#!/bin/sh # shellcheck source=/dev/null # # This is a simple package manager written in POSIX shell for use # in KISS Linux (https://k1ss.org). # # Created by Dylan Araps. log() { printf '%b%s %b%s%b %s\n' \ "$lcol" "${3:-->}" "${lclr}${2:+$lcol2}" "$1" "$lclr" "$2" >&2 } die() { log "$1" "$2" "${3:-ERROR}" exit 1 } prompt() { [ "$1" ] && log "$1" log "Continue?: Press Enter to continue or Ctrl+C to abort here" [ "$KISS_PROMPT" = 0 ] || read -r _ } as_root() { [ "$uid" = 0 ] || log "Using '${su:=su}' (to become ${user:=root})" case ${su##*/} in doas | sudo | sls) "$su" -u "$user" -- env "$@" ;; su) "$su" -c "env $* <&3" "$user" 3<&0 /dev/null 2>&1 || user=root } find_replace() { while IFS= read -r _line; do case $_line in "$1") printf '%s\n' "$2" ;; *) printf '%s\n' "$_line" ;; esac done < "$3" | sort -r > "$tmp_dir/.sed" mv -f "$tmp_dir/.sed" "$3" } run_user_hook() { set -- "${1:-null}" "${2:-null}" "${3:-null}" case ${KISS_HOOK:--}$1 in # Provide a default post-build hook to remove files and directories # for things we don't support out of the box. One can simply define # their own hook to override this behavior. -post-build) rm -rf \ "$3/usr/share/gettext" \ "$3/usr/share/polkit-1" \ "$3/usr/share/locale" \ "$3/usr/share/info" ;; [!-]*) TYPE=$1 PKG=$2 DEST=$3 . "$KISS_HOOK" ;; esac } run_repo_hook() { # Execute hooks which have the executable permission set, cat hooks which # don't. Allows packages which only need to display a message to avoid # executing any code. _hook=${3:-"$sys_db/$2/$1"} [ -f "$_hook" ] || return 0 log "$2" "running $1 hook" if [ -x "$_hook" ]; then "$_hook" else cat "$_hook" fi } decompress() { case ${1##*.} in bz2) bzip2 -dc ;; lzma) lzma -dc ;; lz) lzip -dc ;; tar) cat ;; tgz | gz) gzip -dc ;; txz | xz) xz -dc ;; zst) zstd -dc ;; esac < "$1" } sh256() { # There's no standard utility to generate sha256 checksums. # This unifies various tools using the first available. [ -e "$1" ] || return 0 hash=$( sha256sum "$1" || sha256 -r "$1" || openssl dgst -sha256 -r "$1" || shasum -a 256 "$1" || digest -a sha256 "$1" ) 2>/dev/null printf '%s\n' "${hash%% *}" } pkg_owner() { set +f [ "$3" ] || set -- "$1" "$2" "$sys_db"/*/manifest pkg_owner=$(grep "$@") pkg_owner=${pkg_owner%/*} pkg_owner=${pkg_owner##*/} set -f [ "$pkg_owner" ] } pkg_lint() { pkg_find "$1" cd "$repo_dir" read -r _ release 2>/dev/null < version || die "version file not found" [ "$release" ] || die "$1" "release field not found in version file" [ -x build ] || die "$1" "build file not found or not executable" [ -f sources ] || log "$1" "sources file not found" WARN } pkg_find() { # Figure out which repository a package belongs to by searching for # directories matching the package name in $KISS_PATH/*. _query=$1 _paths=${2:-"$KISS_PATH:$sys_db"} _print=$3 _type=${4:--d} IFS=: set -- # Globbing is disabled, splitting is intentional. for _path in $_paths; do set +f # Globbing enabled for search. for _path2 in "$_path"/${_query%%/*}; do test "$_type" "$_path2" && set -f -- "$@" "$_path2" done done unset IFS repo_dir=$1 [ "$1" ] || { log "Package '$_query' not in any repository" '' ERROR return 1 } [ -z "$_print" ] || printf '%s\n' "$@" } pkg_list() { [ -d "$sys_db/$1" ] || { log "$1" "not installed" ERROR return 1 } read -r _ver 2>/dev/null < "$sys_db/$1/version" || _ver=null printf '%s\n' "$1 $_ver" } pkg_cache() { # Find the tarball of a package using a glob. Use the first found match # of '#.tar.*'. pkg_find "$1" read -r version release 2>/dev/null < "$repo_dir/version" set +f set -f -- "$bin_dir/$1"[#@]"$version-$release.tar."* # Prefer '@' to '#' in tarball names. [ -f "$2" ] && shift printf 'unpacking %s\n' "$1" tar_file=$1 [ -f "$1" ] } pkg_sources() { # Download any remote package sources. The existence of local files is # also checked. pkg_find "$1" [ -f "$repo_dir/sources" ] || return 0 log "$1" "fetching sources" mkdir -p "$src_dir/$1" cd "$src_dir/$1" while read -r src dest || [ "$src" ]; do if [ -z "${src##\#*}" ]; then continue elif [ -z "${src##git+*}" ]; then printf 'found git %s\n' "${src##git+}" elif [ -f "${src##*/}" ]; then printf 'found cached %s\n' "${src##*/}" elif [ -z "${src##*://*}" ]; then printf 'downloading %s\n' "$src" curl "$src" -fLo "${src##*/}" || { rm -f "${src##*/}" die "$1" "failed to download $src" } elif [ -e "$repo_dir/$src" ]; then printf 'found relative %s\n' "$src" elif [ -e "/$src" ]; then printf 'found absolute %s\n' "$src" else die "$1" "no local file '$src'" fi done < "$repo_dir/sources" } pkg_extract() { # Extract all source archives to the build directory and copy over any # local repository files. pkg_find "$1" [ -f "$repo_dir/sources" ] || return 0 log "$1" "extracting sources" while read -r src dest || [ "$src" ]; do mkdir -p "$mak_dir/$1/$dest" && cd "$mak_dir/$1/$dest" case $src in \#* | '') # Comments and blank lines. ;; git+*) url=${src##git+} com=${url##*[@#]} com=${com#"${url%[#@]*}"} log "$1" "cloning ${url%[#@]*}"; { git init git remote add origin "${url%[#@]*}" git fetch -t --depth 1 origin "$com" || git fetch -t git -c advice.detachedHead=0 checkout "${com:-FETCH_HEAD}" } || die "$1" "failed to clone $src" ;; *://*.tar|*://*.tar.??|*://*.tar.???|*://*.tar.????|*://*.t?z) decompress "$src_dir/$1/${src##*/}" \ > "$tmp_dir/.tar" tar xf "$tmp_dir/.tar" || die "$1" "failed to extract ${src##*/}" # Iterate over all directories in the first level of the # tarball's manifest. This does the equivalent to GNU tar's # '--strip-components 1' in a portable way. tar tf "$tmp_dir/.tar" | while IFS=/ read -r dir _; do # Handles tarballs with './' as top-level directory. [ -d "${dir#.}" ] || continue # Avoid naming conflicts. mv -f "$dir" "$pid-$dir" # First attempt to move all files up a directory level, # if any files/directories fail (due to mv's lack of # directory merge capability), simply do the exercise # again and copy-merge the remaining files/directories. # # We can't use '-exec {} +' with any arguments between # the '{}' and '+' as this is not POSIX. We must also # use '$0' and '$@' to reference all arguments. { find "$pid-$dir/." ! -name . -prune \ -exec sh -c 'mv -f "$0" "$@" .' {} + || find "$pid-$dir/." ! -name . -prune \ -exec sh -c 'cp -fRp "$0" "$@" .' {} + } 2>/dev/null # Clean up after ourselves. rm -rf "$pid-$dir" done # Clean up after ourselves. rm -f "$tmp_dir/.tar" ;; *://*.zip) unzip "$src_dir/$1/${src##*/}" || die "$1" "failed to extract ${src##*/}" ;; *) # Local directory (relative). if [ -d "$repo_dir/$src" ]; then cp -Rf "$repo_dir/$src/." . # Local directory (absolute). elif [ -d "/$src" ]; then cp -Rf "/$src/." . # Local file (relative). elif [ -f "$repo_dir/$src" ]; then cp -f "$repo_dir/$src" . # Local file (absolute). elif [ -f "/$src" ]; then cp -f "/$src" . # Remote file. elif [ -f "$src_dir/$1/${src##*/}" ]; then cp -f "$src_dir/$1/${src##*/}" . else die "$1" "file $src not found" fi ;; esac done < "$repo_dir/sources" } pkg_depends() { # Resolve all dependencies and generate an ordered list. The deepest # dependencies are listed first and then the parents in reverse order. contains "$deps" "$1" || { pkg_find "$1" 2>/dev/null ||: # Recurse through the dependencies of the child packages. [ -f "$repo_dir/depends" ] && while read -r dep _ || [ "$dep" ]; do case $dep in [!#]*) pkg_list "$dep" >/dev/null 2>&1 || pkg_depends "$dep" ;; esac done < "$repo_dir/depends" # After child dependencies are added to the list, # add the package which depends on them. [ "$2" = explicit ] || deps="$deps $1" } } pkg_strip() { # Strip package binaries and libraries. This saves space on the system as # well as on the tarballs we ship for installation. [ -f "$mak_dir/$pkg/nostrip" ] || [ "$KISS_STRIP" = 0 ] && return log "$1" "stripping binaries and libraries" # Strip only files matching the below ELF types. This uses 'od' to print # the first 18 bytes of the file. This is the location of the ELF header # (up to the ELF type) and contains the type information we need. # # Static libraries (.a) are in reality AR archives which contain ELF # objects. We simply read from the same 18 bytes and assume that the AR # header equates to an archive containing objects (.o). # # Example ELF output ('003' is ELF type): # 0000000 177 E L F 002 001 001 \0 \0 \0 \0 \0 \0 \0 \0 \0 # 0000020 003 \0 # 0000022 # # Example AR output (.a): # 0000000 ! < a r c h > \n / # 0000020 # 0000022 find "$pkg_dir/$1" -type f | while read -r file; do case $(od -A o -t c -N 18 "$file") in # REL (object files (.o), static libraries (.a)). *177*E*L*F*0000020\ 001\ * | *\!