guix-install.sh 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578
  1. #!/bin/sh
  2. # GNU Guix --- Functional package management for GNU
  3. # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
  4. # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
  5. # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
  6. # Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
  7. # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
  8. # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
  9. # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
  10. # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
  11. # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
  12. #
  13. # This file is part of GNU Guix.
  14. #
  15. # GNU Guix is free software; you can redistribute it and/or modify it
  16. # under the terms of the GNU General Public License as published by
  17. # the Free Software Foundation; either version 3 of the License, or (at
  18. # your option) any later version.
  19. #
  20. # GNU Guix is distributed in the hope that it will be useful, but
  21. # WITHOUT ANY WARRANTY; without even the implied warranty of
  22. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. # GNU General Public License for more details.
  24. #
  25. # You should have received a copy of the GNU General Public License
  26. # along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
  27. # We require Bash but for portability we'd rather not use /bin/bash or
  28. # /usr/bin/env in the shebang, hence this hack.
  29. if [ "x$BASH_VERSION" = "x" ]
  30. then
  31. exec bash "$0" "$@"
  32. fi
  33. set -e
  34. [ "$UID" -eq 0 ] || { echo "This script must be run as root."; exit 1; }
  35. REQUIRE=(
  36. "dirname"
  37. "readlink"
  38. "wget"
  39. "gpg"
  40. "grep"
  41. "which"
  42. "sed"
  43. "sort"
  44. "getent"
  45. "mktemp"
  46. "rm"
  47. "chmod"
  48. "uname"
  49. "groupadd"
  50. "tail"
  51. "tr"
  52. "xz"
  53. )
  54. PAS=$'[ \033[32;1mPASS\033[0m ] '
  55. ERR=$'[ \033[31;1mFAIL\033[0m ] '
  56. WAR=$'[ \033[33;1mWARN\033[0m ] '
  57. INF="[ INFO ] "
  58. DEBUG=0
  59. GNU_URL="https://ftp.gnu.org/gnu/guix/"
  60. #GNU_URL="https://alpha.gnu.org/gnu/guix/"
  61. OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
  62. # This script needs to know where root's home directory is. However, we
  63. # cannot simply use the HOME environment variable, since there is no guarantee
  64. # that it points to root's home directory.
  65. ROOT_HOME="$(echo ~root)"
  66. # ------------------------------------------------------------------------------
  67. #+UTILITIES
  68. _err()
  69. { # All errors go to stderr.
  70. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
  71. }
  72. _msg()
  73. { # Default message to stdout.
  74. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
  75. }
  76. _debug()
  77. {
  78. if [ "${DEBUG}" = '1' ]; then
  79. printf "[%s]: %s\n" "$(date +%s.%3N)" "$1"
  80. fi
  81. }
  82. chk_require()
  83. { # Check that every required command is available.
  84. declare -a warn
  85. local c
  86. _debug "--- [ $FUNCNAME ] ---"
  87. for c in "$@"; do
  88. command -v "$c" &>/dev/null || warn+=("$c")
  89. done
  90. [ "${#warn}" -ne 0 ] &&
  91. { _err "${ERR}Missing commands: ${warn[*]}.";
  92. return 1; }
  93. _msg "${PAS}verification of required commands completed"
  94. }
  95. chk_gpg_keyring()
  96. { # Check whether the Guix release signing public key is present.
  97. _debug "--- [ $FUNCNAME ] ---"
  98. # Without --dry-run this command will create a ~/.gnupg owned by root on
  99. # systems where gpg has never been used, causing errors and confusion.
  100. gpg --dry-run --list-keys ${OPENPGP_SIGNING_KEY_ID} >/dev/null 2>&1 || (
  101. _err "${ERR}Missing OpenPGP public key. Fetch it with this command:"
  102. echo " wget 'https://sv.gnu.org/people/viewgpg.php?user_id=15145' -qO - | sudo -i gpg --import -"
  103. exit 1
  104. )
  105. }
  106. chk_term()
  107. { # Check for ANSI terminal for color printing.
