#!/bin/sh # GNU Guix --- Functional package management for GNU # Copyright © 2017 sharlatan # Copyright © 2018 Ricardo Wurmus # Copyright © 2018 Efraim Flashner # Copyright © 2019 Tobias Geerinckx-Rice # Copyright © 2020 Vincent Legoll # # This file is part of GNU Guix. # # GNU Guix is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or (at # your option) any later version. # # GNU Guix is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Guix. If not, see . # We require Bash but for portability we'd rather not use /bin/bash or # /usr/bin/env in the shebang, hence this hack. if [ "x$BASH_VERSION" = "x" ] then exec bash "$0" "$@" fi set -e [ "$(id -u)" -eq 0 ] || { echo "This script must be run as root."; exit 1; } # groupadd, useradd, usermod, adduser, addgroup are handled in: # sys_create_build_user & sys_create_build_group functions. REQUIRE=( "wget" "gpg" "grep" "sed" "sort" "getent" "ln" "mktemp" "rm" "chmod" "uname" "tail" "tar" "xz" ) PAS=$'[ \033[32;1mPASS\033[0m ] ' ERR=$'[ \033[31;1mFAIL\033[0m ] ' INF="[ INFO ] " DEBUG=0 GNU_URL="https://ftp.gnu.org/gnu/guix/" OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5" OPENPGP_SIGNING_KEY_URL="https://sv.gnu.org/people/viewgpg.php?user_id=15145" # This script needs to know where root's home directory is. However, we # cannot simply use the HOME environment variable, since there is no guarantee # that it points to root's home directory. ROOT_HOME="$(echo ~root)" # ------------------------------------------------------------------------------ #+UTILITIES _err() { # All errors go to stderr. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" } _msg() { # Default message to stdout. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" } _debug() { if [ "${DEBUG}" = '1' ]; then printf "[%s]: %s\n" "$(date +%s.%3N)" "$1" fi } _debug_func() { # Display _debug_func() caller's function name _debug "--- [ ${FUNCNAME[1]} ] ---" } chk_require() { # Check that every required command is available. declare -a warn _debug_func for c in "$@"; do command -v "$c" >/dev/null 2>&1 || warn+=("$c") done [ "${#warn}" -ne 0 ] && { _err "${ERR}Missing commands: ${warn[*]}."; return 1; } _msg "${PAS}verification of required commands completed" } chk_gpg_keyring() { # Check whether the Guix release signing public key is present. _debug_func # Without --dry-run this command will create a ~/.gnupg owned by root on # systems where gpg has never been used, causing errors and confusion. gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || { _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"; echo " wget ${OPENPGP_SIGNING_KEY_URL} -qO - | gpg --import -"; exit 1; } } chk_term() { # Check for ANSI terminal for color printing. if [ -t 2 ]; then if [ "${TERM+set}" = 'set' ]; then case "$TERM" in xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*) ;; *) ERR="[ FAIL ] " PAS="[ PASS ] " ;; esac fi fi } chk_init_sys() { # Return init system type name. if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then _msg "${INF}init system is: upstart" INIT_SYS="upstart" return 0 elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then _msg "${INF}init system is: systemd" INIT_SYS="systemd" return 0 elif [[ $(rc -V 2>/dev/null) =~ OpenRC ]]; then _msg "${INF}init system is: openrc" INIT_SYS="openrc" return 0 elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then _msg "${INF}init system is: sysv-init" INIT_SYS="sysv-init" return 0 elif [[ -d /etc/sv ]]; then _msg "${INF}init system is: runit" INIT_SYS="runit" return 0 else INIT_SYS="NA" _err "${ERR}Init system could not be detected." fi } chk_sys_arch() { # Check for operating system and architecture type. os="$(uname -s)" arch="$(uname -m)" case "$arch" in i386 | i486 | i686 | i786 | x86) arch=i686 ;; x86_64 | x86-64 | x64 | amd64) arch=x86_64 ;; aarch64) arch=aarch64 ;; armv7l) arch=armhf ;; *) _err "${ERR}Unsupported CPU type: ${arch}" exit 1 esac case "$os" in Linux | linux) os=linux ;; *) _err "${ERR}Your operation system (${os}) is not supported." exit 1 esac ARCH_OS="${arch}-${os}" } # ------------------------------------------------------------------------------ #+MAIN guix_get_bin_list() { # Scan GNU archive and save list of binaries gnu_url="$1" _debug_func # Filter only version and architecture bin_ver_ls=("$(wget -qO- "$gnu_url" \ | sed -n -e 's/.*guix-binary-\([0-9.]*\)\..*.tar.xz.*/\1/p' \ | sort -Vu)") latest_ver="$(echo "${bin_ver_ls[0]}" \ | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}" \ | tail -n1)" default_ver="guix-binary-${latest_ver}.