diff options
Diffstat (limited to 'etc/guix-install.sh')
-rwxr-xr-x | etc/guix-install.sh | 138 |
1 files changed, 75 insertions, 63 deletions
diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 06a3edd1a6..6a799fa823 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -9,6 +9,7 @@ # Copyright © 2020 Daniel Brooks <db48x@db48x.net> # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net> # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com> +# Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> # # This file is part of GNU Guix. # @@ -71,11 +72,6 @@ declare -A GPG_SIGNING_KEYS GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim -# This script needs to know where root's home directory is. However, we -# cannot simply use the HOME environment variable, since there is no guarantee -# that it points to root's home directory. -ROOT_HOME="$(echo ~root)" - # ------------------------------------------------------------------------------ #+UTILITIES @@ -96,13 +92,25 @@ _debug() fi } +# Return true if user answered yes, false otherwise. +# $1: The prompt question. +prompt_yes_no() { + while true; do + read -rp "$1" yn + case $yn in + [Yy]*) return 0;; + [Nn]*) return 1;; + *) _msg "Please answer yes or no." + esac + done +} chk_require() { # Check that every required command is available. declare -a warn local c - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" for c in "$@"; do command -v "$c" &>/dev/null || warn+=("$c") @@ -117,7 +125,7 @@ chk_require() chk_gpg_keyring() { # Check whether the Guix release signing public key is present. - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" local user_id local gpg_key_id local exit_flag @@ -127,26 +135,34 @@ chk_gpg_keyring() # Without --dry-run this command will create a ~/.gnupg owned by root on # systems where gpg has never been used, causing errors and confusion. if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then - _err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command:" - echo " wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -" - exit_flag=yes + if prompt_yes_no "${INF}The following OpenPGP public key is \ +required to verify the Guix binary signature: $gpg_key_id. +Would you like me to fetch it for you? (yes/no)"; then + wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \ + -qO - | gpg --import - + else + _err "${ERR}Missing OpenPGP public key ($gpg_key_id). +Fetch it with this command: + + wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | \ +sudo -i gpg --import -" + exit_flag=yes + fi fi done - test "$exit_flag" = yes && exit 1 || true + if [ "$exit_flag" = yes ]; then + exit 1 + fi } chk_term() { # Check for ANSI terminal for color printing. - local ansi_term - if [ -t 2 ]; then if [ "${TERM+set}" = 'set' ]; then case "$TERM" in xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*) - ansi_term=true ;; *) - ansi_term=false ERR="[ FAIL ] " PAS="[ PASS ] " ;; @@ -243,7 +259,7 @@ guix_get_bin_list() local latest_ver local default_ver - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" # Filter only version and architecture bin_ver_ls=("$(wget -qO- "$gnu_url" \ @@ -272,25 +288,25 @@ guix_get_bin() local url="$1" local bin_ver="$2" local dl_path="$3" + local wget_args=() - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" _msg "${INF}Downloading Guix release archive" - wget --help | grep -q '\--show-progress' && \ - _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" - wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig" + wget --help | grep -q '\--show-progress' \ + && wget_args=("-q" "--show-progress") - if [[ "$?" -eq 0 ]]; then - _msg "${PAS}download completed." + if wget "${wget_args[@]}" -P "$dl_path" \ + "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then + _msg "${PAS}download completed." else _err "${ERR}could not download ${url}/${bin_ver}.tar.xz." exit 1 fi pushd "${dl_path}" >/dev/null - gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1 - if [[ "$?" -eq 0 ]]; then + if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then _msg "${PAS}Signature is valid." popd >/dev/null else @@ -304,45 +320,44 @@ sys_create_store() local pkg="$1" local tmp_path="$2" - _debug "--- [ $FUNCNAME ] ---" - - cd "$tmp_path" - tar --extract \ - --file "$pkg" && - _msg "${PAS}unpacked archive" + _debug "--- [ ${FUNCNAME[0]} ] ---" if [[ -e "/var/guix" || -e "/gnu" ]]; then _err "${ERR}A previous Guix installation was found. Refusing to overwrite." exit 1 - else - _msg "${INF}Installing /var/guix and /gnu..." - mv "${tmp_path}/var/guix" /var/ - mv "${tmp_path}/gnu" / fi + cd "$tmp_path" + tar --extract --file "$pkg" && _msg "${PAS}unpacked archive" + + _msg "${INF}Installing /var/guix and /gnu..." + mv "${tmp_path}/var/guix" /var/ + mv "${tmp_path}/gnu" / + _msg "${INF}Linking the root user's profile" - mkdir -p "${ROOT_HOME}/.config/guix" + mkdir -p "~root/.config/guix" ln -sf /var/guix/profiles/per-user/root/current-guix \ - "${ROOT_HOME}/.config/guix/current" + "~root/.config/guix/current" - GUIX_PROFILE="${ROOT_HOME}/.config/guix/current" + GUIX_PROFILE="~root/.config/guix/current" + # shellcheck disable=SC1090 source "${GUIX_PROFILE}/etc/profile" - _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current" + _msg "${PAS}activated root profile at ${GUIX_PROFILE}" } sys_create_build_user() { # Create the group and user accounts for build users. - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" - if [ $(getent group guixbuild) ]; then + if getent group guixbuild > /dev/null; then _msg "${INF}group guixbuild exists" else groupadd --system guixbuild _msg "${PAS}group <guixbuild> created" fi - if [ $(getent group kvm) ]; then + if getent group kvm > /dev/null; then _msg "${INF}group kvm exists and build users will be added to it" local KVMGROUP=,kvm fi @@ -371,7 +386,7 @@ sys_enable_guix_daemon() local local_bin local var_guix - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" info_path="/usr/local/share/info" local_bin="/usr/local/bin" @@ -380,7 +395,7 @@ sys_enable_guix_daemon() case "$INIT_SYS" in upstart) { initctl reload-configuration; - cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \ + cp "~root/.config/guix/current/lib/upstart/system/guix-daemon.conf" \ /etc/init/ && start guix-daemon; } && _msg "${PAS}enabled Guix daemon via upstart" @@ -389,15 +404,15 @@ sys_enable_guix_daemon() { # systemd .mount units must be named after the target directory. # Here we assume a hard-coded name of /gnu/store. # XXX Work around <https://issues.guix.gnu.org/41356> until next release. - if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then - cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \ + if [ -f "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then + cp "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/gnu-store.mount; systemctl daemon-reload && systemctl enable gnu-store.mount; fi - cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ + cp "~root/.config/guix/current/lib/systemd/system/guix-daemon.service" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/guix-daemon.service; @@ -418,7 +433,7 @@ sys_enable_guix_daemon() ;; sysv-init) { mkdir -p /etc/init.d; - cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \ + cp "~root/.config/guix/current/etc/init.d/guix-daemon" \ /etc/init.d/guix-daemon; chmod 775 /etc/init.d/guix-daemon; @@ -429,7 +444,7 @@ sys_enable_guix_daemon() ;; openrc) { mkdir -p /etc/init.d; - cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \ + cp "~root/.config/guix/current/etc/openrc/guix-daemon" \ /etc/init.d/guix-daemon; chmod 775 /etc/init.d/guix-daemon; @@ -439,7 +454,7 @@ sys_enable_guix_daemon() ;; NA|*) _msg "${ERR}unsupported init system; run the daemon manually:" - echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" + echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" ;; esac @@ -456,21 +471,18 @@ sys_enable_guix_daemon() sys_authorize_build_farms() { # authorize the public key of the build farm - while true; do - read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn - case $yn in - [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" && - _msg "${PAS}Authorized public key for ci.guix.gnu.org"; - break;; - [Nn]*) _msg "${INF}Skipped authorizing build farm public keys" - break;; - *) _msg "Please answer yes or no."; - esac - done + if prompt_yes_no "Permit downloading pre-built package binaries from the \ +project's build farm? (yes/no) "; then + guix archive --authorize \ + < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \ + && _msg "${PAS}Authorized public key for ci.guix.gnu.org" + else + _msg "${INF}Skipped authorizing build farm public keys" + fi } sys_create_init_profile() -{ # Create /etc/profile.d/guix.sh for better desktop integration +{ # Define for better desktop integration # This will not take effect until the next shell or desktop session! [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case cat <<"EOF" > /etc/profile.d/guix.sh @@ -544,7 +556,7 @@ This script installs GNU Guix on your system https://www.gnu.org/software/guix/ EOF echo -n "Press return to continue..." - read -r ANSWER + read -r } main() @@ -574,7 +586,7 @@ main() if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then _err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting" fi - _msg "Using manually provided binary ${GUIX_BINARY_FILE_NAME}" + _msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}" GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME") fi |