  108. local ansi_term
  109. if [ -t 2 ]; then
  110. if [ "${TERM+set}" = 'set' ]; then
  111. case "$TERM" in
  112. xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
  113. ansi_term=true
  114. ;;
  115. *)
  116. ansi_term=false
  117. ERR="[ FAIL ] "
  118. PAS="[ PASS ] "
  119. ;;
  120. esac
  121. fi
  122. fi
  123. }
  124. chk_init_sys()
  125. { # Return init system type name.
  126. if [[ $(/sbin/init --version 2>/dev/null) =~ upstart ]]; then
  127. _msg "${INF}init system is: upstart"
  128. INIT_SYS="upstart"
  129. return 0
  130. elif [[ $(systemctl 2>/dev/null) =~ -\.mount ]]; then
  131. _msg "${INF}init system is: systemd"
  132. INIT_SYS="systemd"
  133. return 0
  134. elif [[ -f /etc/init.d/cron && ! -h /etc/init.d/cron ]]; then
  135. _msg "${INF}init system is: sysv-init"
  136. INIT_SYS="sysv-init"
  137. return 0
  138. elif [[ $(openrc --version 2>/dev/null) =~ \(OpenRC\) ]]; then
  139. _msg "${INF}init system is: OpenRC"
  140. INIT_SYS="openrc"
  141. return 0
  142. else
  143. INIT_SYS="NA"
  144. _err "${ERR}Init system could not be detected."
  145. fi
  146. }
  147. chk_sys_arch()
  148. { # Check for operating system and architecture type.
  149. local os
  150. local arch
  151. os="$(uname -s)"
  152. arch="$(uname -m)"
  153. case "$arch" in
  154. i386 | i486 | i686 | i786 | x86)
  155. local arch=i686
  156. ;;
  157. x86_64 | x86-64 | x64 | amd64)
  158. local arch=x86_64
  159. ;;
  160. aarch64)
  161. local arch=aarch64
  162. ;;
  163. armv7l)
  164. local arch=armhf
  165. ;;
  166. ppc64le | powerpc64le)
  167. local arch=powerpc64le
  168. ;;
  169. *)
  170. _err "${ERR}Unsupported CPU type: ${arch}"
  171. exit 1
  172. esac
  173. case "$os" in
  174. Linux | linux)
  175. local os=linux
  176. ;;
  177. *)
  178. _err "${ERR}Your operation system (${os}) is not supported."
  179. exit 1
  180. esac
  181. ARCH_OS="${arch}-${os}"
  182. }
  183. chk_sys_nscd()
  184. { # Check if nscd is up and suggest to start it or install it
  185. if [ "$(type -P pidof)" ]; then
  186. if [ ! "$(pidof nscd)" ]; then
  187. _msg "${WAR}We recommend installing and/or starting your distribution 'nscd' service"
  188. _msg "${WAR}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
  189. fi
  190. else
  191. _msg "${INF}We cannot determine if your distribution 'nscd' service is running"
  192. _msg "${INF}Please read 'info guix \"Application Setup\"' about \"Name Service Switch\""
  193. fi
  194. }
  195. # ------------------------------------------------------------------------------
  196. #+MAIN
  197. guix_get_bin_list()
  198. { # Scan GNU archive and save list of binaries
  199. local gnu_url="$1"
  200. local -a bin_ver_ls
  201. local latest_ver
  202. local default_ver
  203. _debug "--- [ $FUNCNAME ] ---"
  204. # Filter only version and architecture
  205. bin_ver_ls=("$(wget -qO- "$gnu_url" \
  206. | sed -n -e 's/.*guix-binary-\([0-9.]*[a-z0-9]*\)\..*.tar.xz.*/\1/p' \
  207. | sort -Vu)")
  208. latest_ver="$(echo "${bin_ver_ls[0]}" \
  209. | grep -oE "([0-9]{1,2}\.){2}[0-9]{1,2}[a-z0-9]*" \
  210. | tail -n1)"
  211. default_ver="guix-binary-${latest_ver}.${ARCH_OS}"
  212. if [[ "${#bin_ver_ls}" -ne "0" ]]; then
  213. _msg "${PAS}Release for your system: ${default_ver}"
  214. else
  215. _err "${ERR}Could not obtain list of Guix releases."
