Compare commits

...

31 commits

Author SHA1 Message Date
David Wilson 4c7732fbe8
Merge pull request #33 from fido-node/fix-weekly-ci-action
Fix weekly ci action
2024-08-16 09:47:40 +03:00
Aleksandr Mikhailov 863bf9475f
Boring attempt to fix a cache 2024-08-10 22:10:13 +03:00
Aleksandr Mikhailov 60e24dd264
Fix weekly CI action
- Change a way to call guix binary with sudo (take this idea from guix-install-action)
 - Replace substitute-urls inside guix-daemon unit file (not hapy with this solution, but it works)
 - Add rudimentary cache
2024-08-10 22:03:11 +03:00
David Wilson c5a20b2493
Use sudo when installing signing key 2024-06-14 23:19:45 +03:00
David Wilson f4bca1b5d6 Set up Nonguix channel early 2024-05-13 12:12:25 +03:00
David Wilson 1cc3c3c0ea Fix Nonguix substitutes 2024-05-13 11:47:07 +03:00
David Wilson 7532125ba3 Bake channels into the installation image 2024-05-11 21:17:20 +03:00
David Wilson 06dbe7e4ad
Add nonguix substitute server to CI automation 2024-04-05 10:59:37 +03:00
David Wilson 6885a75d74
Add nonguix substitute URL 2024-04-05 10:46:30 +03:00
David Wilson c077387ac9
Merge pull request #30 from moesasji/master
Bump checkout action - v2 to v4
2024-04-05 10:20:03 +03:00
Moesasji 353b7bdb77
Bump checkout action - v2 to v4
Update github checkout action to silence node depreciation warnings
2024-02-17 16:32:32 +00:00
David Wilson 586fcc7fff
Merge pull request #28 from ghisvail/patch-1
Bump guix-install-action to v1.5
2024-02-08 14:52:23 +02:00
Ghislain Vaillant 05ba4526e6
Bump guix-install-action to v1.5
See https://github.com/PromyLOPh/guix-install-action/issues/24
2024-02-04 10:00:04 +01:00
David Wilson 12db431fc3
Merge pull request #8 from gmemstr/patch-1
Update installer.scm location in README.
2021-09-20 11:24:54 -07:00
Gabriel Simmer 3abe40782b
Update installer.scm location in README. 2021-09-05 18:51:53 +01:00
David Wilson 1d8c40bc7b
Fix channels.scm path in CI release notes generation 2021-06-23 20:51:50 -07:00
David Wilson 92a3e11f82
Merge pull request #5 from anntnzrb/patch-1
Fixed manual (local) building
2021-06-23 18:05:07 +03:00
anntnzrb 215d2493c6 Removed unneeded extra channels from Guix Install workflow 2021-06-23 09:40:14 -05:00
anntnzrb 96e4027988 Fixed local iso building 2021-06-22 10:25:16 -05:00
anntnzrb da96ba03d2 Prefer using './' for files in the PWD 2021-06-22 08:12:29 -05:00
David Wilson 1fe4248b5a
Merge pull request #4 from anntnzrb/readme-tweaks
Readme tweaks
2021-06-21 23:51:43 -07:00
anntnzrb e64463773d Minor visual improvements 2021-06-21 11:10:24 -05:00
anntnzrb c9774d9271 Re-added security concerns notice | minor fix 2021-06-21 11:04:58 -05:00
anntnzrb bf5f710397 Added instructions section 2021-06-21 10:59:36 -05:00
anntnzrb 25e7d5b753 Added TOC & attributions section 2021-06-21 10:39:19 -05:00
anntnzrb 6108d67a27 Avoid wrapping links 2021-06-21 10:14:02 -05:00
David Wilson aeb88fc960 Whoops! 2021-06-05 16:32:56 -07:00
David Wilson f73c05ba0b Write out channels.scm before building the image 2021-06-05 13:21:30 -07:00
David Wilson 14fa0096f6 Add .gitignore 2021-06-05 13:01:39 -07:00
David Wilson 261e39fc2c Add build-iso.sh script for local image generation 2021-06-05 13:00:05 -07:00
David Wilson 431d9d10c9 Include the channel file for the current generation 2021-06-05 12:58:12 -07:00
6 changed files with 208 additions and 28 deletions

