kiss/kiss
2020-10-05 09:15:21 +03:00

1620 lines
46 KiB
Bash
Executable File

#!/bin/sh
# shellcheck source=/dev/null
#
# This is a simple package manager written in POSIX shell for use
# in KISS Linux (https://k1ss.org).
#
# Created by Dylan Araps.
log() {
printf '%b%s %b%s%b %s\n' \
"$lcol" "${3:-->}" "${lclr}${2:+$lcol2}" "$1" "$lclr" "$2" >&2
}
die() {
log "$1" "$2" "${3:-ERROR}"
exit 1
}
prompt() {
[ "$1" ] && log "$1"
log "Continue?: Press Enter to continue or Ctrl+C to abort here"
[ "$KISS_PROMPT" = 0 ] || read -r _
}
as_root() {
[ "$uid" = 0 ] || log "Using '${su:=su}' (to become ${user:=root})"
case ${su##*/} in
doas | sudo | sls)
"$su" -u "$user" -- env "$@"
;;
su)
"$su" -c "env $* <&3" "$user" 3<&0 </dev/tty
;;
*)
die "invalid KISS_SU value '$su' (valid: doas, sudo, sls, su)"
;;
esac
}
contains() {
_sep=${3:- }
case "${_sep}${1}${_sep}" in
*"${_sep}${2}${_sep}"*)
return 0
;;
esac
return 1
}
file_owner() {
read -r _ _ user _ <<EOF
$(ls -ld "$1")
EOF
id -u "${user:=root}" >/dev/null 2>&1 || user=root
}
get_octal_perms() {
# Get a file's permissions in octal. Parse 'ls -ld' output which
# has standardized output. The -rwxrwxrwx output is converted to
# octal in pure posix shell.
rwx=$(ls -ld "$1") oct='' b='' o=0
# 1-9 loop with the second digit being the value of the field.
for c in 14 22 31 44 52 61 74 82 91; do
rwx=${rwx#?}
case $rwx in
[rwx]*)
o=$((o + ${c#[1-9]}))
;;
[st]*)
o=$((o + 1))
b=$((b + 4 / (${c%[1-9]} / 3)))
;;
[ST]*)
b=$((b + 1))
;;
esac
case ${c%[1-9]} in
[369])
oct=$oct$o
o=0
;;
esac
done
}
run_user_hook() {
set -- "${1:-null}" "${2:-null}" "${3:-null}"
case ${KISS_HOOK:--}$1 in
# Provide a default post-build hook to remove files and directories
# for things we don't support out of the box. One can simply define
# their own hook to override this behavior.
-post-build)
rm -rf \
"$3/usr/share/gettext" \
"$3/usr/share/polkit-1" \
"$3/usr/share/locale" \
"$3/usr/share/info"
;;
[!-]*)
TYPE=$1 PKG=$2 DEST=$3 . "$KISS_HOOK"
;;
esac
}
run_repo_hook() {
# Execute hooks which have the executable permission set, cat hooks which
# don't. Allows packages which only need to display a message to avoid
# executing any code.
_hook=${3:-"$sys_db/$2/$1"}
[ -f "$_hook" ] ||
return 0
log "$2" "running $1 hook"
if [ -x "$_hook" ]; then
"$_hook"
else
cat "$_hook"
fi
}
decompress() {
case ${1##*.} in
bz2) bzip2 -dc ;;
lzma) lzma -dc ;;
lz) lzip -dc ;;
tar) cat ;;
tgz | gz) gzip -dc ;;
txz | xz) xz -dc ;;
zst) zstd -dc ;;
esac < "$1"
}
sh256() {
# There's no standard utility to generate sha256 checksums.
# This unifies various tools using the first available.
[ -e "$1" ] || return 0
hash=$(
sha256sum "$1" ||
sha256 -r "$1" ||
openssl dgst -sha256 -r "$1" ||
shasum -a 256 "$1" ||
digest -a sha256 "$1"
) 2>/dev/null
printf '%s\n' "${hash%% *}"
}
pkg_owner() {
set +f
[ "$3" ] ||
set -- "$1" "$2" "$sys_db"/*/manifest
pkg_owner=$(grep "$@")
pkg_owner=${pkg_owner%/*}
pkg_owner=${pkg_owner##*/}
set -f
[ "$pkg_owner" ]
}
pkg_lint() {
pkg_find "$1"
cd "$repo_dir"
read -r _ release 2>/dev/null < version ||
die "$1" "version file not found"
[ "$release" ] ||
die "$1" "release field not found in version file"
[ -x build ] ||
die "$1" "build file not found or not executable"
[ -f sources ] ||
log "$1" "sources file not found" WARN
}
pkg_find() {
# Figure out which repository a package belongs to by searching for
# directories matching the package name in $KISS_PATH/*.
_query=$1
_paths=${2:-"$KISS_PATH:$sys_db"}
_print=$3
_type=${4:--d}
IFS=:
set --
# Globbing is disabled, splitting is intentional.
for _path in $_paths; do
set +f
# Globbing enabled for search.
for _path2 in "$_path"/${_query%%/*}; do
test "$_type" "$_path2" &&
set -f -- "$@" "$_path2"
done
done
unset IFS
repo_dir=$1
[ "$1" ] || {
log "Package '$_query' not in any repository" '' ERROR
return 1
}
[ -z "$_print" ] ||
printf '%s\n' "$@"
}
pkg_list() {
[ -d "$sys_db/$1" ] || {
log "$1" "not installed" ERROR
return 1
}
read -r _ver 2>/dev/null < "$sys_db/$1/version" ||
_ver=null
printf '%s\n' "$1 $_ver"
}
pkg_cache() {
# Find the tarball of a package using a glob. Use the first found match
# of '<pkg_name>[#@]<pkg_version><pkg_release>.tar.*'.
pkg_find "$1"
read -r version release 2>/dev/null < "$repo_dir/version"
