#!/bin/sh # shellcheck source=/dev/null # # This is a simple package manager written in POSIX 'sh' for use # in KISS Linux (https://k1ss.org). # # [1] Warnings related to word splitting and globbing are disabled. # All word splitting in this script is *safe* and intentional. # # [2] Information is grabbed from 'ls -ld' output. # # This is fine _despite_ the usual gaggle about 'ls' and its # use in scripting. The POSIX specification states that the # link target must be the exact contents of the link. # # The specification: # # > If the file is a symbolic link and the -L option is not # specified, this information shall be about the link # itself and the field shall be of the form: # # > "%s -> %s", , # # Created by Dylan Araps. log() { # Print a message prettily. # # All messages are printed to stderr to allow the user to hide build # output which is the only thing printed to stdout. # # The l variables contain escape sequence which are defined # when '$KISS_COLOR' is equal to '1'. printf '%b%s %b%s%b %s\n' \ "$lcol" "${3:-->}" "${lclr}${2:+$lcol2}" "$1" "$lclr" "$2" >&2 } war() { log "$1" "$2" "${3:-WARNING}" } die() { log "$1" "$2" "${3:-ERROR}" exit 1 } contains() { # Check if a "string list" contains a word. case " $1 " in *" $2 "*) return 0; esac; return 1 } prompt() { # Ask the user for some input. [ "$1" ] && log "$1" log "Continue?: Press Enter to continue or Ctrl+C to abort here" # POSIX 'read' has none of the "nice" options like '-n', '-p' # etc etc. This is the most basic usage of 'read'. # '_' is used as 'dash' errors when no variable is given to 'read'. [ "$KISS_NOPROMPT" = 1 ] || read -r _ } as_root() { # Simple function to run a command as root using either 'sudo', # 'doas' or 'su'. Hurrah for choice. [ "$uid" = 0 ] || log "Using '${su:-su}' (to become ${user:=root})" case ${su##*/} in sudo) sudo -u "$user" -- env "$@" ;; doas) doas -u "$user" -- env "$@" ;; su) su -c "env $* <&3" "$user" 3<&0 /dev/null 2>&1 || user=root } run_hook() { # Provide a default post-build hook to remove files and directories # for things we don't support out of the box. One can simply define # their own hook to override this behavior. [ "${KISS_HOOK:-}" ] || { case $1 in post-build) rm -rf "$3/usr/share/gettext" "$3/usr/share/polkit-1" \ "$3/usr/share/locale" "$3/usr/share/info" esac return 0 } log "$2" "Running $1 hook" TYPE=$1 PKG=$2 DEST=$3 . "$KISS_HOOK" } decompress() { case $1 in *.bz2) bzip2 -d ;; *.lzma) lzma -dc ;; *.lz) lzip -dc ;; *.tar) cat ;; *.tgz|*.gz) gzip -d ;; *.xz|*.txz) xz -dcT 0 ;; *.zst) zstd -dc ;; esac < "$1" } sh256() { # There's no standard utility to generate sha256 checksums. # This is a simple wrapper around sha256sum, sha256, shasum, # openssl, digest, ... which will use whatever is available. # # All utilities must match 'sha256sum' output. # # Example: ' ' [ -e "$1" ] || return 0 hash=$(sha256sum "$1" || sha256 -r "$1" || openssl dgst -sha256 -r "$1" || shasum -a 256 "$1" || digest -a sha256 "$1") 2>/dev/null printf '%s %s\n' "${hash%% *}" "$1" } pkg_lint() { log "$1" "Checking repository files" cd "$(pkg_find "$1")" read -r _ release 2>/dev/null < version || die "Version file not found" [ "$release" ] || die "$1" "Release field not found in version file" [ -x build ] || die "$1" "Build file not found or not executable" [ -f sources ] || war "$1" "Sources file not found" [ ! -f sources ] || [ "$2" ] || [ -f checksums ] || die "$1" "Checksums are missing" } pkg_find() { # Figure out which repository a package belongs to by searching for # directories matching the package name in $KISS_PATH/*. query=$1 all=$2 what=$3 IFS=:; set -- # Both counts of word-splitting are intentional here. Firstly to split # the repositories and secondly to allow for the query to be a glob. # shellcheck disable=2086 for path in $KISS_PATH "${what:-$sys_db}"; do set +f for path2 in "$path/"$query; do test "${what:--d}" "$path2" && set -f -- "$@" "$path2" done done unset IFS # A package may also not be found due to a repository not being readable # by the current user. Either way, we need to die here. [ "$1" ] || die "Package '$query' not in any repository" # Show all search results if called from 'kiss search', else print only # the first match. [ "$all" ] && printf '%s\n' "$@" || printf '%s\n' "$1" } pkg_list() { # List installed packages. As the format is files and directories, this # just involves a simple for loop and file read. cd "$sys_db" 2>/dev/null # Optional arguments can be passed to check for specific packages. If no # arguments are passed, list all. [ "$1" ] || { set +f; set -f -- *; } # Loop over each package and print its name and version. for pkg do [ -d "$pkg" ] || { log "$pkg" "not installed"; return 1; } read -r version 2>/dev/null < "$pkg/version" || version=null printf '%s\n' "$pkg $version" done } pkg_cache() { # Find the tarball of a package using a glob. Use the first found match # of '#.tar.*'. read -r version release 2>/dev/null < "$(pkg_find "$1")/version" set +f; set -f -- "$bin_dir/$1#$version-$release.tar."