tribes/guix
1
0
Fork 1
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-05-22 09:05:54 +02:00
Code Activity

Merge branch 'version-1.3.0'

Browse Source
This commit is contained in:
Maxim Cournoyer
2021-05-11 22:42:59 -04:00
parent c80627731b fb5d04d363
commit b7cbca221f
70 changed files with 176355 additions and 123506 deletions
Download Patch File Download Diff File Expand all files Collapse all files
etc/guix-install.sh
+77 -65
View File
@@ -9,6 +9,7 @@
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
#
# This file is part of GNU Guix.
#
@@ -71,11 +72,6 @@ declare -A GPG_SIGNING_KEYS
GPG_SIGNING_KEYS[15145]=3CE464558A84FDC69DB40CFB090B11993D9AEBB5 # ludo
GPG_SIGNING_KEYS[127547]=27D586A4F8900854329FF09F1260E46482E63562 # maxim
# This script needs to know where root's home directory is. However, we
# cannot simply use the HOME environment variable, since there is no guarantee
# that it points to root's home directory.
ROOT_HOME="$(echo ~root)"
# ------------------------------------------------------------------------------
#+UTILITIES
@@ -96,13 +92,25 @@ _debug()
fi
}
# Return true if user answered yes, false otherwise.
# $1: The prompt question.
prompt_yes_no() {
while true; do
read -rp "$1" yn
case $yn in
[Yy]*) return 0;;
[Nn]*) return 1;;
*) _msg "Please answer yes or no."
esac
done
}
chk_require()
{ # Check that every required command is available.
declare -a warn
local c
_debug "--- [ $FUNCNAME ] ---"
_debug "--- [ ${FUNCNAME[0]} ] ---"
for c in "$@"; do
command -v "$c" &>/dev/null || warn+=("$c")
@@ -117,7 +125,7 @@ chk_require()
chk_gpg_keyring()
{ # Check whether the Guix release signing public key is present.
_debug "--- [ $FUNCNAME ] ---"
_debug "--- [ ${FUNCNAME[0]} ] ---"
local user_id
local gpg_key_id
local exit_flag
@@ -127,26 +135,34 @@ chk_gpg_keyring()
# Without --dry-run this command will create a ~/.gnupg owned by root on
# systems where gpg has never been used, causing errors and confusion.
if ! gpg --dry-run --list-keys "$gpg_key_id" >/dev/null 2>&1; then
_err "${ERR}Missing OpenPGP public key ($gpg_key_id). Fetch it with this command:"
echo " wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | sudo -i gpg --import -"
exit_flag=yes
if prompt_yes_no "${INF}The following OpenPGP public key is \
required to verify the Guix binary signature: $gpg_key_id.
Would you like me to fetch it for you? (yes/no)"; then
wget "https://sv.gnu.org/people/viewgpg.php?user_id=$user_id" \
-qO - | gpg --import -
else
_err "${ERR}Missing OpenPGP public key ($gpg_key_id).
Fetch it with this command:
wget \"https://sv.gnu.org/people/viewgpg.php?user_id=$user_id\" -qO - | \
sudo -i gpg --import -"
exit_flag=yes
fi
fi
done
test "$exit_flag" = yes && exit 1 || true
if [ "$exit_flag" = yes ]; then
exit 1
fi
}
chk_term()
{ # Check for ANSI terminal for color printing.
local ansi_term
if [ -t 2 ]; then
if [ "${TERM+set}" = 'set' ]; then
case "$TERM" in
xterm*|rxvt*|urxvt*|linux*|vt*|eterm*|screen*)
ansi_term=true
;;
*)
ansi_term=false
ERR="[ FAIL ] "
PAS="[ PASS ] "
;;
@@ -243,7 +259,7 @@ guix_get_bin_list()
local latest_ver
local default_ver
_debug "--- [ $FUNCNAME ] ---"
_debug "--- [ ${FUNCNAME[0]} ] ---"
# Filter only version and architecture
bin_ver_ls=("$(wget -qO- "$gnu_url" \
@@ -272,25 +288,25 @@ guix_get_bin()
local url="$1"
local bin_ver="$2"
local dl_path="$3"
local wget_args=()
_debug "--- [ $FUNCNAME ] ---"
_debug "--- [ ${FUNCNAME[0]} ] ---"
_msg "${INF}Downloading Guix release archive"
wget --help | grep -q '\--show-progress' && \
_PROGRESS_OPT="-q --show-progress" || _PROGRESS_OPT=""
wget $_PROGRESS_OPT -P "$dl_path" "${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"
wget --help | grep -q '\--show-progress' \
&& wget_args=("-q" "--show-progress")
if [[ "$?" -eq 0 ]]; then
_msg "${PAS}download completed."