*\<*a*r*c*h*\>*) strip -g -R .comment -R .note "$file" printf 'stripped debug .%s\n' "${file##"$pkg_dir/$1"}" ;; # EXEC (binaries), DYN (shared libraries). # Shared libraries keep global symbols in a separate ELF section # called '.dynsym'. '--strip-all/-s' does not touch the dynamic # symbol entries which makes this safe to do. *177*E*L*F*0000020\ 00[23]\ *) strip -s -R .comment -R .note "$file" printf 'stripped all .%s\n' "${file##"$pkg_dir/$1"}" ;; esac done 2>/dev/null ||: } pkg_fix_deps() { # Dynamically look for missing runtime dependencies by checking each # binary and library with 'ldd'. This catches any extra libraries and or # dependencies pulled in by the package's build suite. log "$1" "looking for dependencies (using ${elf_cmd##*/})" cd "$pkg_dir/$1/$pkg_db/$1" set +f set -f -- "$sys_db/"*/manifest : >> depends find "$pkg_dir/${PWD##*/}/" -type f 2>/dev/null | while read -r file; do case $elf_cmd in *readelf) "$elf_cmd" -d "$file" ;; *) ldd -- "$file" ;; esac 2>/dev/null | while read -r line; do case $line in *NEEDED*\[*\] | *'=>'*) # readelf: 0x0000 (NEEDED) Shared library: [libjson-c.so.5] line=${line##*[} line=${line%%]*} # ldd: libjson-c.so.5 => /lib/libjson-c.so.5 ... line=${line##*=> } line=${line%% *} # Skip files owned by libc and POSIX. case ${line##*/} in ld-* |\ lib[cm].so* |\ libdl.so* |\ libpthread.so* |\ librt.so* |\ libtrace.so* |\ libxnet.so* |\ ldd) continue ;; *) # Skip file if owned by current package pkg_owner -l "/${line#/}\$" "$PWD/manifest" && continue pkg_owner -l "/${line#/}\$" "$@" && printf '%s\n' "$pkg_owner" ;; esac ;; esac done ||: done | sort -uk1,1 depends - > "$tmp_dir/.fixdeps" diff -U 3 depends - < "$tmp_dir/.fixdeps" ||: mv -f "$tmp_dir/.fixdeps" depends if [ -s depends ]; then pkg_manifest "${PWD##*/}" else rm -f depends fi } pkg_manifest() ( # This function runs as a sub-shell to avoid having to 'cd' back to the # prior directory before being able to continue. cd "${2:-"$pkg_dir"}/$1" # find: Print all files and directories and append '/' to directories. # sed: Remove the first character in each line (./dir -> /dir) and # remove all lines which only contain '.'. find . -type d -exec printf '%s/\n' {} + -o -print | sort -r | sed '/^\.\/$/d;ss.ss' > "${2:-"$pkg_dir"}/$1/$pkg_db/$1/manifest" ) pkg_manifest_verify() { # Ensure that everything listed in the manifest exists in the tarball. while read -r line; do [ -h "./$line" ] || [ -e "./$line" ] || man_err="$man_err$line, " done < "$1" [ -z "$man_err" ] || die "$pkg" "files in manifest missing from tarball: ${man_err%, }" } pkg_etcsums() ( # This function runs as a sub-shell to avoid having to 'cd' back to the # prior directory before being able to continue. [ -d "$pkg_dir/$1/etc" ] || return 0 cd "$pkg_dir/$1" # This can't be a simple 'find -exec' as 'sh256' is a shell function # and not a real command of any kind. This is the shell equivalent. find etc -type f | sort | while read -r line; do sh256 "$line" done > "$pkg_dir/$1/$pkg_db/$1/etcsums" ) pkg_tar() ( pkg_find "$1" read -r version release < "$repo_dir/version" # Avoid tar -C (not portable). cd "$pkg_dir/$1" # Create a tarball from the contents of the built package. tar cf - . | case ${KISS_COMPRESS:-gz} in bz2) bzip2 -z ;; gz) gzip -6 ;; lzma) lzma -z ;; lz) lzip -z ;; xz) xz -zT 0 ;; zst) zstd -z ;; esac > "$bin_dir/$1@$version-$release.tar.${KISS_COMPRESS:-gz}" run_user_hook post-package "$1" ) pkg_build() { # Mark packages passed on the command-line separately from those # detected as dependencies. We need to treat explicitly passed packages # differently from those pulled in as dependencies. # # This also resolves all dependencies and stores the result in '$deps'. # Any duplicates are also filtered out. for pkg do contains "$explicit" "$pkg" || { pkg_depends "$pkg" explicit explicit="$explicit $pkg" } done # If not an update, ignore the cache and build everything given # on the command-line. If this is an update, use the cache. [ "$pkg_update" ] || explicit_build=$explicit # If an explicit package is a dependency of another explicit package, # remove it from the explicit list as it needs to be installed as a # dependency. for pkg do contains "$deps" "$pkg" || explicit2="$explicit2 $pkg" done explicit=$explicit2 # Intentional, globbing disabled. # shellcheck disable=2046,2086 set -- $deps $explicit [ "$#" -gt 1 ] || [ "$pkg_update" = 1 ] && prompt "Building $*" for pkg do pkg_lint "$pkg"; done log "checking for pre-built dependencies" # Install any pre-built dependencies if they exist in the binary # directory and are up to date. for pkg do ! contains "$explicit_build" "$pkg" && pkg_cache "$pkg" && { log "$pkg" "installing binary from cache" # False positive. # shellcheck disable=2030 ( KISS_FORCE=1 args i "$tar_file" ) # Remove the now installed package from the build list. shift } done for pkg do pkg_sources "$pkg"; done for pkg do pkg_verify "$pkg"; done # Finally build and create tarballs for all passed packages and # dependencies. for pkg do log "$pkg" "building package ($((in+=1))/$#)" run_user_hook pre-extract "$pkg" "$pkg_dir/$pkg" pkg_extract "$pkg" pkg_find "$pkg" # Install built packages to a directory under the package name to # avoid collisions with other packages. mkdir -p "$pkg_dir/$pkg/$pkg_db" "$mak_dir/$pkg" cd "$mak_dir/$pkg" # Log the version so we can pass it to the package build file. read -r build_version _ < "$repo_dir/version" log "$pkg" "starting build" run_user_hook pre-build "$pkg" "$pkg_dir/$pkg" # Call the build script, log the output to the terminal and to a file. # There's no PIPEFAIL in POSIX shelll so we must resort to tricks like # killing the script ourselves. { "$repo_dir/build" "$pkg_dir/$pkg" "$build_version" 2>&1 || { log "$pkg" "build failed" log "$pkg" "log stored to $log_dir/$pkg-$pid-${date##*-}" run_user_hook build-fail "$pkg" "$pkg_dir/$pkg" pkg_clean kill 0 } } | tee "$log_dir/$pkg-$pid-${date##*-}" # Delete the log file if the build succeeded to prevent the directory # from filling very quickly with useless logs. [ "$KISS_KEEPLOG" = 1 ] || rm -f "$log_dir/$pkg-$pid-${date##*-}" # Copy the repository files to the package directory. This acts as the # database entry. cp -LRf "$repo_dir" "$pkg_dir/$pkg/$pkg_db/" run_user_hook post-build "$pkg" "$pkg_dir/$pkg" # Remove all .la files from the packages. They're unneeded and cause # issues when a package stops providing one. This recently caused an # issue with harfbuzz (See: 05096e5a4dc6db5d202342f538d067d87ae7135e). find "$pkg_dir/$pkg/usr/lib" \ -name \*.la \ -exec rm -f {} + \ 2>/dev/null ||: # Endless source of conflicts. rm -f "$pkg_dir/$pkg/usr/lib/charset.alias" # Create the manifest file early and make it empty. This ensures that # the manifest is added to the manifest. : > "$pkg_dir/$pkg/$pkg_db/$pkg/manifest" # Same for etcsums if /etc exists in package. [ -d "$pkg_dir/$pkg/etc" ] && : > "$pkg_dir/$pkg/$pkg_db/$pkg/etcsums" pkg_strip "$pkg" pkg_manifest "$pkg" pkg_fix_deps "$pkg" pkg_etcsums "$pkg" pkg_tar "$pkg" log "$pkg" "successfully built package" # Install built package if not marked explicit or this # is a system update. This runs in a subshell. ! contains "$explicit" "$pkg" || [ "$pkg_update" ] && ( log "$pkg" "marked for install" # False positive. # shellcheck disable=2030 KISS_FORCE=1 args i "$pkg" ) done log "successfully built all packages" } pkg_checksums() { pkg_find "$1" [ -f "$repo_dir/sources" ] || return 0 while read -r src _ || [ "$src" ]; do # Skip comments, blank lines and git sources. if [ -z "${src##\#*}" ] || [ -z "${src##git+*}" ]; then continue # Remote source. elif [ -z "${src##*://*}" ]; then sh256 "$src_dir/$1/${src##*/}" # Skip directories. elif [ -d "$repo_dir/$src" ] || [ -d "/$src" ]; then continue # Local file (relative). elif [ -f "$repo_dir/$src" ]; then sh256 "$repo_dir/$src" # Local file (absolute). elif [ -f "/$src" ]; then sh256 "/$src" fi done < "$repo_dir/sources" || die "$1" "failed to generate checksums" } pkg_checksum_save() { # Generate and save checksums to file. pkg_find "$1" [ -f "$repo_dir/sources" ] || return 0 sums=$(pkg_checksums "$1") [ "$sums" ] || { log "$1" "nothing to do" return 0 } # False positive ('>> file' with no command). # shellcheck disable=2188 printf '%s\n' "$sums" | if 2>/dev/null >> "$repo_dir/checksums"; then tee "$repo_dir/checksums" else file_owner "$repo_dir" log "$1" "need permissions to generate checksums" as_root tee "$repo_dir/checksums" fi log "$1" "generated checksums" } pkg_verify() { # Verify all package checksums. This is achieved by generating a new set # of checksums and then comparing those with the old set. pkg_find "$pkg" [ -f "$repo_dir/sources" ] || return 0 sum_sys=$(pkg_checksums "$pkg") [ "$sum_sys" ] || return 0 [ -f "$repo_dir/checksums" ] || die "$pkg" "checksums file missing" sum_pkg=$(cut -b 1-64 < "$repo_dir/checksums") [ "$sum_sys" = "$sum_pkg" ] || die "$pkg" "checksum mismatch" } pkg_conflicts() { # Filter the tarball's manifest and select only files. Resolve all # symlinks in file paths as well. while read -r file; do file=$KISS_ROOT/${file#/} case $file in *[!/]) cd -P "${file%/*}" 2>/dev/null || PWD=${file%/*} printf '%s\n' "${PWD#"$KISS_ROOT"}/${file##*/}" ;; esac done < "$tar_dir/$1/$pkg_db/$1/manifest" > "$tmp_dir/.manifest" set +f set -f "$sys_db"/*/manifest # Generate a list of all installed package manifests and remove the # current package from the list. for manifest do shift [ "$sys_db/$pkg/manifest" = "$manifest" ] && continue set -- "$@" "$manifest" done [ "$#" != 0 ] || return 0 # Store the list of found conflicts in a file for reuse. grep -Fxf "$tmp_dir/.manifest" -- "$@" 2>/dev/null \ > "$tmp_dir/.conflicts" ||: if [ "$KISS_CHOICE" != 0 ] && [ -s "$tmp_dir/.conflicts" ]; then # Choices are dynamically created and destroyed. # # All file conflicts are installed to the choices directory # rather than their original destination. The package's # manifest is updated to reflect this. # # Swapping between choices just moves the locations of two # files around. The file in the system is copied to the # choices directory and the choice is moved to the system # (overwriting the remaining prior copy) while IFS=: read -r _ con; do pkg_owner -lFx "$con" ||: printf 'alternative %s (currently %s)\n' "$con" "${pkg_owner:-?}" # Create the "choices" directory inside of the tarball. # This directory will store the conflicting file. mkdir -p "$tar_dir/$pkg/${cho_dir:=var/db/kiss/choices}" # Construct the file name of the "db" entry of the # conflicting file. (pkg_name>usr>bin>ls) con_name=$(printf %s "$pkg$con" | sed 's|/|>|g') # Move the conflicting file to the choices directory # and name it according to the format above. mv -f "$tar_dir/$pkg/$con" \ "$tar_dir/$pkg/$cho_dir/$con_name" 2>/dev/null || { log "File must be in ${con%/*} and not a symlink to it" log "This can occur when a binary is installed to" log "/sbin instead of /usr/bin (example)" log "Before this file can be used as an alternative," log "this must be fixed in $pkg. Contact the maintainer" die "by finding their details via kiss-maintainer" "" "!>" } done < "$tmp_dir/.conflicts" # Update manifest file. pkg_manifest "$pkg" "$tar_dir" 2>/dev/null elif [ -s "$tmp_dir/.conflicts" ]; then log "Package '$pkg' conflicts with another package" "" "!>" log "Run 'KISS_CHOICE=1 kiss i $pkg' to add conflicts" "" "!>" die "as alternatives." "" "!>" fi } pkg_swap() { # Swap between package alternatives. pkg_list "$1" >/dev/null # pkg_name + /path/to/file -> pkg_name>path>to>file alt=$( printf %s "$1$2" | sed 's|/|>|g' ) cd "$sys_db/../choices" if [ ! -f "$alt" ] && [ ! -h "$alt" ]; then die "alternative '$1 $2' doesn't exist" elif [ -f "$2" ]; then # Figure out which package owns the file we are going to swap for # another package's. Print the full path to the manifest file which # contains the match to our search. pkg_owner -lFx "$2" || die "file '$2' exists on filesystem but isn't owned" # Convert the current owner to an alternative and rewrite its # manifest file to reflect this. cp -Pf "$KISS_ROOT/$2" "$pkg_owner>${alt#*>}" find_replace \ "$2" \ "${PWD#"$KISS_ROOT"}/$pkg_owner>${alt#*>}" \ "../installed/$pkg_owner/manifest" fi # Convert the desired alternative to a real file and rewrite the manifest # file to reflect this. The reverse of above. mv -f "$alt" "$KISS_ROOT/$2" # Update the matching line in the manifest. find_replace \ "${PWD#"$KISS_ROOT"}/$alt" \ "$2" \ "../installed/$1/manifest" printf '%s is now provided by %s (was %s)\n' "$2" "$1" "$pkg_owner" } pkg_install_files() { # Reverse the manifest file so that we start shallow and go deeper as we # iterate over each item. This is needed so that directories are created # going down the tree. sort "$2/$pkg_db/${2##*/}/manifest" | while read -r line; do [ -d "$KISS_ROOT/$line" ] || test "$1" "$KISS_ROOT/$line" && continue rwx=$(ls -ld "$2/$line") oct='' b='' o=0 # Convert the output of 'ls' (rwxrwx---) to octal. This is a # 1-9 loop with the second digit being the value of the field. for c in 14 22 31 44 52 61 74 82 91; do rwx=${rwx#?