set +f
set -f -- "$bin_dir/$1"[#@]"$version-$release.tar."*
# Prefer '@' to '#' in tarball names.
[ -f "$2" ] && shift
tar_file=$1
[ -f "$1" ]
}
pkg_sources() {
# Download any remote package sources. The existence of local files is
# also checked.
pkg_find "$1"
[ -f "$repo_dir/sources" ] || return 0
log "$1" "fetching sources"
mkdir -p "$src_dir/$1"
cd "$src_dir/$1"
while read -r src dest || [ "$src" ]; do
if [ -z "${src##\#*}" ]; then
continue
elif [ -z "${src##git+*}" ]; then
printf 'found git %s\n' "${src##git+}"
elif [ -f "${src##*/}" ]; then
printf 'found cached %s\n' "${src##*/}"
elif [ -z "${src##*://*}" ]; then
printf 'downloading %s\n' "$src"
curl "$src" -fLo "${src##*/}" || {
rm -f "${src##*/}"
die "$1" "failed to download $src"
}
elif [ -e "$repo_dir/$src" ]; then
printf 'found relative %s\n' "$src"
elif [ -e "/$src" ]; then
printf 'found absolute %s\n' "$src"
else
die "$1" "no local file '$src'"
fi
done < "$repo_dir/sources"
}
pkg_extract() {
# Extract all source archives to the build directory and copy over any
# local repository files.
pkg_find "$1"
[ -f "$repo_dir/sources" ] || return 0
log "$1" "extracting sources"
while read -r src dest || [ "$src" ]; do
mkdir -p "$mak_dir/$1/$dest" && cd "$mak_dir/$1/$dest"
case $src in
\#* | '')
# Comments and blank lines.
;;
git+*)
url=${src##git+}
com=${url##*[@#]}
com=${com#"${url%[#@]*}"}
log "$1" "cloning ${url%[#@]*}"; {
git init
git remote add origin "${url%[#@]*}"
git fetch -t --depth 1 origin "$com" || git fetch -t
git -c advice.detachedHead=0 checkout "${com:-FETCH_HEAD}"
} || die "$1" "failed to clone $src"
;;
*://*.tar|*://*.tar.??|*://*.tar.???|*://*.tar.????|*://*.t?z)
decompress "$src_dir/$1/${src##*/}" \
> "$tmp_dir/.tar"
tar xf "$tmp_dir/.tar" ||
die "$1" "failed to extract ${src##*/}"
# Iterate over all directories in the first level of the
# tarball's manifest. This does the equivalent to GNU tar's
# '--strip-components 1' in a portable way.
tar tf "$tmp_dir/.tar" | while IFS=/ read -r dir _; do
# Handles tarballs with './' as top-level directory.
[ -d "${dir#.}" ] || continue
# Avoid naming conflicts.
mv -f "$dir" "$pid-$dir"
# First attempt to move all files up a directory level,
# if any files/directories fail (due to mv's lack of
# directory merge capability), simply do the exercise
# again and copy-merge the remaining files/directories.
#
# We can't use '-exec {} +' with any arguments between
# the '{}' and '+' as this is not POSIX. We must also
# use '$0' and '$@' to reference all arguments.
{
find "$pid-$dir/." ! -name . -prune \
-exec sh -c 'mv -f "$0" "$@" .' {} + ||
find "$pid-$dir/." ! -name . -prune \
-exec sh -c 'cp -fRp "$0" "$@" .' {} +
} 2>/dev/null
# Clean up after ourselves.
rm -rf "$pid-$dir"
done
# Clean up after ourselves.
rm -f "$tmp_dir/.tar"
;;
*://*.zip)
unzip "$src_dir/$1/${src##*/}" ||
die "$1" "failed to extract ${src##*/}"
;;
*)
# Local directory (relative).
if [ -d "$repo_dir/$src" ]; then
cp -Rf "$repo_dir/$src/." .
# Local directory (absolute).
elif [ -d "/$src" ]; then
cp -Rf "/$src/." .
# Local file (relative).
elif [ -f "$repo_dir/$src" ]; then
cp -f "$repo_dir/$src" .
# Local file (absolute).
elif [ -f "/$src" ]; then
cp -f "/$src" .
# Remote file.
elif [ -f "$src_dir/$1/${src##*/}" ]; then
cp -f "$src_dir/$1/${src##*/}" .
else
die "$1" "file $src not found"
fi
;;
esac
done < "$repo_dir/sources"
}
pkg_depends() {
# Resolve all dependencies and generate an ordered list. The deepest
# dependencies are listed first and then the parents in reverse order.
contains "$deps" "$1" || {
pkg_find "$1" 2>/dev/null ||:
# Recurse through the dependencies of the child packages.
[ -f "$repo_dir/depends" ] &&
while read -r dep _ || [ "$dep" ]; do
_deps_seen="$_deps_seen $dep"
contains "$_deps_seen" "$1 $dep $1 $dep $1 $dep" &&
die "circular dependency between '$1' and '$dep'"
case $dep-$2 in
"$1-$2")
log "warning: '$1' depends on itself"
;;
[!#]*-filter)
pkg_depends "$dep" "$2"
;;
[!#]*)
pkg_list "$dep" >/dev/null 2>&1 ||
pkg_depends "$dep"
;;
esac
done < "$repo_dir/depends"