${ARCH_OS}" if [ "${#bin_ver_ls}" -ne 0 ]; then _msg "${PAS}Release for your system: ${default_ver}" else _err "${ERR}Could not obtain list of Guix releases." exit 1 fi # Use default to download according to the list and local ARCH_OS. BIN_VER="${default_ver}" } guix_get_bin() { # Download and verify binary package. url="$1" bin_ver="$2" dl_path="$3" _debug_func _msg "${INF}Downloading Guix release archive" wget --help | grep -q '\--show-progress' && \ _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" wget $_PROGRESS_OPT -P "${dl_path}" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig" if [ "$?" -eq 0 ]; then _msg "${PAS}download completed." else _err "${ERR}could not download ${url}/${bin_ver}.tar.xz." exit 1 fi pushd "${dl_path}" >/dev/null gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1 if [ "$?" -eq 0 ]; then _msg "${PAS}Signature is valid." popd >/dev/null else _err "${ERR}could not verify the signature." exit 1 fi } sys_create_store() { # Unpack and install /gnu/store and /var/guix pkg="$1" tmp_path="$2" _debug_func # Do not use the --warning option with busybox tar TAROPTS=("-C" "${tmp_path}") if tar c --warning=no-timestamp -f /dev/null /dev/null >/dev/null 2>&1; then TAROPTS+=("--warning=no-timestamp") fi tar x -f "${pkg}" "${TAROPTS[@]}" && _msg "${PAS}unpacked archive" if [ -e "/var/guix" ] || [ -e "/gnu" ]; then _err "${ERR}A previous Guix installation was found. Refusing to overwrite." exit 1 else _msg "${INF}Installing /var/guix and /gnu..." mv "${tmp_path}/var/guix" /var/ mv "${tmp_path}/gnu" / fi _msg "${INF}Linking the root user's profile" mkdir -p "${ROOT_HOME}/.config/guix" ln -sf /var/guix/profiles/per-user/root/current-guix \ "${ROOT_HOME}/.config/guix/current" GUIX_PROFILE="${ROOT_HOME}/.config/guix/current" source "${GUIX_PROFILE}/etc/profile" _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current" } sys_create_build_group() { # Create the group for build users. _debug_func if getent group guixbuild >/dev/null 2>&1; then _msg "${INF}group guixbuild already exists" elif command -v groupadd >/dev/null 2>&1; then groupadd --system guixbuild _msg "${PAS}group created" elif command -v addgroup >/dev/null 2>&1; then addgroup -S guixbuild _msg "${PAS}group created" else _err "${ERR}cannot add group for guix build users" exit 1 fi } sys_create_build_user() { # Create the user accounts for build users. _debug_func NOLOGIN_SHELL="$(command -v nologin)" for i in $(seq -w 1 10); do if getent passwd "guixbuilder${i}" >/dev/null 2>&1; then if command -v usermod >/dev/null 2>&1; then _msg "${INF}user is already in the system, resetting" usermod -g guixbuild -G guixbuild \ -d /var/empty -s "${NOLOGIN_SHELL}" \ -c "Guix build user $i" \ "guixbuilder${i}" else _msg "${ERR}cannot reset user environment, doing nothing" fi else if command -v useradd >/dev/null 2>&1; then useradd -g guixbuild -G guixbuild \ -d /var/empty -s "${NOLOGIN_SHELL}" \ -c "Guix build user $i" --system \ "guixbuilder${i}" _msg "${PAS}user added " elif command -v adduser >/dev/null 2>&1; then adduser -G guixbuild -h /var/empty -s "${NOLOGIN_SHELL}" \ -H -S "guixbuilder${i}" _msg "${PAS}user added " else _msg "${ERR}cannot add user: " exit 1 fi fi done } sys_enable_guix_daemon() { # Run the daemon, and set it to automatically start on boot. _debug_func case "$INIT_SYS" in upstart) { initctl reload-configuration; cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \ /etc/init/ && start guix-daemon; } && _msg "${PAS}enabled Guix daemon via upstart" ;; systemd) { cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/guix-daemon.service; # Work around , present in 1.0.1. sed -i /etc/systemd/system/guix-daemon.service \ -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/"; # Work around , present in 1.0.1. if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null; then sed -i /etc/systemd/system/guix-daemon.service \ -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8'; fi; systemctl daemon-reload && systemctl start guix-daemon && systemctl enable guix-daemon; } && _msg "${PAS}enabled Guix daemon via systemd" ;; runit) { cp -r "${ROOT_HOME}/.config/guix/current/lib/runit/guix-daemon" \ /etc/sv; chmod 755 /etc/sv/guix-daemon/run; ln -s /etc/sv/guix-daemon /etc/runit/runsvdir/default/; } && _msg "${PAS}enabled Guix daemon via runit" ;; openrc) { mkdir -p /etc/init.d; cp "${ROOT_HOME}/.config/guix/current/lib/openrc/guix-daemon/guix-daemon" \ /etc/init.d/guix-daemon; chmod 755 /etc/init.d/guix-daemon; rc-update add guix-daemon default && rc-service guix-daemon start; } && _msg "${PAS}enabled