} case $rwx in [rwx]*): "$((o+=${c#?}))" ;; [st]*): "$((o+=1))" "$((b+=4 / (${c%?}/3)))" ;; [ST]*): "$((b+=1))" ;; esac case $((${c%?} % 3)) in 0) oct=$oct$o o=0 esac done # Copy files and create directories (preserving permissions). case $line in /etc/?*[!/]) pkg_etc_file "$2" "${line#/}" ;; */) mkdir -m "$oct" "$KISS_ROOT/$line" ;; *) cp -fP "$2/$line" "$KISS_ROOT/$line" # This prepends $b which represents sticky bit, # setuid, setfgid, etc. [ -h "$KISS_ROOT/$line" ] || chmod "$b$oct" "$KISS_ROOT/$line" ;; esac done ||: pkg_etc_cnt=0 } pkg_remove_files() { # Remove a file list from the system. This function runs during package # installation and package removal. Combining the removals in these two # functions allows us to stop duplicating code. while read -r file; do case $file in /etc/?*[!/]) sum_sys=$(sh256 "$KISS_ROOT/$file") ||: sum_old=$(grep -F "$sum_sys" "$tmp_dir/.etcsums") ||: [ "$sum_sys" = "$sum_old" ] || { printf 'Skipping %s (modified)\n' "$file" continue } ;; esac 2>/dev/null file=$KISS_ROOT/$file # Remove files. if [ -f "$file" ] && [ ! -h "$file" ]; then rm -f "$file" # Remove file symlinks. elif [ -h "$file" ] && [ ! -d "$file" ]; then rm -f "$file" # Remove directories if empty. elif [ -d "$file" ] && [ ! -h "$file" ]; then rmdir "$file" 2>/dev/null ||: fi done ||: } pkg_etc_file() { pkg_etc_cnt=$((pkg_etc_cnt + 1)) sum_new=$(sh256 "$1/$2") 2>/dev/null ||: sum_sys=$(cd "$KISS_ROOT/"; sh256 "$2") 2>/dev/null ||: sum_old=$(awk "NR == $pkg_etc_cnt" "$tmp_dir/.etcsums") 2>/dev/null ||: # Use a case statement to easily compare three strings at # the same time. Pretty nifty. case ${sum_old:-null}${sum_sys:-null}${sum_new} in # old = Y, sys = X, new = Y "${sum_new}${sum_sys}${sum_old}") return 0 ;; # old = X, sys = X, new = X # old = X, sys = Y, new = Y # old = X, sys = X, new = Y "${sum_old}${sum_old}${sum_old}"|\ "${sum_old:-null}${sum_sys}${sum_sys}"|\ "${sum_sys}${sum_old}"*) new= ;; # All other cases. *) printf 'Saving /%s as /%s.new\n' "$2" "$2" new=.new ;; esac cp -fP "$1/$2" "$KISS_ROOT/${2}${new}" } pkg_remove() { # Remove a package and all of its files. The '/etc' directory is handled # differently and configuration files are *not* overwritten. pkg_list "$1" >/dev/null # False positive. # shellcheck disable=2031 [ "$KISS_FORCE" = 1 ] || ( cd "$sys_db" set +f grep -lFx "$1" -- */depends ) && die "$1" "can't remove package, others depend on it" # Block being able to abort the script with 'Ctrl+C' during removal. # Removes all risk of the user aborting a package removal leaving an # incomplete package installed. trap '' INT run_repo_hook pre-remove "$1" run_user_hook pre-remove "$1" "$sys_db/$pkg" # Make a backup of the etcsums file (if it exists). cp -f "$sys_db/$1/etcsums" "$tmp_dir/.etcsums" 2>/dev/null ||: log "$1" "removing package" pkg_remove_files < "$sys_db/$1/manifest" # Reset 'trap' to its original value. Removal is done so # we no longer need to block 'Ctrl+C'. trap pkg_clean EXIT INT log "$1" "removed successfully" } pkg_install() { # Install a built package tarball. # # 1. Install package overwriting any existing files. # 2. Diff old manifest against new one and remove any files which exist in # the old instance of the package but not the new one. # 3. Install package again, verifying all files and repairing any damage # done by #2. # Handle tarball vs cache lookup (pkg_cache). case $1 in *.tar.*) [ -f "$1" ] || die "tarball '$1' does not exist" tar_file=$1 pkg=${1##*/} pkg=${pkg%#*} ;; *) pkg_find "$1" pkg_cache "$1" 2>/dev/null || die "package '$1' has not yet been built" ;; esac mkdir -p "$tar_dir/$pkg" cd "$tar_dir/$pkg" decompress "$tar_file" | tar xf - [ -f "./$pkg_db/$pkg/manifest" ] || die "invalid tarball '$tar_file'" # False positive. # shellcheck disable=2031 [ "$KISS_FORCE" = 1 ] || { pkg_manifest_verify "$pkg_db/$pkg/manifest" [ -f "$pkg_db/$pkg/depends" ] && { while read -r dep dep_type || [ "$dep" ]; do case "$dep ${dep_type:-null}" in [!