# Copyright (C) 2021 Denis 'GNUtoo' Carikli # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Guix advise to use the installation script but it doesn't publish # it as part of its release files. The issue here is that the only # security is offered by https when downloading and executing the # script. # So to get some stronger gpg signature verifications, we use the # public Parabola package instead. In this package, the script has # been downloaded from git and the git repository has been verified # with the guix commands to do that as documented in the guix manual. CURL ?= curl VERSION ?= 1.3.0-1 MIRROR ?= https://repo.parabola.nu/ .PHONY: all clean .PRECIOUS: \ guix-installer-v$(VERSION)-any.pkg.tar.xz \ guix-installer-v$(VERSION)-any.pkg.tar.xz.sig \ all: \ guix-install.sh \ clean: rm -f guix-installer-v$(VERSION)-any.pkg.tar.xz rm -f guix-installer-v$(VERSION)-any.pkg.tar.xz.sig rm -f guix-installer-v$(VERSION)-any.pkg.tar.xz.ok rm -f guix-install.sh guix-install.sh: guix-installer-v$(VERSION)-any.pkg.tar.xz.ok tar xf guix-installer-v$(VERSION)-any.pkg.tar.xz usr/bin/$@ -O > $@ chmod +x $@ package-keys: gpg --list-keys FB31DBA3AB8DB76A4157329F7651568F80374459 || gpg --recv-keys FB31DBA3AB8DB76A4157329F7651568F80374459 guix-%.sig: $(CURL) $(MIRROR)/pcr/os/x86_64/$@ -o $@ guix-%.xz: $(CURL) $(MIRROR)/pcr/os/x86_64/$@ -o $@ %.ok: package-keys % %.sig gpg --verify $*.sig touch $@