summary refs log tree commit diff
path: root/etc
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-02-01 13:18:47 +0100
committerMarius Bakke <mbakke@fastmail.com>2018-02-01 13:18:47 +0100
commitbee7bb315cd0b4529a4117b6220c29ca297fc023 (patch)
treefe4741f257e50782e51bc2955ad4480cd2ba6396 /etc
parentc2f0e5a44b537632c2655f97a2539c3bf02c8a63 (diff)
parent8a4644336d5063fd0bf43e90e3c0823c76e82e4e (diff)
downloadguix-bee7bb315cd0b4529a4117b6220c29ca297fc023.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'etc')
-rwxr-xr-xetc/guix-install.sh425
1 files changed, 425 insertions, 0 deletions
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
new file mode 100755
index 0000000000..75cff68d8b
--- /dev/null
+++ b/etc/guix-install.sh
@@ -0,0 +1,425 @@
+#!/bin/bash
+# GNU Guix --- Functional package management for GNU
+# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
+# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
+#
+# This file is part of GNU Guix.
+#
+# GNU Guix is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GNU Guix is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
+
+REQUIRE=(
+    "dirname"
+    "readlink"
+    "wget"
+    "gpg"
+    "grep"
+    "which"
+    "sed"
+    "sort"
+    "getent"
+    "mktemp"
+    "rm"
+    "chmod"
+    "uname"
+    "groupadd"
+    "tail"
+    "tr"
+)
+
+PAS=$'[ \033[32;1mPASS\033[0m ] '
+ERR=$'[ \033[31;1mFAIL\033[0m ] '
+INF="[ INFO ] "
+
+DEBUG=0
+GNU_URL="https://alpha.gnu.org/gnu/guix/"
+OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
+
+# ------------------------------------------------------------------------------
+#+UTILITIES
+
+_err()
+{ # All errors go to stderr.
+    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
+}
+
+_msg()
+{ # Default message to stdout.
+    printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
+}
+
+_debug()
+{
+    if [ "${DEBUG}" = '1' ]; then
+        printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
+    fi
+}
+
+
+chk_require()
+{ # Check that every required command is available.
+    declare -a cmds
+    declare -a warn
+
+    cmds=(${1})
+
+    _debug "--- [ $FUNCNAME ] ---"
+
+    for c in ${cmds[@]}; do
+        command -v "$c" &>/dev/null
+        [ "$?" -eq "1" ] &&
+            warn+=("$c")
+    done
+
+    [ "${#warn}" -ne 0 ] &&
+        { _err "${ERR}Missing commands: ${warn[*]}.";
+          return 1; }
+    
+    _msg "${PAS}verification of required commands completed"
+
+    gpg --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
+        _err "${ERR}Missing OpenPGP public key.  Fetch it with this command:"
+        echo "  gpg --keyserver pgp.mit.edu --recv-keys ${OPENPGP_SIGNING_KEY_ID}"
+        exit 1
+    )
+}
+
+chk_term()
+{ # Check for ANSI terminal for color printing.
+    local ansi_term
+
+    if [ -t 2 ]; then
+        if [ "${TERM+set}" = 'set' ]; then
+            case "$TERM" in
+                xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
+                    ansi_term=true
+                    ;;
+                *)
+                    ansi_term=false
+                    ERR="[ FAIL ] "
+                    PAS="[ PASS ] "
+                    ;;
+            esac
+        fi
+    fi
+}
+
+chk_init_sys()
+{ # Return init system type name.
+    if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
+        _msg "${INF}init system is: upstart"
+        INIT_SYS="upstart"
+        return 0
+    elif [[ $(systemctl) =~ -\.mount ]]; then
+        _msg "${INF}init system is: systemd"
+        INIT_SYS="systemd"
+        return 0
+    elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
+        _msg "${INF}init system is: sysv-init"
+        INIT_SYS="sysv-init"
+        return 0
+    else
+        INIT_SYS="NA"
+        _err "${ERR}Init system could not be detected."
+    fi
+}
+
+chk_sys_arch()
+{ # Check for operating system and architecture type.
+    local os
+    local arch
+
+    os="$(uname -s)"
+    arch="$(uname -m)"
+
+    case "$arch" in
+        i386 | i486 | i686 | i786 | x86)
+            local arch=i686
+            ;;
+        x86_64 | x86-64 | x64 | amd64)
+            local arch=x86_64
+            ;;
+        *)
+            _err "${ERR}Unsupported CPU type: ${arch}"
+            exit 1
+    esac
+
+    case "$os" in
+        Linux | linux)
+            local os=linux
+            ;;
+        *)
+            _err "${ERR}Your operation system (${os}) is not supported."