View file

@ -17,34 +17,69 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Git checkout - name: Git checkout
uses: actions/checkout@v2 uses: actions/checkout@v4
- name: Guix cache
uses: actions/cache/restore@v3
with:
path: ~/.cache/guix
# use a key that (almost) never matches
key: guix-cache-${{ github.sha }}
restore-keys: |
guix-cache-
- name: Install Guix - name: Install Guix
uses: PromyLOPh/guix-install-action@v1 uses: PromyLOPh/guix-install-action@v1.5
with: with:
channels: | channels: |
(cons* (channel (cons* (channel
(name 'nonguix) (name 'nonguix)
(url "https://gitlab.com/nonguix/nonguix") (url "https://gitlab.com/nonguix/nonguix")
;; Enable signature verification: (introduction
(introduction (make-channel-introduction
(make-channel-introduction "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
"897c1a470da759236cc11798f4e0a5f7d4d59fbc" (openpgp-fingerprint
(openpgp-fingerprint "2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
%default-channels) %default-channels)
- name: Set up Nonguix Substitutes
run: |
# This is necessary to authorize the substitute server
wget https://substitutes.nonguix.org/signing-key.pub
mv signing-key.pub nonguix-signing-key.pub
sudo /var/guix/profiles/per-user/root/current-guix/bin/guix archive --authorize < nonguix-signing-key.pub
- name: Set daemon level Substitutes
run: |
SUBSTITUTE_URLS="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org"
sudo sed -i "s|--substitute-urls='https://bordeaux.guix.gnu.org https://ci.guix.gnu.org'|--substitute-urls='$SUBSTITUTE_URLS'|g" /etc/systemd/system/guix-daemon.service
sudo systemctl daemon-reload
sudo systemctl restart guix-daemon.service
- name: Build ISO - name: Build ISO
run: | run: |
# Write out the channels file so it can be included
guix time-machine -C ./guix/base-channels.scm -- describe -f channels > ./guix/channels.scm
# Build the image
image=$(guix time-machine -C ./guix/channels.scm -- system image -t iso9660 ./guix/installer.scm)
# Copy the image to the local folder with a better name
export RELEASE_TAG=$(date +"%Y%m%d%H%M") export RELEASE_TAG=$(date +"%Y%m%d%H%M")
echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
image=$(guix system image -t iso9660 installer.scm)
cp $image ./guix-installer-$RELEASE_TAG.iso cp $image ./guix-installer-$RELEASE_TAG.iso
- uses: actions/cache/save@v3
if: always()
with:
path: ~/.cache/guix
key: guix-cache-${{ github.sha }}
- name: Prepare Release Notes - name: Prepare Release Notes
run: | run: |
echo $'This installer image was prepared with the following channel configuration:\r\n\r\n```\r\n' > release-notes.md echo $'This installer image was prepared with the following channel configuration:\r\n\r\n```\r\n' > release-notes.md
guix describe -f channels >> release-notes.md cat ./guix/channels.scm >> release-notes.md
echo $'\r\n```' >> release-notes.md echo $'\r\n```' >> release-notes.md
- name: Create Release - name: Create Release