* tar_file=$1 [ -f "$tar_file" ] } pkg_sources() { # Download any remote package sources. The existence of local files is # also checked. repo_dir=$(pkg_find "$1") # Support packages without sources. Simply do nothing. [ -f "$repo_dir/sources" ] || return 0 log "$1" "Downloading sources" # Store each downloaded source in a directory named after the package it # belongs to. This avoid conflicts between two packages having a source # of the same name. mkdir -p "$src_dir/$1" && cd "$src_dir/$1" while read -r src dest || [ "$src" ]; do # Comment. if [ -z "${src##\#*}" ]; then : # Remote source (cached). elif [ -f "${src##*/}" ]; then log "$1" "Found cached source '${src##*/}'" # Remote git repository. elif [ -z "${src##git+*}" ]; then # This is a checksums check, skip it. [ "$2" ] && continue mkdir -p "$mak_dir/$1/$dest" # Run in a subshell to keep the variables, path and # argument list local to each loop iteration. ( url=${src##git+} log "$1" "Cloning ${url%[@#]*}" # Git has no option to clone a repository to a # specific location so we must do it ourselves # beforehand. cd "$mak_dir/$1/$dest" 2>/dev/null || die # Clear the argument list as we'll be overwriting # it below based on what kind of checkout we're # dealing with. set -- "$url" # If a branch was given, shallow clone it directly. # This speeds things up as we don't have to grab # a lot of unneeded commits. [ "${src##*@*}" ] || set -- -b "${src##*@}" "${url%@*}" # Maintain compatibility with older versions of # kiss by shallow cloning all branches. This has # the added benefit of allowing checkouts of # specific commits in specific branches. [ "${src##*#*}" ] || set -- --no-single-branch "${url%#*}" # Always do a shallow clone as we will unshallow it if # needed later (when a commit is desired). git clone --depth=1 "$@" . ) || die "$1" "Failed to clone $src" # Remote source. elif [ -z "${src##*://*}" ]; then log "$1" "Downloading $src" curl "$src" -fLo "${src##*/}" || { rm -f "${src##*/}" die "$1" "Failed to download $src" } # Local source. elif [ -f "$repo_dir/$src" ]; then log "$1" "Found local file '$src'" else die "$1" "No local file '$src'" fi done < "$repo_dir/sources" } pkg_extract() { # Extract all source archives to the build directory and copy over any # local repository files. repo_dir=$(pkg_find "$1") # Support packages without sources. Simply do nothing. [ -f "$repo_dir/sources" ] || return 0 log "$1" "Extracting sources" while read -r src dest || [ "$src" ]; do mkdir -p "$mak_dir/$1/$dest" && cd "$mak_dir/$1/$dest" case $src in # Git repository with supplied commit hash. git+*\#*) log "Checking out ${src##*#}" # A commit was requested, unshallow the repository. # This will convert it to a regular repository with # full history. git fetch --unshallow # Try to checkout the repository. If we fail here, # the requested commit doesn't exist. git -c advice.detachedHead=false checkout "${src##*#}" || die "Commit hash ${src##*#} doesn't exist" ;; # Git repository, comment or blank line. git+*|\#*|'') ;; # Tarballs of any kind. This is a shell equivalent of # GNU tar's '--strip-components 1'. *://*.tar|*://*.tar.??|*://*.tar.???|*://*.tar.????|*://*.t?z) # Decompress the archive to a temporary .tar archive. decompress "$src_dir/$1/${src##*/}" > .ktar # Extract the tar archive to the current directory. tar xf .ktar || die "$1" "Couldn't extract ${src##*/}" # Iterate over all directories in the first level of the # tarball's manifest. This is our equivalent of GNU tar's # '--strip-components 1'. tar tf .ktar | while IFS=/ read -r dir _; do # Some tarballs contain './' as the top-level directory, # we need to skip these occurances. [ -d "${dir#.}" ] || continue # Move the directory to prevent naming conflicts between # the child and parent mv -f "$dir" "$$-$dir" # First attempt to move all files up a directory level, # if any files/directories fail (due to mv's lack of # directory merge capability), simply do the exercise # again and copy-merge the remaining files/directories. # # We can use '-exec {} +' with any arguments between # the '{}' and '+' as this is not POSIX. We must also # use '$0' and '$@' to reference all arguments. # # Using only '$@' causes a single file from each # invocation to be left out of the list. Weird, right? { find "$$-$dir/." ! -name . -prune \ -exec sh -c 'mv -f "$0" "$@" .' {} + || find "$$-$dir/." ! -name . -prune \ -exec sh -c 'cp -fRp "$0" "$@" .' {} + } 2>/dev/null # Remove the directory now that all files have been # transferred out of it. This can't be a simple 'rmdir' # as we may leave files in here due to above. rm -rf "$$-$dir" done # Clean up after ourselves and remove the temporary tar # archive we've created. Not needed at all really. rm -f .ktar ;; # Zip archives. *://*.zip) unzip "$src_dir/$1/${src##*/}" || die "$1" "Couldn't extract ${src##*/}" ;; *) # Local file. if [ -f "$repo_dir/$src" ]; then cp -f "$repo_dir/$src" . # Remote file. elif [ -f "$src_dir/$1/${src##*/}" ]; then cp -f "$src_dir/$1/${src##*/}" . else die "$1" "Local file $src not found" fi ;; esac done < "$repo_dir/sources" } pkg_depends() { # Resolve all dependencies and generate an ordered list. This does a # depth-first search. The deepest dependencies are listed first and then # the parents in reverse order. contains "$deps" "$1" || { # Filter out non-explicit, aleady installed dependencies. # Only filter installed if called from 'pkg_build()'. [ "$pkg_build" ] && [ -z "$2" ] && (pkg_list "$1" >/dev/null) && return # Recurse through the dependencies of the child packages. while read -r dep _ || [ "$dep" ]; do [ "${dep##\#*}" ] && pkg_depends "$dep" done 2>/dev/null < "$(pkg_find "$1")/depends" ||: # After child dependencies are added to the list, # add the package which depends on them. [ "$2" = explicit ] || deps="$deps $1 " } } pkg_order() { # Order a list of packages based on dependence and take into account # pre-built tarballs if this is to be called from 'kiss i'. order=; redro=; deps= for pkg do case $pkg in *.tar.*) deps="$deps $pkg " ;; *) pkg_depends "$pkg" raw esac done # Filter the list, only keeping explicit packages. The purpose of these # two loops is to order the argument list based on dependence. for pkg in $deps; do contains "$*" "$pkg" && { order="$order $pkg " redro=" $pkg $redro" } done deps= } pkg_strip() { # Strip package binaries and libraries. This saves space on the system as # well as on the tarballs we ship for installation. [ -f "$mak_dir/$pkg/nostrip" ] && return log "$1" "Stripping binaries and libraries" # Strip only files matching the below ELF types. This uses 'od' to print # the 2 bytes starting from an offset of 16 bytes (bytes 17 and 18). This # is the location of the ELF type inside of the ELF headers. # # Static libraries (.a) are in reality AR archives which contain ELF # objects. Tools like 'readelf' will seamlessly read '.a' files as if they # were of ELF format (effectively hiding this fact). # # Example ELF output: # 0000000 177 E L F 002 001 001 \0 \0 \0 \0 \0 \0 \0 \0 \0 # 0000020 003 \0 # 0000022 # # Example AR output (.a): # 0000000 ! < a r c h > \n / # 0000020 # 0000022 find "$pkg_dir/$1" -type f | while read -r file; do case $(od -cN 18 "$file") in # REL (object files (.o), static libraries (.a)). *177*E*L*F*0000020\ 001\ *|*\!