if wget "${wget_args[@]}" -P "$dl_path" \
"${url}/${bin_ver}.tar.xz" "${url}/${bin_ver}.tar.xz.sig"; then
_msg "${PAS}download completed."
else
_err "${ERR}could not download ${url}/${bin_ver}.tar.xz."
exit 1
fi
pushd "${dl_path}" >/dev/null
gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1
if [[ "$?" -eq 0 ]]; then
if gpg --verify "${bin_ver}.tar.xz.sig" >/dev/null 2>&1; then
_msg "${PAS}Signature is valid."
popd >/dev/null
else
@@ -304,45 +320,44 @@ sys_create_store()
local pkg="$1"
local tmp_path="$2"
_debug "--- [ $FUNCNAME ] ---"
cd "$tmp_path"
tar --extract \
--file "$pkg" &&
_msg "${PAS}unpacked archive"
_debug "--- [ ${FUNCNAME[0]} ] ---"
if [[ -e "/var/guix" || -e "/gnu" ]]; then
_err "${ERR}A previous Guix installation was found. Refusing to overwrite."
exit 1
else
_msg "${INF}Installing /var/guix and /gnu..."
mv "${tmp_path}/var/guix" /var/
mv "${tmp_path}/gnu" /
fi
_msg "${INF}Linking the root user's profile"
mkdir -p "${ROOT_HOME}/.config/guix"
ln -sf /var/guix/profiles/per-user/root/current-guix \
"${ROOT_HOME}/.config/guix/current"
cd "$tmp_path"
tar --extract --file "$pkg" && _msg "${PAS}unpacked archive"
GUIX_PROFILE="${ROOT_HOME}/.config/guix/current"
_msg "${INF}Installing /var/guix and /gnu..."
mv "${tmp_path}/var/guix" /var/
mv "${tmp_path}/gnu" /
_msg "${INF}Linking the root user's profile"
mkdir -p "~root/.config/guix"
ln -sf /var/guix/profiles/per-user/root/current-guix \
"~root/.config/guix/current"
GUIX_PROFILE="~root/.config/guix/current"
# shellcheck disable=SC1090
source "${GUIX_PROFILE}/etc/profile"
_msg "${PAS}activated root profile at ${ROOT_HOME}/.config/guix/current"
_msg "${PAS}activated root profile at ${GUIX_PROFILE}"
}
sys_create_build_user()
{ # Create the group and user accounts for build users.
_debug "--- [ $FUNCNAME ] ---"
_debug "--- [ ${FUNCNAME[0]} ] ---"
if [ $(getent group guixbuild) ]; then
if getent group guixbuild > /dev/null; then
_msg "${INF}group guixbuild exists"
else
groupadd --system guixbuild
_msg "${PAS}group <guixbuild> created"
fi
if [ $(getent group kvm) ]; then
if getent group kvm > /dev/null; then
_msg "${INF}group kvm exists and build users will be added to it"
local KVMGROUP=,kvm
fi
@@ -371,7 +386,7 @@ sys_enable_guix_daemon()
local local_bin
local var_guix
_debug "--- [ $FUNCNAME ] ---"
_debug "--- [ ${FUNCNAME[0]} ] ---"
info_path="/usr/local/share/info"
local_bin="/usr/local/bin"
@@ -380,7 +395,7 @@ sys_enable_guix_daemon()
case "$INIT_SYS" in
upstart)
{ initctl reload-configuration;
cp "${ROOT_HOME}/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
cp "~root/.config/guix/current/lib/upstart/system/guix-daemon.conf" \
/etc/init/ &&
start guix-daemon; } &&
_msg "${PAS}enabled Guix daemon via upstart"
@@ -389,15 +404,15 @@ sys_enable_guix_daemon()
{ # systemd .mount units must be named after the target directory.