  216. exit 1
  217. fi
  218. # Use default to download according to the list and local ARCH_OS.
  219. BIN_VER="${default_ver}"
  220. }
  221. guix_get_bin()
  222. { # Download and verify binary package.
  223. local url="$1"
  224. local bin_ver="$2"
  225. local dl_path="$3"
  226. _debug "--- [ $FUNCNAME ] ---"
  227. _msg "${INF}Downloading Guix release archive"
  228. wget --help | grep -q '\--show-progress' && \
  229. _PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
  230. wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
  231. if [[ "$?" -eq 0 ]]; then
  232. _msg "${PAS}download completed."
  233. else
  234. _err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
  235. exit 1
  236. fi
  237. pushd "${dl_path}" >/dev/null
  238. gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
  239. if [[ "$?" -eq 0 ]]; then
  240. _msg "${PAS}Signature is valid."
  241. popd >/dev/null
  242. else
  243. _err "${ERR}could not verify the signature."
  244. exit 1
  245. fi
  246. }
  247. sys_create_store()
  248. { # Unpack and install /gnu/store and /var/guix
  249. local pkg="$1"
  250. local tmp_path="$2"
  251. _debug "--- [ $FUNCNAME ] ---"
  252. cd "$tmp_path"
  253. tar --extract \
  254. --file "$pkg" &&
  255. _msg "${PAS}unpacked archive"
  256. if [[ -e "/var/guix" || -e "/gnu" ]]; then
  257. _err "${ERR}A previous Guix installation was found. Refusing to overwrite."
  258. exit 1
  259. else
  260. _msg "${INF}Installing /var/guix and /gnu..."
  261. mv "${tmp_path}/var/guix" /var/
  262. mv "${tmp_path}/gnu" /
  263. fi
  264. _msg "${INF}Linking the root user's profile"
  265. mkdir -p "${ROOT_HOME}/.config/guix"
  266. ln -sf /var/guix/profiles/per-user/root/current-guix \
  267. "${ROOT_HOME}/.config/guix/current"
  268. GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
  269. source "${GUIX_PROFILE}/etc/profile"
  270. _msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
  271. }
  272. sys_create_build_user()
  273. { # Create the group and user accounts for build users.
  274. _debug "--- [ $FUNCNAME ] ---"
  275. if [ $(getent group guixbuild) ]; then
  276. _msg "${INF}group guixbuild exists"
  277. else
  278. groupadd --system guixbuild
  279. _msg "${PAS}group <guixbuild> created"
  280. fi
  281. if [ $(getent group kvm) ]; then
  282. _msg "${INF}group kvm exists and build users will be added to it"
  283. local KVMGROUP=,kvm
  284. fi
  285. for i in $(seq -w 1 10); do
  286. if id "guixbuilder${i}" &>/dev/null; then
  287. _msg "${INF}user is already in the system, reset"
  288. usermod -g guixbuild -G guixbuild${KVMGROUP} \
  289. -d /var/empty -s "$(which nologin)" \
  290. -c "Guix build user $i" \
  291. "guixbuilder${i}";
  292. else
  293. useradd -g guixbuild -G guixbuild${KVMGROUP} \
  294. -d /var/empty -s "$(which nologin)" \
  295. -c "Guix build user $i" --system \
  296. "guixbuilder${i}";
  297. _msg "${PAS}user added <guixbuilder${i}>"
  298. fi
  299. done
  300. }
  301. sys_enable_guix_daemon()
  302. { # Run the daemon, and set it to automatically start on boot.
  303. local info_path
  304. local local_bin
  305. local var_guix
  306. _debug "--- [ $FUNCNAME ] ---"
  307. info_path="/usr/local/share/info"
  308. local_bin="/usr/local/bin"
  309. var_guix="/var/guix/profiles/per-user/root/current-guix"
  310. case "$INIT_SYS" in
  311. upstart)
  312. { initctl reload-configuration;
  313. cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
  314. /etc/init/ &&
  315. start guix-daemon; } &&
  316. _msg "${PAS}enabled Guix daemon via upstart"
  317. ;;
  318. systemd)
  319. { # systemd .mount units must be named after the target directory.
