* [bug#48233] [PATCH 0/3] Modest improvements to the guix-install.sh script. @ 2021-05-05 4:10 Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Maxim Cournoyer 0 siblings, 1 reply; 6+ messages in thread From: Maxim Cournoyer @ 2021-05-05 4:10 UTC (permalink / raw) To: 48233; +Cc: ludo Hello Guix! This is a cleanup + small improvement to the install script; it allows completing the installation in a completely automatic way via: # yes | ./guix-install.sh Before this change it was not possible due to the step fetching the OpenPGP keys being strictly manual. I've tested it in a VM; if it looks fine I'd like push it to the version-1.3.0 branch. Thanks, Maxim Maxim Cournoyer (3): guix-install.sh: Please the shellcheck linter. guix-install.sh: Propose automatically fetching OpenPGP keys. guix-install.sh: Exit early if Guix is already installed. etc/guix-install.sh | 133 ++++++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 61 deletions(-) -- 2.31.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter. 2021-05-05 4:10 [bug#48233] [PATCH 0/3] Modest improvements to the guix-install.sh script Maxim Cournoyer @ 2021-05-05 4:32 ` Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 2/3] guix-install.sh: Propose automatically fetching OpenPGP keys Maxim Cournoyer ` (2 more replies) 0 siblings, 3 replies; 6+ messages in thread From: Maxim Cournoyer @ 2021-05-05 4:32 UTC (permalink / raw) To: 48233; +Cc: Maxim Cournoyer * etc/guix-install.sh <FUNCNAME>: Explicitly refer to the first item of the FUNCNAME array. (ROOT_HOME): Replace variable by ~root directly; manually expanding it via echo was not necessary. (chk_gpg_keyring): Use an if branch for the exit to avoid a warning about expression precedence. (chk_term) <ansi_term>: Remove unused variable. (guix_get_bin) <wget, gpg>: Test the commands directly. (sys_create_store): Disable SC1090 for the source command, as we don't care about following the sourced script. <_msg>: Reuse the GUIX_PROFILE variable in the message. (sys_create_build_user) <getent>: Test the command directly. --- etc/guix-install.sh | 74 +++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 06a3edd1a6..11836f2c33 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -9,6 +9,7 @@ # Copyright © 2020 Daniel Brooks <db48x@db48x.net> # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net> # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com> +# Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com> # # This file is part of GNU Guix. # @@ -71,11 +72,6 @@ declare -A GPG_SIGNING_KEYS GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim -# This script needs to know where root's home directory is. However, we -# cannot simply use the HOME environment variable, since there is no guarantee -# that it points to root's home directory. -ROOT_HOME="$(echo ~root)" - # ------------------------------------------------------------------------------ #+UTILITIES @@ -102,7 +98,7 @@ chk_require() declare -a warn local c - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" for c in "$@"; do command -v "$c" &>/dev/null || warn+=("$c") @@ -117,7 +113,7 @@ chk_require() chk_gpg_keyring() { # Check whether the Guix release signing public key is present. - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" local user_id local gpg_key_id local exit_flag @@ -132,21 +128,19 @@ chk_gpg_keyring() exit_flag=yes fi done - test "$exit_flag" = yes && exit 1 || true + if [ "$exit_flag" = yes ]; then + exit 1 + fi } chk_term() { # Check for ANSI terminal for color printing. - local ansi_term - if [ -t 2 ]; then if [ "${TERM+set}" = 'set' ]; then case "$TERM" in xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*) - ansi_term=true ;; *) - ansi_term=false ERR="[ FAIL ] " PAS="[ PASS ] " ;; @@ -243,7 +237,7 @@ guix_get_bin_list() local latest_ver local default_ver - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" # Filter only version and architecture bin_ver_ls=("$(wget -qO- "$gnu_url" \ @@ -273,24 +267,23 @@ guix_get_bin() local bin_ver="$2" local dl_path="$3" - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" _msg "${INF}Downloading Guix release archive" wget --help | grep -q '\--show-progress' && \ _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" - wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig" - if [[ "$?" -eq 0 ]]; then - _msg "${PAS}download completed." + if wget "$_PROGRESS_OPT" -P "$dl_path" \ + "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then + _msg "${PAS}download completed." else _err "${ERR}could not download ${url}/${bin_ver}.tar.xz." exit 1 fi pushd "${dl_path}" >/dev/null - gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1 - if [[ "$?" -eq 0 ]]; then + if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then _msg "${PAS}Signature is valid." popd >/dev/null else @@ -304,7 +297,7 @@ sys_create_store() local pkg="$1" local tmp_path="$2" - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" cd "$tmp_path" tar --extract \ @@ -321,28 +314,29 @@ sys_create_store() fi _msg "${INF}Linking the root user's profile" - mkdir -p "${ROOT_HOME}/.config/guix" + mkdir -p "~root/.config/guix" ln -sf /var/guix/profiles/per-user/root/current-guix \ - "${ROOT_HOME}/.config/guix/current" + "~root/.config/guix/current" - GUIX_PROFILE="${ROOT_HOME}/.config/guix/current" + GUIX_PROFILE="~root/.config/guix/current" + # shellcheck disable=SC1090 source "${GUIX_PROFILE}/etc/profile" - _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current" + _msg "${PAS}activated root profile at ${GUIX_PROFILE}" } sys_create_build_user() { # Create the group and user accounts for build users. - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" - if [ $(getent group guixbuild) ]; then + if getent group guixbuild > /dev/null; then _msg "${INF}group guixbuild exists" else groupadd --system guixbuild _msg "${PAS}group <guixbuild> created" fi - if [ $(getent group kvm) ]; then + if getent group kvm > /dev/null; then _msg "${INF}group kvm exists and build users will be added to it" local KVMGROUP=,kvm fi @@ -371,7 +365,7 @@ sys_enable_guix_daemon() local local_bin local var_guix - _debug "--- [ $FUNCNAME ] ---" + _debug "--- [ ${FUNCNAME[0]} ] ---" info_path="/usr/local/share/info" local_bin="/usr/local/bin" @@ -380,7 +374,7 @@ sys_enable_guix_daemon() case "$INIT_SYS" in upstart) { initctl reload-configuration; - cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \ + cp "~root/.config/guix/current/lib/upstart/system/guix-daemon.conf" \ /etc/init/ && start guix-daemon; } && _msg "${PAS}enabled Guix daemon via upstart" @@ -389,15 +383,15 @@ sys_enable_guix_daemon() { # systemd .mount units must be named after the target directory. # Here we assume a hard-coded name of /gnu/store. # XXX Work around <https://issues.guix.gnu.org/41356> until next release. - if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then - cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \ + if [ -f "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then + cp "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/gnu-store.mount; systemctl daemon-reload && systemctl enable gnu-store.mount; fi - cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \ + cp "~root/.config/guix/current/lib/systemd/system/guix-daemon.service" \ /etc/systemd/system/; chmod 664 /etc/systemd/system/guix-daemon.service; @@ -418,7 +412,7 @@ sys_enable_guix_daemon() ;; sysv-init) { mkdir -p /etc/init.d; - cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \ + cp "~root/.config/guix/current/etc/init.d/guix-daemon" \ /etc/init.d/guix-daemon; chmod 775 /etc/init.d/guix-daemon; @@ -429,7 +423,7 @@ sys_enable_guix_daemon() ;; openrc) { mkdir -p /etc/init.d; - cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \ + cp "~root/.config/guix/current/etc/openrc/guix-daemon" \ /etc/init.d/guix-daemon; chmod 775 /etc/init.d/guix-daemon; @@ -439,7 +433,7 @@ sys_enable_guix_daemon() ;; NA|*) _msg "${ERR}unsupported init system; run the daemon manually:" - echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" + echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild" ;; esac @@ -457,9 +451,9 @@ sys_enable_guix_daemon() sys_authorize_build_farms() { # authorize the public key of the build farm while true; do - read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn + read -rp "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn case $yn in - [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" && + [Yy]*) guix archive --authorize < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" && _msg "${PAS}Authorized public key for ci.guix.gnu.org"; break;; [Nn]*) _msg "${INF}Skipped authorizing build farm public keys" @@ -470,7 +464,7 @@ sys_authorize_build_farms() } sys_create_init_profile() -{ # Create /etc/profile.d/guix.sh for better desktop integration +{ # Define for better desktop integration # This will not take effect until the next shell or desktop session! [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case cat <<"EOF" > /etc/profile.d/guix.sh @@ -544,7 +538,7 @@ This script installs GNU Guix on your system https://www.gnu.org/software/guix/ EOF echo -n "Press return to continue..." - read -r ANSWER + read -r } main() @@ -574,7 +568,7 @@ main() if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then _err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting" fi - _msg "Using manually provided binary ${GUIX_BINARY_FILE_NAME}" + _msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}" GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME") fi -- 2.31.