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*.iso
./guix/channels.scm

View file

@ -1,21 +1,70 @@
# System Crafters Guix Installer # System Crafters Guix Installer
This repository runs automated CI builds to produce a [GNU This repository runs _automated CI builds_ to produce a
Guix](https://guix.gnu.org) installation image using the **full Linux kernel** [GNU Guix](https://guix.gnu.org) installation image using the
from the [Nonguix channel](https://gitlab.com/nonguix/nonguix). If you are **full Linux kernel** from the
using a modern laptop or hardware that is incompatible with the Linux Libre [Nonguix channel](https://gitlab.com/nonguix/nonguix). If you are using a
kernel, this installer image is for you! modern laptop or hardware that is incompatible with the **Linux Libre kernel**,
this installer image is for you!
You can take a look at the [image configuration](installer.scm) and the [build You may take a look at the [image configuration](./guix/installer.scm) and the
workflow](.github/workflows/build.yaml) to be sure that we aren't adding [build workflow](./.github/workflows/build.yaml) to be sure that we aren't adding
anything malicious to these builds! anything malicious to these builds!
A new ISO is produced at least once a week, sometimes more often if we're making **A new `.iso` image is produced at least once a week, sometimes more often if
improvements to the configuration. we're making improvements to the configuration.**
Special thanks to [@anntnzrb](https://github.com/anntnzrb) for providing the ## Table of Contents
starting point for the CI configuration! - [System Crafters Guix Installer](#system-crafters-guix-installer)
- [Instructions](#instructions)
- [Attributions](#attributions)
- [License](#license)
## Instructions
1. Download a recently built `.iso` from this repo's
[release page](https://github.com/SystemCrafters/guix-installer/releases)
2. Flash the `.iso` file into a USB stick with at least `3Gb`.
### Flashing the ISO
As stated in _step #2_ at [Instructions](#instructions), you will need to flash
the `.iso` file into a USB stick.
**[*]nix**:
You should only need the `dd` utility (_coreutils_):
- `dd status=progress if=guix-installerYYYYMMDDHHMM.iso of=/dev/foo`
- where `guix-installerYYYYMMDDHHMM.iso` is the name of the downloaded `.iso`
image and `foo` the name of the targeted device to flash the image.
For the sake of providing an example, here's the full command:
```sh
dd status=progress if=guix-installer-202106150234.iso of=/dev/sdb
```
> NOTE #1: You can list your devices with `lsblk`.
> NOTE #2: If `dd` won't work, refer to the **Windows** section.
**Windows**:
- [balenaEtcher](https://www.balena.io/etcher) is a great **cross-platform**
_FOSS_ utility for flashing _GNU/Linux_ images.
- If the above doesn't work, you might give [Rufus](https://rufus.ie/en_US/) a
look.
## Attributions
- [@anntnzrb](https://github.com/anntnzrb) for providing the starting point for
the _CI_ configuration.
- [@daviwil](https://github.com/daviwil) for releasing the finished _CI_
configuration and getting everything up and running.
- The [System Crafters](https://systemcrafters.cc)' community.
## License ## License
The code in this repository is licensed under the [GNU General Public License v3](LICENSE.txt). The code in this repository is licensed under the
[GNU General Public License v3](./LICENSE.txt).

37
build-iso.sh Executable file
View file

@ -0,0 +1,37 @@
#!/bin/sh
# -----------------------------------------------------------------------------
# Utilities
# -----------------------------------------------------------------------------
die() {
# **
# Prints a message to stderr & exits script with non-successful code "1"
# *
printf '%s\n' "$@" >&2
exit 1
}
# -----------------------------------------------------------------------------
# Main
# -----------------------------------------------------------------------------
# Write out the channels file so it can be included
guix time-machine -C './guix/base-channels.scm' -- \
describe -f channels > './guix/channels.scm'
# Build the image
printf 'Attempting to build the image...\n\n'
image=$(guix time-machine -C './guix/channels.scm' --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org' -- system image -t iso9660 './guix/installer.scm') \
|| die 'Could not create image.'
release_tag=$(date +"%Y%m%d%H%M")
cp "${image}" "./guix-installer-${release_tag}.iso" ||
die 'An error occurred while copying.'
printf 'Image was succesfully built: %s\n' "${image}"
# cleanup
unset -f die
unset -v image release_tag