*\<*a*r*c*h*\>*) strip -g -R .comment -R .note "$file" ;; # EXEC (binaries), DYN (shared libraries). # Shared libraries keep global symbols in a separate ELF section # called '.dynsym'. '--strip-all/-s' does not touch the dynamic # symbol entries which makes this safe to do. *177*E*L*F*0000020\ 00[23]\ *) strip -s -R .comment -R .note "$file" ;; esac done 2>/dev/null ||: } pkg_fixdeps() { # Dynamically look for missing runtime dependencies by checking each # binary and library with 'ldd'. This catches any extra libraries and or # dependencies pulled in by the package's build suite. log "$1" "Checking for missing dependencies" # Go to the built package directory to simplify path building. cd "$pkg_dir/$1/$pkg_db/$1" # Generate a list of all installed manifests. set +f; set -f -- "$sys_db/"*/manifest # Create the depends file if it doesn't exist to have something to # compare against (even if empty). We will remove this blank file # later if needed. touch depends # Get a list of binaries and libraries, false files will be found, # however it's faster to get 'ldd' to check them anyway than to filter # them out. find "$pkg_dir/${PWD##*/}/" -type f 2>/dev/null | while read -r file; do # Run 'ldd' on the file and parse each line. The code then checks to # see which packages own the linked libraries and it prints the result. ldd "$file" 2>/dev/null | while read -r _ _ dep _; do # Resolve path symlinks to find the real location to the library. cd -P "${dep%/*}" 2>/dev/null || continue # 'ls' is used to obtain the target of the symlink. # See: [2] at top of script. lso=$(ls -ld "$PWD/${dep##*/}" 2>/dev/null) && case $lso in *' -> '*) lso=${lso##* -> } dep=$PWD/${lso##*/}; esac # Figure out which package owns the file. dep=$(grep -lFx "${dep##$KISS_ROOT}" "$@") dep=${dep%/*} dep=${dep##*/} # Skip listing these packages as dependencies. case $dep in musl|gcc|llvm|"${OLDPWD##*/}"|"${OLDPWD##*/}-bin"|"") ;; *) printf '%s\n' "$dep" esac done ||: done | sort -uk1,1 depends - > "$mak_dir/d" # Display a 'diff' of the new dependencies against the old ones. diff -U 3 depends - < "$mak_dir/d" ||: # Swap out the old depends file for the new one which contains # an amended dependency list. mv -f "$mak_dir/d" depends # Remove the package's depends file if it's empty. (The package has # no dependencies, automatically detected or otherwise). [ -s depends ] || rm -f depends } pkg_manifest() ( # Generate the package's manifest file. This is a list of each file # and directory inside the package. The file is used when uninstalling # packages, checking for package conflicts and for general debugging. log "$1" "Generating manifest" # This function runs as a sub-shell to avoid having to 'cd' back to the # prior directory before being able to continue. cd "${2:-$pkg_dir}/$1" # find: Print all files and directories and append '/' to directories. # sort: Sort the output in *reverse*. Directories appear *after* their # contents. # sed: Remove the first character in each line (./dir -> /dir) and # remove all lines which only contain '.'. find . -type d -exec printf '%s/\n' {} + -o -print | sort -r | sed '/^\.\/$/d;ss.ss' > "${2:-$pkg_dir}/$1/$pkg_db/$1/manifest" ) pkg_etcsums() ( # Generate checksums for each configuration file in the package's /etc/ # directory for use in "smart" handling of these files. log "$1" "Generating etcsums" # This function runs as a sub-shell to avoid having to 'cd' back to the # prior directory before being able to continue. [ -d "$pkg_dir/$1/etc" ] || return 0 cd "$pkg_dir/$1" find etc -type f | while read -r line; do sh256 "$line" done > "$pkg_dir/$1/$pkg_db/$1/etcsums" ) pkg_tar() ( # Create a tarball from the built package's files. This tarball also # contains the package's database entry. log "$1" "Creating tarball" # Read the version information to name the package. read -r version release < "$(pkg_find "$1")/version" # Use 'cd' to avoid needing tar's '-C' flag which may not be portable # across implementations. cd "$pkg_dir/$1" # Create a tarball from the contents of the built package. tar cf - . | case ${KISS_COMPRESS:=gz} in bz2) bzip2 -z ;; gz) gzip -6 ;; lzma) lzma -z ;; lz) lzip -z ;; xz) xz -zT 0 ;; zst) zstd -z ;; esac > "$bin_dir/$1#$version-$release.tar.${KISS_COMPRESS:=gz}" log "$1" "Successfully created tarball" ) pkg_build() { # Build packages and turn them into packaged tarballs. pkg_build=1 log "Resolving dependencies" # Mark packages passed on the command-line separately from those # detected as dependencies. We need to treat explicitly passed packages # differently from those pulled in as dependencies. # # This also resolves all dependencies and stores the result in '$deps'. # Any duplicates are also filtered out. for pkg do contains "$explicit" "$pkg" || { pkg_depends "$pkg" explicit explicit="$explicit $pkg " } done # If this is an update, don't always build explicitly passsed packages # and instead install pre-built binaries if they exist. [ "$pkg_update" ] || explicit_build=$explicit # If an explicit package is a dependency of another explicit package, # remove it from the explicit list as it needs to be installed as a # dependency. for pkg do contains "$deps" "$pkg" || explicit2=" $explicit2 $pkg " done explicit=$explicit2 # See [1] at top of script. # shellcheck disable=2046,2086 set -- $deps $explicit log "Building: $*" # Only ask for confirmation if more than one package needs to be built. [ $# -gt 1 ] || [ "$pkg_update" ] && prompt for pkg do pkg_lint "$pkg"; done log "Checking for pre-built dependencies" # Install any pre-built dependencies if they exist in the binary # directory and are up to date. for pkg do ! contains "$explicit_build" "$pkg" && pkg_cache "$pkg" && { log "$pkg" "Found pre-built binary, installing" (KISS_FORCE=1 args i "$tar_file") # Remove the now installed package from the build list. shift } done for pkg do pkg_sources "$pkg"; done pkg_verify "$@" # Finally build and create tarballs for all passed packages and # dependencies. for pkg do in=$((in + 1)) log "$pkg" "Building package ($in/$#)" pkg_extract "$pkg" repo_dir=$(pkg_find "$pkg") # Install built packages to a directory under the package name to # avoid collisions with other packages. mkdir -p "$pkg_dir/$pkg/$pkg_db" "$mak_dir/$pkg" cd "$mak_dir/$pkg" # Log the version so we can pass it to the package build file. read -r build_version _ < "$repo_dir/version" log "$pkg" "Starting build" run_hook pre-build "$pkg" "$pkg_dir/$pkg" # Call the build script, log the output to the terminal and to a file. # There's no PIPEFAIL in POSIX shelll so we must resort to tricks like # killing the script ourselves. { "$repo_dir/build" "$pkg_dir/$pkg" "$build_version" 2>&1 || { log "$pkg" "Build failed" log "$pkg" "Log stored to $log_dir/$pkg-$time-$pid" run_hook build-fail "$pkg" "$pkg_dir/$pkg" pkg_clean kill 0 } } | tee "$log_dir/$pkg-$time-$pid" # Delete the log file if the build succeeded to prevent the directory # from filling very quickly with useless logs. [ "$KISS_KEEPLOG" = 1 ] || rm -f "$log_dir/$pkg-$time-$pid" # Copy the repository files to the package directory. This acts as the # database entry. cp -LRf "$repo_dir" "$pkg_dir/$pkg/$pkg_db/" # We never ever want this. Let's end the endless conflicts and remove # it. This will be the only exception for a specific removal of this # kind. A 'find' is used instead of 'rm' so as to not hardcode the # location to this file. find "$pkg_dir/$pkg" -type f -name charset.alias -exec rm -f {} + log "$pkg" "Successfully built package" run_hook post-build "$pkg" "$pkg_dir/$pkg" # Create the manifest file early and make it empty. This ensures that # the manifest is added to the manifest. : > "$pkg_dir/$pkg/$pkg_db/$pkg/manifest" # If the package contains '/etc', add a file called 'etcsums' to the # manifest. See comment directly above. [ -d "$pkg_dir/$pkg/etc" ] && : > "$pkg_dir/$pkg/$pkg_db/$pkg/etcsums" pkg_strip "$pkg" pkg_fixdeps "$pkg" pkg_manifest "$pkg" pkg_etcsums "$pkg" pkg_tar "$pkg" # Install only dependencies of passed packages. If this is an update, # install the built package regardless. contains "$explicit" "$pkg" && [ -z "$pkg_update" ] && continue log "$pkg" "Needed as a dependency or has an update, installing" (KISS_FORCE=1 args i "$pkg") done # End here as this was a system update and all packages have been installed. [ "$pkg_update" ] && return log "Successfully built package(s)" # Turn the explicit packages into a 'list'. # See [1] at top of script. # shellcheck disable=2046,2086 set -- $explicit # Only ask for confirmation if more than one package needs to be installed. [ $# -gt 1 ] && prompt "Install built packages? [$*]" && { args i "$@" return } log "Run 'kiss i $*' to install the package(s)" } pkg_checksums() { # Generate checksums for packages. repo_dir=$(pkg_find "$1") # Support packages without sources. Simply do nothing. [ -f "$repo_dir/sources" ] || return 0 while read -r src _ || [ "$src" ]; do case $src in \#*) ;; git+*) printf 'git %s\n' "$src" ;; *) # File is local to the package. if [ -f "$repo_dir/$src" ]; then cd "$repo_dir/${src%/*}" # File is remote and was downloaded. elif [ -f "$src_dir/$1/${src##*/}" ]; then cd "$src_dir/$1" fi sh256 "${src##*/}" || die "$1" "Failed to generate checksums" ;; esac; done < "$repo_dir/sources" } pkg_verify() { # Verify all package checksums. This is achieved by generating a new set # of checksums and then comparing those with the old set. for pkg do repo_dir=$(pkg_find "$pkg") [ -f "$repo_dir/sources" ] || continue pkg_checksums "$pkg" | diff - "$repo_dir/checksums" || { log "$pkg" "Checksum mismatch" # Instead of dying above, log it to the terminal. Also define a # variable so we *can* die after all checksum files have been # checked. mismatch="$mismatch$pkg " } done [ -z "$mismatch" ] || die "Checksum mismatch with: ${mismatch% }" log "Verified all checksums" } pkg_conflicts() { # Check to see if a package conflicts with another. log "$1" "Checking for package conflicts" # Filter the tarball's manifest and select only files. Resolve all # symlinks in file paths as well. while read -r file; do file=$KISS_ROOT/${file#/} # Skip all directories. case $file in */) continue; esac # Attempt to resolve symlinks by using 'cd'. # If this fails, fallback to the file's parent # directory. cd -P "${file%/*}" 2>/dev/null || PWD=${file%/*} # Print the file with all symlinks in its path # resolved to their real locations. printf '%s\n' "${PWD#$KISS_ROOT}/${file##*/}" done < "$tar_dir/$1/$pkg_db/$1/manifest" > "$mak_dir/$pid-m" p_name=$1 set +f set -f "$sys_db"/*/manifest # Generate a list of all installed package manifests and remove the # current package from the list. This is the simplest method of # dropping an item from the argument list. The one downside is that # it cannot live in a function due to scoping of arguments. for manifest do shift [ "$sys_db/$p_name/manifest" = "$manifest" ] && continue set -- "$@" "$manifest" done # Store the list of found conflicts in a file as we'll be using the # information multiple times. Storing things in the cache dir allows # us to be lazy