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#48233] [PATCH 2/3] guix-install.sh: Propose automatically fetching OpenPGP keys. 2021-05-05 4:32 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Maxim Cournoyer @ 2021-05-05 4:32 ` Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 3/3] guix-install.sh: Exit early if Guix is already installed Maxim Cournoyer 2021-05-05 10:50 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Julien Lepiller 2 siblings, 0 replies; 6+ messages in thread From: Maxim Cournoyer @ 2021-05-05 4:32 UTC (permalink / raw) To: 48233; +Cc: Maxim Cournoyer Via, for example, yes | ./guix-install.sh. * etc/guix-install.sh (prompt_yes_no): New procedure. (chk_gpg_keyring, sys_authorize_build_farms): Use it. --- etc/guix-install.sh | 47 +++++++++++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 11836f2c33..3d2936c873 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -92,6 +92,18 @@ _debug() fi } +# Return true if user answered yes, false otherwise. +# $1: The prompt question. +prompt_yes_no() { + while true; do + read -rp "$1" yn + case $yn in + [Yy]*) return 0;; + [Nn]*) return 1;; + *) _msg "Please answer yes or no." + esac + done +} chk_require() { # Check that every required command is available. @@ -123,9 +135,19 @@ chk_gpg_keyring() # Without --dry-run this command will create a ~/.gnupg owned by root on # systems where gpg has never been used, causing errors and confusion. if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then - _err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command:" - echo " wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -" - exit_flag=yes + if prompt_yes_no "${INF}The following OpenPGP public key is \ +required to verify the Guix binary signature: $gpg_key_id. +Would you like me to fetch it for you? (yes/no)"; then + wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \ + -qO - | gpg --import - + else + _err "${ERR}Missing OpenPGP public key ($gpg_key_id). +Fetch it with this command: + + wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | \ +sudo -i gpg --import -" + exit_flag=yes + fi fi done if [ "$exit_flag" = yes ]; then @@ -450,17 +472,14 @@ sys_enable_guix_daemon() sys_authorize_build_farms() { # authorize the public key of the build farm - while true; do - read -rp "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn - case $yn in - [Yy]*) guix archive --authorize < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" && - _msg "${PAS}Authorized public key for ci.guix.gnu.org"; - break;; - [Nn]*) _msg "${INF}Skipped authorizing build farm public keys" - break;; - *) _msg "Please answer yes or no."; - esac - done + if prompt_yes_no "Permit downloading pre-built package binaries from the \ +project's build farm? (yes/no) "; then + guix archive --authorize \ + < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \ + && _msg "${PAS}Authorized public key for ci.guix.gnu.org" + else + _msg "${INF}Skipped authorizing build farm public keys" + fi } sys_create_init_profile() -- 2.31.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#48233] [PATCH 3/3] guix-install.sh: Exit early if Guix is already installed. 2021-05-05 4:32 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 2/3] guix-install.sh: Propose automatically fetching OpenPGP keys Maxim Cournoyer @ 2021-05-05 4:32 ` Maxim Cournoyer 2021-05-05 10:50 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Julien Lepiller 2 siblings, 0 replies; 6+ messages in thread From: Maxim Cournoyer @ 2021-05-05 4:32 UTC (permalink / raw) To: 48233; +Cc: Maxim Cournoyer * etc/guix-install.sh (sys_create_store): Move the check & exit before The Guix binary archive is unpacked. Re-indent tar extraction command. --- etc/guix-install.