# After child dependencies are added to the list,
# add the package which depends on them.
[ "$2" = explicit ] || deps="$deps $1"
}
}
pkg_order() {
# Sort a list of packages based on dependence.
for _pkg do
pkg_depends "$_pkg" filter
done
for _pkg in $deps; do
contains "$*" "$_pkg" &&
order="$order $_pkg" redro="$_pkg $redro"
done
deps=
}
pkg_strip() {
# Strip package binaries and libraries. This saves space on the system as
# well as on the tarballs we ship for installation.
[ -f "$mak_dir/$pkg/nostrip" ] || [ "$KISS_STRIP" = 0 ] && return
log "$1" "stripping binaries and libraries"
# Strip only files matching the below ELF types. This uses 'od' to print
# the first 18 bytes of the file. This is the location of the ELF header
# (up to the ELF type) and contains the type information we need.
#
# Static libraries (.a) are in reality AR archives which contain ELF
# objects. We simply read from the same 18 bytes and assume that the AR
# header equates to an archive containing objects (.o).
#
# Example ELF output ('003' is ELF type):
# 0000000 177 E L F 002 001 001 \0 \0 \0 \0 \0 \0 \0 \0 \0
# 0000020 003 \0
# 0000022
#
# Example AR output (.a):
# 0000000 ! < a r c h > \n /
# 0000020
# 0000022
find "$pkg_dir/$1" -type f | while read -r file; do
case $(od -A o -t c -N 18 "$file") in
# REL (object files (.o), static libraries (.a)).
*177*E*L*F*0000020\ 001\ * | *\!*\<*a*r*c*h*\>*)
strip -g -R .comment -R .note "$file"
printf 'stripped debug .%s\n' "${file##"$pkg_dir/$1"}"
;;
# EXEC (binaries), DYN (shared libraries).
# Shared libraries keep global symbols in a separate ELF section
# called '.dynsym'. '--strip-all/-s' does not touch the dynamic
# symbol entries which makes this safe to do.
*177*E*L*F*0000020\ 00[23]\ *)
strip -s -R .comment -R .note "$file"
printf 'stripped all .%s\n' "${file##"$pkg_dir/$1"}"
;;
esac
done 2>/dev/null ||:
}
pkg_fix_deps() {
# Dynamically look for missing runtime dependencies by checking each
# binary and library with 'ldd'. This catches any extra libraries and or
# dependencies pulled in by the package's build suite.
log "$1" "looking for dependencies (using ${elf_cmd##*/})"
cd "$pkg_dir/$1/$pkg_db/$1"
set +f
set -f -- "$sys_db/"*/manifest
: >> depends
find "$pkg_dir/${PWD##*/}/" -type f 2>/dev/null |
while read -r file; do
case $elf_cmd in
*readelf)
"$elf_cmd" -d "$file"
;;
*)
ldd -- "$file"
;;
esac 2>/dev/null |
while read -r line; do
case $line in
*NEEDED*\[*\] | *'=>'*)
# readelf: 0x0000 (NEEDED) Shared library: [libjson-c.so.5]
line=${line##*[}
line=${line%%]*}
# ldd: libjson-c.so.5 => /lib/libjson-c.so.5 ...
line=${line##*=> }
line=${line%% *}
# Skip files owned by libc and POSIX.
case ${line##*/} in
ld-* |\
lib[cm].so* |\
libdl.so* |\
libpthread.so* |\
librt.so* |\
libtrace.so* |\
libxnet.so* |\
ldd)
continue
;;
*)
# Skip file if owned by current package
pkg_owner -l "/${line#/}\$" "$PWD/manifest" &&
continue
pkg_owner -l "/${line#/}\$" "$@" &&
printf '%s\n' "$pkg_owner"
;;
esac
;;
esac
done ||:
done |
sort -uk1,1 depends - > "$tmp_dir/.fixdeps"
diff -U 3 depends - < "$tmp_dir/.fixdeps" ||:
mv -f "$tmp_dir/.fixdeps" depends
if [ -s depends ]; then
pkg_manifest "${PWD##*/}"
else
rm -f depends
fi
}
pkg_manifest() (
# This function runs as a sub-shell to avoid having to 'cd' back to the
# prior directory before being able to continue.
cd "${2:-"$pkg_dir"}/$1"
# find: Print all files and directories and append '/' to directories.
# sed: Remove the first character in each line (./dir -> /dir) and
# remove all lines which only contain '.'.
find . -type d -exec printf '%s/\n' {} + -o -print |
sort -r |
sed '/^\.\/$/d;ss.ss' > "${2:-"$pkg_dir"}/$1/$pkg_db/$1/manifest"
)
pkg_manifest_replace() {
# Replace a line with another in manifest files.
while IFS= read -r _line; do
case $_line in
"$1")
printf '%s\n' "$2"
;;
*)
printf '%s\n' "$_line"
;;
esac
done < "$sys_db/$3/manifest" |
sort -r > "$tmp_dir/.sed"
mv -f "$tmp_dir/.sed" "$sys_db/$3/manifest"
}
pkg_manifest_verify() {
# Ensure that everything listed in the manifest exists in the tarball.
while read -r line; do
[ -h "./$line" ] ||
[ -e "./$line" ] ||
man_err="$man_err$line, "
done < "$1"
[ -z "$man_err" ] ||
die "$pkg" "files in manifest missing from tarball: ${man_err%, }"