# Here we assume a hard-coded name of /gnu/store.
# XXX Work around <https://issues.guix.gnu.org/41356> until next release.
if [ -f "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/gnu-store.mount" \
if [ -f "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" ]; then
cp "~root/.config/guix/current/lib/systemd/system/gnu-store.mount" \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/gnu-store.mount;
systemctl daemon-reload &&
systemctl enable gnu-store.mount;
fi
cp "${ROOT_HOME}/.config/guix/current/lib/systemd/system/guix-daemon.service" \
cp "~root/.config/guix/current/lib/systemd/system/guix-daemon.service" \
/etc/systemd/system/;
chmod 664 /etc/systemd/system/guix-daemon.service;
@@ -418,7 +433,7 @@ sys_enable_guix_daemon()
;;
sysv-init)
{ mkdir -p /etc/init.d;
cp "${ROOT_HOME}/.config/guix/current/etc/init.d/guix-daemon" \
cp "~root/.config/guix/current/etc/init.d/guix-daemon" \
/etc/init.d/guix-daemon;
chmod 775 /etc/init.d/guix-daemon;
@@ -429,7 +444,7 @@ sys_enable_guix_daemon()
;;
openrc)
{ mkdir -p /etc/init.d;
cp "${ROOT_HOME}/.config/guix/current/etc/openrc/guix-daemon" \
cp "~root/.config/guix/current/etc/openrc/guix-daemon" \
/etc/init.d/guix-daemon;
chmod 775 /etc/init.d/guix-daemon;
@@ -439,7 +454,7 @@ sys_enable_guix_daemon()
;;
NA|*)
_msg "${ERR}unsupported init system; run the daemon manually:"
echo " ${ROOT_HOME}/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
echo " ~root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild"
;;
esac
@@ -456,21 +471,18 @@ sys_enable_guix_daemon()
sys_authorize_build_farms()
{ # authorize the public key of the build farm
while true; do
read -p "Permit downloading pre-built package binaries from the project's build farm? (yes/no) " yn
case $yn in
[Yy]*) guix archive --authorize < "${ROOT_HOME}/.config/guix/current/share/guix/ci.guix.gnu.org.pub" &&
_msg "${PAS}Authorized public key for ci.guix.gnu.org";
break;;
[Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
break;;
*) _msg "Please answer yes or no.";
esac
done
if prompt_yes_no "Permit downloading pre-built package binaries from the \
project's build farm? (yes/no) "; then
guix archive --authorize \
< "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
&& _msg "${PAS}Authorized public key for ci.guix.gnu.org"
else
_msg "${INF}Skipped authorizing build farm public keys"
fi
}
sys_create_init_profile()
{ # Create /etc/profile.d/guix.sh for better desktop integration
{ # Define for better desktop integration
# This will not take effect until the next shell or desktop session!
[ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
cat <<"EOF" > /etc/profile.d/guix.sh
@@ -544,7 +556,7 @@ This script installs GNU Guix on your system
https://www.gnu.org/software/guix/
EOF
echo -n "Press return to continue..."
read -r ANSWER
read -r
}
main()
@@ -574,7 +586,7 @@ main()
if ! [[ $GUIX_BINARY_FILE_NAME =~ $ARCH_OS ]]; then
_err "$ARCH_OS not in ${GUIX_BINARY_FILE_NAME}; aborting"
fi
_msg "Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
_msg "${INF}Using manually provided binary ${GUIX_BINARY_FILE_NAME}"
GUIX_BINARY_FILE_NAME=$(realpath "$GUIX_BINARY_FILE_NAME")
fi
etc/release-manifest.scm
+21 -4
View File
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
;;;
;;; This file is part of GNU Guix.
@@ -49,6 +49,14 @@ TARGET."
'("bootstrap-tarballs" "gcc-toolchain" "nss-certs"
"openssh" "emacs" "vim" "python" "guile" "guix")))
(define %base-packages/armhf
;; XXX: Relax requirements for armhf-linux for lack of enough build power.
(map (lambda (package)
(if (string=? (package-name package) "emacs")
(specification->package "emacs-no-x")
package))
%base-packages))
(define %base-packages/hurd
;; XXX: For now we are less demanding of "i586-gnu".
(map specification->package
@@ -100,9 +108,18 @@ TARGET."
(manifest
(append-map (lambda (system)
(map (cut package->manifest-entry* <> system)
(if (string=? system "i586-gnu")
%base-packages/hurd
%base-packages)))
(cond ((string=? system "i586-gnu")
%base-packages/hurd)
((string=? system "armhf-linux")
;; FIXME: Drop special case when ci.guix.gnu.org
;; has more ARMv7 build power.
%base-packages/armhf)
((string=? system "powerpc64le-linux")
;; FIXME: Drop 'bootstrap-tarballs' until
;; <https://bugs.gnu.org/48055> is fixed.
(drop %base-packages 1))
(else
%base-packages))))
%cuirass-supported-systems)))
(define %system-manifest