#]*\ null) pkg_list "$dep" >/dev/null 2>&1 || dep_err="$dep_err$dep, " ;; esac done < "$pkg_db/$pkg/depends" [ -z "$dep_err" ] || die "$pkg" "missing ${dep_err%, }" } } run_user_hook pre-install "$pkg" "$tar_dir/$pkg" log "$pkg" "transforming package conflicts into alternatives" pkg_conflicts "$pkg" # Block Ctrl+C during installation. trap '' INT # If the package is already installed (and this is an upgrade) make a # backup of the manifest and etcsums files. cp -f "$sys_db/$pkg/manifest" "$tmp_dir/.manifest" 2>/dev/null ||: cp -f "$sys_db/$pkg/etcsums" "$tmp_dir/.etcsums" 2>/dev/null ||: log "$pkg" "installing package" pkg_install_files -z "$tar_dir/$pkg" grep -vFxf "$sys_db/$pkg/manifest" "$tmp_dir/.manifest" 2>/dev/null | pkg_remove_files log "$pkg" "verifying installation" pkg_install_files -e "$tar_dir/$pkg" trap pkg_clean EXIT INT run_repo_hook post-install "$pkg" run_user_hook post-install "$pkg" "$sys_db/$pkg" log "$pkg" "installed successfully" } sys_update() { # Check all installed packages for updates. So long as the installed # version and the version in the repositories differ, it's considered # an update. log "updating repositories" # Create a list of all repositories. # Intentional behavior. # shellcheck disable=2031,2046,2086 { IFS=: set -- $KISS_PATH unset IFS } # Update each repository in '$KISS_PATH'. for repo do cd "$repo" case $(git remote 2>/dev/null) in "") log "$repo" " " printf 'Skipping git pull, not a repository\n' ;; *) cd "$(git rev-parse --show-toplevel)" git_root=$(git rev-parse --show-superproject-working-tree) cd "${git_root:-.}" contains "$repos" "$PWD" : || { repos="$repos:$PWD" # Display a tick if signing is enabled for this repository. case $(git config merge.verifySignatures) in true) log "$PWD" "[signed] " ;; *) log "$PWD" " " ;; esac if [ -w "$PWD" ] && [ "$uid" != 0 ]; then git pull git submodule update --remote --init -f else [ "$uid" = 0 ] || log "$PWD" "need permissions to update" # Find out the owner of the repository and spawn # git as this user below. # # This prevents 'git' from changing the original # ownership of files and directories in the rare # case that the repository is owned by a 3rd user. ( file_owner "$PWD" # We're in a repository which is owned by a 3rd # user. Not root or the current user. [ "$user" = root ] || log "dropping to $user for pull" # Nesting is deep and line is long. git_cmd=" git pull && git submodule update --remote --init -f " # 'su' requires that command be quoted. case $su in *su) git_cmd="'$git_cmd'" esac as_root sh -c "$git_cmd" ) fi } ;; esac run_repo_hook update "$PWD" update done log "checking for new package versions" set +f -- for _pkg in "$sys_db/"*; do pkg_find "${_pkg##*/}" read -r db_ver db_rel < "$_pkg/version" read -r re_ver re_rel < "$repo_dir/version" [ "$db_ver-$db_rel" = "$re_ver-$re_rel" ] || { printf '%s %s-%s -> %s-%s\n' \ "${_pkg##*/}" \ "$db_ver" "$db_rel" \ "$re_ver" "$re_rel" set -- "$@" "${_pkg##*/}" } done set -f contains "$*" kiss && { log "detected package manager update" prompt "the package manager will be updated first" pkg_build kiss args i kiss log "updated the package manager" log "re-run 'kiss u' to update your system" exit 0 } [ "$1" ] || { log "system up-to-date" return } pkg_update=1 pkg_build "$@" } pkg_clean() { # Clean up on exit or error. This removes everything related to the build. [ "$KISS_DEBUG" = 1 ] || rm -rf "$tmp_dir" } args() { # Parse script arguments manually. This is rather easy to do in our case # since the first argument is always an "action" and the arguments that # follow are all package names. action=$1 shift "$(($# != 0))" case $action in b|build|c|checksum|d|download|i|install|r|remove) [ "$1" ] || { # Intentional. # shellcheck disable=2031 export KISS_PATH=${PWD%/*}:$KISS_PATH set -- "${PWD##*/}" } for arg do case $arg in *'*'*|*'!'*|*'['*|*']'*|*' '*|*' '*) die "argument '$arg' contains '!