}
pkg_etcsums() (
# This function runs as a sub-shell to avoid having to 'cd' back to the
# prior directory before being able to continue.
[ -d "$pkg_dir/$1/etc" ] || return 0
cd "$pkg_dir/$1"
# This can't be a simple 'find -exec' as 'sh256' is a shell function
# and not a real command of any kind. This is the shell equivalent.
find etc -type f | sort | while read -r line; do
sh256 "$line"
done > "$pkg_dir/$1/$pkg_db/$1/etcsums"
)
pkg_tar() (
pkg_find "$1"
read -r version release < "$repo_dir/version"
# Avoid tar -C (not portable).
cd "$pkg_dir/$1"
# Create a tarball from the contents of the built package.
tar cf - . | case ${KISS_COMPRESS:-gz} in
bz2) bzip2 -z ;;
gz) gzip -6 ;;
lzma) lzma -z ;;
lz) lzip -z ;;
xz) xz -zT 0 ;;
zst) zstd -z ;;
esac > "$bin_dir/$1@$version-$release.tar.${KISS_COMPRESS:-gz}"
run_user_hook post-package "$1"
)
pkg_build() {
# Mark packages passed on the command-line separately from those
# detected as dependencies. We need to treat explicitly passed packages
# differently from those pulled in as dependencies.
#
# This also resolves all dependencies and stores the result in '$deps'.
# Any duplicates are also filtered out.
for pkg do
contains "$explicit" "$pkg" || {
pkg_depends "$pkg" explicit
explicit="$explicit $pkg"
}
done
# If not an update, ignore the cache and build everything given
# on the command-line. If this is an update, use the cache.
[ "$pkg_update" ] || explicit_build=$explicit
# If an explicit package is a dependency of another explicit package,
# remove it from the explicit list as it needs to be installed as a
# dependency.
for pkg do
contains "$deps" "$pkg" ||
explicit2="$explicit2 $pkg"
done
explicit=$explicit2
# Intentional, globbing disabled.
# shellcheck disable=2046,2086
set -- $deps $explicit
[ "$#" -gt 1 ] || [ "$pkg_update" = 1 ] &&
prompt "Building $*"
for pkg do pkg_lint "$pkg"; done
log "checking for pre-built dependencies"
# Install any pre-built dependencies if they exist in the binary
# directory and are up to date.
for pkg do
! contains "$explicit_build" "$pkg" && pkg_cache "$pkg" && {
log "$pkg" "installing binary from cache"
# False positive.
# shellcheck disable=2030
(
export KISS_FORCE=1
args i "$tar_file"
)
# Remove the now installed package from the build list.
shift
}
done
for pkg do pkg_sources "$pkg"; done
for pkg do pkg_verify "$pkg"; done
# Finally build and create tarballs for all passed packages and
# dependencies.
for pkg do
log "$pkg" "building package ($((in+=1))/$#)"
run_user_hook pre-extract "$pkg" "$pkg_dir/$pkg"
pkg_extract "$pkg"
pkg_find "$pkg"
# Install built packages to a directory under the package name to
# avoid collisions with other packages.
mkdir -p "$pkg_dir/$pkg/$pkg_db" "$mak_dir/$pkg"
cd "$mak_dir/$pkg"
# Log the version so we can pass it to the package build file.
read -r build_version _ < "$repo_dir/version"
log "$pkg" "starting build"
run_user_hook pre-build "$pkg" "$pkg_dir/$pkg"
# Call the build script, log the output to the terminal and to a file.
# There's no PIPEFAIL in POSIX shelll so we must resort to tricks like
# killing the script ourselves.
{
"$repo_dir/build" "$pkg_dir/$pkg" "$build_version" 2>&1 || {
log "$pkg" "build failed"
log "$pkg" "log stored to $log_dir/$pkg-$pid-${date##*-}"
run_user_hook build-fail "$pkg" "$pkg_dir/$pkg"
pkg_clean
kill 0
}
} | tee "$log_dir/$pkg-$pid-${date##*-}"
# Delete the log file if the build succeeded to prevent the directory
# from filling very quickly with useless logs.
[ "$KISS_KEEPLOG" = 1 ] || rm -f "$log_dir/$pkg-$pid-${date##*-}"
# Copy the repository files to the package directory. This acts as the
# database entry.
cp -LRf "$repo_dir" "$pkg_dir/$pkg/$pkg_db/"
run_user_hook post-build "$pkg" "$pkg_dir/$pkg"
# Remove all .la files from the packages. They're unneeded and cause
# issues when a package stops providing one. This recently caused an
# issue with harfbuzz (See: 05096e5a4dc6db5d202342f538d067d87ae7135e).
find "$pkg_dir/$pkg/usr/lib" \
-name \*.la \
-exec rm -f {} + \
2>/dev/null ||:
# Endless source of conflicts.
rm -f "$pkg_dir/$pkg/usr/lib/charset.alias"
# Create the manifest file early and make it empty. This ensures that
# the manifest is added to the manifest.
: > "$pkg_dir/$pkg/$pkg_db/$pkg/manifest"
# Same for etcsums if /etc exists in package.
[ -d "$pkg_dir/$pkg/etc" ] &&
: > "$pkg_dir/$pkg/$pkg_db/$pkg/etcsums"
pkg_strip "$pkg"
pkg_manifest "$pkg"
pkg_fix_deps "$pkg"
pkg_etcsums "$pkg"
pkg_tar "$pkg"
log "$pkg" "successfully built package"
# Install built package if not marked explicit or this
# is a system update. This runs in a subshell.
! contains "$explicit" "$pkg" || [ "$pkg_update" ] && (
log "$pkg" "marked for install"