as they'll be automatically removed on script end. grep -Fxf "$mak_dir/$pid-m" -- "$@" 2>/dev/null > "$mak_dir/$pid-c" ||: # Enable alternatives automatically if it is safe to do so. # This checks to see that the package that is about to be installed # doesn't overwrite anything it shouldn't in '/var/db/kiss/installed'. grep -q ":/var/db/kiss/installed/" "$mak_dir/$pid-c" || choice_auto=1 if [ "$KISS_CHOICE" != 0 ] && [ "$choice_auto" = 1 ]; then # This is a novel way of offering an "alternatives" system. # It is entirely dynamic and all "choices" are created and # destroyed on the fly. # # When a conflict is found between two packages, the file # is moved to a directory called "choices" and its name # changed to store its parent package and its intended # location. # # The package's manifest is then updated to reflect this # new location. # # The 'kiss choices' command parses this directory and # offers you the CHOICE of *swapping* entries in this # directory for those on the filesystem. # # The choices command does the same thing we do here, # it rewrites manifests and moves files around to make # this work. # # Pretty nifty huh? while IFS=: read -r _ con; do printf '%s\n' "Found conflict $con" # Create the "choices" directory inside of the tarball. # This directory will store the conflicting file. mkdir -p "$tar_dir/$p_name/${cho_dir:=var/db/kiss/choices}" # Construct the file name of the "db" entry of the # conflicting file. (pkg_name>usr>bin>ls) con_name=$(printf %s "$con" | sed 's|/|>|g') # Move the conflicting file to the choices directory # and name it according to the format above. mv -f "$tar_dir/$p_name/$con" \ "$tar_dir/$p_name/$cho_dir/$p_name$con_name" 2>/dev/null || { log "File must be in ${con%/*} and not a symlink to it" log "This usually occurs when a binary is installed to" log "/sbin instead of /usr/bin (example)" log "Before this package can be used as an alternative," log "this must be fixed in $p_name. Contact the maintainer" die "by finding their details via 'kiss-maintainer'" "" "!>" } done < "$mak_dir/$pid-c" log "$p_name" "Converted all conflicts to choices (kiss a)" # Rewrite the package's manifest to update its location # to its new spot (and name) in the choices directory. pkg_manifest "$p_name" "$tar_dir" 2>/dev/null elif [ -s "$mak_dir/$pid-c" ]; then log "Package '$p_name' conflicts with another package" "" "!>" log "Run 'KISS_CHOICE=1 kiss i $p_name' to add conflicts" "" "!>" die "as alternatives." "" "!>" fi } pkg_swap() { # Swap between package alternatives. pkg_list "$1" >/dev/null alt=$(printf %s "$1$2" | sed 's|/|>|g') cd "$sys_db/../choices" [ -f "$alt" ] || [ -h "$alt" ] || die "Alternative '$1 $2' doesn't exist" if [ -f "$2" ]; then # Figure out which package owns the file we are going to swap for # another package's. Print the full path to the manifest file which # contains the match to our search. pkg_owns=$(set +f; grep -lFx "$2" "$sys_db/"*/manifest) ||: # Extract the package name from the path above. pkg_owns=${pkg_owns%/*} pkg_owns=${pkg_owns##*/} # Ensure that the file we're going to swap is actually owned by a # package. If it is not, we have to die here. [ "$pkg_owns" ] || die "File '$2' exists on filesystem but isn't owned" log "Swapping '$2' from '$pkg_owns' to '$1'" # Convert the current owner to an alternative and rewrite its manifest # file to reflect this. cp -Pf "$KISS_ROOT/$2" "$pkg_owns>${alt#*>}" # The separator is the ASCII unit separator which should be safe to # use as files should never contain this character (I hope to god).. sed "s^$2$${PWD#$KISS_ROOT}/$pkg_owns>${alt#*>}" \ "../installed/$pkg_owns/manifest" | sort -r > "$mak_dir/.$1" mv -f "$mak_dir/.$1" "../installed/$pkg_owns/manifest" fi # Convert the desired alternative to a real file and rewrite the manifest # file to reflect this. The reverse of above. mv -f "$alt" "$KISS_ROOT/$2" # The separator is the ASCII unit separator which should be safe to use # as files should never contain this character (I hope to god). sed "s${PWD#$KISS_ROOT}/$alt$2" \ "../installed/$1/manifest" | sort -r > "$mak_dir/.$1" mv -f "$mak_dir/.$1" "../installed/$1/manifest" } pkg_install_files() { # Reverse the manifest file so that we start shallow and go deeper as we # iterate over each item. This is needed so that directories are created # going down the tree. sort "$2/$pkg_db/${2##*/}/manifest" | while read -r line; do # Grab the octal permissions so that directory creation # preserves permissions. # See: [2] at top of script. rwx=$(ls -ld "$2/$line") oct='' b='' o=0 # Convert the output of 'ls' (rwxrwx---) to octal. This is simply # a 1-9 loop with the second digit being the value of the field. for c in 14 22 31 44 52 61 74 82 91; do rwx=${rwx#?} case $rwx in [rwx]*): $((o+=${c#?})) ;; [st]*): $((o+=1)) $((b+=4 / (${c%?}/3))) ;; [ST]*): $((b+=1)) ;; esac [ "$((${c%?} % 3))" = 0 ] && oct=$oct$o o=0 done # Copy files and create directories (preserving permissions), # skipping anything located in /etc/. # # The 'test' will run with '-e' for no-overwrite and '-z' # for overwrite. case $line in /etc/*) ;; */) # Skip directories if they already exist in the file system. # (Think /usr/bin, /usr/lib, etc). [ -d "$KISS_ROOT/$line" ] || mkdir -m "$oct" "$KISS_ROOT/$line" ;; *) test "$1" "$KISS_ROOT/$line" || if [ -h "$2/$line" ]; then # Skip symlinks which already exist as directories. # (Think baselayout being updated) [ -d "$KISS_ROOT/$line" ] && continue cp -fPp "$2/$line" "$KISS_ROOT/$line" chown -h "$USER:$USER" "$KISS_ROOT/$line" else cp -f "$2/$line" "$KISS_ROOT/$line" chmod "$b$oct" "$KISS_ROOT/$line" fi esac done } pkg_remove_files() { # Remove a file list from the system. This function runs during package # installation and package removal. Combining the removals in these two # functions allows us to stop duplicating code. while read -r