Guix daemon via openrc" ;; sysv-init) { mkdir -p /etc/init.d; cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \ /etc/init.d/guix-daemon; chmod 775 /etc/init.d/guix-daemon; update-rc.d guix-daemon defaults && update-rc.d guix-daemon enable && service guix-daemon start; } && _msg "${PAS}enabled Guix daemon via sysv" ;; NA|*) _msg "${ERR}unsupported init system; run the daemon manually:" echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" ;; esac } sys_make_guix_available() { # add guix into PATH _debug_func info_path="/usr/local/share/info" local_bin="/usr/local/bin" var_guix="/var/guix/profiles/per-user/root/current-guix" _msg "${INF}making the guix command available to other users" [ -e "$local_bin" ] || mkdir -p "$local_bin" ln -sf "${var_guix}/bin/guix" "$local_bin" [ -e "$info_path" ] || mkdir -p "$info_path" for i in "${var_guix}"/share/info/*; do ln -sf "$i" "$info_path" done } sys_authorize_build_farms() { # authorize the public key of the build farm _AUTHORIZE_BUILD_FARM=1 if [ "$1" -eq 1 ]; then while true; do read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn case "$yn" in [Yy]*) _AUTHORIZE_BUILD_FARM=1; break;; [Nn]*) _AUTHORIZE_BUILD_FARM=0; break;; *) _msg "Please answer yes or no.";; esac done fi if [ "$_AUTHORIZE_BUILD_FARM" -eq 1 ]; then guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" && _msg "${PAS}Authorized public key for ci.guix.gnu.org"; else _msg "${INF}Skipped authorizing build farm public keys" fi } sys_create_init_profile() { # Create /etc/profile.d/guix.sh for better desktop integration [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case cat <<"EOF" > /etc/profile.d/guix.sh # _GUIX_PROFILE: `guix pull` profile _GUIX_PROFILE="$HOME/.config/guix/current" if [ -L $_GUIX_PROFILE ]; then export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH" # Export INFOPATH so that the updated info pages can be found # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info # When INFOPATH is unset, add a trailing colon so that Emacs # searches 'Info-default-directory-list'. export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH" fi # GUIX_PROFILE: User's default profile GUIX_PROFILE="$HOME/.guix-profile" [ -L $GUIX_PROFILE ] || return GUIX_LOCPATH="$GUIX_PROFILE/lib/locale" export GUIX_PROFILE GUIX_LOCPATH [ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile" # set XDG_DATA_DIRS to include Guix installations export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}" EOF } welcome() { cat<<"EOF" ░░░ ░░░ ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░ ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░ ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░ ░▒▒▒▒░ ░░░░░░ ▒▒▒▒▒ ░░░░░░ ▒▒▒▒▒ ░░░░░ ░▒▒▒▒▒ ░░░░░ ▒▒▒▒▒ ░░░░░ ▒▒▒▒▒ ░░░░░ ░▒▒▒▒▒░░░░░ ▒▒▒▒▒▒░░░ ▒▒▒▒▒▒░ _____ _ _ _ _ _____ _ / ____| \ | | | | | / ____| (_) | | __| \| | | | | | | __ _ _ ___ __ | | |_ | . ' | | | | | | |_ | | | | \ \/ / | |__| | |\ | |__| | | |__| | |_| | |> < \_____|_| \_|\____/ \_____|\__,_|_/_/\_\ This script installs GNU Guix on your system https://www.gnu.org/software/guix/ EOF echo -n "Press return to continue..." read -r } # Do not change the tabs in the HERE-DOCUMENT usage() { cat <<-EOF $0: Wrong arguments: $0 [-h|--help] [-n|--non-interactive] [LOCAL_GUIX_BIN_TARBALL] -h|--help Show this help -n|--non-interactive Avoid asing interactive question, run unattended automatically allow substitutes from guix build farm LOCAL_GUIX_BIN_TARBALL Use the given guix binary tarball file instead of downloading latest released one EOF } handle_args() { _INTERACTIVE=1 while [ "$#" -gt 0 ]; do case "$1" in -h|--help) usage; exit 0;; -n|--non-interactive) _INTERACTIVE=0; shift 1;; -*) echo "unknown option: $1" >&2; echo; usage; exit 1;; *) TARBALL="$1"; shift 1;; esac done } main() { handle_args "$@" [ "${_INTERACTIVE}" -eq 1 ] && welcome _msg "Starting installation ($(date))" chk_term chk_require "${REQUIRE[@]}" chk_gpg_keyring chk_init_sys chk_sys_arch _msg "${INF}system is ${ARCH_OS}" umask 0022 tmp_path="$(mktemp -t -d guix.XXXXXX)" if [ -z "${TARBALL}" ]; then guix_get_bin_list "${GNU_URL}" guix_get_bin "${GNU_URL}" "${BIN_VER}" "${tmp_path}" TARBALL="${BIN_VER}.tar.xz" fi sys_create_store "${TARBALL}" "${tmp_path}" sys_create_build_group sys_create_build_user sys_enable_guix_daemon sys_make_guix_available sys_authorize_build_farms "${_INTERACTIVE}" sys_create_init_profile _msg "${INF}cleaning up ${tmp_path}" rm -r "${tmp_path}" _msg "${PAS}Guix has successfully been installed!" _msg "${INF}Run 'info guix' to read the manual." } main "$@"