  320. # Here we assume a hard-coded name of /gnu/store.
  321. # XXX Work around <https://issues.guix.gnu.org/41356> until next release.
  322. if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
  323. cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
  324. /etc/systemd/system/;
  325. chmod 664 /etc/systemd/system/gnu-store.mount;
  326. systemctl daemon-reload &&
  327. systemctl enable gnu-store.mount;
  328. fi
  329. cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
  330. /etc/systemd/system/;
  331. chmod 664 /etc/systemd/system/guix-daemon.service;
  332. # Work around <https://bugs.gnu.org/36074>, present in 1.0.1.
  333. sed -i /etc/systemd/system/guix-daemon.service \
  334. -e "s/GUIX_LOCPATH='/'GUIX_LOCPATH=/";
  335. # Work around <https://bugs.gnu.org/35671>, present in 1.0.1.
  336. if ! grep en_US /etc/systemd/system/guix-daemon.service >/dev/null;
  337. then sed -i /etc/systemd/system/guix-daemon.service \
  338. -e 's/^Environment=\(.*\)$/Environment=\1 LC_ALL=en_US.UTF-8';
  339. fi;
  340. systemctl daemon-reload &&
  341. systemctl enable guix-daemon &&
  342. systemctl start guix-daemon; } &&
  343. _msg "${PAS}enabled Guix daemon via systemd"
  344. ;;
  345. sysv-init)
  346. { mkdir -p /etc/init.d;
  347. cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
  348. /etc/init.d/guix-daemon;
  349. chmod 775 /etc/init.d/guix-daemon;
  350. update-rc.d guix-daemon defaults &&
  351. update-rc.d guix-daemon enable &&
  352. service guix-daemon start; } &&
  353. _msg "${PAS}enabled Guix daemon via sysv"
  354. ;;
  355. openrc)
  356. { mkdir -p /etc/init.d;
  357. cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
  358. /etc/init.d/guix-daemon;
  359. chmod 775 /etc/init.d/guix-daemon;
  360. rc-update add guix-daemon default &&
  361. rc-service guix-daemon start; } &&
  362. _msg "${PAS}enabled Guix daemon via OpenRC"
  363. ;;
  364. NA|*)
  365. _msg "${ERR}unsupported init system; run the daemon manually:"
  366. echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
  367. ;;
  368. esac
  369. _msg "${INF}making the guix command available to other users"
  370. [ -e "$local_bin" ] || mkdir -p "$local_bin"
  371. ln -sf "${var_guix}/bin/guix" "$local_bin"
  372. [ -e "$info_path" ] || mkdir -p "$info_path"
  373. for i in "${var_guix}"/share/info/*; do
  374. ln -sf "$i" "$info_path"
  375. done
  376. }
  377. sys_authorize_build_farms()
  378. { # authorize the public key of the build farm
  379. while true; do
  380. read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
  381. case $yn in
  382. [Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
  383. _msg "${PAS}Authorized public key for ci.guix.gnu.org";
  384. break;;
  385. [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
  386. break;;
  387. *) _msg "Please answer yes or no.";
  388. esac
  389. done
  390. }
  391. sys_create_init_profile()
  392. { # Create /etc/profile.d/guix.sh for better desktop integration
  393. # This will not take effect until the next shell or desktop session!
  394. [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
  395. cat <<"EOF" > /etc/profile.d/guix.sh
  396. # _GUIX_PROFILE: `guix pull` profile
  397. _GUIX_PROFILE="$HOME/.config/guix/current"
  398. export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
  399. # Export INFOPATH so that the updated info pages can be found
  400. # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
  401. # When INFOPATH is unset, add a trailing colon so that Emacs
  402. # searches 'Info-default-directory-list'.