# False positive.
# shellcheck disable=2030,2031
export KISS_FORCE=1
args i "$pkg"
)
done
log "successfully built all packages"
}
pkg_checksums() {
pkg_find "$1"
[ -f "$repo_dir/sources" ] || return 0
while read -r src _ || [ "$src" ]; do
# Skip comments, blank lines and git sources.
if [ -z "${src##\#*}" ] || [ -z "${src##git+*}" ]; then
continue
# Remote source.
elif [ -z "${src##*://*}" ]; then
sh256 "$src_dir/$1/${src##*/}"
# Skip directories.
elif [ -d "$repo_dir/$src" ] || [ -d "/$src" ]; then
continue
# Local file (relative).
elif [ -f "$repo_dir/$src" ]; then
sh256 "$repo_dir/$src"
# Local file (absolute).
elif [ -f "/$src" ]; then
sh256 "/$src"
fi
done < "$repo_dir/sources" || die "$1" "failed to generate checksums"
}
pkg_checksum_save() {
# Generate and save checksums to file.
pkg_find "$1"
[ -f "$repo_dir/sources" ] ||
return 0
sums=$(pkg_checksums "$1")
[ "$sums" ] || {
log "$1" "nothing to do"
return 0
}
# False positive ('>> file' with no command).
# shellcheck disable=2188
printf '%s\n' "$sums" |
if 2>/dev/null >> "$repo_dir/checksums"; then
tee "$repo_dir/checksums"
else
file_owner "$repo_dir"
log "$1" "need permissions to generate checksums"
as_root tee "$repo_dir/checksums"
fi
log "$1" "generated checksums"
}
pkg_verify() {
# Verify all package checksums. This is achieved by generating a new set
# of checksums and then comparing those with the old set.
pkg_find "$pkg"
[ -f "$repo_dir/sources" ] ||
return 0
sum_sys=$(pkg_checksums "$pkg")
[ "$sum_sys" ] ||
return 0
[ -f "$repo_dir/checksums" ] ||
die "$pkg" "checksums file missing"
sum_pkg=$(cut -b 1-64 < "$repo_dir/checksums")
[ "$sum_sys" = "$sum_pkg" ] ||
die "$pkg" "checksum mismatch"
}
pkg_conflicts() {
# Filter the tarball's manifest and select only files. Resolve all
# symlinks in file paths as well.
while read -r file; do
file=$KISS_ROOT/${file#/}
case $file in
*[!/])
cd -P "${file%/*}" 2>/dev/null ||
PWD=${file%/*}
printf '%s\n' "${PWD#"$KISS_ROOT"}/${file##*/}"
;;
esac
done < "$tar_dir/$1/$pkg_db/$1/manifest" > "$tmp_dir/.manifest"
set +f
set -f "$sys_db"/*/manifest
# Generate a list of all installed package manifests and remove the
# current package from the list.
for manifest do
shift
[ "$sys_db/$pkg/manifest" = "$manifest" ] &&
continue
set -- "$@" "$manifest"
done
[ "$#" != 0 ] || return 0
# Store the list of found conflicts in a file for reuse.
grep -Fxf "$tmp_dir/.manifest" -- "$@" 2>/dev/null \
> "$tmp_dir/.conflicts" ||:
if [ "$KISS_CHOICE" != 0 ] && [ -s "$tmp_dir/.conflicts" ]; then
# Choices are dynamically created and destroyed.
#
# All file conflicts are installed to the choices directory
# rather than their original destination. The package's
# manifest is updated to reflect this.
#
# Swapping between choices just moves the locations of two
# files around. The file in the system is copied to the
# choices directory and the choice is moved to the system
# (overwriting the remaining prior copy)
while IFS=: read -r _ con; do
pkg_owner -lFx "$con" ||:
printf 'alternative %s (currently %s)\n' "$con" "${pkg_owner:-?}"
# Create the "choices" directory inside of the tarball.
# This directory will store the conflicting file.
mkdir -p "$tar_dir/$pkg/${cho_dir:=var/db/kiss/choices}"
# Construct the file name of the "db" entry of the
# conflicting file. (pkg_name>usr>bin>ls)
con_name=$(printf %s "$pkg$con" | sed 's|/|>|g')
# Move the conflicting file to the choices directory
# and name it according to the format above.
mv -f "$tar_dir/$pkg/$con" \
"$tar_dir/$pkg/$cho_dir/$con_name" 2>/dev/null || {
log "File must be in ${con%/*} and not a symlink to it"
log "This can occur when a binary is installed to"
log "/sbin instead of /usr/bin (example)"
log "Before this file can be used as an alternative,"
log "this must be fixed in $pkg. Contact the maintainer"
die "by finding their details via kiss-maintainer" "" "!>"
}
done < "$tmp_dir/.conflicts"
# Update manifest file.
pkg_manifest "$pkg" "$tar_dir" 2>/dev/null
elif [ -s "$tmp_dir/.conflicts" ]; then
log "Package '$pkg' conflicts with another package" "" "!>"
log "Run 'KISS_CHOICE=1 kiss i $pkg' to add conflicts" "" "!>"
die "as alternatives." "" "!>"
fi
}
pkg_swap() {
# Swap between package alternatives.
pkg_list "$1" >/dev/null
# pkg_name/path/to/file -> pkg_name>path>to>file
alt=$(printf %s "$1$2" | sed 's|/|>|g')
cd "$sys_db/../choices"
if [ -d "$alt" ] || [ -d "$2" ]; then
die "source or target is directory"
elif [ ! -e "$alt" ]; then
die "alternative '$1 $2' doesn't exist"
