From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35874) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1efwvf-00071i-BR for guix-patches@gnu.org; Sun, 28 Jan 2018 19:04:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1efwva-0003i7-Lj for guix-patches@gnu.org; Sun, 28 Jan 2018 19:04:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:39076) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1efwva-0003i2-H9 for guix-patches@gnu.org; Sun, 28 Jan 2018 19:04:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1efwva-0007dK-9c for guix-patches@gnu.org; Sun, 28 Jan 2018 19:04:02 -0500 Subject: [bug#30283] [PATCH] etc: Add installation script. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35563) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1efwv4-0006cz-5c for guix-patches@gnu.org; Sun, 28 Jan 2018 19:03:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1efwuz-0003PV-Lb for guix-patches@gnu.org; Sun, 28 Jan 2018 19:03:30 -0500 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21125) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1efwuz-0003PA-DB for guix-patches@gnu.org; Sun, 28 Jan 2018 19:03:25 -0500 From: Ricardo Wurmus Date: Sun, 28 Jan 2018 23:17:40 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Message-ID: <20180128221740.4401-1-rekado@elephly.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30283@debbugs.gnu.org Cc: Ricardo Wurmus , sharlatanus@gmail.com * etc/guix-install.sh: New file. * Makefile.am (EXTRA_DIST): Add it. Co-authored-by: sharlatan --- Makefile.am | 1 + etc/guix-install.sh | 417 ++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 418 insertions(+) create mode 100755 etc/guix-install.sh diff --git a/Makefile.am b/Makefile.am index 9bafdab49..8b762e709 100644 --- a/Makefile.am +++ b/Makefile.am @@ -450,6 +450,7 @@ EXTRA_DIST =3D=09=09=09=09=09=09\ CODE-OF-CONDUCT=09=09=09=09=09\ .dir-locals.el=09=09=09=09=09\ bin/guix.in=09=09=09=09=09=09\ + etc/guix-install.sh=09=09=09=09=09\ build-aux/build-self.scm=09=09=09=09\ build-aux/compile-all.scm=09=09=09=09\ build-aux/hydra/evaluate.scm=09=09=09=09\ diff --git a/etc/guix-install.sh b/etc/guix-install.sh new file mode 100755 index 000000000..fb935180a --- /dev/null +++ b/etc/guix-install.sh @@ -0,0 +1,417 @@ +#!/bin/bash +# GNU Guix --- Functional package management for GNU +# Copyright =C2=A9 2017 sharlatan +# Copyright =C2=A9 2018 Ricardo Wurmus +# +# This file is part of GNU Guix. +# +# GNU Guix is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GNU Guix is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Guix. If not, see . + +set -e + +[ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; } + +REQUIRE=3D( + "dirname" + "readlink" + "wget" + "gpg" + "grep" + "which" + "sed" + "sort" + "getent" + "mktemp" + "rm" + "chmod" + "uname" + "groupadd" + "tail" + "tr" +) + +PAS=3D$'[ \033[32;1mPASS\033[0m ] ' +ERR=3D$'[ \033[31;1mFAIL\033[0m ] ' +INF=3D"[ INFO ] " + +DEBUG=3D0 +GNU_URL=3D"https://alpha.gnu.org/gnu/guix/" +OPENPGP_SIGNING_KEY_ID=3D"3CE464558A84FDC69DB40CFB090B11993D9AEBB5" + +# ------------------------------------------------------------------------= ------ +#+UTILITIES + +_err() +{ # All errors go to stderr. + printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" +} + +_msg() +{ # Default message to stdout. + printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" +} + +_debug() +{ + if [ "${DEBUG}" =3D '1' ]; then + printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" + fi +} + + +chk_require() +{ # Check that every required command is available. + declare -a cmds + declare -a warn + + cmds=3D(${1}) + + _debug "--- [ $FUNCNAME ] ---" + + for c in ${cmds[@]}; do + command -v "$c" &>/dev/null + [ "$?" -eq "1" ] && + warn+=3D("$c") + done + + [ "${#warn}" -ne 0 ] && + { _err "${ERR}Missing commands: ${warn[*]}."; + return 1; } + =20 + _msg "${PAS}verification of required commands completed" + + gpg --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || ( + _err "${ERR}Missing OpenPGP public key. Fetch it with this comman= d:" + echo " gpg --keyserver pgp.mit.edu --recv-keys ${OPENPGP_SIGNING_= KEY_ID}" + exit 1 + ) +} + +chk_term() +{ # Check for ANSI terminal for color printing. + local ansi_term + + if [ -t 2 ]; then + if [ "${TERM+set}" =3D 'set' ]; then + case "$TERM" in + xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*) + ansi_term=3Dtrue + ;; + *) + ansi_term=3Dfalse + ERR=3D"[ FAIL ] " + PAS=3D"[ PASS ] " + ;; + esac + fi + fi +} + +chk_init_sys() +{ # Return init system type name. + if [[ $(/sbin/init --version 2>/dev/null) =3D~ upstart ]]; then + _msg "${INF}init system is: upstart" + INIT_SYS=3D"upstart" + return 0 + elif [[ $(systemctl) =3D~ -\.mount ]]; then + _msg "${INF}init system is: systemd" + INIT_SYS=3D"systemd" + return 0 + elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then + _msg "${INF}init system is: sysv-init" + INIT_SYS=3D"sysv-init" + return 0 + else + INIT_SYS=3D"NA" + _err "${ERR}Init system could not be detected." + fi +} + +chk_sys_arch() +{ # Check for operating system and architecture type. + local os + local arch + + os=3D"$(uname -s)" + arch=3D"$(uname -m)" + + case "$arch" in + i386 | i486 | i686 | i786 | x86) + local arch=3Di686 + ;; + x86_64 | x86-64 | x64 | amd64) + local arch=3Dx86_64 + ;; + *) + _err "${ERR}Unsupported CPU type: ${arch}" + exit 1 + esac + + case "$os" in + Linux | linux) + local os=3Dlinux + ;; + *) + _err "${ERR}Your operation system (${os}) is not supported." + exit 1 + esac + + ARCH_OS=3D"${arch}-${os}" +} + +# ------------------------------------------------------------------------= ------ +#+MAIN + +guix_get_bin_list() +{ # Scan GNU archive and save list of binaries + local gnu_url=3D"$1" + local -a bin_ver_ls + local latest_ver + local default_ver + + _debug "--- [ $FUNCNAME ] ---" + + # Filter only version and architecture + bin_ver_ls=3D("$(wget -qO- "$gnu_url" \ + | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \ + | sort -Vu)") + + latest_ver=3D"$(echo "$bin_ver_ls" \ + | grep -oP "([0-9]{1,2}\.){2}[0-9]{1,2}" \ + | tail -n1)" + + default_ver=3D"guix-binary-${latest_ver}.${ARCH_OS}" + + if [[ "${#bin_ver_ls}" -ne "0" ]]; then + _msg "${PAS}Release for your system: ${default_ver}" + else + _err "${ERR}Could not obtain list of Guix releases." + exit 1 + fi + + # Use default to download according to the list and local ARCH_OS. + BIN_VER=3D"$default_ver" +} + +guix_get_bin() +{ # Download and verify binary package. + local url=3D"$1" + local bin_ver=3D"$2" + local dl_path=3D"$3" + + _debug "--- [ $FUNCNAME ] ---" + + _msg "${INF}Downloading Guix release archive" + + wget --help | grep -q '\--show-progress' && \ + _PROGRESS_OPT=3D"-q --show-progress" || _PROGRESS_OPT=3D"" + wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/$= {bin_ver}.tar.xz.sig" + + if [[ "$?" -eq 0 ]]; then + _msg "${PAS}download completed." + else + _err "${ERR}could not download ${url}/${bin_ver}.tar.xz." + exit 1 + fi + + pushd $dl_path >/dev/null + gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1 + if [[ "$?" -eq 0 ]]; then + _msg "${PAS}Signature is valid." + popd >/dev/null + else + _err "${ERR}could not verify the signature." + exit 1 + fi +} + +sys_create_store() +{ # Unpack and install /gnu/store and /var/guix + local pkg=3D"$1" + local tmp_path=3D"$2" + + _debug "--- [ $FUNCNAME ] ---" + + cd "$tmp_path" + tar --warning=3Dno-timestamp \ + --extract \ + --file "$pkg" && + _msg "${PAS}unpacked archive" + + if [[ -e "/var/guix" || -e "/gnu" ]]; then + _err "${ERR}A previous Guix installation was found. Refusing to o= verwrite." + exit 1 + else + _msg "${INF}Installing /var/guix and /gnu..." + mv "${tmp_path}/var/guix" /var/ + mv "${tmp_path}/gnu" / + fi + + _msg "${INF}Linking the root user's profile" + ln -sf /var/guix/profiles/per-user/root/guix-profile \ + ~root/.guix-profile + + GUIX_PROFILE=3D"${HOME}/.guix-profile" + source "${GUIX_PROFILE}/etc/profile" + _msg "${PAS}activated root profile at /root/.guix-profile" +} + +sys_create_build_user() +{ # Create the group and user accounts for build users. + + _debug "--- [ $FUNCNAME ] ---" + + if [ $(getent group guixbuild) ]; then + _msg "${INF}group guixbuild exists" + else + groupadd --system guixbuild + _msg "${PAS}group created" + fi + + for i in $(seq -w 1 10); do + if id "guixbuilder${i}" &>/dev/null; then + _msg "${INF}user is already in the system, reset" + usermod -g guixbuild -G guixbuild \ + -d /var/empty -s "$(which nologin)" \ + -c "Guix build user $i" \ + "guixbuilder${i}"; + else + useradd -g guixbuild -G guixbuild \ + -d /var/empty -s "$(which nologin)" \ + -c "Guix build user $i" --system \ + "guixbuilder${i}"; + _msg "${PAS}user added " + fi + done +} + +sys_enable_guix_daemon() +{ # Run the daemon, and set it to automatically start on boot. + + local info_path + local local_bin + local var_guix + + _debug "--- [ $FUNCNAME ] ---" + + info_path=3D"/usr/local/share/info" + local_bin=3D"/usr/local/bin" + var_guix=3D"/var/guix/profiles/per-user/root/guix-profile" + + case "$INIT_SYS" in + upstart) + { initctl reload-configuration; + cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf \ + /etc/init/ && + start guix-daemon; } && + _msg "${PAS}enabled Guix daemon via upstart" + ;; + systemd) + { cp ~root/.guix-profile/lib/systemd/system/guix-daemon.servic= e \ + /etc/systemd/system/; + chmod 664 /etc/systemd/system/guix-daemon.service; + systemctl daemon-reload && + systemctl start guix-daemon && + systemctl enable guix-daemon; } && + _msg "${PAS}enabled Guix daemon via systemd" + ;; + NA|*) + _msg "${ERR}unsupported init system; run the daemon manually:" + echo " ~root/.guix-profile/bin/guix-daemon --build-users-grou= p=3Dguixbuild" + ;; + esac + + _msg "${INF}making the guix command available to other users" + + [ -e "$local_bin" ] || mkdir -p "$local_bin" + ln -sf "${var_guix}/bin/guix" "$local_bin" + + [ -e "$info_path" ] || mkdir -p "$info_path" + for i in ${var_guix}/share/info/*; do + ln -sf "$i" "$info_path" + done +} + +sys_authorize_build_farms() +{ # authorize the public keys of the two build farms + _msg "${INF}Authorizing build farm public keys" + guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.or= g.pub && + _msg "${PAS}Authorized hydra.gnu.org" + guix archive --authorize < ~root/.guix-profile/share/guix/berlin.guixs= d.org.pub && + _msg "${PAS}Authorized berlin.guixsd.org" +} + +welcome() +{ + cat<<"EOF" + =E2=96=91=E2=96=91=E2=96=91 =E2=96= =91=E2=96=91=E2=96=91 + =E2=96=91=E2=96=91=E2=96=92=E2=96=92=E2=96=91=E2=96=91=E2=96=91=E2=96= =91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 =E2=96=91=E2= =96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96= =92=E2=96=92=E2=96=91=E2=96=91 + =E2=96=91=E2=96=91=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96= =91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 =E2=96= =91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=92=E2=96=92= =E2=96=92=E2=96=92=E2=96=92=E2=96=91 + =E2=96=91=E2=96=92=E2=96=92=E2=96=92=E2=96=91=E2=96=91=E2=96=92= =E2=96=92=E2=96=92=E2=96=92=E2=96=92 =E2=96=91=E2=96=91=E2=96=91=E2= =96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=92=E2=96=92=E2=96=91 + =E2=96=91=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=91 = =E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92 =E2=96= =91=E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92 =E2=96= =91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=91=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92 = =E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92 =E2=96= =91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92 =E2=96=91= =E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=91=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92= =E2=96=91=E2=96=91=E2=96=91=E2=96=91=E2=96=91 + =E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92= =E2=96=91=E2=96=91=E2=96=91 + =E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96=92=E2=96= =92=E2=96=91 + _____ _ _ _ _ _____ _ + / ____| \ | | | | | / ____| (_) + | | __| \| | | | | | | __ _ _ ___ __ + | | |_ | . ' | | | | | | |_ | | | | \ \/ / + | |__| | |\ | |__| | | |__| | |_| | |> < + \_____|_| \_|\____/ \_____|\__,_|_/_/\_\ + +This script installs GNU Guix on your system + +https://www.gnu.org/software/guix/ +EOF + echo -n "Press return to continue..." + read -r ANSWER +} + +main() +{ + local tmp_path + welcome + + _msg "Starting installation ($(date))" + + chk_term + chk_require "${REQUIRE[*]}" + chk_init_sys + chk_sys_arch + + _msg "${INF}system is ${ARCH_OS}" + + tmp_path=3D"$(mktemp -t -d guix.XXX)" + + guix_get_bin_list "${GNU_URL}" + guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path" + + sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}" + sys_create_build_user + sys_enable_guix_daemon + sys_authorize_build_farms + + _msg "${INF}cleaning up ${tmp_path}" + rm -r "${tmp_path}" + + _msg "${PAS}Guix has successfully been installed!" + _msg "${INF}Run 'info guix' to read the manual." + } + +main "$@" --=20 2.16.0