12
guix/base-channels.scm Normal file
View file

@ -0,0 +1,12 @@
;; Reference :: https://gitlab.com/nonguix/nonguix
(cons* (channel
(name 'nonguix)
(url "https://gitlab.com/nonguix/nonguix")
;; Enable signature verification:
(introduction
(make-channel-introduction
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
(openpgp-fingerprint
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
%default-channels)

View file

@ -1,6 +1,8 @@
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com> ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz> ;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
;;; Copyright © 2019 David Wilson <david@daviwil.com> ;;; Copyright © 2019,2024 David Wilson <david@daviwil.com>
;;; Copyright © 2022 Jonathan Brielmaier <jonathan.brielmaier@web.de>
;;; Copyright © 2024 Hilton Chain <hako@ultrarare.space>
;;; ;;;
;;; This program is free software: you can redistribute it and/or modify ;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by ;;; it under the terms of the GNU General Public License as published by
@ -16,11 +18,11 @@
;;; along with this program. If not, see <https://www.gnu.org/licenses/>. ;;; along with this program. If not, see <https://www.gnu.org/licenses/>.
;; Generate a bootable image (e.g. for USB sticks, etc.) with: ;; Generate a bootable image (e.g. for USB sticks, etc.) with:
;; $ guix system disk-image nongnu/system/install.scm ;; $ guix system image -t iso9660 installer.scm
(define-module (nongnu system install) (define-module (nongnu system install)
#:use-module (gnu system) #:use-module (guix)
#:use-module (gnu system install) #:use-module (guix channels)
#:use-module (gnu packages version-control) #:use-module (gnu packages version-control)
#:use-module (gnu packages vim) #:use-module (gnu packages vim)
#:use-module (gnu packages curl) #:use-module (gnu packages curl)
@ -28,9 +30,33 @@
#:use-module (gnu packages linux) #:use-module (gnu packages linux)
#:use-module (gnu packages mtools) #:use-module (gnu packages mtools)
#:use-module (gnu packages package-management) #:use-module (gnu packages package-management)
#:use-module (gnu services)
#:use-module (gnu services base)
#:use-module (gnu system)
#:use-module (gnu system install)
#:use-module (nongnu packages linux) #:use-module (nongnu packages linux)
#:export (installation-os-nonfree)) #:export (installation-os-nonfree))
;; https://substitutes.nonguix.org/signing-key.pub
(define %signing-key
(plain-file "nonguix.pub" "\
(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
(define %channels
(cons* (channel
(name 'nonguix)
(url "https://gitlab.com/nonguix/nonguix")
;; Enable signature verification:
(introduction
(make-channel-introduction
"897c1a470da759236cc11798f4e0a5f7d4d59fbc"
(openpgp-fingerprint
"2A39 3FFF 68F4 EF7A 3D29 12AF 6F51 20A0 22FB B2D5"))))
%default-channels))
(define installation-os-nonfree (define installation-os-nonfree
(operating-system (operating-system
(inherit installation-os) (inherit installation-os)
@ -42,6 +68,25 @@
;; wpa_supplicant when you try to connect to a wifi network. ;; wpa_supplicant when you try to connect to a wifi network.
(kernel-arguments '("quiet" "modprobe.blacklist=radeon" "net.ifnames=0")) (kernel-arguments '("quiet" "modprobe.blacklist=radeon" "net.ifnames=0"))
(services
(cons*
;; Include the channel file so that it can be used during installation
(simple-service 'channel-file etc-service-type
(list `("channels.scm" ,(local-file "channels.scm"))))
(modify-services (operating-system-user-services installation-os)
(guix-service-type
config => (guix-configuration
(inherit config)
(guix (guix-for-channels %channels))
(authorized-keys
(cons* %signing-key
%default-authorized-guix-keys))
(substitute-urls
`(,@%default-substitute-urls
"https://substitutes.nonguix.org"))
(channels %channels))))))
;; Add some extra packages useful for the installation process ;; Add some extra packages useful for the installation process
(packages (packages
(append (list git curl stow vim emacs-no-x-toolkit) (append (list git curl stow vim emacs-no-x-toolkit)