elif [ -e "$2" ]; then
# Figure out which package owns the file we are going to swap.
pkg_owner -lFx "$2" ||
die "file '$2' exists on filesystem but isn't owned"
cp -Pf "$KISS_ROOT/$2" "$pkg_owner>${alt#*>}"
pkg_manifest_replace \
"$2" "/$cho_db/$pkg_owner>${alt#*>}" "$pkg_owner"
fi
mv -f "$alt" "$KISS_ROOT/$2"
pkg_manifest_replace \
"/$cho_db/$alt" "$2" "$1"
printf '%s is now provided by %s (was %s)\n' "$2" "$1" "$pkg_owner"
}
pkg_install_files() {
# Reverse the manifest file so that we start shallow and go deeper as we
# iterate over each item. This is needed so that directories are created
# going down the tree.
sort "$2/$pkg_db/${2##*/}/manifest" |
while IFS=/ read -r _ line; do
[ -d "$KISS_ROOT/$line" ] && [ ! -h "$KISS_ROOT/$line" ] &&
continue
test "$1" "$KISS_ROOT/$line" &&
continue
new=
case $line in
*/)
get_octal_perms "$2/$line"
mkdir -m "$oct" "$KISS_ROOT/$line"
continue
;;
/etc/?*[!/])
pkg_etc_file "$2" "${line#/}" ||
continue
;;
esac
cp -fP "$2/$line" "$KISS_ROOT/$line${new}"
[ -h "$KISS_ROOT/$line" ] || {
get_octal_perms "$2/$line"
chmod "$b$oct" "$KISS_ROOT/$line${new}"
}
done ||:
pkg_etc_cnt=0
}
pkg_remove_files() {
# Remove a file list from the system. This function runs during package
# installation and package removal. Combining the removals in these two
# functions allows us to stop duplicating code.
while read -r file; do
case $file in
/etc/?*[!/])
sum_sys=$(sh256 "$KISS_ROOT/$file") ||:
sum_old=$(grep -F "$sum_sys" "$tmp_dir/.etcsums") ||:
[ "$sum_sys" = "$sum_old" ] || {
printf 'Skipping %s (modified)\n' "$file"
continue
}
;;
esac 2>/dev/null
file=$KISS_ROOT/$file
# Remove files.
if [ -f "$file" ] && [ ! -h "$file" ]; then
rm -f "$file"
# Remove file symlinks.
elif [ -h "$file" ] && [ ! -d "$file" ]; then
rm -f "$file"
# Remove directories if empty.
elif [ -d "$file" ] && [ ! -h "$file" ]; then
rmdir "$file" 2>/dev/null ||:
fi
done ||:
}
pkg_etc_file() {
pkg_etc_cnt=$((pkg_etc_cnt + 1))
sum_new=$(sh256 "$1/$2") 2>/dev/null ||:
sum_sys=$(sh256 "$KISS_ROOT/$2") 2>/dev/null ||:
sum_old=$(awk "NR == $pkg_etc_cnt" "$tmp_dir/.etcsums") 2>/dev/null ||:
# Use a case statement to easily compare three strings at
# the same time. Pretty nifty.
case ${sum_old:-null}${sum_sys:-null}${sum_new} in
# old = Y, sys = X, new = Y
"${sum_new}${sum_sys}${sum_old}")
return 1
;;
# old = X, sys = X, new = X
# old = X, sys = Y, new = Y
# old = X, sys = X, new = Y
"${sum_old}${sum_old}${sum_old}"|\
"${sum_old:-null}${sum_sys}${sum_sys}"|\
"${sum_sys}${sum_old}"*)
new=
;;
# All other cases.
*)
printf 'Saving /%s as /%s.new\n' "$2" "$2"
new=.new
;;
esac
}
pkg_remove() {
# Remove a package and all of its files. The '/etc' directory is handled
# differently and configuration files are *not* overwritten.
pkg_list "$1" >/dev/null
# False positive.
# shellcheck disable=2031
[ "$KISS_FORCE" = 1 ] || (
cd "$sys_db"
set +f
! grep -lFx "$1" -- */depends
) || die "$1" "can't remove package, others depend on it"
# Block being able to abort the script with 'Ctrl+C' during removal.
# Removes all risk of the user aborting a package removal leaving an
# incomplete package installed.
trap '' INT
run_repo_hook pre-remove "$1"
run_user_hook pre-remove "$1" "$sys_db/$pkg"
# Make a backup of the etcsums file (if it exists).
cp -f "$sys_db/$1/etcsums" "$tmp_dir/.etcsums" 2>/dev/null ||:
log "$1" "removing package"
pkg_remove_files < "$sys_db/$1/manifest"
# Reset 'trap' to its original value. Removal is done so
# we no longer need to block 'Ctrl+C'.
trap pkg_clean EXIT INT
log "$1" "removed successfully"
}
pkg_install() {
# Install a built package tarball.
#
# 1. Install package overwriting any existing files.
# 2. Diff old manifest against new one and remove any files which exist in
# the old instance of the package but not the new one.
# 3. Install package again, verifying all files and repairing any damage
# done by #2.
# Handle tarball vs cache lookup (pkg_cache).
case $1 in
*.tar.*)
[ -f "$1" ] ||
die "tarball '$1' does not exist"
tar_file=$1
pkg=${1##*/}
pkg=${pkg%[#@]*}
;;
*)
pkg_find "$1"
pkg_cache "$1" 2>/dev/null ||
die "package '$1' has not yet been built"
;;
esac
mkdir -p "$tar_dir/$pkg"
cd "$tar_dir/$pkg"
decompress "$tar_file" | tar xf -
[ -f "./$pkg_db/$pkg/manifest" ] ||
die "invalid tarball '$tar_file'"