file; do # Skip deleting some leftover files. case $file in /etc/*) continue; esac file=$KISS_ROOT/$file # Remove files. if [ -f "$file" ] && [ ! -h "$file" ]; then rm -f "$file" # Remove file symlinks. elif [ -h "$file" ] && [ ! -d "$file" ]; then rm -f "$file" # Skip directory symlinks. elif [ -h "$file" ] && [ -d "$file" ]; then : # Remove directories if empty. elif [ -d "$file" ]; then rmdir "$file" 2>/dev/null ||: fi done ||: } pkg_etc() ( [ -d "$tar_dir/$pkg_name/etc" ] || return 0 cd "$tar_dir/$pkg_name" # Create all directories beforehand. find etc -type d | while read -r dir; do mkdir -p "$KISS_ROOT/$dir" done # Handle files in /etc/ based on a 3-way checksum check. find etc ! -type d | while read -r file; do { sum_new=$(sh256 "$file") sum_sys=$(cd "$KISS_ROOT/"; sh256 "$file") sum_old=$(grep "$file$" "$mak_dir/c"); } 2>/dev/null ||: log "$pkg_name" "Doing 3-way handshake for $file" printf '%s\n' "Previous: ${sum_old:-null}" printf '%s\n' "System: ${sum_sys:-null}" printf '%s\n' "New: ${sum_new:-null}" # Use a case statement to easily compare three strings at # the same time. Pretty nifty. case ${sum_old:-null}${sum_sys:-null}${sum_new} in # old = Y, sys = X, new = Y "${sum_new}${sum_sys}${sum_old}") log "Skipping $file" continue ;; # old = X, sys = X, new = X # old = X, sys = Y, new = Y # old = X, sys = X, new = Y "${sum_old}${sum_old}${sum_old}"|\ "${sum_old:-null}${sum_sys}${sum_sys}"|\ "${sum_sys}${sum_old}"*) log "Installing $file" new= ;; # All other cases. *) war "$pkg_name" "saving /$file as /$file.new" new=.new ;; esac cp -fPp "$file" "$KISS_ROOT/${file}${new}" chown root:root "$KISS_ROOT/${file}${new}" 2>/dev/null done ||: ) pkg_remove() { # Remove a package and all of its files. The '/etc' directory is handled # differently and configuration files are *not* overwritten. pkg_list "$1" >/dev/null || return # Make sure that nothing depends on this package. [ "$KISS_FORCE" ] || { log "$1" "Checking for reverse dependencies" (cd "$sys_db"; set +f; grep -lFx "$1" -- */depends) && die "$1" "Can't remove package, others depend on it" } # Block being able to abort the script with 'Ctrl+C' during removal. # Removes all risk of the user aborting a package removal leaving an # incomplete package installed. trap '' INT if [ -x "$sys_db/$1/pre-remove" ]; then log "$1" "Running pre-remove script" "$sys_db/$1/pre-remove" ||: fi pkg_remove_files < "$sys_db/$1/manifest" # Reset 'trap' to its original value. Removal is done so # we no longer need to block 'Ctrl+C'. trap pkg_clean EXIT INT log "$1" "Removed successfully" } pkg_install() { # Install a built package tarball. # # Package installation works similarly to the method used by Slackware in # some of their tooling. It's not the obvious solution to the problem, # however it is the best solution at this given time. # # When an installation is an update to an existing package, instead of # removing the old version first we do something different. # # The new version is installed overwriting any files which it has in # common with the previously installed version of the package. # # A "diff" is then generated between the old and new versions and contains # any files existing in the old version but not the new version. # # The package manager then goes and removes these files which leaves us # with the new package version in the file system and all traces of the # old version gone. # # For good measure the package manager will then install the new package # an additional time. This is to ensure that the above diff didn't contain # anything incorrect. # # This is the better method as it is "seamless". An update to busybox won't # create a window in which there is no access to all of its utilities to # give an example. # Install can also take the full path to a tarball. We don't need to check # the repository if this is the case. if [ -f "$1" ] && [ -z "${1%%*.tar.*}" ] && [ -z "${1##*/*}" ]; then tar_file=$1 pkg_name=${1##*/} pkg_name=${pkg_name%#*} elif pkg_cache "$1" 2>/dev/null; then pkg_name=$1 else die "package has not been built, run 'kiss b pkg'" fi mkdir -p "$tar_dir/$pkg_name" log "$pkg_name" "Extracting $tar_file" # The tarball is extracted to a temporary directory where its contents are # then "installed" to the filesystem. Running this step as soon as possible # allows us to also check the validity of the tarball and bail out early # if needed. ( cd "$tar_dir/$pkg_name" decompress "$tar_file" | tar xf - ) # Naively assume that the existence of a manifest file is all that # determines a valid KISS package from an invalid one. This should be a # fine assumption to make in 99.99% of cases. [ -f "$tar_dir/$pkg_name/$pkg_db/$pkg_name/manifest" ] || die "'${tar_file##*/}' is not a valid KISS package" # Ensure that the tarball's manifest is correct by checking that each file # and directory inside of it actually exists. [ "$KISS_FORCE" = 1 ] || { log "$pkg_name" "Checking that manifest is valid" while read -r line; do [ -h "$tar_dir/$pkg_name/$line" ] || [ -e "$tar_dir/$pkg_name/$line" ] || die "File $line missing from tarball but mentioned in manifest" done < "$tar_dir/$pkg_name/$pkg_db/$pkg_name/manifest" log "$pkg_name" "Checking that all dependencies are installed" [ -f "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends" ] && while read -r dep dep_type || [ "$dep" ]; do [ "${dep##\#*}" ] || continue [ "$dep_type" ] || pkg_list "$dep" >/dev/null || install_dep="$install_dep'$dep', " done < "$tar_dir/$pkg_name/$pkg_db/$pkg_name/depends" [ "$install_dep" ] && die "$1" "Package requires ${install_dep%, }" } run_hook pre-install "$pkg_name" "$tar_dir/$pkg_name" pkg_conflicts "$pkg_name" log "$pkg_name" "Installing package incrementally" # Block being able to abort the script with Ctrl+C during installation. # Removes all risk of the user aborting a package installation leaving # an