  403. export INFOPATH="$_GUIX_PROFILE/share/info:$INFOPATH"
  404. # GUIX_PROFILE: User's default profile
  405. GUIX_PROFILE="$HOME/.guix-profile"
  406. [ -L $GUIX_PROFILE ] || return
  407. GUIX_LOCPATH="$GUIX_PROFILE/lib/locale"
  408. export GUIX_PROFILE GUIX_LOCPATH
  409. [ -f "$GUIX_PROFILE/etc/profile" ] && . "$GUIX_PROFILE/etc/profile"
  410. # set XDG_DATA_DIRS to include Guix installations
  411. export XDG_DATA_DIRS="$GUIX_PROFILE/share:${XDG_DATA_DIRS:-/usr/local/share/:/usr/share/}"
  412. EOF
  413. }
  414. sys_create_shell_completion()
  415. { # Symlink supported shell completions system-wide
  416. var_guix=/var/guix/profiles/per-user/root/current-guix
  417. bash_completion=/etc/bash_completion.d
  418. zsh_completion=/usr/share/zsh/site-functions
  419. fish_completion=/usr/share/fish/vendor_completions.d
  420. { # Just in case
  421. for dir_shell in $bash_completion $zsh_completion $fish_completion; do
  422. [ -d "$dir_shell" ] || mkdir -p $dir_shell
  423. done;
  424. ln -sf ${var_guix}/etc/bash_completion.d/* "$bash_completion";
  425. ln -sf ${var_guix}/share/zsh/site-functions/* "$zsh_completion";
  426. ln -sf ${var_guix}/share/fish/vendor_completions.d/* "$fish_completion"; } &&
  427. _msg "${PAS}installed shell completion"
  428. }
  429. welcome()
  430. {
  431. cat<<"EOF"
  432. ░░░ ░░░
  433. ░░▒▒░░░░░░░░░ ░░░░░░░░░▒▒░░
  434. ░░▒▒▒▒▒░░░░░░░ ░░░░░░░▒▒▒▒▒░
  435. ░▒▒▒░░▒▒▒▒▒ ░░░░░░░▒▒░
  436. ░▒▒▒▒░ ░░░░░░
  437. ▒▒▒▒▒ ░░░░░░
  438. ▒▒▒▒▒ ░░░░░
  439. ░▒▒▒▒▒ ░░░░░
  440. ▒▒▒▒▒ ░░░░░
  441. ▒▒▒▒▒ ░░░░░
  442. ░▒▒▒▒▒░░░░░
  443. ▒▒▒▒▒▒░░░
  444. ▒▒▒▒▒▒░
  445. _____ _ _ _ _ _____ _
  446. / ____| \ | | | | | / ____| (_)
  447. | | __| \| | | | | | | __ _ _ ___ __
  448. | | |_ | . ' | | | | | | |_ | | | | \ \/ /
  449. | |__| | |\ | |__| | | |__| | |_| | |> <
  450. \_____|_| \_|\____/ \_____|\__,_|_/_/\_\
  451. This script installs GNU Guix on your system
  452. https://www.gnu.org/software/guix/
  453. EOF
  454. echo -n "Press return to continue..."
  455. read -r ANSWER
  456. }
  457. main()
  458. {
  459. local tmp_path
  460. welcome
  461. _msg "Starting installation ($(date))"
  462. chk_term
  463. chk_require "${REQUIRE[@]}"
  464. chk_gpg_keyring
  465. chk_init_sys
  466. chk_sys_arch
  467. chk_sys_nscd
  468. _msg "${INF}system is ${ARCH_OS}"
  469. umask 0022
  470. tmp_path="$(mktemp -t -d guix.XXX)"
  471. guix_get_bin_list "${GNU_URL}"
  472. guix_get_bin "${GNU_URL}" "${BIN_VER}" "$tmp_path"
  473. sys_create_store "${BIN_VER}.tar.xz" "${tmp_path}"
  474. sys_create_build_user
  475. sys_enable_guix_daemon
  476. sys_authorize_build_farms
  477. sys_create_init_profile
  478. sys_create_shell_completion
  479. _msg "${INF}cleaning up ${tmp_path}"
  480. rm -r "${tmp_path}"
  481. _msg "${PAS}Guix has successfully been installed!"
  482. _msg "${INF}Run 'info guix' to read the manual."
  483. # Required to source /etc/profile in desktop environments.
  484. _msg "${INF}Please log out and back in to complete the installation."
  485. }
  486. main "$@"