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/etc/guix-install.sh b/etc/guix-install.sh index 3d2936c873..f7ef0c2671 100755 --- a/etc/guix-install.sh +++ b/etc/guix-install.sh @@ -321,20 +321,18 @@ sys_create_store() _debug "--- [ ${FUNCNAME[0]} ] ---" - cd "$tmp_path" - tar --extract \ - --file "$pkg" && - _msg "${PAS}unpacked archive" - if [[ -e "/var/guix" || -e "/gnu" ]]; then _err "${ERR}A previous Guix installation was found. Refusing to overwrite." exit 1 - else - _msg "${INF}Installing /var/guix and /gnu..." - mv "${tmp_path}/var/guix" /var/ - mv "${tmp_path}/gnu" / fi + cd "$tmp_path" + tar --extract --file "$pkg" && _msg "${PAS}unpacked archive" + + _msg "${INF}Installing /var/guix and /gnu..." + mv "${tmp_path}/var/guix" /var/ + mv "${tmp_path}/gnu" / + _msg "${INF}Linking the root user's profile" mkdir -p "~root/.config/guix" ln -sf /var/guix/profiles/per-user/root/current-guix \ -- 2.31.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter. 2021-05-05 4:32 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 2/3] guix-install.sh: Propose automatically fetching OpenPGP keys Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 3/3] guix-install.sh: Exit early if Guix is already installed Maxim Cournoyer @ 2021-05-05 10:50 ` Julien Lepiller 2021-05-05 15:00 ` bug#48233: " Maxim Cournoyer 2 siblings, 1 reply; 6+ messages in thread From: Julien Lepiller @ 2021-05-05 10:50 UTC (permalink / raw) To: Maxim Cournoyer, 48233 Le 5 mai 2021 00:32:00 GMT-04:00, Maxim Cournoyer <maxim.cournoyer@gmail.com> a écrit : > > wget --help | grep -q '\--show-progress' && \ > _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" >- wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" >"${url}/${bin_ver}.tar.xz.sig" > >- if [[ "$?" -eq 0 ]]; then >- _msg "${PAS}download completed." >+ if wget "$_PROGRESS_OPT" -P "$dl_path" \ >+ "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; "$_PROGRESS_OPT" gets expanded to a single "-q --show-progress", which I doubt exists in wget :). The previous version didn't have quotes. Otherwise, LGTM. ^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#48233: [PATCH 1/3] guix-install.sh: Please the shellcheck linter. 2021-05-05 10:50 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Julien Lepiller @ 2021-05-05 15:00 ` Maxim Cournoyer 0 siblings, 0 replies; 6+ messages in thread From: Maxim Cournoyer @ 2021-05-05 15:00 UTC (permalink / raw) To: Julien Lepiller; +Cc: 48233-done Hi Julien, Julien Lepiller <julien@lepiller.eu> writes: > Le 5 mai 2021 00:32:00 GMT-04:00, Maxim Cournoyer <maxim.cournoyer@gmail.com> a écrit : >> >> wget --help | grep -q '\--show-progress' && \ >> _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" >>- wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" >>"${url}/${bin_ver}.tar.xz.sig" >> >>- if [[ "$?" -eq 0 ]]; then >>- _msg "${PAS}download completed." >>+ if wget "$_PROGRESS_OPT" -P "$dl_path" \ >>+ "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; > > "$_PROGRESS_OPT" gets expanded to a single "-q --show-progress", which I doubt exists in wget :). The previous version didn't have quotes. Good catch! I failed to see that in my testing due to using the GUIX_RELEASE_FILE_NAME trick, which shortcuts that procedure. I've fixed it with an array: --8<---------------cut here---------------start------------->8--- 1 file changed, 4 insertions(+), 3 deletions(-) etc/guix-install.sh | 7 ++++--- modified etc/guix-install.sh @@ -266,15 +266,16 @@ guix_get_bin() local url="$1" local bin_ver="$2" local dl_path="$3" + local wget_args=() _debug "--- [ ${FUNCNAME[0]} ] ---" _msg "${INF}Downloading Guix release archive" - wget --help | grep -q '\--show-progress' && \ - _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT="" + wget --help | grep -q '\--show-progress' \ + && wget_args=("-q" "--show-progress") - if wget "$_PROGRESS_OPT" -P "$dl_path" \ + if wget "${wget_args[@]}" -P "$dl_path" \ "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then _msg "${PAS}download completed." else --8<---------------cut here---------------end--------------->8--- And in another VM (RHEL8) with up-to-date certs to be able to fetch from the alpha.gnu.org :-). The install went fine. Pushed, thank you! Maxim ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-05-05 15:03 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-05-05 4:10 [bug#48233] [PATCH 0/3] Modest improvements to the guix-install.sh script Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 2/3] guix-install.sh: Propose automatically fetching OpenPGP keys Maxim Cournoyer 2021-05-05 4:32 ` [bug#48233] [PATCH 3/3] guix-install.sh: Exit early if Guix is already installed Maxim Cournoyer 2021-05-05 10:50 ` [bug#48233] [PATCH 1/3] guix-install.sh: Please the shellcheck linter Julien Lepiller 2021-05-05 15:00 ` bug#48233: " Maxim Cournoyer
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.