incomplete package installed. trap '' INT # If the package is already installed (and this is an upgrade) make a # backup of the manifest and etcsums files. cp -f "$sys_db/$pkg_name/manifest" "$mak_dir/m" 2>/dev/null ||: cp -f "$sys_db/$pkg_name/etcsums" "$mak_dir/c" 2>/dev/null ||: # Install the package's files by iterating over its manifest. pkg_install_files -z "$tar_dir/$pkg_name" # Handle /etc/ files in a special way (via a 3-way checksum) to determine # how these files should be installed. Do we overwrite the existing file? # Do we install it as $file.new to avoid deleting user configuration? etc. # # This is more or less similar to Arch Linux's Pacman with the user manually # handling the .new files when and if they appear. pkg_etc # This is the aforementioned step removing any files from the old version of # the package if the installation is an update. Each file type has to be # specially handled to ensure no system breakage occurs. # # Files in /etc/ are skipped entirely as they'll be handled via a 3-way # checksum system due to the nature of their existence. grep -vFxf "$sys_db/$pkg_name/manifest" "$mak_dir/m" 2>/dev/null | pkg_remove_files # Install the package's files a second time to fix any mess caused by the # above removal of the previous version of the package. log "$pkg_name" "Verifying installation" pkg_install_files -e "$tar_dir/$pkg_name" # Reset 'trap' to its original value. Installation is done so we no longer # need to block 'Ctrl+C'. trap pkg_clean EXIT INT if [ -x "$sys_db/$pkg_name/post-install" ]; then log "$pkg_name" "post-install log" "$sys_db/$pkg_name/post-install" fi 2>&1 | tee -a "$log_dir/post-install-$time-$pid" >/dev/null run_hook post-install "$pkg_name" "$sys_db/$pkg_name" log "$pkg_name" "Installed successfully" } pkg_updates() { # Check all installed packages for updates. So long as the installed # version and the version in the repositories differ, it's considered # an update. log "Updating repositories" # Create a list of all repositories. # See [1] at top of script. # shellcheck disable=2046,2086 { IFS=:; set -- $KISS_PATH; unset IFS; } # Update each repository in '$KISS_PATH'. for repo do # Go to the root of the repository (if it exists). cd "$repo" cd "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null ||: [ "$(git remote 2>/dev/null)" ] || { log "$repo" " " printf '%s\n' "No remote or not git repository, skipping." continue } contains "$repos" "$PWD" || { repos="$repos $PWD " # Display a tick if signing is enabled for this # repository. case $(git config merge.verifySignatures) in true) log "$PWD" "[signed ✓] " ;; *) log "$PWD" " " ;; esac if [ -w "$PWD" ] && [ "$uid" != 0 ]; then git fetch git merge git submodule update --remote --init -f else [ "$uid" = 0 ] || log "$PWD" "Need root to update" # Find out the owner of the repository and spawn # git as this user below. # # This prevents 'git' from changing the original # ownership of files and directories in the rare # case that the repository is owned by a 3rd user. ( file_owner "$PWD" # We're in a repository which is owned by a 3rd # user. Not root or the current user. [ "$user" = root ] || log "Dropping permissions to $user for pull" # 'sudo' and 'doas' properly parse command-line # arguments and split them in the common way. 'su' # on the other hand requires that each argument be # properly quoted as the command passed to it must # be a string... This sets quotes where needed. git_cmd="git fetch && git merge" git_cmd="$git_cmd && git submodule update --remote --init -f" case $su in *su) git_cmd="'$git_cmd'"; esac # Spawn a subshell to run multiple commands as # root at once. This makes things easier on users # who aren't using persist/timestamps for auth # caching. user=$user as_root sh -c "$git_cmd" ) fi } done log "Checking for new package versions" set +f -- for pkg in "$sys_db/"*; do read -r db_ver db_rel < "$pkg/version" read -r re_ver re_rel < "$(pkg_find "${pkg##*/}")/version" # Compare installed packages to repository packages. [ "$db_ver-$db_rel" = "$re_ver-$re_rel" ] || { printf '%s\n' "${pkg##*/} $db_ver-$db_rel ==> $re_ver-$re_rel" set -- "$@" "${pkg##*/}" } done set -f contains "$*" kiss && { log "Detected package manager update" log "The package manager will be updated first" prompt pkg_build kiss args i kiss log "Updated the package manager" log "Re-run 'kiss update' to update your system" exit 0 } [ "$1" ] || { log "Everything is up to date" return } log "Packages to update: $*" # Build all packages requiring an update. # See [1] at top of script. # shellcheck disable=2046,2086 { pkg_update=1 pkg_order "$@" pkg_build $order } log "Updated all packages" } pkg_clean() { # Clean up on exit or error. This removes everything related to the build. [ "$KISS_DEBUG" != 1 ] || return # Create a list containing the current invocation's temporary files and # directories. set +f -- "$mak_dir" "$pkg_dir" "$tar_dir" # Go through the cache and add any entries which don't belong to a # currently running kiss instance. for dir in "$cac_dir/"[bep]*-[0-9]*; do [ -e "/proc/${dir##*-}" ] || set -- "$@" "$dir" done rm -rf -- "$@" } args() { # Parse script arguments manually. This is rather easy to do in our case # since the first argument is always an "action" and the arguments that # follow are all package names. action=$1 shift "$(($# ? 1 : 0))" # Unless this is a search, sanitize the user's input. The call to # 'pkg_find()' supports basic globbing, ensure input doesn't expand # to anything except for when this behavior is needed. # # This handles the globbing characters '*', '!', '[' and ']' as per: # https://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html [ "${action##[as]*}" ] && case "$*" in *\**|*\!*|*\[*|*\]*) die "Arguments contain invalid characters: '!