+            exit 1
+    esac
+
+    ARCH_OS="${arch}-${os}"
+}
+
+# ------------------------------------------------------------------------------
+#+MAIN
+
+guix_get_bin_list()
+{ # Scan GNU archive and save list of binaries
+    local gnu_url="$1"
+    local -a bin_ver_ls
+    local latest_ver
+    local default_ver
+
+    _debug "--- [ $FUNCNAME ] ---"
+
+    # Filter only version and architecture
+    bin_ver_ls=("$(wget -qO- "$gnu_url" \
+        | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \
+        | sort -Vu)")
+
+    latest_ver="$(echo "$bin_ver_ls" \
+                       | grep -oP "([0-9]{1,2}\.){2}[0-9]{1,2}" \
+                       | tail -n1)"
+
+    default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
+
+    if [[ "${#bin_ver_ls}" -ne "0" ]]; then
+        _msg "${PAS}Release for your system: ${default_ver}"
+    else
+        _err "${ERR}Could not obtain list of Guix releases."
+        exit 1
+    fi
+
+    # Use default to download according to the list and local ARCH_OS.
+    BIN_VER="$default_ver"
+}
+
+guix_get_bin()
+{ # Download and verify binary package.
+    local url="$1"
+    local bin_ver="$2"
+    local dl_path="$3"
+
+    _debug "--- [ $FUNCNAME ] ---"
+
+    _msg "${INF}Downloading Guix release archive"
+
+    wget --help | grep -q '\--show-progress' && \
+        _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
+    wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
+
+    if [[ "$?" -eq 0 ]]; then
+       _msg "${PAS}download completed."
+    else
+        _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
+        exit 1
+    fi
+
+    pushd $dl_path >/dev/null
+    gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
+    if [[ "$?" -eq 0 ]]; then
+        _msg "${PAS}Signature is valid."
+        popd >/dev/null
+    else
+        _err "${ERR}could not verify the signature."
+        exit 1
+    fi
+}
+
+sys_create_store()
+{ # Unpack and install /gnu/store and /var/guix
+    local pkg="$1"
+    local tmp_path="$2"
+
+    _debug "--- [ $FUNCNAME ] ---"
+
+    cd "$tmp_path"
+    tar --warning=no-timestamp \
+        --extract \
+        --file "$pkg" &&
+    _msg "${PAS}unpacked archive"
+
+    if [[ -e "/var/guix" || -e "/gnu" ]]; then
+        _err "${ERR}A previous Guix installation was found.  Refusing to overwrite."
+        exit 1
+    else
+        _msg "${INF}Installing /var/guix and /gnu..."
+        mv "${tmp_path}/var/guix" /var/
+        mv "${tmp_path}/gnu" /
+    fi
+
+    _msg "${INF}Linking the root user's profile"
+    ln -sf /var/guix/profiles/per-user/root/guix-profile \
+       ~root/.guix-profile
+
+    GUIX_PROFILE="${HOME}/.guix-profile"
+    source "${GUIX_PROFILE}/etc/profile"
+    _msg "${PAS}activated root profile at /root/.guix-profile"
+}
+
+sys_create_build_user()
+{ # Create the group and user accounts for build users.
+
+    _debug "--- [ $FUNCNAME ] ---"
+
+    if [ $(getent group guixbuild) ]; then
+        _msg "${INF}group guixbuild exists"
+    else
+        groupadd --system guixbuild
+        _msg "${PAS}group <guixbuild> created"
+    fi
+
+    for i in $(seq -w 1 10); do
+        if id "guixbuilder${i}" &>/dev/null; then
+            _msg "${INF}user is already in the system, reset"
+            usermod -g guixbuild -G guixbuild           \
+                    -d /var/empty -s "$(which nologin)" \
+                    -c "Guix build user $i"             \
+                    "guixbuilder${i}";
+        else
+            useradd -g guixbuild -G guixbuild           \
+                    -d /var/empty -s "$(which nologin)" \
+                    -c "Guix build user $i" --system    \
+                    "guixbuilder${i}";
+            _msg "${PAS}user added <guixbuilder${i}>"
+        fi
+    done
+}
+
+sys_enable_guix_daemon()
+{ # Run the daemon, and set it to automatically start on boot.