# False positive.
# shellcheck disable=2031
[ "$KISS_FORCE" = 1 ] || {
pkg_manifest_verify "$pkg_db/$pkg/manifest"
[ -f "$pkg_db/$pkg/depends" ] && {
while read -r dep dep_type || [ "$dep" ]; do
case "$dep ${dep_type:-null}" in
[!#]*\ null)
pkg_list "$dep" >/dev/null 2>&1 ||
dep_err="$dep_err$dep, "
;;
esac
done < "$pkg_db/$pkg/depends"
[ -z "$dep_err" ] ||
die "$pkg" "missing ${dep_err%, }"
}
}
run_user_hook pre-install "$pkg" "$tar_dir/$pkg"
log "$pkg" "transforming package conflicts into alternatives"
pkg_conflicts "$pkg"
# Block Ctrl+C during installation.
trap '' INT
# If the package is already installed (and this is an upgrade) make a
# backup of the manifest and etcsums files.
cp -f "$sys_db/$pkg/manifest" "$tmp_dir/.manifest" 2>/dev/null ||:
cp -f "$sys_db/$pkg/etcsums" "$tmp_dir/.etcsums" 2>/dev/null ||:
log "$pkg" "installing package"
pkg_install_files -z "$tar_dir/$pkg"
grep -vFxf "$sys_db/$pkg/manifest" "$tmp_dir/.manifest" \
2>/dev/null | pkg_remove_files
log "$pkg" "verifying installation"
pkg_install_files -e "$tar_dir/$pkg"
trap pkg_clean EXIT INT
run_repo_hook post-install "$pkg"
run_user_hook post-install "$pkg" "$sys_db/$pkg"
log "$pkg" "installed successfully"
}
sys_update() {
# Check all installed packages for updates. So long as the installed
# version and the version in the repositories differ, it's considered
# an update.
log "updating repositories"
# Create a list of all repositories.
# Intentional behavior.
# shellcheck disable=2031,2046,2086
{
IFS=:
set -- $KISS_PATH
unset IFS
}
# Update each repository in '$KISS_PATH'.
for repo do
cd "$repo"
case $(git remote 2>/dev/null) in
"")
log "$repo" " "
printf 'Skipping git pull, not a repository\n'
;;
*)
cd "$(git rev-parse --show-toplevel)"
git_root=$(git rev-parse --show-superproject-working-tree)
cd "${git_root:-.}"
contains "$repos" "$PWD" : || {
repos="$repos:$PWD"
# Display a tick if signing is enabled for this repository.
case $(git config merge.verifySignatures) in
true) log "$PWD" "[signed] " ;;
*) log "$PWD" " " ;;
esac
if [ -w "$PWD" ] && [ "$uid" != 0 ]; then
git pull
git submodule update --remote --init -f
else
[ "$uid" = 0 ] ||
log "$PWD" "need permissions to update"
# Find out the owner of the repository and spawn
# git as this user below.
#
# This prevents 'git' from changing the original
# ownership of files and directories in the rare
# case that the repository is owned by a 3rd user.
(
file_owner "$PWD"
# We're in a repository which is owned by a 3rd
# user. Not root or the current user.
[ "$user" = root ] ||
log "dropping to $user for pull"
# Nesting is deep and line is long.
git_cmd="
git pull && git submodule update --remote --init -f
"
# 'su' requires that command be quoted.
case $su in *su)
git_cmd="'$git_cmd'"
esac
as_root sh -c "$git_cmd"
)
fi
}
;;
esac
run_repo_hook update "$PWD" update
done
log "checking for new package versions"
set +f --
for _pkg in "$sys_db/"*; do
pkg_find "${_pkg##*/}"
read -r db_ver db_rel < "$_pkg/version"
read -r re_ver re_rel < "$repo_dir/version"
[ "$db_ver-$db_rel" = "$re_ver-$re_rel" ] || {
printf '%s %s-%s -> %s-%s\n' \
"${_pkg##*/}" \
"$db_ver" "$db_rel" \
"$re_ver" "$re_rel"
set -- "$@" "${_pkg##*/}"
}
done
set -f
contains "$*" kiss && {
log "detected package manager update"
prompt "the package manager will be updated first"
pkg_build kiss
args i kiss
log "updated the package manager"
log "re-run 'kiss u' to update your system"
exit 0
}
[ "$1" ] || {
log "system up-to-date"
return
}
pkg_update=1
pkg_order "$@"
# Intentional, globbing disabled.
# shellcheck disable=2086
pkg_build $order
}
pkg_clean() {
# Clean up on exit or error. This removes everything related to the build.
[ "$KISS_DEBUG" = 1 ] ||
rm -rf "$tmp_dir"
}
args() {
# Parse script arguments manually. This is rather easy to do in our case
# since the first argument is always an "action" and the arguments that
# follow are all package names.
action=$1
shift "$(($# != 0))"
case $action in
b|build|c|checksum|d|download|i|install|r|remove)
[ "$1" ] || {
# Intentional.
# shellcheck disable=2031
export KISS_PATH=${PWD%/*}:$KISS_PATH
set -- "${PWD##*/}"
}
for arg do
case $arg in
*'*'*|*'!'*|*'['*|*']'*|*' '*|*' '*)
die "argument '$arg' contains '!*[] \t'"
;;
esac
done
;;