*[]' ($*)" esac # CRUX style usage using the current directory as the name of the package # to be operated on. This needs to sit before the 'as_root()' calls as # they reset the current working directory during their invocations. [ "$1" ] || case $action in b|build|c|checksum|i|install|r|remove) export KISS_PATH=${PWD%/*}:$KISS_PATH set -- "${PWD##*/}" esac # Rerun the script as root with a fixed environment if needed. We sadly # can't run singular functions as root so this is needed. case $action in a|alternatives|i|install|r|remove) [ -z "$1" ] || [ -w "$KISS_ROOT/" ] || [ "$uid" = 0 ] || { as_root HOME="$HOME" \ XDG_CACHE_HOME="$XDG_CACHE_HOME" \ KISS_PATH="$KISS_PATH" \ KISS_FORCE="$KISS_FORCE" \ KISS_ROOT="$KISS_ROOT" \ KISS_CHOICE="$KISS_CHOICE" \ kiss "$action" "$@" return } esac # Actions can be abbreviated to their first letter. This saves keystrokes # once you memorize the commands. case $action in a|alternatives) if [ "$1" = - ]; then while read -r pkg path; do pkg_swap "$pkg" "$path" done elif [ "$1" ]; then pkg_swap "$@" else # Go over each alternative and format the file # name for listing. (pkg_name>usr>bin>ls) set +f; for pkg in "$sys_db/../choices"/*; do printf '%s\n' "${pkg##*/}" done | sed 's|>| /|; s|>|/|g; /\*/d' fi ;; c|checksum) for pkg do pkg_lint "$pkg" c; done for pkg do pkg_sources "$pkg" c; done for pkg do repo_dir=$(pkg_find "$pkg") # Support packages without sources. Simply do nothing. [ -f "$repo_dir/sources" ] || { log "$pkg" "No sources file, skipping checksums" continue } pkg_checksums "$pkg" | if touch "$repo_dir/checksums" 2>/dev/null; then tee "$repo_dir/checksums" else log "$pkg" "Need permissions to generate checksums" file_owner "$repo_dir" user=$user as_root tee "$repo_dir/checksums" fi log "$pkg" "Generated checksums" done ;; i|install|r|remove) pkg_order "$@" case $action in i*) for pkg in $order; do pkg_install "$pkg"; done ;; r*) for pkg in $redro; do pkg_remove "$pkg"; done esac ;; b|build) pkg_build "${@:?No packages installed}" ;; l|list) pkg_list "$@" ;; u|update) pkg_updates ;; s|search) for pkg do pkg_find "$pkg" all; done ;; v|version) printf '2.0.7\n' ;; h|help|-h|--help|'') log 'kiss [a|b|c|i|l|r|s|u|v] [pkg]...' log 'alternatives List and swap to alternatives' log 'build Build a package' log 'checksum Generate checksums' log 'install Install a package' log 'list List installed packages' log 'remove Remove a package' log 'search Search for a package' log 'update Update the system' log 'version Package manager version ' log "Installed extensions (kiss-* in \$PATH)" # shellcheck disable=2046 # see [1] at top of script. set -- $(KISS_PATH=$PATH pkg_find kiss-\* all -x) # To align descriptions figure out which extension has the longest # name by doing a simple 'name > max ? name : max' on the basename # of the path with 'kiss-' stripped as well. # # This also removes any duplicates found in '$PATH', picking the # first match. for path do p=${path#*/kiss-} case " $seen " in *" $p "*) shift ;; *) seen=" $seen $p " max=$((${#p} > max ? ${#p}+1 : max)) esac done # Print each extension, grab its description from the second line # in the file and align the output based on the above max. for path do printf "%b->%b %-${max}s " "$lcol" "$lclr" "${path#*/kiss-}" sed -n 's/^# *//;2p' "$path" done >&2 ;; *) util=$(KISS_PATH=$PATH pkg_find "kiss-$action*" "" -x 2>/dev/null) || die "'kiss $action' is not a valid command" "$util" "$@" ;; esac if [ -s "$log_dir/post-install-$time-$pid" ]; then cat "$log_dir/post-install-$time-$pid" log "Post-install log stored to $log_dir/post-install-$time-$pid" fi } main() { # Globally disable globbing and enable exit-on-error. set -ef # Die here if the user has no set KISS_PATH. This is a rare occurance as # the environment variable should always be defined. [ "$KISS_PATH" ] || die "\$KISS_PATH needs to be set" # Allow the user to disable colors in output via an environment variable. # Check this once so as to not slow down printing. [ "$KISS_COLOR" = 0 ] || lcol='\033[1;33m' lcol2='\033[1;36m' lclr='\033[m' # The PID of the current shell process is used to isolate directories # to each specific KISS instance. This allows multiple package manager # instances to be run at once. Store the value in another variable so # that it doesn't change beneath us. pid=${KISS_PID:-$$} # Force the C locale to speed up things like 'grep' which disable unicode # etc when this is set. We don't need unicode and a speed up is always # welcome. export LC_ALL=C # Catch errors and ensure that build files and directories are cleaned # up before we die. This occurs on 'Ctrl+C' as well as success and error. trap pkg_clean EXIT INT # Figure out which 'sudo' command to use based on the user's choice or what # is available on the system. su=${KISS_SU:-$(command -v sudo || command -v doas)} || su=su # Store the date and time of script invocation to be used as the name of # the log files the package manager creates uring builds. time=$(date '+%Y-%m-%d-%H:%M') # Make note of the user's current ID to do root checks later on. # This is used enough to warrant a place here. uid=$(id -u) # Make sure that the KISS_ROOT doesn't end with a '/'. This might break # some operations if left unchecked. KISS_ROOT=${KISS_ROOT%/} # Define some paths which we will then use throughout the script. sys_db=$KISS_ROOT/${pkg_db:=var/db/kiss/installed} # This allows for automatic setup of a KISS chroot and will # do nothing on a normal system. mkdir -p "$KISS_ROOT/" 2>/dev/null ||: # Create the required temporary directories and set the variables which # point to them. mkdir -p "${cac_dir:=${XDG_CACHE_HOME:-$HOME/.cache}/kiss}" \ "${mak_dir:=${KISS_TMPDIR:-$cac_dir}/build-$pid}" \ "${pkg_dir:=${KISS_TMPDIR:-$cac_dir}/pkg-$pid}" \ "${tar_dir:=${KISS_TMPDIR:-$cac_dir}/extract-$pid}" \ "${src_dir:=$cac_dir/sources}" \ "${log_dir:=$cac_dir/logs}" \ "${bin_dir:=$cac_dir/bin}" args "$@" } main "$@"