd -g guixbuild -G guixbuild \
  248. -d /var/empty -s "$(which nologin)" \
  249. -c "Guix build user $i" --system \
  250. "guixbuilder${i}";
  251. _msg "${PAS}user added <guixbuilder${i}>"
  252. fi
  253. done
  254. }
  255. sys_enable_guix_daemon()
  256. { # Run the daemon, and set it to automatically start on boot.
  257. local info_path
  258. local local_bin
  259. local var_guix
  260. _debug "--- [ $FUNCNAME ] ---"
  261. info_path="/usr/local/share/info"
  262. local_bin="/usr/local/bin"
  263. var_guix="/var/guix/profiles/per-user/root/guix-profile"
  264. case "$INIT_SYS" in
  265. upstart)
  266. { initctl reload-configuration;
  267. cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \
  268. /etc/init/ &&
  269. start guix-daemon; } &&
  270. _msg "${PAS}enabled Guix daemon via upstart"
  271. ;;
  272. systemd)
  273. { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \
  274. /etc/systemd/system/;
  275. chmod 664 /etc/systemd/system/guix-daemon.service;
  276. systemctl daemon-reload &&
  277. systemctl start guix-daemon &&
  278. systemctl enable guix-daemon; } &&
  279. _msg "${PAS}enabled Guix daemon via systemd"
  280. ;;
  281. NA|*)
  282. _msg "${ERR}unsupported init system; run the daemon manually:"
  283. echo " ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
  284. ;;
  285. esac
  286. _msg "${INF}making the guix command available to other users"
  287. [ -e "$local_bin" ] || mkdir -p "$local_bin"
  288. ln -sf "${var_guix}/bin/guix" "$local_bin"
  289. [ -e "$info_path" ] || mkdir -p "$info_path"
  290. for i in ${var_guix}/share/info/*; do
  291. ln -sf "$i" "$info_path"
  292. done
  293. }
  294. sys_authorize_build_farms()
  295. { # authorize the public keys of the two build farms
  296. while true; do
  297. read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
  298. case $yn in
  299. [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" &&
  300. _msg "${PAS}Authorized public key for hydra.gnu.org";
  301. guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" &&
  302. _msg "${PAS}Authorized public key for berlin.guixsd.org";
  303. break;;
  304. [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
  305. break;;
  306. *) _msg "Please answer yes or no.";
  307. esac
  308. done
  309. }
  310. welcome()
  311. {
  312. cat<<"EOF"
  313. ░░░ ░░░
  314. ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
  315. ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
  316. ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
  317. ░▒▒▒▒░ ░░░░░░
  318. ▒▒▒▒▒ ░░░░░░
  319. ▒▒▒▒▒ ░░░░░
  320. ░▒▒▒▒▒ ░░░░░
  321. ▒▒▒▒▒ ░░░░░
  322. ▒▒▒▒▒ ░░░░░
  323. ░▒▒▒▒▒░░░░░
  324. ▒▒▒▒▒▒░░░
  325. ▒▒▒▒▒▒░
  326. _____ _ _ _ _ _____ _
  327. / ____| \ | | | | | / ____| (_)
  328. | | __| \| | | | | | | __ _ _ ___ __
  329. | | |_ | . ' | | | | | | |_ | | | | \ \/ /
  330. | |__| | |\ | |__| | | |__| | |_| | |> <
  331. \_____|_| \_|\____/ \_____|\__,_|_/_/\_\
  332. This script installs GNU Guix on your system
  333. https://www.gnu.org/software/guix/
  334. EOF
  335. echo -n "Press return to continue..."
  336. read -r ANSWER
  337. }
  338. main()
  339. {
  340. local tmp_path
  341. welcome
  342. _msg "Starting installation ($(date))"
  343. chk_term
  344. chk_require "${REQUIRE[*]}"
  345. chk_init_sys
  346. chk_sys_arch
  347. _msg "${INF}system is ${ARCH_OS}"
  348. tmp_path="$(mktemp -t -d guix.XXX)"
  349. guix_get_bin_list "${GNU_URL}"
  350. guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
  351. sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
  352. sys_create_build_user
  353. sys_enable_guix_daemon
  354. sys_authorize_build_farms
  355. _msg "${INF}cleaning up ${tmp_path}"
  356. rm -r "${tmp_path}"
  357. _msg "${PAS}Guix has successfully been installed!"
  358. _msg "${INF}Run 'info guix' to read the manual."
  359. }
  360. main "$@"