esac
# Rerun the script as root with a fixed environment if needed. We sadly
# can't run singular functions as root so this is needed.
#
# False positive.
# shellcheck disable=2031
case $action in
a|alternatives|i|install|r|remove)
[ -z "$1" ] || [ -w "$KISS_ROOT/" ] || [ "$uid" = 0 ] || {
as_root \
HOME="$HOME" \
XDG_CACHE_HOME="$XDG_CACHE_HOME" \
KISS_CHOICE="$KISS_CHOICE" \
KISS_COLOR="$KISS_COLOR" \
KISS_FORCE="$KISS_FORCE" \
KISS_PATH="$KISS_PATH" \
KISS_PID="$KISS_PID" \
KISS_ROOT="$KISS_ROOT" \
KISS_TMPDIR="$KISS_TMPDIR" \
"$0" "$action" "$@"
return
}
;;
esac
# Actions can be abbreviated to their first letter. This saves keystrokes
# once you memorize the commands.
case $action in
a|alternatives)
case $1 in
-)
while read -r pkg path; do
pkg_swap "$pkg" "$path"
done
;;
'')
set +f
# Go over each alternative and format the file
# name for listing. (pkg_name>usr>bin>ls)
for pkg in "$sys_db/../choices"/*; do
printf '%s\n' "${pkg##*/}"
done |
sed 's|>| /|; s|>|/|g; /\*/d'
;;
*)
pkg_swap "$1" "$2"
;;
esac
;;
b|build)
pkg_build "${@:?No packages installed}"
;;
c|checksum)
for pkg do
pkg_lint "$pkg"
done
for pkg do
pkg_sources "$pkg"
done
for pkg do
pkg_checksum_save "$pkg"
done
;;
d|download)
for pkg do
pkg_sources "$pkg"
done
;;
i|install)
pkg_order "$@"
for pkg in $order; do
pkg_install "$pkg"
done
;;
l|list)
[ "$1" ] || {
cd "$sys_db"
set +f
set -f -- *
}
for pkg do
pkg_list "$pkg"
done
;;
r|remove)
pkg_order "$@"
for pkg in $redro; do
pkg_remove "$pkg"
done
;;
s|search)
for pkg do
pkg_find "$pkg" '' all
done
;;
u|update)
sys_update
;;
v|version)
printf '6.0.0\n'
;;
'')
log 'kiss [a|b|c|d|i|l|r|s|u|v] [pkg]...'
log 'alternatives List and swap to alternatives'
log 'build Build a package'
log 'checksum Generate checksums'
log 'download Pre-download all sources'
log 'install Install a package'
log 'list List installed packages'
log 'remove Remove a package'
log 'search Search for a package'
log 'update Update the system'
log 'version Package manager version'
printf '\nRun "kiss help-ext" to see all actions\n'
;;
help-ext)
log 'extensions (kiss-* in PATH)'
pkg_find kiss-\* "$PATH" all -x |
while read -r file; do
name=${file#*/kiss-}
contains "$list" "$name" || {
list="$list $name"
printf '%-15s ' "$name"
sed -n 's/^# *//;2p' "$file"
}
done
;;
*)
pkg_find "kiss-$action*" "$PATH" '' -x 2>/dev/null ||
die "'kiss $action' is not a valid command"
"$repo_dir" "$@"
;;
esac
}
main() {
# Globally disable globbing and enable exit-on-error.
set -ef
# Allow the user to disable colors in output via an environment variable.
# Check this once so as to not slow down printing.
[ "$KISS_COLOR" = 0 ] || {
lcol='\033[1;33m'
lcol2='\033[1;34m'
lclr='\033[m'
}
# The PID of the current shell process is used to isolate directories
# to each specific KISS instance. This allows multiple package manager
# instances to be run at once. Store the value in another variable so
# that it doesn't change beneath us.
pid=${KISS_PID:-"$$"}
# Catch errors and ensure that build files and directories are cleaned
# up before we die. This occurs on 'Ctrl+C' as well as success and error.
trap pkg_clean EXIT INT
# Figure out which 'sudo' command to use based on the user's choice or what
# is available on the system.
su=${KISS_SU:-"$(
command -v sudo ||
command -v doas ||
command -v sls
)"} || su=su
# Figure out which utility is available to dump elf information.
elf_cmd=${KISS_ELF:="$(
command -v readelf ||
command -v eu-readelf ||
command -v llvm-readelf
)"} || elf_cmd=ldd
# Store the date and time of script invocation to be used as the name of
# the log files the package manager creates uring builds.
date=$(date +%Y-%m-%d-%H:%M:%S)
# Make note of the current user.
uid=$(id -u)
# Define some paths which we will then use throughout the script.
sys_db=$KISS_ROOT/${pkg_db:=var/db/kiss/installed}
cho_db=${pkg_db%%/installed}/choices
# Ensure that the KISS_ROOT doesn't end with a '/'.
KISS_ROOT=${KISS_ROOT%"${KISS_ROOT##*[!/]}"}
# This allows for automatic setup of a KISS chroot and will
# do nothing on a normal system.
mkdir -p "$KISS_ROOT/" 2>/dev/null ||:
# Create cache directories and define variables.
mkdir -p \
"${cac_dir:="${XDG_CACHE_HOME:-"${HOME:?HOME is null}/.cache"}/kiss"}" \
"${src_dir:="$cac_dir/sources"}" \
"${log_dir:="$cac_dir/logs/${date%-*}"}" \
"${bin_dir:="$cac_dir/bin"}" \
"${tmp_dir:="${KISS_TMPDIR:="$cac_dir/proc"}/$pid"}" \
"${mak_dir:="$tmp_dir/build"}" \
"${pkg_dir:="$tmp_dir/pkg"}" \
"${tar_dir:="$tmp_dir/extract"}"
args "$@"
}
main "$@"