*[] \t'" ;; esac done ;; esac # Rerun the script as root with a fixed environment if needed. We sadly # can't run singular functions as root so this is needed. # # False positive. # shellcheck disable=2031 case $action in a|alternatives|i|install|r|remove) [ -z "$1" ] || [ -w "$KISS_ROOT/" ] || [ "$uid" = 0 ] || { as_root \ HOME="$HOME" \ XDG_CACHE_HOME="$XDG_CACHE_HOME" \ KISS_CHOICE="$KISS_CHOICE" \ KISS_COLOR="$KISS_COLOR" \ KISS_FORCE="$KISS_FORCE" \ KISS_PATH="$KISS_PATH" \ KISS_PID="$KISS_PID" \ KISS_ROOT="$KISS_ROOT" \ KISS_TMPDIR="$KISS_TMPDIR" \ "$0" "$action" "$@" return } ;; esac # Actions can be abbreviated to their first letter. This saves keystrokes # once you memorize the commands. case $action in a|alternatives) case $1 in -) while read -r pkg path; do pkg_swap "$pkg" "$path" done ;; '') set +f # Go over each alternative and format the file # name for listing. (pkg_name>usr>bin>ls) for pkg in "$sys_db/../choices"/*; do printf '%s\n' "${pkg##*/}" done | sed 's|>| /|; s|>|/|g; /\*/d' ;; *) pkg_swap "$1" "$2" ;; esac ;; b|build) pkg_build "${@:?No packages installed}" ;; c|checksum) for pkg do pkg_lint "$pkg" done for pkg do pkg_sources "$pkg" done for pkg do pkg_checksum_save "$pkg" done ;; d|download) for pkg do pkg_sources "$pkg" done ;; i|install) for pkg do pkg_install "$pkg" done ;; l|list) [ "$1" ] || { cd "$sys_db" set +f set -f -- * } for pkg do pkg_list "$pkg" done ;; r|remove) for pkg do pkg_remove "$pkg" done ;; s|search) for pkg do pkg_find "$pkg" '' all done ;; u|update) sys_update ;; v|version) printf '6.0.0\n' ;; '') log 'kiss [a|b|c|d|i|l|r|s|u|v] [pkg]...' log 'alternatives List and swap to alternatives' log 'build Build a package' log 'checksum Generate checksums' log 'download Pre-download all sources' log 'install Install a package' log 'list List installed packages' log 'remove Remove a package' log 'search Search for a package' log 'update Update the system' log 'version Package manager version' printf '\nRun "kiss help-ext" to see all actions\n' ;; help-ext) log 'extensions (kiss-* in PATH)' pkg_find kiss-\* "$PATH" all -x | while read -r file; do name=${file#*/kiss-} contains "$list" "$name" || { list="$list $name" printf '%-15s ' "$name" sed -n 's/^# *//;2p' "$file" } done ;; *) pkg_find "kiss-$action*" "$PATH" '' -x 2>/dev/null || die "'kiss $action' is not a valid command" "$repo_dir" "$@" ;; esac } main() { # Globally disable globbing and enable exit-on-error. set -ef # Allow the user to disable colors in output via an environment variable. # Check this once so as to not slow down printing. [ "$KISS_COLOR" = 0 ] || { lcol='\033[1;33m' lcol2='\033[1;34m' lclr='\033[m' } # The PID of the current shell process is used to isolate directories # to each specific KISS instance. This allows multiple package manager # instances to be run at once. Store the value in another variable so # that it doesn't change beneath us. pid=${KISS_PID:-"$$"} # Catch errors and ensure that build files and directories are cleaned # up before we die. This occurs on 'Ctrl+C' as well as success and error. trap pkg_clean EXIT INT # Figure out which 'sudo' command to use based on the user's choice or what # is available on the system. su=${KISS_SU:-"$( command -v sudo || command -v doas || command -v sls )"} || su=su # Figure out which utility is available to dump elf information. elf_cmd=${KISS_ELF:="$( command -v readelf || command -v eu-readelf || command -v llvm-readelf )"} || elf_cmd=ldd # Store the date and time of script invocation to be used as the name of # the log files the package manager creates uring builds. date=$(date +%Y-%m-%d-%H:%M:%S) # Make note of the user's current ID to do root checks later on. # This is used enough to warrant a place here. uid=$(id -u) # Define some paths which we will then use throughout the script. sys_db=$KISS_ROOT/${pkg_db:=var/db/kiss/installed} # Ensure that the KISS_ROOT doesn't end with a '/'. KISS_ROOT=${KISS_ROOT%"${KISS_ROOT##*[!/]}"} # This allows for automatic setup of a KISS chroot and will # do nothing on a normal system. mkdir -p "$KISS_ROOT/" 2>/dev/null ||: # Create cache directories and define variables. mkdir -p \ "${cac_dir:="${XDG_CACHE_HOME:-"${HOME:?HOME is null}/.cache"}/kiss"}" \ "${src_dir:="$cac_dir/sources"}" \ "${log_dir:="$cac_dir/logs/${date%-*}"}" \ "${bin_dir:="$cac_dir/bin"}" \ "${tmp_dir:="${KISS_TMPDIR:="$cac_dir/proc"}/$pid"}" \ "${mak_dir:="$tmp_dir/build"}" \ "${pkg_dir:="$tmp_dir/pkg"}" \ "${tar_dir:="$tmp_dir/extract"}" args "$@" } main "$@"