+
+    local info_path
+    local local_bin
+    local var_guix
+
+    _debug "--- [ $FUNCNAME ] ---"
+
+    info_path="/usr/local/share/info"
+    local_bin="/usr/local/bin"
+    var_guix="/var/guix/profiles/per-user/root/guix-profile"
+
+    case "$INIT_SYS" in
+        upstart)
+            { initctl reload-configuration;
+              cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf \
+                 /etc/init/ &&
+                  start guix-daemon; } &&
+                _msg "${PAS}enabled Guix daemon via upstart"
+            ;;
+        systemd)
+            { cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service \
+                 /etc/systemd/system/;
+              chmod 664 /etc/systemd/system/guix-daemon.service;
+              systemctl daemon-reload &&
+                  systemctl start guix-daemon &&
+                  systemctl enable guix-daemon; } &&
+                _msg "${PAS}enabled Guix daemon via systemd"
+            ;;
+        NA|*)
+            _msg "${ERR}unsupported init system; run the daemon manually:"
+            echo "  ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
+            ;;
+    esac
+
+    _msg "${INF}making the guix command available to other users"
+
+    [ -e "$local_bin" ] || mkdir -p "$local_bin"
+    ln -sf "${var_guix}/bin/guix"  "$local_bin"
+
+    [ -e "$info_path" ] || mkdir -p "$info_path"
+    for i in ${var_guix}/share/info/*; do
+        ln -sf "$i" "$info_path"
+    done
+}
+
+sys_authorize_build_farms()
+{ # authorize the public keys of the two build farms
+    while true; do
+        read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
+        case $yn in
+            [Yy]*) guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub &&
+                         _msg "${PAS}Authorized public key for hydra.gnu.org";
+                   guix archive --authorize < ~root/.guix-profile/share/guix/berlin.guixsd.org.pub &&
+                       _msg "${PAS}Authorized public key for berlin.guixsd.org";
+                   break;;
+            [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
+                   break;;
+            *) _msg "Please answer yes or no.";
+        esac
+    done
+}
+
+welcome()
+{
+    cat<<"EOF"
+    ░░░                                     ░░░
+    ░░▒▒░░░░░░░░░               ░░░░░░░░░▒▒░░
+     ░░▒▒▒▒▒░░░░░░░           ░░░░░░░▒▒▒▒▒░
+         ░▒▒▒░░▒▒▒▒▒         ░░░░░░░▒▒░
+               ░▒▒▒▒░       ░░░░░░
+                ▒▒▒▒▒      ░░░░░░
+                 ▒▒▒▒▒     ░░░░░
+                 ░▒▒▒▒▒   ░░░░░
+                  ▒▒▒▒▒   ░░░░░
+                   ▒▒▒▒▒ ░░░░░
+                   ░▒▒▒▒▒░░░░░
+                    ▒▒▒▒▒▒░░░
+                     ▒▒▒▒▒▒░
+     _____ _   _ _    _    _____       _
+    / ____| \ | | |  | |  / ____|     (_)
+   | |  __|  \| | |  | | | |  __ _   _ ___  __
+   | | |_ | . ' | |  | | | | |_ | | | | \ \/ /
+   | |__| | |\  | |__| | | |__| | |_| | |>  <
+    \_____|_| \_|\____/   \_____|\__,_|_/_/\_\
+
+This script installs GNU Guix on your system
+
+https://www.gnu.org/software/guix/
+EOF
+    echo -n "Press return to continue..."
+    read -r  ANSWER
+}
+
+main()
+{
+    local tmp_path
+    welcome
+
+    _msg "Starting installation ($(date))"
+
+    chk_term
+    chk_require "${REQUIRE[*]}"
+    chk_init_sys
+    chk_sys_arch
+
+    _msg "${INF}system is ${ARCH_OS}"
+
+    tmp_path="$(mktemp -t -d guix.XXX)"
+
+    guix_get_bin_list "${GNU_URL}"
+    guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
+
+    sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
+    sys_create_build_user
+    sys_enable_guix_daemon
+    sys_authorize_build_farms
+
+    _msg "${INF}cleaning up ${tmp_path}"
+    rm -r "${tmp_path}"
+
+    _msg "${PAS}Guix has successfully been installed!"
+    _msg "${INF}Run 'info guix' to read the manual."
+ }
+
+main "$@"